Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Orden#46789_2024_Optoflux_mexico_sderlss.exe

Overview

General Information

Sample name:Orden#46789_2024_Optoflux_mexico_sderlss.exe
Analysis ID:1463474
MD5:af0dccdcac71a9ec9395bbac08c232a8
SHA1:c9647a1d282db7ed314af4c17a86dc5d92f752dc
SHA256:a8726088fffcb88c32528d617d58d5c0d028c28115842f0c2a4f7a7fe5192e82
Tags:exe
Infos:

Detection

AgentTesla, DarkTortilla
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected AgentTesla
Yara detected AntiVM3
Yara detected DarkTortilla Crypter
AI detected suspicious sample
Allocates memory in foreign processes
Check if machine is in data center or colocation facility
Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
Contains functionality to log keystrokes (.Net Source)
Hides that the sample has been downloaded from the Internet (zone.identifier)
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file / registry access)
Uses ping.exe to check the status of other devices and networks
Uses ping.exe to sleep
Writes to foreign memory regions
Yara detected Generic Downloader
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains functionality to call native functions
Contains functionality to launch a process as a different user
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected non-DNS traffic on DNS port
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Direct Autorun Keys Modification
Sigma detected: Potential Persistence Attempt Via Run Keys Using Reg.EXE
Sigma detected: Suspicious Outbound SMTP Connections
Stores files to the Windows start menu directory
Uses SMTP (mail sending)
Uses code obfuscation techniques (call, push, ret)
Uses reg.exe to modify the Windows registry
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • Orden#46789_2024_Optoflux_mexico_sderlss.exe (PID: 6084 cmdline: "C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exe" MD5: AF0DCCDCAC71A9EC9395BBAC08C232A8)
    • cmd.exe (PID: 348 cmdline: "cmd" /c ping 127.0.0.1 -n 18 > nul && REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "vexplorerezz" /t REG_SZ /d "C:\Users\user\AppData\Roaming\vexplorerez.exe" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 1076 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • PING.EXE (PID: 5444 cmdline: ping 127.0.0.1 -n 18 MD5: B3624DD758CCECF93A1226CEF252CA12)
      • reg.exe (PID: 1292 cmdline: REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "vexplorerezz" /t REG_SZ /d "C:\Users\user\AppData\Roaming\vexplorerez.exe" MD5: CDD462E86EC0F20DE2A1D781928B1B0C)
    • cmd.exe (PID: 6436 cmdline: "cmd" /c ping 127.0.0.1 -n 28 > nul && copy "C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exe" "C:\Users\user\AppData\Roaming\vexplorerez.exe" && ping 127.0.0.1 -n 28 > nul && "C:\Users\user\AppData\Roaming\vexplorerez.exe" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 320 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • PING.EXE (PID: 5560 cmdline: ping 127.0.0.1 -n 28 MD5: B3624DD758CCECF93A1226CEF252CA12)
      • PING.EXE (PID: 1972 cmdline: ping 127.0.0.1 -n 28 MD5: B3624DD758CCECF93A1226CEF252CA12)
      • vexplorerez.exe (PID: 6588 cmdline: "C:\Users\user\AppData\Roaming\vexplorerez.exe" MD5: AF0DCCDCAC71A9EC9395BBAC08C232A8)
        • Acrobat.exe (PID: 4164 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Roaming\PABILOS MOTORES #5 Y 6.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
          • AcroCEF.exe (PID: 2164 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
            • AcroCEF.exe (PID: 3140 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2108 --field-trial-handle=1352,i,2708377033144525548,1194782887510116328,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
        • InstallUtil.exe (PID: 7564 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)
        • InstallUtil.exe (PID: 7784 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)
  • chrome.exe (PID: 4808 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://verificacfdi.facturaelectronica.sat.gob.mx/?id=39CA617E-9953-41BD-9564-C41A1E1C5584&re=OOMM710314363&rr=PCM910225B86&tt=6090.00&fe=aUIAsQ== MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 2504 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2396 --field-trial-handle=2232,i,15507267505217181504,13430371002107257238,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Agent Tesla, AgentTeslaA .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel.
  • SWEED
https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla
NameDescriptionAttributionBlogpost URLsLink
DarkTortillaDarkTortilla is a complex and highly configurable .NET-based crypter that has possibly been active since at least August 2015. It typically delivers popular information stealers and remote access trojans (RATs) such as AgentTesla, AsyncRat, NanoCore, and RedLine. While it appears to primarily deliver commodity malware, Secureworks Counter Threat Unit (CTU) researchers identified DarkTortilla samples delivering targeted payloads such as Cobalt Strike and Metasploit. It can also deliver "addon packages" such as additional malicious payloads, benign decoy documents, and executables. It features robust anti-analysis and anti-tamper controls that can make detection, analysis, and eradication challenging.From January 2021 through May 2022, an average of 93 unique DarkTortilla samples per week were uploaded to the VirusTotal analysis service. Code similarities suggest possible links between DarkTortilla and other malware: a crypter operated by the RATs Crew threat group, which was active between 2008 and 2012, and the Gameloader malware that emerged in 2021.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.darktortilla

Malware Configuration

Threatname: Agenttesla

{"Exfil Mode": "SMTP", "Port": "587", "Host": "smtp.zoho.eu", "Username": "logs@astonherald.com", "Password": "office12#"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.2231383633.00000000035D0000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DarkTortillaYara detected DarkTortilla CrypterJoe Security
    0000000E.00000002.3909894478.0000000002FD9000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DarkTortillaYara detected DarkTortilla CrypterJoe Security
      00000000.00000002.2235407237.00000000043A9000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DarkTortillaYara detected DarkTortilla CrypterJoe Security
        00000016.00000002.3577770513.00000000007B2000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          00000016.00000002.3577770513.00000000007B2000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
            Click to see the 37 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            0.2.Orden#46789_2024_Optoflux_mexico_sderlss.exe.6bd0000.6.raw.unpackJoeSecurity_DarkTortillaYara detected DarkTortilla CrypterJoe Security
              0.2.Orden#46789_2024_Optoflux_mexico_sderlss.exe.6bd0000.6.unpackJoeSecurity_DarkTortillaYara detected DarkTortilla CrypterJoe Security
                0.2.Orden#46789_2024_Optoflux_mexico_sderlss.exe.43a9e50.4.unpackJoeSecurity_DarkTortillaYara detected DarkTortilla CrypterJoe Security
                  14.2.vexplorerez.exe.40dde62.5.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                    14.2.vexplorerez.exe.40dde62.5.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                      Click to see the 81 entries

                      Sigma Signatures

                      System Summary

                      barindex
                      Sigma detected: CurrentVersion Autorun Keys Modification
                      Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Roaming\vexplorerez.exe, EventID: 13, EventType: SetValue, Image: C:\Windows\SysWOW64\reg.exe, ProcessId: 1292, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vexplorerezz
                      Sigma detected: Direct Autorun Keys Modification
                      Source: Process startedAuthor: Victor Sergeev, Daniil Yugoslavskiy, oscd.community: Data: Command: REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "vexplorerezz" /t REG_SZ /d "C:\Users\user\AppData\Roaming\vexplorerez.exe", CommandLine: REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "vexplorerezz" /t REG_SZ /d "C:\Users\user\AppData\Roaming\vexplorerez.exe", CommandLine|base64offset|contains: DA, Image: C:\Windows\SysWOW64\reg.exe, NewProcessName: C:\Windows\SysWOW64\reg.exe, OriginalFileName: C:\Windows\SysWOW64\reg.exe, ParentCommandLine: "cmd" /c ping 127.0.0.1 -n 18 > nul && REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "vexplorerezz" /t REG_SZ /d "C:\Users\user\AppData\Roaming\vexplorerez.exe", ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 348, ParentProcessName: cmd.exe, ProcessCommandLine: REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "vexplorerezz" /t REG_SZ /d "C:\Users\user\AppData\Roaming\vexplorerez.exe", ProcessId: 1292, ProcessName: reg.exe
                      Sigma detected: Potential Persistence Attempt Via Run Keys Using Reg.EXE
                      Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "cmd" /c ping 127.0.0.1 -n 18 > nul && REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "vexplorerezz" /t REG_SZ /d "C:\Users\user\AppData\Roaming\vexplorerez.exe", CommandLine: "cmd" /c ping 127.0.0.1 -n 18 > nul && REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "vexplorerezz" /t REG_SZ /d "C:\Users\user\AppData\Roaming\vexplorerez.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: "C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exe", ParentImage: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exe, ParentProcessId: 6084, ParentProcessName: Orden#46789_2024_Optoflux_mexico_sderlss.exe, ProcessCommandLine: "cmd" /c ping 127.0.0.1 -n 18 > nul && REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "vexplorerezz" /t REG_SZ /d "C:\Users\user\AppData\Roaming\vexplorerez.exe", ProcessId: 348, ProcessName: cmd.exe
                      Sigma detected: Suspicious Outbound SMTP Connections
                      Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 185.230.214.164, DestinationIsIpv6: false, DestinationPort: 587, EventID: 3, Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe, Initiated: true, ProcessId: 7784, Protocol: tcp, SourceIp: 192.168.2.5, SourceIsIpv6: false, SourcePort: 58932

                      Snort Signatures

                      No Snort rule has matched

                      Joe Sandbox Signatures

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection

                      barindex
                      Found malware configuration
                      Source: 14.2.vexplorerez.exe.409a0a2.4.raw.unpackMalware Configuration Extractor: Agenttesla {"Exfil Mode": "SMTP", "Port": "587", "Host": "smtp.zoho.eu", "Username": "logs@astonherald.com", "Password": "office12#"}
                      Multi AV Scanner detection for dropped file
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeReversingLabs: Detection: 65%
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeVirustotal: Detection: 72%Perma Link
                      Multi AV Scanner detection for submitted file
                      Source: Orden#46789_2024_Optoflux_mexico_sderlss.exeVirustotal: Detection: 72%Perma Link
                      Source: Orden#46789_2024_Optoflux_mexico_sderlss.exeReversingLabs: Detection: 65%
                      AI detected suspicious sample
                      Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                      Machine Learning detection for dropped file
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeJoe Sandbox ML: detected
                      Machine Learning detection for sample
                      Source: Orden#46789_2024_Optoflux_mexico_sderlss.exeJoe Sandbox ML: detected
                      Source: unknownHTTPS traffic detected: 142.250.186.68:443 -> 192.168.2.5:49705 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49709 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49710 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.5:49711 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.5:58864 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 142.250.186.68:443 -> 192.168.2.5:58865 version: TLS 1.2
                      Source: Orden#46789_2024_Optoflux_mexico_sderlss.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeCode function: 4x nop then lea esp, dword ptr [ebp-08h]0_2_06B41388
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeCode function: 4x nop then lea esp, dword ptr [ebp-08h]0_2_06B41378
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 4x nop then lea esp, dword ptr [ebp-08h]14_2_05B51388
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 4x nop then lea esp, dword ptr [ebp-08h]14_2_05B51378

                      Networking

                      barindex
                      Uses ping.exe to check the status of other devices and networks
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 18
                      Yara detected Generic Downloader
                      Source: Yara matchFile source: 0.2.Orden#46789_2024_Optoflux_mexico_sderlss.exe.446d838.5.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Orden#46789_2024_Optoflux_mexico_sderlss.exe.42da642.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Orden#46789_2024_Optoflux_mexico_sderlss.exe.4296882.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 14.2.vexplorerez.exe.41659c2.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 22.2.InstallUtil.exe.7b0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 14.2.vexplorerez.exe.41a9778.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Orden#46789_2024_Optoflux_mexico_sderlss.exe.43621a2.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 14.2.vexplorerez.exe.40dde62.5.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Orden#46789_2024_Optoflux_mexico_sderlss.exe.4252ab2.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 14.2.vexplorerez.exe.409a0a2.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 14.2.vexplorerez.exe.40562d2.1.raw.unpack, type: UNPACKEDPE
                      Source: global trafficTCP traffic: 192.168.2.5:58932 -> 185.230.214.164:587
                      Source: global trafficTCP traffic: 192.168.2.5:58863 -> 1.1.1.1:53
                      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: ipinfo.ioConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /images/branding/googlelogo/1x/googlelogo_color_272x92dp.png HTTP/1.1Host: www.google.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /images/branding/googlelogo/1x/googlelogo_color_272x92dp.png HTTP/1.1Host: www.google.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive
                      Source: Joe Sandbox ViewIP Address: 52.202.204.11 52.202.204.11
                      Source: Joe Sandbox ViewIP Address: 18.244.18.27 18.244.18.27
                      Source: Joe Sandbox ViewIP Address: 23.51.56.185 23.51.56.185
                      Source: Joe Sandbox ViewIP Address: 23.47.168.24 23.47.168.24
                      Source: Joe Sandbox ViewIP Address: 208.95.112.1 208.95.112.1
                      Source: Joe Sandbox ViewJA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
                      Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                      Source: global trafficTCP traffic: 192.168.2.5:58932 -> 185.230.214.164:587
                      Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                      Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                      Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                      Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                      Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                      Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                      Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
                      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
                      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
                      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
                      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
                      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
                      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
                      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
                      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
                      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
                      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
                      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
                      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
                      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
                      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
                      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
                      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
                      Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
                      Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
                      Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
                      Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
                      Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
                      Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
                      Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
                      Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
                      Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
                      Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
                      Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
                      Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
                      Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
                      Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
                      Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
                      Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
                      Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
                      Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
                      Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
                      Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
                      Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
                      Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
                      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: ipinfo.ioConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /images/branding/googlelogo/1x/googlelogo_color_272x92dp.png HTTP/1.1Host: www.google.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
                      Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=DaBCeBYVef88UT7&MD=3egcAMFP HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
                      Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=DaBCeBYVef88UT7&MD=3egcAMFP HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
                      Source: global trafficHTTP traffic detected: GET /images/branding/googlelogo/1x/googlelogo_color_272x92dp.png HTTP/1.1Host: www.google.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /p?c1=2&c2=17183199&ns_site=gobmx&name=verificacfdi.facturaelectronica.index HTTP/1.1Host: sb.scorecardresearch.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://verificacfdi.facturaelectronica.sat.gob.mx/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                      Source: global trafficHTTP traffic detected: GET /p?c1=2&c2=17183199&ns_site=gobmx&name=verificacfdi.facturaelectronica.index HTTP/1.1Host: sb.scorecardresearch.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://verificacfdi.facturaelectronica.sat.gob.mx/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: UID=191df4f50134ef0437b32a91719471895; XID=191df4f50134ef0437b32a91719471895
                      Source: global trafficHTTP traffic detected: GET /psdk/v2/content?surfaceId=ACROBAT_READER_MASTER_SURFACEID&surfaceId=DC_READER_LAUNCH_CARD&surfaceId=DC_Reader_RHP_Banner&surfaceId=DC_Reader_RHP_Retention&surfaceId=Edit_InApp_Aug2020&surfaceId=DC_FirstMile_Right_Sec_Surface&surfaceId=DC_Reader_Upsell_Cards&surfaceId=DC_FirstMile_Home_View_Surface&surfaceId=DC_Reader_RHP_Intent_Banner&surfaceId=DC_Reader_Disc_LHP_Banner&surfaceId=DC_Reader_Edit_LHP_Banner&surfaceId=DC_Reader_Convert_LHP_Banner&surfaceId=DC_Reader_Sign_LHP_Banner&surfaceId=DC_Reader_More_LHP_Banner&surfaceId=DC_Reader_Disc_LHP_Retention&surfaceId=DC_Reader_Home_LHP_Trial_Banner&adcProductLanguage=en-us&adcVersion=23.6.20320&adcProductType=SingleClientMini&adcOSType=WIN&adcCountryCode=US&adcXAPIClientID=api_reader_desktop_win_23.6.20320&encodingScheme=BASE_64 HTTP/1.1Host: p13n.adobe.ioConnection: keep-alivesec-ch-ua: "Chromium";v="105"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Accept: application/json, text/javascript, */*; q=0.01x-adobe-uuid: 89d789c4-e7e5-4f75-95a4-57139ab6811fx-adobe-uuid-type: visitorIdx-api-key: AdobeReader9sec-ch-ua-platform: "Windows"Origin: https://rna-resource.acrobat.comAccept-Language: en-US,en;q=0.9Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://rna-resource.acrobat.com/Accept-Encoding: gzip, deflate, br
                      Source: global trafficHTTP traffic detected: GET /p?c1=2&c2=17183199&ns_site=gobmx&name=verificacfdi.facturaelectronica.index HTTP/1.1Host: sb.scorecardresearch.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: UID=191df4f50134ef0437b32a91719471895
                      Source: global trafficHTTP traffic detected: GET /p2?c1=2&c2=17183199&ns_site=gobmx&name=verificacfdi.facturaelectronica.index HTTP/1.1Host: sb.scorecardresearch.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: UID=191df4f50134ef0437b32a91719471895; XID=191df4f50134ef0437b32a91719471895
                      Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
                      Source: global trafficHTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive
                      Source: chromecache_204.19.dr, chromecache_221.19.drString found in binary or memory: '<li><a class="social-icon share-info facebook" target="_blank" href="https://www.facebook.com/gobmexico/" aria-label="Facebook de presidencia" style="text-decoration:none"></a></li>' + equals www.facebook.com (Facebook)
                      Source: global trafficDNS traffic detected: DNS query: www.google.com
                      Source: global trafficDNS traffic detected: DNS query: verificacfdi.facturaelectronica.sat.gob.mx
                      Source: global trafficDNS traffic detected: DNS query: sb.scorecardresearch.com
                      Source: global trafficDNS traffic detected: DNS query: ip-api.com
                      Source: global trafficDNS traffic detected: DNS query: smtp.zoho.eu
                      Source: E0F5C59F9FA661F6F4C50B87FEF3A15A0.16.drString found in binary or memory: http://apps.identrust.com/roots/dstrootcax3.p7c
                      Source: InstallUtil.exe, 00000018.00000002.4510325826.00000000032B8000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000018.00000002.4510325826.0000000003154000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000018.00000002.4507468284.0000000000FED000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000018.00000002.4516681359.00000000060B0000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000018.00000002.4516681359.0000000006119000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.thawte.com/ThawteTLSRSACAG1.crt0
                      Source: InstallUtil.exe, 00000018.00000002.4510325826.00000000032B8000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000018.00000002.4510325826.0000000003154000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000018.00000002.4507468284.0000000000FED000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000018.00000002.4516681359.00000000060B0000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000018.00000002.4516681359.0000000006119000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cdp.thawte.com/ThawteTLSRSACAG1.crl0p
                      Source: InstallUtil.exe, 00000018.00000002.4507468284.0000000000FFA000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000018.00000002.4510325826.00000000032B8000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000018.00000002.4510325826.0000000003154000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000018.00000002.4507468284.0000000000FED000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000018.00000002.4516681359.00000000060B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl0=
                      Source: InstallUtil.exe, 00000018.00000002.4516681359.0000000006119000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl0=--
                      Source: chromecache_205.19.drString found in binary or memory: http://getbootstrap.com)
                      Source: InstallUtil.exe, 00000018.00000002.4510325826.00000000030F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ip-api.com
                      Source: Orden#46789_2024_Optoflux_mexico_sderlss.exe, 00000000.00000002.2235407237.0000000004362000.00000004.00000800.00020000.00000000.sdmp, Orden#46789_2024_Optoflux_mexico_sderlss.exe, 00000000.00000002.2235407237.000000000444F000.00000004.00000800.00020000.00000000.sdmp, Orden#46789_2024_Optoflux_mexico_sderlss.exe, 00000000.00000002.2235407237.000000000420E000.00000004.00000800.00020000.00000000.sdmp, vexplorerez.exe, 0000000E.00000002.3925932017.0000000003F91000.00000004.00000800.00020000.00000000.sdmp, vexplorerez.exe, 0000000E.00000002.3925932017.0000000004288000.00000004.00000800.00020000.00000000.sdmp, vexplorerez.exe, 0000000E.00000002.3925932017.0000000004012000.00000004.00000800.00020000.00000000.sdmp, vexplorerez.exe, 0000000E.00000002.3925932017.0000000004165000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000016.00000002.3577770513.00000000007B2000.00000040.00000400.00020000.00000000.sdmp, InstallUtil.exe, 00000018.00000002.4510325826.00000000030F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ip-api.com/line/?fields=hosting
                      Source: chromecache_202.19.drString found in binary or memory: http://jquery.org/license
                      Source: chromecache_205.19.drString found in binary or memory: http://jqueryui.com
                      Source: chromecache_227.19.drString found in binary or memory: http://modernizr.com/download/#-shiv-printshiv-load-mq-cssclasses-svg
                      Source: InstallUtil.exe, 00000018.00000002.4507468284.0000000000FFA000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000018.00000002.4510325826.00000000032B8000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000018.00000002.4510325826.0000000003154000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000018.00000002.4507468284.0000000000FED000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000018.00000002.4516681359.00000000060B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0B
                      Source: Orden#46789_2024_Optoflux_mexico_sderlss.exe, 00000000.00000002.2238794058.0000000006F38000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://purl.oen
                      Source: Orden#46789_2024_Optoflux_mexico_sderlss.exe, 00000000.00000002.2231383633.0000000003151000.00000004.00000800.00020000.00000000.sdmp, vexplorerez.exe, 0000000E.00000002.3909894478.0000000002F91000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000018.00000002.4510325826.00000000030F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                      Source: InstallUtil.exe, 00000018.00000002.4510325826.00000000032B8000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000018.00000002.4510325826.0000000003154000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://smtp.zoho.eu
                      Source: InstallUtil.exe, 00000018.00000002.4510325826.00000000032B8000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000018.00000002.4510325826.0000000003154000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000018.00000002.4507468284.0000000000FED000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000018.00000002.4516681359.00000000060B0000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000018.00000002.4516681359.0000000006119000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://status.thawte.com0:
                      Source: InstallUtil.exe, 00000018.00000002.4510325826.00000000032B8000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000018.00000002.4510325826.0000000003154000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000018.00000002.4507468284.0000000000FED000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000018.00000002.4516681359.00000000060B0000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000018.00000002.4516681359.0000000006119000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
                      Source: chromecache_209.19.drString found in binary or memory: http://www.gob.mx/
                      Source: chromecache_204.19.dr, chromecache_221.19.drString found in binary or memory: http://www.ordenjuridico.gob.mx/
                      Source: chromecache_204.19.dr, chromecache_221.19.drString found in binary or memory: http://www.participa.gob.mx/
                      Source: Orden#46789_2024_Optoflux_mexico_sderlss.exe, 00000000.00000002.2235407237.0000000004362000.00000004.00000800.00020000.00000000.sdmp, Orden#46789_2024_Optoflux_mexico_sderlss.exe, 00000000.00000002.2235407237.000000000444F000.00000004.00000800.00020000.00000000.sdmp, Orden#46789_2024_Optoflux_mexico_sderlss.exe, 00000000.00000002.2235407237.000000000420E000.00000004.00000800.00020000.00000000.sdmp, vexplorerez.exe, 0000000E.00000002.3925932017.0000000003F91000.00000004.00000800.00020000.00000000.sdmp, vexplorerez.exe, 0000000E.00000002.3925932017.0000000004288000.00000004.00000800.00020000.00000000.sdmp, vexplorerez.exe, 0000000E.00000002.3925932017.0000000004012000.00000004.00000800.00020000.00000000.sdmp, vexplorerez.exe, 0000000E.00000002.3925932017.0000000004165000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000016.00000002.3577770513.00000000007B2000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://account.dyn.com/
                      Source: chromecache_202.19.drString found in binary or memory: https://bugs.chromium.org/p/chromium/issues/detail?id=378607
                      Source: chromecache_202.19.drString found in binary or memory: https://bugs.chromium.org/p/chromium/issues/detail?id=449857
                      Source: chromecache_202.19.drString found in binary or memory: https://bugs.chromium.org/p/chromium/issues/detail?id=470258
                      Source: chromecache_202.19.drString found in binary or memory: https://bugs.chromium.org/p/chromium/issues/detail?id=589347
                      Source: chromecache_202.19.drString found in binary or memory: https://bugs.jquery.com/ticket/12359
                      Source: chromecache_202.19.drString found in binary or memory: https://bugs.jquery.com/ticket/13378
                      Source: chromecache_202.19.drString found in binary or memory: https://bugs.webkit.org/show_bug.cgi?id=136851
                      Source: chromecache_202.19.drString found in binary or memory: https://bugs.webkit.org/show_bug.cgi?id=137337
                      Source: chromecache_202.19.drString found in binary or memory: https://bugs.webkit.org/show_bug.cgi?id=29084
                      Source: chromecache_202.19.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=491668
                      Source: chromecache_202.19.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=649285
                      Source: chromecache_202.19.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=687787
                      Source: chromecache_204.19.dr, chromecache_221.19.drString found in binary or memory: https://consultapublicamx.inai.org.mx/vut-web/
                      Source: chromecache_204.19.dr, chromecache_221.19.drString found in binary or memory: https://datos.gob.mx/
                      Source: chromecache_202.19.drString found in binary or memory: https://developer.mozilla.org/en-US/docs/CSS/display
                      Source: chromecache_202.19.drString found in binary or memory: https://drafts.csswg.org/cssom/#common-serializing-idioms
                      Source: chromecache_202.19.drString found in binary or memory: https://drafts.csswg.org/cssom/#resolved-values
                      Source: chromecache_227.19.dr, chromecache_204.19.dr, chromecache_221.19.drString found in binary or memory: https://framework-gb.cdn.gob.mx/
                      Source: chromecache_202.19.drString found in binary or memory: https://github.com/eslint/eslint/issues/3229
                      Source: chromecache_202.19.drString found in binary or memory: https://github.com/eslint/eslint/issues/6125
                      Source: chromecache_205.19.drString found in binary or memory: https://github.com/h5bp/html5-boilerplate/blob/master/src/css/main.css
                      Source: chromecache_202.19.drString found in binary or memory: https://github.com/jquery/jquery/pull/557)
                      Source: chromecache_202.19.drString found in binary or memory: https://github.com/jquery/sizzle/pull/225
                      Source: chromecache_202.19.drString found in binary or memory: https://github.com/jrburke/requirejs/wiki/Updating-existing-libraries#wiki-anon
                      Source: chromecache_205.19.drString found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
                      Source: chromecache_202.19.drString found in binary or memory: https://html.spec.whatwg.org/#strip-and-collapse-whitespace
                      Source: chromecache_202.19.drString found in binary or memory: https://html.spec.whatwg.org/multipage/forms.html#category-listed
                      Source: chromecache_202.19.drString found in binary or memory: https://html.spec.whatwg.org/multipage/forms.html#concept-fe-disabled
                      Source: chromecache_202.19.drString found in binary or memory: https://html.spec.whatwg.org/multipage/forms.html#concept-option-disabled
                      Source: chromecache_202.19.drString found in binary or memory: https://html.spec.whatwg.org/multipage/infrastructure.html#strip-and-collapse-whitespace
                      Source: chromecache_202.19.drString found in binary or memory: https://html.spec.whatwg.org/multipage/scripting.html#selector-disabled
                      Source: chromecache_202.19.drString found in binary or memory: https://html.spec.whatwg.org/multipage/scripting.html#selector-enabled
                      Source: chromecache_202.19.drString found in binary or memory: https://html.spec.whatwg.org/multipage/syntax.html#attributes-2
                      Source: chromecache_202.19.drString found in binary or memory: https://jquery.com/
                      Source: chromecache_202.19.drString found in binary or memory: https://jquery.org/license
                      Source: chromecache_202.19.drString found in binary or memory: https://jsperf.com/getall-vs-sizzle/2
                      Source: chromecache_202.19.drString found in binary or memory: https://jsperf.com/thor-indexof-vs-for/5
                      Source: chromecache_202.19.drString found in binary or memory: https://promisesaplus.com/#point-48
                      Source: chromecache_202.19.drString found in binary or memory: https://promisesaplus.com/#point-54
                      Source: chromecache_202.19.drString found in binary or memory: https://promisesaplus.com/#point-57
                      Source: chromecache_202.19.drString found in binary or memory: https://promisesaplus.com/#point-59
                      Source: chromecache_202.19.drString found in binary or memory: https://promisesaplus.com/#point-61
                      Source: chromecache_202.19.drString found in binary or memory: https://promisesaplus.com/#point-64
                      Source: chromecache_202.19.drString found in binary or memory: https://promisesaplus.com/#point-75
                      Source: InstallUtil.exe, 00000018.00000002.4510325826.0000000003179000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sat.gob.mx
                      Source: InstallUtil.exe, 00000018.00000002.4510325826.0000000003179000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sat.gob.mxXID/
                      Source: InstallUtil.exe, 00000018.00000002.4510325826.0000000003179000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sat.gob.mxXIDv10No
                      Source: chromecache_204.19.dr, chromecache_221.19.drString found in binary or memory: https://sb.scorecardresearch.com/p?c1=2&c2=17183199&ns_site=
                      Source: chromecache_202.19.drString found in binary or memory: https://sizzlejs.com/
                      Source: chromecache_204.19.dr, chromecache_221.19.drString found in binary or memory: https://twitter.com/GobiernoMX
                      Source: chromecache_202.19.drString found in binary or memory: https://web.archive.org/web/20100324014747/http://blindsignals.com/index.php/2009/07/jquery-delay/
                      Source: chromecache_202.19.drString found in binary or memory: https://web.archive.org/web/20141116233347/http://fluidproject.org/blog/2008/01/09/getting-setting-a
                      Source: InstallUtil.exe, 00000018.00000002.4507468284.0000000000FFA000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000018.00000002.4510325826.00000000032B8000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000018.00000002.4510325826.0000000003154000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000018.00000002.4507468284.0000000000FED000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000018.00000002.4516681359.00000000060B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.digicert.com/CPS0
                      Source: chromecache_204.19.dr, chromecache_221.19.drString found in binary or memory: https://www.gob.mx/
                      Source: chromecache_204.19.dr, chromecache_221.19.drString found in binary or memory: https://www.gob.mx/subscribe
                      Source: Orden#46789_2024_Optoflux_mexico_sderlss.exe, 00000000.00000002.2231383633.0000000003151000.00000004.00000800.00020000.00000000.sdmp, vexplorerez.exe, 0000000E.00000002.3909894478.0000000002F91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
                      Source: Orden#46789_2024_Optoflux_mexico_sderlss.exe, vexplorerez.exe.7.drString found in binary or memory: https://www.google.com/images/branding/googlelogo/1x/googlelogo_color_272x92dp.png
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 58891 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58917
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58916
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58935
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58914
                      Source: unknownNetwork traffic detected: HTTP traffic on port 58929 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 58917 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 58865 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 58905 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58928
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58905
                      Source: unknownNetwork traffic detected: HTTP traffic on port 58896 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 58901 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58907
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58929
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58901
                      Source: unknownNetwork traffic detected: HTTP traffic on port 58907 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58865
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58864
                      Source: unknownNetwork traffic detected: HTTP traffic on port 58928 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 58914 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58896
                      Source: unknownNetwork traffic detected: HTTP traffic on port 58916 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58891
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
                      Source: unknownNetwork traffic detected: HTTP traffic on port 58864 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 58935 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
                      Source: unknownHTTPS traffic detected: 142.250.186.68:443 -> 192.168.2.5:49705 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49709 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49710 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.5:49711 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.5:58864 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 142.250.186.68:443 -> 192.168.2.5:58865 version: TLS 1.2

                      Key, Mouse, Clipboard, Microphone and Screen Capturing

                      barindex
                      Contains functionality to log keystrokes (.Net Source)
                      Source: 0.2.Orden#46789_2024_Optoflux_mexico_sderlss.exe.43621a2.3.raw.unpack, gmBpn1ecBmQ.cs.Net Code: cTytqmH
                      Source: 0.2.Orden#46789_2024_Optoflux_mexico_sderlss.exe.4252ab2.1.raw.unpack, gmBpn1ecBmQ.cs.Net Code: cTytqmH
                      Source: 0.2.Orden#46789_2024_Optoflux_mexico_sderlss.exe.42da642.2.raw.unpack, gmBpn1ecBmQ.cs.Net Code: cTytqmH
                      Source: 0.2.Orden#46789_2024_Optoflux_mexico_sderlss.exe.4296882.0.raw.unpack, gmBpn1ecBmQ.cs.Net Code: cTytqmH
                      Source: 0.2.Orden#46789_2024_Optoflux_mexico_sderlss.exe.446d838.5.raw.unpack, gmBpn1ecBmQ.cs.Net Code: cTytqmH

                      System Summary

                      barindex
                      Malicious sample detected (through community Yara rule)
                      Source: 14.2.vexplorerez.exe.40dde62.5.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 0.2.Orden#46789_2024_Optoflux_mexico_sderlss.exe.4252ab2.1.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 0.2.Orden#46789_2024_Optoflux_mexico_sderlss.exe.43621a2.3.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 0.2.Orden#46789_2024_Optoflux_mexico_sderlss.exe.446d838.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 0.2.Orden#46789_2024_Optoflux_mexico_sderlss.exe.42da642.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 14.2.vexplorerez.exe.41659c2.0.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 14.2.vexplorerez.exe.40562d2.1.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 0.2.Orden#46789_2024_Optoflux_mexico_sderlss.exe.4296882.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 0.2.Orden#46789_2024_Optoflux_mexico_sderlss.exe.446d838.5.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 0.2.Orden#46789_2024_Optoflux_mexico_sderlss.exe.4296882.0.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 14.2.vexplorerez.exe.41659c2.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 14.2.vexplorerez.exe.409a0a2.4.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 14.2.vexplorerez.exe.41a9778.2.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 22.2.InstallUtil.exe.7b0000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 14.2.vexplorerez.exe.41a9778.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 0.2.Orden#46789_2024_Optoflux_mexico_sderlss.exe.42da642.2.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 0.2.Orden#46789_2024_Optoflux_mexico_sderlss.exe.43621a2.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 14.2.vexplorerez.exe.40dde62.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 0.2.Orden#46789_2024_Optoflux_mexico_sderlss.exe.4252ab2.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 14.2.vexplorerez.exe.409a0a2.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 14.2.vexplorerez.exe.40562d2.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess Stats: CPU usage > 49%
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 24_2_066E03F0 NtQuerySystemInformation,24_2_066E03F0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 24_2_066E1168 NtQuerySystemInformation,24_2_066E1168
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 14_2_0822E3A8 CreateProcessAsUserW,14_2_0822E3A8
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeCode function: 0_2_01516BF80_2_01516BF8
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeCode function: 0_2_0151E6F80_2_0151E6F8
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeCode function: 0_2_0151F1980_2_0151F198
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeCode function: 0_2_01517AE80_2_01517AE8
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeCode function: 0_2_06B45C840_2_06B45C84
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeCode function: 0_2_06B739B80_2_06B739B8
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeCode function: 0_2_06B7B2280_2_06B7B228
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeCode function: 0_2_06C91D1C0_2_06C91D1C
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeCode function: 0_2_06C914380_2_06C91438
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeCode function: 0_2_06C920D80_2_06C920D8
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeCode function: 0_2_06C920D30_2_06C920D3
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeCode function: 0_2_06C93C9B0_2_06C93C9B
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeCode function: 0_2_06CCF5C80_2_06CCF5C8
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeCode function: 0_2_06CC3D280_2_06CC3D28
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeCode function: 0_2_06CCDD900_2_06CCDD90
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeCode function: 0_2_06CC3D080_2_06CC3D08
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeCode function: 0_2_06CE1D200_2_06CE1D20
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeCode function: 0_2_06CEC0280_2_06CEC028
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeCode function: 0_2_06CFB0D00_2_06CFB0D0
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeCode function: 0_2_06CF60980_2_06CF6098
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeCode function: 0_2_06CF39AD0_2_06CF39AD
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeCode function: 0_2_06CE1D070_2_06CE1D07
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 14_2_01146C4014_2_01146C40
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 14_2_011474E814_2_011474E8
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 14_2_0114E6F814_2_0114E6F8
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 14_2_01312E7814_2_01312E78
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 14_2_01312E6A14_2_01312E6A
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 14_2_01312E4514_2_01312E45
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 14_2_05B55C8414_2_05B55C84
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 14_2_06AA1D1C14_2_06AA1D1C
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 14_2_06AA143814_2_06AA1438
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 14_2_06AA20C814_2_06AA20C8
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 14_2_06AA20D814_2_06AA20D8
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 14_2_06AA3C9014_2_06AA3C90
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 14_2_06AA1D1014_2_06AA1D10
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 14_2_07E61D2014_2_07E61D20
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 14_2_07E6F52814_2_07E6F528
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 14_2_07E6D91914_2_07E6D919
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 14_2_07E6FC5114_2_07E6FC51
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 14_2_07E6F50814_2_07E6F508
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 14_2_07E6E8E714_2_07E6E8E7
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 14_2_0822143614_2_08221436
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 14_2_0822057814_2_08220578
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 14_2_0822E94014_2_0822E940
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 14_2_0822919014_2_08229190
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 14_2_08228A4814_2_08228A48
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 14_2_0822473814_2_08224738
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 14_2_0822874014_2_08228740
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 14_2_08226FD814_2_08226FD8
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 14_2_082278F814_2_082278F8
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 14_2_0822CCD814_2_0822CCD8
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 14_2_0822790814_2_08227908
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 14_2_0822C56814_2_0822C568
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 14_2_0822056914_2_08220569
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 14_2_0822357A14_2_0822357A
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 14_2_0822358814_2_08223588
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 14_2_08228A3814_2_08228A38
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 14_2_0822320A14_2_0822320A
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 14_2_0822726814_2_08227268
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 14_2_0822727814_2_08227278
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 14_2_0822AE9814_2_0822AE98
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 14_2_0822469914_2_08224699
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 14_2_0822232014_2_08222320
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 14_2_0822873014_2_08228730
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 14_2_0822231014_2_08222310
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 14_2_08222F1A14_2_08222F1A
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 14_2_08222F1814_2_08222F18
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 14_2_08227F7014_2_08227F70
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 14_2_08227F5C14_2_08227F5C
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 14_2_082237B114_2_082237B1
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 14_2_08226F8014_2_08226F80
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 14_2_08223BE014_2_08223BE0
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 14_2_08223BF014_2_08223BF0
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 14_2_082237C014_2_082237C0
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 14_2_08226FC714_2_08226FC7
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 14_2_08363D2814_2_08363D28
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 14_2_0836F5C814_2_0836F5C8
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 14_2_0836DD9014_2_0836DD90
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 14_2_0E103EB014_2_0E103EB0
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 14_2_0E10303014_2_0E103030
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 24_2_0182A8D024_2_0182A8D0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 24_2_01824AC024_2_01824AC0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 24_2_0182AD1724_2_0182AD17
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 24_2_01823EA824_2_01823EA8
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 24_2_0182EE0024_2_0182EE00
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 24_2_018241F024_2_018241F0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 24_2_066E089824_2_066E0898
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 24_2_066E181924_2_066E1819
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 24_2_066E3FB024_2_066E3FB0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 24_2_066F66C024_2_066F66C0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 24_2_066F777024_2_066F7770
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 24_2_066F525824_2_066F5258
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 24_2_066FC25024_2_066FC250
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 24_2_066FB2F024_2_066FB2F0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 24_2_066F004024_2_066F0040
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 24_2_066F312024_2_066F3120
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 24_2_066F7E5024_2_066F7E50
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 24_2_066FE47024_2_066FE470
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 24_2_066F59AB24_2_066F59AB
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 24_2_066F000624_2_066F0006
                      Source: Orden#46789_2024_Optoflux_mexico_sderlss.exe, 00000000.00000002.2235407237.00000000043A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMiPro.dll, vs Orden#46789_2024_Optoflux_mexico_sderlss.exe
                      Source: Orden#46789_2024_Optoflux_mexico_sderlss.exe, 00000000.00000002.2235407237.0000000004362000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename7bc3a901-84f9-4a81-8277-20a61843655f.exe4 vs Orden#46789_2024_Optoflux_mexico_sderlss.exe
                      Source: Orden#46789_2024_Optoflux_mexico_sderlss.exe, 00000000.00000002.2226706832.000000000126E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs Orden#46789_2024_Optoflux_mexico_sderlss.exe
                      Source: Orden#46789_2024_Optoflux_mexico_sderlss.exe, 00000000.00000002.2235407237.000000000444F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename7bc3a901-84f9-4a81-8277-20a61843655f.exe4 vs Orden#46789_2024_Optoflux_mexico_sderlss.exe
                      Source: Orden#46789_2024_Optoflux_mexico_sderlss.exe, 00000000.00000002.2235407237.000000000420E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename7bc3a901-84f9-4a81-8277-20a61843655f.exe4 vs Orden#46789_2024_Optoflux_mexico_sderlss.exe
                      Source: Orden#46789_2024_Optoflux_mexico_sderlss.exe, 00000000.00000000.2035896526.000000000024C000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameturbomailer.exe8 vs Orden#46789_2024_Optoflux_mexico_sderlss.exe
                      Source: Orden#46789_2024_Optoflux_mexico_sderlss.exe, 00000000.00000002.2237878639.0000000006BD0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMiPro.dll, vs Orden#46789_2024_Optoflux_mexico_sderlss.exe
                      Source: Orden#46789_2024_Optoflux_mexico_sderlss.exeBinary or memory string: OriginalFilenameturbomailer.exe8 vs Orden#46789_2024_Optoflux_mexico_sderlss.exe
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "vexplorerezz" /t REG_SZ /d "C:\Users\user\AppData\Roaming\vexplorerez.exe"
                      Source: 14.2.vexplorerez.exe.40dde62.5.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 0.2.Orden#46789_2024_Optoflux_mexico_sderlss.exe.4252ab2.1.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 0.2.Orden#46789_2024_Optoflux_mexico_sderlss.exe.43621a2.3.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 0.2.Orden#46789_2024_Optoflux_mexico_sderlss.exe.446d838.5.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 0.2.Orden#46789_2024_Optoflux_mexico_sderlss.exe.42da642.2.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 14.2.vexplorerez.exe.41659c2.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 14.2.vexplorerez.exe.40562d2.1.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 0.2.Orden#46789_2024_Optoflux_mexico_sderlss.exe.4296882.0.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 0.2.Orden#46789_2024_Optoflux_mexico_sderlss.exe.446d838.5.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 0.2.Orden#46789_2024_Optoflux_mexico_sderlss.exe.4296882.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 14.2.vexplorerez.exe.41659c2.0.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 14.2.vexplorerez.exe.409a0a2.4.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 14.2.vexplorerez.exe.41a9778.2.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 22.2.InstallUtil.exe.7b0000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 14.2.vexplorerez.exe.41a9778.2.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 0.2.Orden#46789_2024_Optoflux_mexico_sderlss.exe.42da642.2.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 0.2.Orden#46789_2024_Optoflux_mexico_sderlss.exe.43621a2.3.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 14.2.vexplorerez.exe.40dde62.5.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 0.2.Orden#46789_2024_Optoflux_mexico_sderlss.exe.4252ab2.1.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 14.2.vexplorerez.exe.409a0a2.4.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 14.2.vexplorerez.exe.40562d2.1.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 0.2.Orden#46789_2024_Optoflux_mexico_sderlss.exe.43621a2.3.raw.unpack, roEs93G.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 0.2.Orden#46789_2024_Optoflux_mexico_sderlss.exe.43621a2.3.raw.unpack, roEs93G.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 0.2.Orden#46789_2024_Optoflux_mexico_sderlss.exe.43621a2.3.raw.unpack, JQn0Aia1.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 0.2.Orden#46789_2024_Optoflux_mexico_sderlss.exe.43621a2.3.raw.unpack, JQn0Aia1.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
                      Source: 0.2.Orden#46789_2024_Optoflux_mexico_sderlss.exe.43621a2.3.raw.unpack, YsrmZ97b.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 0.2.Orden#46789_2024_Optoflux_mexico_sderlss.exe.43621a2.3.raw.unpack, YsrmZ97b.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 0.2.Orden#46789_2024_Optoflux_mexico_sderlss.exe.43621a2.3.raw.unpack, YsrmZ97b.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 0.2.Orden#46789_2024_Optoflux_mexico_sderlss.exe.43621a2.3.raw.unpack, YsrmZ97b.csCryptographic APIs: 'TransformFinalBlock'
                      Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@49/114@15/11
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Orden#46789_2024_Optoflux_mexico_sderlss.exe.logJump to behavior
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1076:120:WilError_03
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMutant created: NULL
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:320:120:WilError_03
                      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-06-27 03-04-48-810.logJump to behavior
                      Source: Orden#46789_2024_Optoflux_mexico_sderlss.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      Source: Orden#46789_2024_Optoflux_mexico_sderlss.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSystem information queried: HandleInformation
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: Orden#46789_2024_Optoflux_mexico_sderlss.exeVirustotal: Detection: 72%
                      Source: Orden#46789_2024_Optoflux_mexico_sderlss.exeReversingLabs: Detection: 65%
                      Source: Orden#46789_2024_Optoflux_mexico_sderlss.exeString found in binary or memory: -startup
                      Source: unknownProcess created: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exe "C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exe"
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeProcess created: C:\Windows\SysWOW64\cmd.exe "cmd" /c ping 127.0.0.1 -n 18 > nul && REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "vexplorerezz" /t REG_SZ /d "C:\Users\user\AppData\Roaming\vexplorerez.exe"
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 18
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeProcess created: C:\Windows\SysWOW64\cmd.exe "cmd" /c ping 127.0.0.1 -n 28 > nul && copy "C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exe" "C:\Users\user\AppData\Roaming\vexplorerez.exe" && ping 127.0.0.1 -n 28 > nul && "C:\Users\user\AppData\Roaming\vexplorerez.exe"
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 28
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "vexplorerezz" /t REG_SZ /d "C:\Users\user\AppData\Roaming\vexplorerez.exe"
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 28
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Roaming\vexplorerez.exe "C:\Users\user\AppData\Roaming\vexplorerez.exe"
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Roaming\PABILOS MOTORES #5 Y 6.pdf"
                      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
                      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2108 --field-trial-handle=1352,i,2708377033144525548,1194782887510116328,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
                      Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://verificacfdi.facturaelectronica.sat.gob.mx/?id=39CA617E-9953-41BD-9564-C41A1E1C5584&re=OOMM710314363&rr=PCM910225B86&tt=6090.00&fe=aUIAsQ==
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2396 --field-trial-handle=2232,i,15507267505217181504,13430371002107257238,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeProcess created: C:\Windows\SysWOW64\cmd.exe "cmd" /c ping 127.0.0.1 -n 18 > nul && REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "vexplorerezz" /t REG_SZ /d "C:\Users\user\AppData\Roaming\vexplorerez.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeProcess created: C:\Windows\SysWOW64\cmd.exe "cmd" /c ping 127.0.0.1 -n 28 > nul && copy "C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exe" "C:\Users\user\AppData\Roaming\vexplorerez.exe" && ping 127.0.0.1 -n 28 > nul && "C:\Users\user\AppData\Roaming\vexplorerez.exe"Jump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 18Jump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "vexplorerezz" /t REG_SZ /d "C:\Users\user\AppData\Roaming\vexplorerez.exe"Jump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 28Jump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 28Jump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Roaming\vexplorerez.exe "C:\Users\user\AppData\Roaming\vexplorerez.exe"Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Roaming\PABILOS MOTORES #5 Y 6.pdf"Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
                      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2108 --field-trial-handle=1352,i,2708377033144525548,1194782887510116328,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
                      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2396 --field-trial-handle=2232,i,15507267505217181504,13430371002107257238,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeSection loaded: rasapi32.dllJump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeSection loaded: rasman.dllJump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeSection loaded: rtutils.dllJump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeSection loaded: winhttp.dllJump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeSection loaded: dhcpcsvc6.dllJump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeSection loaded: dhcpcsvc.dllJump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeSection loaded: dnsapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeSection loaded: winnsi.dllJump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeSection loaded: rasadhlp.dllJump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeSection loaded: fwpuclnt.dllJump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeSection loaded: secur32.dllJump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeSection loaded: schannel.dllJump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeSection loaded: mskeyprotect.dllJump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeSection loaded: ntasn1.dllJump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeSection loaded: ncrypt.dllJump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeSection loaded: ncryptsslp.dllJump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeSection loaded: windowscodecs.dllJump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeSection loaded: dwrite.dllJump to behavior
                      Source: C:\Windows\SysWOW64\PING.EXESection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\PING.EXESection loaded: winnsi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\PING.EXESection loaded: mswsock.dllJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeSection loaded: ntmarta.dllJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Windows\SysWOW64\PING.EXESection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\PING.EXESection loaded: winnsi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\PING.EXESection loaded: mswsock.dllJump to behavior
                      Source: C:\Windows\SysWOW64\PING.EXESection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\PING.EXESection loaded: winnsi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\PING.EXESection loaded: mswsock.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: rasapi32.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: rasman.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: rtutils.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: winhttp.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: dhcpcsvc6.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: dhcpcsvc.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: dnsapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: winnsi.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: rasadhlp.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: fwpuclnt.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: secur32.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: schannel.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: mskeyprotect.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: ntasn1.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: ncrypt.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: ncryptsslp.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: windowscodecs.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: dwrite.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: propsys.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: edputil.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: urlmon.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: iertutil.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: srvcli.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: policymanager.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: msvcp110_win.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: appresolver.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: bcp47langs.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: slc.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: sppc.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mscoree.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: kernel.appcore.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: version.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vcruntime140_clr0400.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: uxtheme.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: windows.storage.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wldp.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: profapi.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptsp.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rsaenh.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptbase.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wbemcomn.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: amsi.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: userenv.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: sspicli.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasapi32.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasman.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rtutils.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mswsock.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winhttp.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ondemandconnroutehelper.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: iphlpapi.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc6.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dnsapi.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winnsi.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasadhlp.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: fwpuclnt.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vaultcli.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wintypes.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: secur32.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: schannel.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mskeyprotect.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ntasn1.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ncrypt.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ncryptsslp.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: msasn1.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dpapi.dll
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                      Source: Window RecorderWindow detected: More than 3 window changes detected
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\Profiles
                      Source: Orden#46789_2024_Optoflux_mexico_sderlss.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                      Source: Orden#46789_2024_Optoflux_mexico_sderlss.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

                      Data Obfuscation

                      barindex
                      Yara detected DarkTortilla Crypter
                      Source: Yara matchFile source: 0.2.Orden#46789_2024_Optoflux_mexico_sderlss.exe.6bd0000.6.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Orden#46789_2024_Optoflux_mexico_sderlss.exe.6bd0000.6.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Orden#46789_2024_Optoflux_mexico_sderlss.exe.43a9e50.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Orden#46789_2024_Optoflux_mexico_sderlss.exe.42da642.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Orden#46789_2024_Optoflux_mexico_sderlss.exe.43a9e50.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Orden#46789_2024_Optoflux_mexico_sderlss.exe.4296882.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 14.2.vexplorerez.exe.41659c2.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Orden#46789_2024_Optoflux_mexico_sderlss.exe.43621a2.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 14.2.vexplorerez.exe.40dde62.5.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Orden#46789_2024_Optoflux_mexico_sderlss.exe.4252ab2.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 14.2.vexplorerez.exe.409a0a2.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 14.2.vexplorerez.exe.40562d2.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000000.00000002.2231383633.00000000035D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000002.3909894478.0000000002FD9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2235407237.00000000043A9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2235407237.0000000004362000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2231383633.0000000003269000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2237878639.0000000006BD0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2231383633.0000000003199000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000002.3925932017.0000000004165000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000002.3925932017.0000000004012000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2235407237.000000000420E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: Orden#46789_2024_Optoflux_mexico_sderlss.exe PID: 6084, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: vexplorerez.exe PID: 6588, type: MEMORYSTR
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeCode function: 0_2_01515207 pushfd ; iretd 0_2_01515211
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeCode function: 0_2_01519740 push eax; ret 0_2_015197BA
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeCode function: 0_2_01519762 push eax; ret 0_2_015197BA
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeCode function: 0_2_01519762 push eax; ret 0_2_015197CA
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeCode function: 0_2_015197C0 push eax; ret 0_2_015197CA
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeCode function: 0_2_01519790 push eax; ret 0_2_0151979A
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeCode function: 0_2_01519790 push eax; ret 0_2_015197AA
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeCode function: 0_2_015197B0 push eax; ret 0_2_015197BA
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeCode function: 0_2_06B4BCD0 pushfd ; retn 0006h0_2_06B4BCD2
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeCode function: 0_2_06B4BD01 pushfd ; retn 0006h0_2_06B4BD02
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeCode function: 0_2_06B7DAD8 push 0000005Dh; ret 0_2_06B7DAFA
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeCode function: 0_2_06C9B611 push 9406C75Ch; iretd 0_2_06C9B61D
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeCode function: 0_2_06C9B419 push B406C75Bh; retf 0_2_06C9B425
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeCode function: 0_2_06C90E69 push esi; ret 0_2_06C90E6E
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeCode function: 0_2_06C92E78 push es; ret 0_2_06C92E7E
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeCode function: 0_2_06C91E0B pushfd ; ret 0_2_06C91E19
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeCode function: 0_2_06C92F7B push es; ret 0_2_06C92F7E
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeCode function: 0_2_06CC78A8 pushad ; iretd 0_2_06CC78A9
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeCode function: 0_2_06CC78AB push esp; iretd 0_2_06CC78B1
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeCode function: 0_2_06CC7908 pushfd ; iretd 0_2_06CC7909
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeCode function: 0_2_06CFBE7A push dword ptr [ebx+ebp-75h]; iretd 0_2_06CFBE85
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeCode function: 0_2_06CFBF75 push FFFFFF8Bh; iretd 0_2_06CFBF77
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeCode function: 0_2_06CF94D8 push es; ret 0_2_06CF9512
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeCode function: 0_2_06CF5C3D push esp; retn 0040h0_2_06CF5C3E
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 14_2_01145207 pushfd ; iretd 14_2_01145211
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 14_2_01149740 push eax; ret 14_2_011497BA
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 14_2_01149770 push eax; ret 14_2_0114979A
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 14_2_01149770 push eax; ret 14_2_011497AA
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 14_2_01149770 push eax; ret 14_2_011497BA
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 14_2_01149762 push eax; ret 14_2_011497BA
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeCode function: 14_2_01149762 push eax; ret 14_2_011497CA
                      Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Roaming\vexplorerez.exeJump to dropped file
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
                      Source: C:\Windows\SysWOW64\reg.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run vexplorerezzJump to behavior
                      Source: C:\Windows\SysWOW64\reg.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run vexplorerezzJump to behavior

                      Hooking and other Techniques for Hiding and Protection

                      barindex
                      Hides that the sample has been downloaded from the Internet (zone.identifier)
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeFile opened: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exe\:Zone.Identifier read attributes | deleteJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeFile opened: C:\Users\user\AppData\Roaming\vexplorerez.exe\:Zone.Identifier read attributes | deleteJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX

                      Malware Analysis System Evasion

                      barindex
                      Yara detected AntiVM3
                      Source: Yara matchFile source: Process Memory Space: Orden#46789_2024_Optoflux_mexico_sderlss.exe PID: 6084, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: vexplorerez.exe PID: 6588, type: MEMORYSTR
                      Check if machine is in data center or colocation facility
                      Source: global trafficHTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive
                      Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                      Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                      Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                      Source: Orden#46789_2024_Optoflux_mexico_sderlss.exe, 00000000.00000002.2235407237.0000000004362000.00000004.00000800.00020000.00000000.sdmp, Orden#46789_2024_Optoflux_mexico_sderlss.exe, 00000000.00000002.2235407237.000000000444F000.00000004.00000800.00020000.00000000.sdmp, Orden#46789_2024_Optoflux_mexico_sderlss.exe, 00000000.00000002.2235407237.000000000420E000.00000004.00000800.00020000.00000000.sdmp, vexplorerez.exe, 0000000E.00000002.3925932017.0000000003F91000.00000004.00000800.00020000.00000000.sdmp, vexplorerez.exe, 0000000E.00000002.3925932017.0000000004288000.00000004.00000800.00020000.00000000.sdmp, vexplorerez.exe, 0000000E.00000002.3925932017.0000000004012000.00000004.00000800.00020000.00000000.sdmp, vexplorerez.exe, 0000000E.00000002.3925932017.0000000004165000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000016.00000002.3577770513.00000000007B2000.00000040.00000400.00020000.00000000.sdmp, InstallUtil.exe, 00000018.00000002.4510325826.0000000003121000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
                      Uses ping.exe to sleep
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 18
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 28
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 28
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 18Jump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 28Jump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 28Jump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeMemory allocated: 1510000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeMemory allocated: 3150000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeMemory allocated: 1730000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeMemory allocated: 10D0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeMemory allocated: 2F90000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeMemory allocated: 2E00000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeMemory allocated: 88C0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeMemory allocated: 98C0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeMemory allocated: 9AA0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeMemory allocated: AAA0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeMemory allocated: AE70000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeMemory allocated: BE70000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeMemory allocated: CE70000 memory reserve | memory write watchJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 1340000 memory reserve | memory write watch
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 30F0000 memory reserve | memory write watch
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 1840000 memory reserve | memory write watch
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 922337203685477
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeWindow / User API: threadDelayed 1484Jump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeWindow / User API: threadDelayed 8067Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeWindow / User API: threadDelayed 2418Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeWindow / User API: threadDelayed 983Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWindow / User API: threadDelayed 1950
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWindow / User API: threadDelayed 7900
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exe TID: 4268Thread sleep time: -27670116110564310s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exe TID: 3376Thread sleep time: -30000s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exe TID: 2364Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exe TID: 4996Thread sleep time: -11990383647911201s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exe TID: 7556Thread sleep time: -63000s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exe TID: 7160Thread sleep time: -30000s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exe TID: 3680Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1380Thread sleep count: 37 > 30
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1380Thread sleep time: -34126476536362649s >= -30000s
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1380Thread sleep time: -100000s >= -30000s
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1380Thread sleep time: -99888s >= -30000s
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7164Thread sleep count: 1950 > 30
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7164Thread sleep count: 7900 > 30
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1380Thread sleep time: -99777s >= -30000s
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1380Thread sleep time: -99672s >= -30000s
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1380Thread sleep time: -99562s >= -30000s
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1380Thread sleep time: -99453s >= -30000s
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1380Thread sleep time: -99343s >= -30000s
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1380Thread sleep time: -99234s >= -30000s
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1380Thread sleep time: -99124s >= -30000s
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1380Thread sleep time: -99015s >= -30000s
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1380Thread sleep time: -98906s >= -30000s
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1380Thread sleep time: -98797s >= -30000s
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1380Thread sleep time: -98681s >= -30000s
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1380Thread sleep time: -98578s >= -30000s
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1380Thread sleep time: -98468s >= -30000s
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1380Thread sleep time: -98359s >= -30000s
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1380Thread sleep time: -98250s >= -30000s
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1380Thread sleep time: -98140s >= -30000s
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1380Thread sleep time: -98031s >= -30000s
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1380Thread sleep time: -97922s >= -30000s
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1380Thread sleep time: -97812s >= -30000s
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1380Thread sleep time: -97703s >= -30000s
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1380Thread sleep time: -97593s >= -30000s
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1380Thread sleep time: -97482s >= -30000s
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1380Thread sleep time: -97375s >= -30000s
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1380Thread sleep time: -97265s >= -30000s
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1380Thread sleep time: -97156s >= -30000s
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1380Thread sleep time: -97046s >= -30000s
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1380Thread sleep time: -96937s >= -30000s
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1380Thread sleep time: -96828s >= -30000s
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1380Thread sleep time: -99874s >= -30000s
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1380Thread sleep time: -99764s >= -30000s
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1380Thread sleep time: -99656s >= -30000s
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1380Thread sleep time: -99546s >= -30000s
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1380Thread sleep time: -99437s >= -30000s
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1380Thread sleep time: -99328s >= -30000s
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1380Thread sleep time: -99218s >= -30000s
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1380Thread sleep time: -99108s >= -30000s
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1380Thread sleep time: -99000s >= -30000s
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1380Thread sleep time: -98890s >= -30000s
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1380Thread sleep time: -98781s >= -30000s
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1380Thread sleep time: -98671s >= -30000s
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1380Thread sleep time: -98562s >= -30000s
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1380Thread sleep time: -98452s >= -30000s
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1380Thread sleep time: -98343s >= -30000s
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1380Thread sleep time: -98234s >= -30000s
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1380Thread sleep time: -98124s >= -30000s
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1380Thread sleep time: -98007s >= -30000s
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1380Thread sleep time: -97897s >= -30000s
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 922337203685477
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 100000
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 99888
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 99777
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 99672
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 99562
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 99453
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 99343
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 99234
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 99124
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 99015
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 98906
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 98797
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 98681
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 98578
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 98468
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 98359
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 98250
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 98140
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 98031
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 97922
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 97812
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 97703
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 97593
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 97482
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 97375
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 97265
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 97156
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 97046
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 96937
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 96828
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 99874
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 99764
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 99656
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 99546
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 99437
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 99328
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 99218
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 99108
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 99000
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 98890
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 98781
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 98671
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 98562
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 98452
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 98343
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 98234
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 98124
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 98007
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 97897
                      Source: InstallUtil.exe, 00000018.00000002.4510325826.0000000003121000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware
                      Source: Orden#46789_2024_Optoflux_mexico_sderlss.exe, 00000000.00000002.2235407237.00000000043A9000.00000004.00000800.00020000.00000000.sdmp, Orden#46789_2024_Optoflux_mexico_sderlss.exe, 00000000.00000002.2237878639.0000000006BD0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: VBoxTray
                      Source: Orden#46789_2024_Optoflux_mexico_sderlss.exe, 00000000.00000002.2237878639.0000000006BD0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: sandboxierpcssGSOFTWARE\VMware, Inc.\VMware VGAuth
                      Source: InstallUtil.exe, 00000018.00000002.4510325826.0000000003121000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmware
                      Source: Orden#46789_2024_Optoflux_mexico_sderlss.exe, 00000000.00000002.2226706832.00000000012A3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllN
                      Source: vexplorerez.exe, 0000000E.00000002.3907344740.000000000124C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllP
                      Source: InstallUtil.exe, 00000018.00000002.4516681359.00000000060B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dlle
                      Source: InstallUtil.exe, 00000016.00000002.3577770513.00000000007B2000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: VMwareVBox
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeProcess information queried: ProcessInformationJump to behavior

                      Anti Debugging

                      barindex
                      Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 24_2_018270B0 CheckRemoteDebuggerPresent,24_2_018270B0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess queried: DebugPort
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess token adjusted: Debug
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeMemory allocated: page read and write | page guardJump to behavior

                      HIPS / PFW / Operating System Protection Evasion

                      barindex
                      Allocates memory in foreign processes
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 7B0000 protect: page execute and read and writeJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000 protect: page execute and read and writeJump to behavior
                      Injects a PE file into a foreign processes
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 7B0000 value starts with: 4D5AJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000 value starts with: 4D5AJump to behavior
                      Writes to foreign memory regions
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 7B0000Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 7B2000Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 7F0000Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 7F2000Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 48C008Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 402000Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 440000Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 442000Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: D12008Jump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeProcess created: C:\Windows\SysWOW64\cmd.exe "cmd" /c ping 127.0.0.1 -n 18 > nul && REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "vexplorerezz" /t REG_SZ /d "C:\Users\user\AppData\Roaming\vexplorerez.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeProcess created: C:\Windows\SysWOW64\cmd.exe "cmd" /c ping 127.0.0.1 -n 28 > nul && copy "C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exe" "C:\Users\user\AppData\Roaming\vexplorerez.exe" && ping 127.0.0.1 -n 28 > nul && "C:\Users\user\AppData\Roaming\vexplorerez.exe"Jump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 18Jump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "vexplorerezz" /t REG_SZ /d "C:\Users\user\AppData\Roaming\vexplorerez.exe"Jump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 28Jump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 28Jump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Roaming\vexplorerez.exe "C:\Users\user\AppData\Roaming\vexplorerez.exe"Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Roaming\PABILOS MOTORES #5 Y 6.pdf"Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeQueries volume information: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeQueries volume information: C:\Users\user\AppData\Roaming\vexplorerez.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Roaming\vexplorerez.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe VolumeInformation
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
                      Source: C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                      Stealing of Sensitive Information

                      barindex
                      Yara detected AgentTesla
                      Source: Yara matchFile source: 14.2.vexplorerez.exe.40dde62.5.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Orden#46789_2024_Optoflux_mexico_sderlss.exe.4252ab2.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Orden#46789_2024_Optoflux_mexico_sderlss.exe.43621a2.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Orden#46789_2024_Optoflux_mexico_sderlss.exe.446d838.5.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Orden#46789_2024_Optoflux_mexico_sderlss.exe.42da642.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 14.2.vexplorerez.exe.41659c2.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 14.2.vexplorerez.exe.40562d2.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Orden#46789_2024_Optoflux_mexico_sderlss.exe.4296882.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Orden#46789_2024_Optoflux_mexico_sderlss.exe.446d838.5.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Orden#46789_2024_Optoflux_mexico_sderlss.exe.4296882.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 14.2.vexplorerez.exe.41659c2.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 14.2.vexplorerez.exe.409a0a2.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 14.2.vexplorerez.exe.41a9778.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 22.2.InstallUtil.exe.7b0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 14.2.vexplorerez.exe.41a9778.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Orden#46789_2024_Optoflux_mexico_sderlss.exe.42da642.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Orden#46789_2024_Optoflux_mexico_sderlss.exe.43621a2.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 14.2.vexplorerez.exe.40dde62.5.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Orden#46789_2024_Optoflux_mexico_sderlss.exe.4252ab2.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 14.2.vexplorerez.exe.409a0a2.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 14.2.vexplorerez.exe.40562d2.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000016.00000002.3577770513.00000000007B2000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000002.3925932017.0000000003F91000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2235407237.0000000004362000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000002.3925932017.0000000004288000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2235407237.000000000444F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000018.00000002.4510325826.0000000003171000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000018.00000002.4510325826.0000000003121000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000018.00000002.4510325826.000000000314E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000002.3925932017.0000000004165000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000002.3925932017.0000000004012000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2235407237.000000000420E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: Orden#46789_2024_Optoflux_mexico_sderlss.exe PID: 6084, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: vexplorerez.exe PID: 6588, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 7564, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 7784, type: MEMORYSTR
                      Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions
                      Tries to harvest and steal browser information (history, passwords, etc)
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.ini
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\8pecxstudios\Cyberfox\profiles.ini
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies
                      Tries to harvest and steal ftp login credentials
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\FTP Navigator\Ftplist.txt
                      Tries to steal Mail credentials (via file / registry access)
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities
                      Source: Yara matchFile source: 14.2.vexplorerez.exe.40dde62.5.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Orden#46789_2024_Optoflux_mexico_sderlss.exe.4252ab2.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Orden#46789_2024_Optoflux_mexico_sderlss.exe.43621a2.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Orden#46789_2024_Optoflux_mexico_sderlss.exe.446d838.5.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Orden#46789_2024_Optoflux_mexico_sderlss.exe.42da642.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 14.2.vexplorerez.exe.41659c2.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 14.2.vexplorerez.exe.40562d2.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Orden#46789_2024_Optoflux_mexico_sderlss.exe.4296882.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Orden#46789_2024_Optoflux_mexico_sderlss.exe.446d838.5.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 14.2.vexplorerez.exe.41659c2.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Orden#46789_2024_Optoflux_mexico_sderlss.exe.4296882.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 14.2.vexplorerez.exe.409a0a2.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 14.2.vexplorerez.exe.41a9778.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 22.2.InstallUtil.exe.7b0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 14.2.vexplorerez.exe.41a9778.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Orden#46789_2024_Optoflux_mexico_sderlss.exe.42da642.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Orden#46789_2024_Optoflux_mexico_sderlss.exe.43621a2.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 14.2.vexplorerez.exe.40dde62.5.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Orden#46789_2024_Optoflux_mexico_sderlss.exe.4252ab2.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 14.2.vexplorerez.exe.409a0a2.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 14.2.vexplorerez.exe.40562d2.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000016.00000002.3577770513.00000000007B2000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000002.3925932017.0000000003F91000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2235407237.0000000004362000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000002.3925932017.0000000004288000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2235407237.000000000444F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000018.00000002.4510325826.0000000003121000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000002.3925932017.0000000004165000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000002.3925932017.0000000004012000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2235407237.000000000420E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: Orden#46789_2024_Optoflux_mexico_sderlss.exe PID: 6084, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: vexplorerez.exe PID: 6588, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 7564, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 7784, type: MEMORYSTR

                      Remote Access Functionality

                      barindex
                      Yara detected AgentTesla
                      Source: Yara matchFile source: 14.2.vexplorerez.exe.40dde62.5.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Orden#46789_2024_Optoflux_mexico_sderlss.exe.4252ab2.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Orden#46789_2024_Optoflux_mexico_sderlss.exe.43621a2.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Orden#46789_2024_Optoflux_mexico_sderlss.exe.446d838.5.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Orden#46789_2024_Optoflux_mexico_sderlss.exe.42da642.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 14.2.vexplorerez.exe.41659c2.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 14.2.vexplorerez.exe.40562d2.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Orden#46789_2024_Optoflux_mexico_sderlss.exe.4296882.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Orden#46789_2024_Optoflux_mexico_sderlss.exe.446d838.5.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Orden#46789_2024_Optoflux_mexico_sderlss.exe.4296882.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 14.2.vexplorerez.exe.41659c2.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 14.2.vexplorerez.exe.409a0a2.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 14.2.vexplorerez.exe.41a9778.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 22.2.InstallUtil.exe.7b0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 14.2.vexplorerez.exe.41a9778.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Orden#46789_2024_Optoflux_mexico_sderlss.exe.42da642.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Orden#46789_2024_Optoflux_mexico_sderlss.exe.43621a2.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 14.2.vexplorerez.exe.40dde62.5.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Orden#46789_2024_Optoflux_mexico_sderlss.exe.4252ab2.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 14.2.vexplorerez.exe.409a0a2.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 14.2.vexplorerez.exe.40562d2.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000016.00000002.3577770513.00000000007B2000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000002.3925932017.0000000003F91000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2235407237.0000000004362000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000002.3925932017.0000000004288000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2235407237.000000000444F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000018.00000002.4510325826.0000000003171000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000018.00000002.4510325826.0000000003121000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000018.00000002.4510325826.000000000314E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000002.3925932017.0000000004165000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000002.3925932017.0000000004012000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2235407237.000000000420E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: Orden#46789_2024_Optoflux_mexico_sderlss.exe PID: 6084, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: vexplorerez.exe PID: 6588, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 7564, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 7784, type: MEMORYSTR

                      Mitre Att&ck Matrix

                      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                      Gather Victim Identity InformationAcquire Infrastructure1
                      Valid Accounts                      		231
                      Windows Management Instrumentation                      		1
                      DLL Side-Loading                      		1
                      DLL Side-Loading                      		1
                      Disable or Modify Tools                      		2
                      OS Credential Dumping                      		1
                      File and Directory Discovery                      		Remote Services11
                      Archive Collected Data                      		1
                      Ingress Tool Transfer                      		Exfiltration Over Other Network MediumAbuse Accessibility Features
                      CredentialsDomainsDefault Accounts2
                      Command and Scripting Interpreter                      		1
                      Valid Accounts                      		1
                      Valid Accounts                      		1
                      Deobfuscate/Decode Files or Information                      		1
                      Input Capture                      		35
                      System Information Discovery                      		Remote Desktop Protocol2
                      Data from Local System                      		11
                      Encrypted Channel                      		Exfiltration Over BluetoothNetwork Denial of Service
                      Email AddressesDNS ServerDomain AccountsAt11
                      Registry Run Keys / Startup Folder                      		1
                      Access Token Manipulation                      		2
                      Obfuscated Files or Information                      		1
                      Credentials in Registry                      		1
                      Query Registry                      		SMB/Windows Admin Shares1
                      Email Collection                      		1
                      Non-Standard Port                      		Automated ExfiltrationData Encrypted for Impact
                      Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook311
                      Process Injection                      		1
                      DLL Side-Loading                      		NTDS631
                      Security Software Discovery                      		Distributed Component Object Model1
                      Input Capture                      		2
                      Non-Application Layer Protocol                      		Traffic DuplicationData Destruction
                      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script11
                      Registry Run Keys / Startup Folder                      		1
                      Masquerading                      		LSA Secrets2
                      Process Discovery                      		SSHKeylogging13
                      Application Layer Protocol                      		Scheduled TransferData Encrypted for Impact
                      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                      Valid Accounts                      		Cached Domain Credentials261
                      Virtualization/Sandbox Evasion                      		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                      Modify Registry                      		DCSync1
                      Application Window Discovery                      		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                      Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                      Access Token Manipulation                      		Proc Filesystem1
                      Remote System Discovery                      		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                      Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt261
                      Virtualization/Sandbox Evasion                      		/etc/passwd and /etc/shadow1
                      System Network Configuration Discovery                      		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                      IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron311
                      Process Injection                      		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
                      Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd1
                      Hidden Files and Directories                      		Input CaptureSystem Network Connections DiscoverySoftware Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet
                      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1463474 Sample: Orden#46789_2024_Optoflux_m... Startdate: 27/06/2024 Architecture: WINDOWS Score: 100 62 smtp.zoho.eu 2->62 64 ip-api.com 2->64 66 www.google.com 2->66 92 Found malware configuration 2->92 94 Malicious sample detected (through community Yara rule) 2->94 96 Multi AV Scanner detection for submitted file 2->96 98 8 other signatures 2->98 11 Orden#46789_2024_Optoflux_mexico_sderlss.exe 14 3 2->11         started        16 chrome.exe 2->16         started        signatures3 process4 dnsIp5 82 www.google.com 142.250.186.68, 443, 49705, 58865 GOOGLEUS United States 11->82 60 Orden#46789_2024_O...ico_sderlss.exe.log, ASCII 11->60 dropped 126 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 11->126 128 Hides that the sample has been downloaded from the Internet (zone.identifier) 11->128 18 cmd.exe 3 11->18         started        22 cmd.exe 1 11->22         started        84 192.168.2.5, 138, 443, 49674 unknown unknown 16->84 86 239.255.255.250 unknown Reserved 16->86 24 chrome.exe 16->24         started        file6 signatures7 process8 dnsIp9 56 C:\Users\user\AppData\...\vexplorerez.exe, PE32 18->56 dropped 58 C:\Users\...\vexplorerez.exe:Zone.Identifier, ASCII 18->58 dropped 100 Uses ping.exe to sleep 18->100 27 vexplorerez.exe 17 5 18->27         started        30 conhost.exe 18->30         started        32 PING.EXE 1 18->32         started        34 PING.EXE 1 18->34         started        102 Uses ping.exe to check the status of other devices and networks 22->102 36 PING.EXE 1 22->36         started        39 conhost.exe 22->39         started        41 reg.exe 1 1 22->41         started        76 142.250.184.228, 443, 58891, 58935 GOOGLEUS United States 24->76 78 sb.scorecardresearch.com 18.244.18.27, 443, 58896, 58901 AMAZON-02US United States 24->78 80 2 other IPs or domains 24->80 file10 signatures11 process12 dnsIp13 104 Multi AV Scanner detection for dropped file 27->104 106 Machine Learning detection for dropped file 27->106 108 Writes to foreign memory regions 27->108 110 3 other signatures 27->110 43 InstallUtil.exe 27->43         started        47 InstallUtil.exe 27->47         started        49 Acrobat.exe 63 27->49         started        68 127.0.0.1 unknown unknown 36->68 signatures14 process15 dnsIp16 88 ip-api.com 208.95.112.1, 58931, 80 TUT-ASUS United States 43->88 90 smtp.zoho.eu 185.230.214.164, 587, 58932, 58933 COMPUTERLINEComputerlineSchlierbachSwitzerlandCH Netherlands 43->90 112 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 43->112 114 Tries to steal Mail credentials (via file / registry access) 43->114 116 Tries to harvest and steal ftp login credentials 43->116 118 Tries to harvest and steal browser information (history, passwords, etc) 43->118 120 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 47->120 122 Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) 47->122 124 Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent) 47->124 51 AcroCEF.exe 107 49->51         started        signatures17 process18 process19 53 AcroCEF.exe 51->53         started        dnsIp20 70 23.51.56.185, 443, 58907 TMNET-AS-APTMNetInternetServiceProviderMY United States 53->70 72 52.202.204.11, 443, 58914, 58916 AMAZON-AESUS United States 53->72 74 23.47.168.24, 443, 58929 AKAMAI-ASUS United States 53->74

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      Orden#46789_2024_Optoflux_mexico_sderlss.exe73%VirustotalBrowse
                      Orden#46789_2024_Optoflux_mexico_sderlss.exe66%ReversingLabsByteCode-MSIL.Hacktool.Aikaantivm
                      Orden#46789_2024_Optoflux_mexico_sderlss.exe100%Joe Sandbox ML

                      Dropped Files

                      SourceDetectionScannerLabelLink
                      C:\Users\user\AppData\Roaming\vexplorerez.exe100%Joe Sandbox ML
                      C:\Users\user\AppData\Roaming\vexplorerez.exe66%ReversingLabsByteCode-MSIL.Hacktool.Aikaantivm
                      C:\Users\user\AppData\Roaming\vexplorerez.exe73%VirustotalBrowse

                      Unpacked PE Files

                      No Antivirus matches

                      Domains

                      SourceDetectionScannerLabelLink
                      smtp.zoho.eu0%VirustotalBrowse
                      sb.scorecardresearch.com0%VirustotalBrowse
                      www.google.com0%VirustotalBrowse
                      ip-api.com0%VirustotalBrowse
                      verificacfdi.facturaelectronica.sat.gob.mx0%VirustotalBrowse

                      URLs

                      SourceDetectionScannerLabelLink
                      https://bugs.webkit.org/show_bug.cgi?id=1368510%URL Reputationsafe
                      http://jquery.org/license0%URL Reputationsafe
                      https://jsperf.com/thor-indexof-vs-for/50%URL Reputationsafe
                      https://bugs.jquery.com/ticket/123590%URL Reputationsafe
                      http://jqueryui.com0%URL Reputationsafe
                      https://web.archive.org/web/20100324014747/http://blindsignals.com/index.php/2009/07/jquery-delay/0%URL Reputationsafe
                      https://html.spec.whatwg.org/#strip-and-collapse-whitespace0%URL Reputationsafe
                      https://promisesaplus.com/#point-750%URL Reputationsafe
                      https://web.archive.org/web/20141116233347/http://fluidproject.org/blog/2008/01/09/getting-setting-a0%URL Reputationsafe
                      https://drafts.csswg.org/cssom/#common-serializing-idioms0%URL Reputationsafe
                      https://html.spec.whatwg.org/multipage/forms.html#concept-fe-disabled0%URL Reputationsafe
                      https://html.spec.whatwg.org/multipage/forms.html#concept-fe-disabled0%URL Reputationsafe
                      https://bugs.webkit.org/show_bug.cgi?id=290840%URL Reputationsafe
                      https://html.spec.whatwg.org/multipage/forms.html#concept-option-disabled0%URL Reputationsafe
                      https://bugs.chromium.org/p/chromium/issues/detail?id=3786070%URL Reputationsafe
                      https://bugzilla.mozilla.org/show_bug.cgi?id=6877870%URL Reputationsafe
                      http://ip-api.com0%URL Reputationsafe
                      https://bugs.chromium.org/p/chromium/issues/detail?id=4702580%URL Reputationsafe
                      https://bugs.jquery.com/ticket/133780%URL Reputationsafe
                      https://promisesaplus.com/#point-640%URL Reputationsafe
                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
                      https://promisesaplus.com/#point-610%URL Reputationsafe
                      https://drafts.csswg.org/cssom/#resolved-values0%URL Reputationsafe
                      https://account.dyn.com/0%URL Reputationsafe
                      https://bugs.chromium.org/p/chromium/issues/detail?id=5893470%URL Reputationsafe
                      https://html.spec.whatwg.org/multipage/syntax.html#attributes-20%URL Reputationsafe
                      https://promisesaplus.com/#point-590%URL Reputationsafe
                      https://jsperf.com/getall-vs-sizzle/20%URL Reputationsafe
                      https://promisesaplus.com/#point-570%URL Reputationsafe
                      https://promisesaplus.com/#point-540%URL Reputationsafe
                      https://html.spec.whatwg.org/multipage/forms.html#category-listed0%URL Reputationsafe
                      http://modernizr.com/download/#-shiv-printshiv-load-mq-cssclasses-svg0%Avira URL Cloudsafe
                      https://html.spec.whatwg.org/multipage/scripting.html#selector-disabled0%URL Reputationsafe
                      https://www.google.com/images/branding/googlelogo/1x/googlelogo_color_272x92dp.png0%Avira URL Cloudsafe
                      http://cdp.thawte.com/ThawteTLSRSACAG1.crl0p0%Avira URL Cloudsafe
                      https://developer.mozilla.org/en-US/docs/CSS/display0%URL Reputationsafe
                      https://jquery.org/license0%URL Reputationsafe
                      https://jquery.com/0%URL Reputationsafe
                      https://ipinfo.io/0%URL Reputationsafe
                      https://bugs.webkit.org/show_bug.cgi?id=1373370%URL Reputationsafe
                      https://html.spec.whatwg.org/multipage/scripting.html#selector-enabled0%URL Reputationsafe
                      https://promisesaplus.com/#point-480%URL Reputationsafe
                      https://sizzlejs.com/0%URL Reputationsafe
                      https://bugs.chromium.org/p/chromium/issues/detail?id=4498570%URL Reputationsafe
                      http://ip-api.com/line/?fields=hosting0%URL Reputationsafe
                      http://purl.oen0%Avira URL Cloudsafe
                      https://sb.scorecardresearch.com/p?c1=2&c2=17183199&ns_site=0%Avira URL Cloudsafe
                      https://github.com/eslint/eslint/issues/61250%Avira URL Cloudsafe
                      https://www.google.com0%Avira URL Cloudsafe
                      https://www.google.com/images/branding/googlelogo/1x/googlelogo_color_272x92dp.png0%VirustotalBrowse
                      https://github.com/jquery/jquery/pull/557)0%VirustotalBrowse
                      https://www.google.com0%VirustotalBrowse
                      https://github.com/jquery/jquery/pull/557)0%Avira URL Cloudsafe
                      https://sb.scorecardresearch.com/p?c1=2&c2=17183199&ns_site=gobmx&name=verificacfdi.facturaelectronica.index0%Avira URL Cloudsafe
                      https://sat.gob.mx0%Avira URL Cloudsafe
                      http://cdp.thawte.com/ThawteTLSRSACAG1.crl0p0%VirustotalBrowse
                      https://github.com/jrburke/requirejs/wiki/Updating-existing-libraries#wiki-anon0%Avira URL Cloudsafe
                      http://modernizr.com/download/#-shiv-printshiv-load-mq-cssclasses-svg0%VirustotalBrowse
                      http://status.thawte.com0:0%Avira URL Cloudsafe
                      https://github.com/eslint/eslint/issues/61250%VirustotalBrowse
                      https://consultapublicamx.inai.org.mx/vut-web/0%Avira URL Cloudsafe
                      https://sb.scorecardresearch.com/p?c1=2&c2=17183199&ns_site=gobmx&name=verificacfdi.facturaelectronica.index0%VirustotalBrowse
                      http://getbootstrap.com)0%Avira URL Cloudsafe
                      http://www.gob.mx/0%Avira URL Cloudsafe
                      https://github.com/jrburke/requirejs/wiki/Updating-existing-libraries#wiki-anon0%VirustotalBrowse
                      https://framework-gb.cdn.gob.mx/0%Avira URL Cloudsafe
                      https://sat.gob.mxXIDv10No0%Avira URL Cloudsafe
                      https://sat.gob.mx0%VirustotalBrowse
                      https://www.gob.mx/0%Avira URL Cloudsafe
                      https://www.gob.mx/subscribe0%Avira URL Cloudsafe
                      https://datos.gob.mx/0%Avira URL Cloudsafe
                      https://framework-gb.cdn.gob.mx/0%VirustotalBrowse
                      http://www.gob.mx/1%VirustotalBrowse
                      http://www.ordenjuridico.gob.mx/0%Avira URL Cloudsafe
                      https://consultapublicamx.inai.org.mx/vut-web/0%VirustotalBrowse
                      https://bugzilla.mozilla.org/show_bug.cgi?id=6492850%Avira URL Cloudsafe
                      https://sb.scorecardresearch.com/p2?c1=2&c2=17183199&ns_site=gobmx&name=verificacfdi.facturaelectronica.index0%Avira URL Cloudsafe
                      https://datos.gob.mx/0%VirustotalBrowse
                      https://github.com/eslint/eslint/issues/32290%Avira URL Cloudsafe
                      https://sat.gob.mxXID/0%Avira URL Cloudsafe
                      https://www.gob.mx/subscribe0%VirustotalBrowse
                      https://bugzilla.mozilla.org/show_bug.cgi?id=6492850%VirustotalBrowse
                      http://www.ordenjuridico.gob.mx/0%VirustotalBrowse
                      https://twitter.com/GobiernoMX0%Avira URL Cloudsafe
                      http://cacerts.thawte.com/ThawteTLSRSACAG1.crt00%Avira URL Cloudsafe
                      https://github.com/eslint/eslint/issues/32290%VirustotalBrowse
                      https://sb.scorecardresearch.com/p2?c1=2&c2=17183199&ns_site=gobmx&name=verificacfdi.facturaelectronica.index1%VirustotalBrowse
                      http://smtp.zoho.eu0%Avira URL Cloudsafe
                      http://www.participa.gob.mx/0%Avira URL Cloudsafe
                      http://cacerts.thawte.com/ThawteTLSRSACAG1.crt00%VirustotalBrowse
                      https://github.com/twbs/bootstrap/blob/master/LICENSE)0%Avira URL Cloudsafe
                      https://twitter.com/GobiernoMX0%VirustotalBrowse
                      https://github.com/h5bp/html5-boilerplate/blob/master/src/css/main.css0%Avira URL Cloudsafe
                      https://html.spec.whatwg.org/multipage/infrastructure.html#strip-and-collapse-whitespace0%Avira URL Cloudsafe
                      https://github.com/jquery/sizzle/pull/2250%Avira URL Cloudsafe
                      http://smtp.zoho.eu0%VirustotalBrowse
                      https://www.gob.mx/1%VirustotalBrowse
                      http://www.participa.gob.mx/0%VirustotalBrowse
                      https://bugzilla.mozilla.org/show_bug.cgi?id=4916680%Avira URL Cloudsafe
                      https://github.com/h5bp/html5-boilerplate/blob/master/src/css/main.css0%VirustotalBrowse

                      Domains and IPs

                      Contacted Domains

                      NameIPActiveMaliciousAntivirus DetectionReputation
                      smtp.zoho.eu
                      		185.230.214.164
                      		truetrueunknown
                      sb.scorecardresearch.com
                      		18.244.18.27
                      		truefalseunknown
                      www.google.com
                      		142.250.186.68
                      		truefalseunknown
                      ip-api.com
                      		208.95.112.1
                      		truetrueunknown
                      verificacfdi.facturaelectronica.sat.gob.mx
                      		unknown
                      		unknownfalseunknown

                      Contacted URLs

                      NameMaliciousAntivirus DetectionReputation
                      https://verificacfdi.facturaelectronica.sat.gob.mx/?id=39CA617E-9953-41BD-9564-C41A1E1C5584&re=OOMM710314363&rr=PCM910225B86&tt=6090.00&fe=aUIAsQ==false
                        		unknown
                        https://www.google.com/images/branding/googlelogo/1x/googlelogo_color_272x92dp.pngfalse
                        • 0%, Virustotal, Browse
                        • Avira URL Cloud: safe
                        		unknown
                        https://sb.scorecardresearch.com/p?c1=2&c2=17183199&ns_site=gobmx&name=verificacfdi.facturaelectronica.indexfalse
                        • 0%, Virustotal, Browse
                        • Avira URL Cloud: safe
                        		unknown
                        https://sb.scorecardresearch.com/p2?c1=2&c2=17183199&ns_site=gobmx&name=verificacfdi.facturaelectronica.indexfalse
                        • 1%, Virustotal, Browse
                        • Avira URL Cloud: safe
                        		unknown
                        https://ipinfo.io/false
                        • URL Reputation: safe
                        		unknown
                        http://ip-api.com/line/?fields=hostingfalse
                        • URL Reputation: safe
                        		unknown

                        URLs from Memory and Binaries

                        NameSourceMaliciousAntivirus DetectionReputation
                        https://bugs.webkit.org/show_bug.cgi?id=136851chromecache_202.19.drfalse
                        • URL Reputation: safe
                        		unknown
                        http://jquery.org/licensechromecache_202.19.drfalse
                        • URL Reputation: safe
                        		unknown
                        http://modernizr.com/download/#-shiv-printshiv-load-mq-cssclasses-svgchromecache_227.19.drfalse
                        • 0%, Virustotal, Browse
                        • Avira URL Cloud: safe
                        		unknown
                        https://jsperf.com/thor-indexof-vs-for/5chromecache_202.19.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://bugs.jquery.com/ticket/12359chromecache_202.19.drfalse
                        • URL Reputation: safe
                        		unknown
                        http://cdp.thawte.com/ThawteTLSRSACAG1.crl0pInstallUtil.exe, 00000018.00000002.4510325826.00000000032B8000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000018.00000002.4510325826.0000000003154000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000018.00000002.4507468284.0000000000FED000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000018.00000002.4516681359.00000000060B0000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000018.00000002.4516681359.0000000006119000.00000004.00000020.00020000.00000000.sdmpfalse
                        • 0%, Virustotal, Browse
                        • Avira URL Cloud: safe
                        		unknown
                        http://jqueryui.comchromecache_205.19.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://web.archive.org/web/20100324014747/http://blindsignals.com/index.php/2009/07/jquery-delay/chromecache_202.19.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://html.spec.whatwg.org/#strip-and-collapse-whitespacechromecache_202.19.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://promisesaplus.com/#point-75chromecache_202.19.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://web.archive.org/web/20141116233347/http://fluidproject.org/blog/2008/01/09/getting-setting-achromecache_202.19.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://drafts.csswg.org/cssom/#common-serializing-idiomschromecache_202.19.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://html.spec.whatwg.org/multipage/forms.html#concept-fe-disabledchromecache_202.19.drfalse
                        • URL Reputation: safe
                        • URL Reputation: safe
                        		unknown
                        https://bugs.webkit.org/show_bug.cgi?id=29084chromecache_202.19.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://sb.scorecardresearch.com/p?c1=2&c2=17183199&ns_site=chromecache_204.19.dr, chromecache_221.19.drfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://purl.oenOrden#46789_2024_Optoflux_mexico_sderlss.exe, 00000000.00000002.2238794058.0000000006F38000.00000004.00000020.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://github.com/eslint/eslint/issues/6125chromecache_202.19.drfalse
                        • 0%, Virustotal, Browse
                        • Avira URL Cloud: safe
                        		unknown
                        https://www.google.comOrden#46789_2024_Optoflux_mexico_sderlss.exe, 00000000.00000002.2231383633.0000000003151000.00000004.00000800.00020000.00000000.sdmp, vexplorerez.exe, 0000000E.00000002.3909894478.0000000002F91000.00000004.00000800.00020000.00000000.sdmpfalse
                        • 0%, Virustotal, Browse
                        • Avira URL Cloud: safe
                        		unknown
                        https://html.spec.whatwg.org/multipage/forms.html#concept-option-disabledchromecache_202.19.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://github.com/jquery/jquery/pull/557)chromecache_202.19.drfalse
                        • 0%, Virustotal, Browse
                        • Avira URL Cloud: safe
                        		unknown
                        https://bugs.chromium.org/p/chromium/issues/detail?id=378607chromecache_202.19.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://sat.gob.mxInstallUtil.exe, 00000018.00000002.4510325826.0000000003179000.00000004.00000800.00020000.00000000.sdmpfalse
                        • 0%, Virustotal, Browse
                        • Avira URL Cloud: safe
                        		unknown
                        https://github.com/jrburke/requirejs/wiki/Updating-existing-libraries#wiki-anonchromecache_202.19.drfalse
                        • 0%, Virustotal, Browse
                        • Avira URL Cloud: safe
                        		unknown
                        http://status.thawte.com0:InstallUtil.exe, 00000018.00000002.4510325826.00000000032B8000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000018.00000002.4510325826.0000000003154000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000018.00000002.4507468284.0000000000FED000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000018.00000002.4516681359.00000000060B0000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000018.00000002.4516681359.0000000006119000.00000004.00000020.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://consultapublicamx.inai.org.mx/vut-web/chromecache_204.19.dr, chromecache_221.19.drfalse
                        • 0%, Virustotal, Browse
                        • Avira URL Cloud: safe
                        		unknown
                        http://getbootstrap.com)chromecache_205.19.drfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://bugzilla.mozilla.org/show_bug.cgi?id=687787chromecache_202.19.drfalse
                        • URL Reputation: safe
                        		unknown
                        http://ip-api.comInstallUtil.exe, 00000018.00000002.4510325826.00000000030F1000.00000004.00000800.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://bugs.chromium.org/p/chromium/issues/detail?id=470258chromecache_202.19.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://bugs.jquery.com/ticket/13378chromecache_202.19.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://promisesaplus.com/#point-64chromecache_202.19.drfalse
                        • URL Reputation: safe
                        		unknown
                        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameOrden#46789_2024_Optoflux_mexico_sderlss.exe, 00000000.00000002.2231383633.0000000003151000.00000004.00000800.00020000.00000000.sdmp, vexplorerez.exe, 0000000E.00000002.3909894478.0000000002F91000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000018.00000002.4510325826.00000000030F1000.00000004.00000800.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        http://www.gob.mx/chromecache_209.19.drfalse
                        • 1%, Virustotal, Browse
                        • Avira URL Cloud: safe
                        		unknown
                        https://framework-gb.cdn.gob.mx/chromecache_227.19.dr, chromecache_204.19.dr, chromecache_221.19.drfalse
                        • 0%, Virustotal, Browse
                        • Avira URL Cloud: safe
                        		unknown
                        https://promisesaplus.com/#point-61chromecache_202.19.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://sat.gob.mxXIDv10NoInstallUtil.exe, 00000018.00000002.4510325826.0000000003179000.00000004.00000800.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://www.gob.mx/chromecache_204.19.dr, chromecache_221.19.drfalse
                        • 1%, Virustotal, Browse
                        • Avira URL Cloud: safe
                        		unknown
                        https://datos.gob.mx/chromecache_204.19.dr, chromecache_221.19.drfalse
                        • 0%, Virustotal, Browse
                        • Avira URL Cloud: safe
                        		unknown
                        https://www.gob.mx/subscribechromecache_204.19.dr, chromecache_221.19.drfalse
                        • 0%, Virustotal, Browse
                        • Avira URL Cloud: safe
                        		unknown
                        https://drafts.csswg.org/cssom/#resolved-valueschromecache_202.19.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://account.dyn.com/Orden#46789_2024_Optoflux_mexico_sderlss.exe, 00000000.00000002.2235407237.0000000004362000.00000004.00000800.00020000.00000000.sdmp, Orden#46789_2024_Optoflux_mexico_sderlss.exe, 00000000.00000002.2235407237.000000000444F000.00000004.00000800.00020000.00000000.sdmp, Orden#46789_2024_Optoflux_mexico_sderlss.exe, 00000000.00000002.2235407237.000000000420E000.00000004.00000800.00020000.00000000.sdmp, vexplorerez.exe, 0000000E.00000002.3925932017.0000000003F91000.00000004.00000800.00020000.00000000.sdmp, vexplorerez.exe, 0000000E.00000002.3925932017.0000000004288000.00000004.00000800.00020000.00000000.sdmp, vexplorerez.exe, 0000000E.00000002.3925932017.0000000004012000.00000004.00000800.00020000.00000000.sdmp, vexplorerez.exe, 0000000E.00000002.3925932017.0000000004165000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000016.00000002.3577770513.00000000007B2000.00000040.00000400.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://bugs.chromium.org/p/chromium/issues/detail?id=589347chromecache_202.19.drfalse
                        • URL Reputation: safe
                        		unknown
                        http://www.ordenjuridico.gob.mx/chromecache_204.19.dr, chromecache_221.19.drfalse
                        • 0%, Virustotal, Browse
                        • Avira URL Cloud: safe
                        		unknown
                        https://bugzilla.mozilla.org/show_bug.cgi?id=649285chromecache_202.19.drfalse
                        • 0%, Virustotal, Browse
                        • Avira URL Cloud: safe
                        		unknown
                        https://html.spec.whatwg.org/multipage/syntax.html#attributes-2chromecache_202.19.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://promisesaplus.com/#point-59chromecache_202.19.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://jsperf.com/getall-vs-sizzle/2chromecache_202.19.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://promisesaplus.com/#point-57chromecache_202.19.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://github.com/eslint/eslint/issues/3229chromecache_202.19.drfalse
                        • 0%, Virustotal, Browse
                        • Avira URL Cloud: safe
                        		unknown
                        https://sat.gob.mxXID/InstallUtil.exe, 00000018.00000002.4510325826.0000000003179000.00000004.00000800.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://promisesaplus.com/#point-54chromecache_202.19.drfalse
                        • URL Reputation: safe
                        		unknown
                        http://cacerts.thawte.com/ThawteTLSRSACAG1.crt0InstallUtil.exe, 00000018.00000002.4510325826.00000000032B8000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000018.00000002.4510325826.0000000003154000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000018.00000002.4507468284.0000000000FED000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000018.00000002.4516681359.00000000060B0000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000018.00000002.4516681359.0000000006119000.00000004.00000020.00020000.00000000.sdmpfalse
                        • 0%, Virustotal, Browse
                        • Avira URL Cloud: safe
                        		unknown
                        https://twitter.com/GobiernoMXchromecache_204.19.dr, chromecache_221.19.drfalse
                        • 0%, Virustotal, Browse
                        • Avira URL Cloud: safe
                        		unknown
                        http://smtp.zoho.euInstallUtil.exe, 00000018.00000002.4510325826.00000000032B8000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000018.00000002.4510325826.0000000003154000.00000004.00000800.00020000.00000000.sdmpfalse
                        • 0%, Virustotal, Browse
                        • Avira URL Cloud: safe
                        		unknown
                        https://html.spec.whatwg.org/multipage/forms.html#category-listedchromecache_202.19.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://html.spec.whatwg.org/multipage/scripting.html#selector-disabledchromecache_202.19.drfalse
                        • URL Reputation: safe
                        		unknown
                        http://www.participa.gob.mx/chromecache_204.19.dr, chromecache_221.19.drfalse
                        • 0%, Virustotal, Browse
                        • Avira URL Cloud: safe
                        		unknown
                        https://developer.mozilla.org/en-US/docs/CSS/displaychromecache_202.19.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://jquery.org/licensechromecache_202.19.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://jquery.com/chromecache_202.19.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://bugs.webkit.org/show_bug.cgi?id=137337chromecache_202.19.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://html.spec.whatwg.org/multipage/scripting.html#selector-enabledchromecache_202.19.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://github.com/twbs/bootstrap/blob/master/LICENSE)chromecache_205.19.drfalse
                        • 0%, Virustotal, Browse
                        • Avira URL Cloud: safe
                        		unknown
                        https://promisesaplus.com/#point-48chromecache_202.19.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://github.com/h5bp/html5-boilerplate/blob/master/src/css/main.csschromecache_205.19.drfalse
                        • 0%, Virustotal, Browse
                        • Avira URL Cloud: safe
                        		unknown
                        https://github.com/jquery/sizzle/pull/225chromecache_202.19.drfalse
                        • 0%, Virustotal, Browse
                        • Avira URL Cloud: safe
                        		unknown
                        https://html.spec.whatwg.org/multipage/infrastructure.html#strip-and-collapse-whitespacechromecache_202.19.drfalse
                        • 0%, Virustotal, Browse
                        • Avira URL Cloud: safe
                        		unknown
                        https://bugzilla.mozilla.org/show_bug.cgi?id=491668chromecache_202.19.drfalse
                        • 0%, Virustotal, Browse
                        • Avira URL Cloud: safe
                        		unknown
                        https://sizzlejs.com/chromecache_202.19.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://bugs.chromium.org/p/chromium/issues/detail?id=449857chromecache_202.19.drfalse
                        • URL Reputation: safe
                        		unknown

                        World Map of Contacted IPs

                        • No. of IPs < 25%
                        • 25% < No. of IPs < 50%
                        • 50% < No. of IPs < 75%
                        • 75% < No. of IPs

                        Public IPs

                        IPDomainCountryFlagASNASN NameMalicious
                        142.250.186.68
                        		www.google.comUnited States
                        		15169GOOGLEUSfalse
                        52.202.204.11
                        		unknownUnited States
                        		14618AMAZON-AESUSfalse
                        18.244.18.27
                        		sb.scorecardresearch.comUnited States
                        		16509AMAZON-02USfalse
                        23.51.56.185
                        		unknownUnited States
                        		4788TMNET-AS-APTMNetInternetServiceProviderMYfalse
                        23.47.168.24
                        		unknownUnited States
                        		16625AKAMAI-ASUSfalse
                        208.95.112.1
                        		ip-api.comUnited States
                        		53334TUT-ASUStrue
                        239.255.255.250
                        		unknownReserved
                        		unknownunknownfalse
                        185.230.214.164
                        		smtp.zoho.euNetherlands
                        		41913COMPUTERLINEComputerlineSchlierbachSwitzerlandCHtrue
                        142.250.184.228
                        		unknownUnited States
                        		15169GOOGLEUSfalse

                        Private

                        IP
                        192.168.2.5
                        127.0.0.1

                        General Information

                        Joe Sandbox version:40.0.0 Tourmaline
                        Analysis ID:1463474
                        Start date and time:2024-06-27 09:01:35 +02:00
                        Joe Sandbox product:CloudBasic
                        Overall analysis duration:0h 11m 16s
                        Hypervisor based Inspection enabled:false
                        Report type:full
                        Cookbook file name:default.jbs
                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                        Number of analysed new started processes analysed:26
                        Number of new started drivers analysed:0
                        Number of existing processes analysed:0
                        Number of existing drivers analysed:0
                        Number of injected processes analysed:0
                        Technologies:
                        • HCA enabled
                        • EGA enabled
                        • AMSI enabled
                        Analysis Mode:default
                        Analysis stop reason:Timeout
                        Sample name:Orden#46789_2024_Optoflux_mexico_sderlss.exe
                        Detection:MAL
                        Classification:mal100.troj.spyw.evad.winEXE@49/114@15/11
                        EGA Information:
                        • Successful, ratio: 100%
                        HCA Information:
                        • Successful, ratio: 96%
                        • Number of executed functions: 254
                        • Number of non-executed functions: 11
                        Cookbook Comments:
                        • Found application associated with file extension: .exe
                        • Override analysis time to 240000 for current running targets taking high CPU consumption

                        Warnings

                        • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, WmiPrvSE.exe, svchost.exe
                        • Excluded IPs from analysis (whitelisted): 93.184.221.240, 192.229.221.95, 142.250.184.195, 191.238.188.221, 142.250.186.110, 64.233.166.84, 34.104.35.123, 172.64.41.3, 162.159.61.3, 172.217.16.202, 142.250.186.42, 142.250.186.138, 142.250.184.234, 142.250.185.106, 216.58.206.74, 142.250.181.234, 142.250.185.74, 172.217.18.10, 172.217.18.106, 216.58.212.170, 172.217.16.138, 142.250.184.202, 142.250.74.202, 142.250.186.106, 216.58.212.138, 184.28.88.176, 2.16.202.123, 95.101.54.195, 2.19.126.149, 2.19.126.143, 142.250.185.99, 142.250.185.110
                        • Excluded domains from analysis (whitelisted): chrome.cloudflare-dns.com, e4578.dscg.akamaiedge.net, slscr.update.microsoft.com, clientservices.googleapis.com, acroipm2.adobe.com, dns.msftncsi.com, a1952.dscq.akamai.net, clients2.google.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, update.googleapis.com, prodcfdiverifica.cloudapp.net, apps.identrust.com, clients1.google.com, fs.microsoft.com, identrust.edgesuite.net, accounts.google.com, content-autofill.googleapis.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com, edgedl.me.gvt1.com, crl3.digicert.com, clients.l.google.com, geo2.adobe.com
                        • Not all processes where analyzed, report is missing behavior information
                        • Report size exceeded maximum capacity and may have missing behavior information.
                        • Report size exceeded maximum capacity and may have missing disassembly code.
                        • Report size getting too big, too many NtOpenKeyEx calls found.
                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                        • Report size getting too big, too many NtQueryValueKey calls found.
                        • Report size getting too big, too many NtReadVirtualMemory calls found.

                        Simulations

                        Behavior and APIs

                        TimeTypeDescription
                        03:02:33API Interceptor47x Sleep call for process: Orden#46789_2024_Optoflux_mexico_sderlss.exe modified
                        03:04:45API Interceptor38x Sleep call for process: vexplorerez.exe modified
                        03:04:54API Interceptor1x Sleep call for process: AcroCEF.exe modified
                        03:05:33API Interceptor62x Sleep call for process: InstallUtil.exe modified
                        09:02:53AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run vexplorerezz C:\Users\user\AppData\Roaming\vexplorerez.exe
                        09:03:01AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run vexplorerezz C:\Users\user\AppData\Roaming\vexplorerez.exe

                        QR Codes

                        SourceURL
                        Screenshothttps://verificacfdi.facturaelectronica.sat.gob.mx/?id=39CA617E-9953-41BD-9564-C41A1E1C5584&re=OOMM710314363&rr=PCM910225B86&tt=6090.00&fe=aUIAsQ==

                        LLM Input / Output

                        InputOutput
                        URL: https://verificacfdi.facturaelectronica.sat.gob.mx/?id=39CA617E-9953-41BD-9564-C41A1E1C5584&re=OOMM710314363&rr=PCM910225B86&tt=6090.00&fe=aUIAsQ== Model: Perplexity: mixtral-8x7b-instruct
                        {"loginform": false,"urgency": false,"captcha": true,"reasons": ["The webpage contains a CAPTCHA or anti-robot detection mechanism, as indicated by 'Proporcione los digitos de la Imagen' which requires user interaction to proceed.","The text does not create a sense of urgency as it is a informational message about verifying fiscal documents.","The webpage does not contain a login form, as there are no explicit requests for sensitive information such as passwords, email addresses, usernames, phone numbers or credit card numbers."]}
                        Title: Verificacin de Comprobantes Fiscales Digitales por Internet OCR: GOBERNO DE Trmites Gobierno MEXICO FACTURA ELECTRONICA A > Inicio HACIENDA Verificacin de comprobantes fiscales digitales por internet A travs de esta opcin, usted podr verificar si el comprobante fue certificado por el SAT Folio fiscal*: RFC emisor*: RFC receptor: 39CA61789953-41 BD-9564-C41. OOMM710314363 PCM910225386 Proporcione los digitos de la Imagen Verifir CFDI Datos obligatorios
                        URL: https://verificacfdi.facturaelectronica.sat.gob.mx Model: gpt-4o
                        ```json{  "phishing_score": 1,  "brands": "SAT",  "phishing": false,  "suspicious_domain": false,  "has_prominent_loginform": false,  "has_captcha": true,  "setechniques": false,  "has_suspicious_link": false,  "legitmate_domain": "sat.gob.mx",  "reasons": "The URL 'https://verificacfdi.facturaelectronica.sat.gob.mx' appears to be legitimate as it uses the official domain 'sat.gob.mx', which is associated with the Mexican government's tax administration (SAT). The webpage design and content are consistent with the official SAT website, and there are no obvious signs of social engineering techniques or suspicious links. The presence of a CAPTCHA adds a layer of security, which is typical for government websites. Therefore, based on the analysis, the site is determined to be legitimate."}

                        Joe Sandbox View / Context

                        IPs

                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        23.51.56.185Remittance_ITWWX 5824.pdfGet hashmaliciousHTMLPhisherBrowse
                          41#U044c.exeGet hashmaliciousUnknownBrowse
                            https://api-internal.weblinkconnect.com/api/Communication/Communication/1148248/click?url=https://devbook.net/antibot205&x-tenant=WinterHavenFLCOCGet hashmaliciousHTMLPhisherBrowse
                              PIO88938MB.docx.docGet hashmaliciousUnknownBrowse
                                http://acrobat.adobe.com/id/urn:aaid:sc:VA6C2:3a03de0d-9ad9-478c-a00b-f8cf4aad7ad9Get hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                  https://acrobat.adobe.com/id/urn:aaid:sc:VA6C2:5fd2b75e-76e0-49e5-b618-3adf1ca6f2ffGet hashmaliciousHTMLPhisherBrowse
                                    phish_alert_iocp_v1.4.48 (23).emlGet hashmaliciousHTMLPhisherBrowse
                                      PAYMENT CONFIRMATION.xlsGet hashmaliciousUnknownBrowse
                                        https://www.grosfichiers.com/qfurMCm3fddGet hashmaliciousUnknownBrowse
                                          Instruction.pdf.lnkGet hashmaliciousUnknownBrowse
                                            23.47.168.2426_june_DY5204.pdfGet hashmaliciousUnknownBrowse
                                              XPchW1tyb4.pdfGet hashmaliciousPDFPhishBrowse
                                                Employee Benefits Enrollment for ryan.evans - ADP.pdfGet hashmaliciousHTMLPhisherBrowse
                                                  Sodicop devis 24_06_351 gal#U00e9niques #U00e0 Dammarie les Lys.emlGet hashmaliciousUnknownBrowse
                                                    Die Frau sa#U00df starr und in sich gekehrt..emlGet hashmaliciousUnknownBrowse
                                                      https://drive.google.com/file/d/1Dp7XI2jLZVUWWWDZXLmG7jwUk7Vt1gug/view?usp=sharing_eil_m&ts=667af99aGet hashmaliciousUnknownBrowse
                                                        Complete with Docusign josh@warriorsheart.pdfGet hashmaliciousUnknownBrowse
                                                          Authorization code - SO10552124.PDFGet hashmaliciousUnknownBrowse
                                                            Gagnon Levesque.pdfGet hashmaliciousHTMLPhisherBrowse
                                                              HR Verification.pdf.pdfGet hashmaliciousHTMLPhisherBrowse
                                                                208.95.112.1Orden#46789_2024_Optoflux_mexico_sderlsTY.exeGet hashmaliciousAgentTesla, DarkTortillaBrowse
                                                                • ip-api.com/line/?fields=hosting
                                                                Orden#46789_2024_Optoflux_mexico_sderlsTYP.exeGet hashmaliciousAgentTesla, DarkTortillaBrowse
                                                                • ip-api.com/line/?fields=hosting
                                                                Jailkeeper.bat.exeGet hashmaliciousGuLoaderBrowse
                                                                • ip-api.com/line/?fields=hosting
                                                                mAJY4CrF1A.exeGet hashmaliciousBlank Grabber, DCRat, Umbral StealerBrowse
                                                                • ip-api.com/json/?fields=225545
                                                                245ad05af518252d59b13d1ce0921595767f112513f7b6fdce647f40535c600b_dump.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                • ip-api.com/line/?fields=hosting
                                                                z48FACTRE870988000000000.exeGet hashmaliciousAgentTeslaBrowse
                                                                • ip-api.com/line/?fields=hosting
                                                                Swift 409452623.88 copy.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                • ip-api.com/line/?fields=hosting
                                                                data-sheet.vbsGet hashmaliciousPXRECVOWEIWOEI StealerBrowse
                                                                • ip-api.com/line/?fields=hosting
                                                                RICHIESTA-QUOTAZIONI.jarGet hashmaliciousSTRRATBrowse
                                                                • ip-api.com/json/
                                                                Enquiry_-_Dubai.jsGet hashmaliciousPXRECVOWEIWOEI StealerBrowse
                                                                • ip-api.com/line/?fields=hosting
                                                                52.202.204.11phish_alert_iocp_v1.4.48 (2).emlGet hashmaliciousCaptcha Phish, HTMLPhisherBrowse
                                                                  https://drive.google.com/file/d/11Nff_nSTj-qAFgshL0mhor7fJP9kHxH0/view?usp=drive_webGet hashmaliciousQuasarBrowse
                                                                    https://acrobat.adobe.com/id/urn:aaid:sc:VA6C2:446a8aa0-0ddf-4503-b329-6e498319961bGet hashmaliciousHTMLPhisherBrowse
                                                                      https://acrobat.adobe.com/id/urn:aaid:sc:VA6C2:92095073-e15a-4dff-8e43-d4abc08308b6Get hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                                                        https://acrobat.adobe.com/id/urn:aaid:sc:VA6C2:5fd2b75e-76e0-49e5-b618-3adf1ca6f2ffGet hashmaliciousHTMLPhisherBrowse
                                                                          https://acrobat.adobe.com/id/urn:aaid:sc:VA6C2:c2e8c3b1-63be-4a97-a3b9-a21649a6fcffGet hashmaliciousRemcosBrowse
                                                                            https://acrobat.adobe.com/id/urn:aaid:sc:VA6C2:8aab6872-0243-452f-9687-e0f8c079e494Get hashmaliciousHTMLPhisherBrowse
                                                                              https://postoffice.adobe.com/po-server/link/redirect?target=eyJhbGciOiJIUzUxMiJ9.eyJ0ZW1wbGF0ZSI6ImNjX2NvbGxhYl9kY3NoYXJpbmdfdmlld19lbWFpbCIsImVtYWlsQWRkcmVzcyI6ImJhc2FsaW5yZWljQGdtYWlsLmNvbSIsInJlcXVlc3RJZCI6ImZiNDJhMDI2LWFkYWMtNGUwNS01N2IyLWJiMTJmMWQ2ZjFmNSIsImxpbmsiOiJodHRwczovL2Fjcm9iYXQuYWRvYmUuY29tL2lkL3VybjphYWlkOnNjOlZBNkMyOmJkNjM3YjUxLTcwNmEtNDg4Ni05MjZkLTA2ZjM5NTI0YWZmMCIsImxhYmVsIjoiMTIiLCJsb2NhbGUiOiJlbl9VUyJ9.nBjy2vHS9kz9dh9gF6utGztizGQUAyT8p2Xs_LMlQGFyIPy7jWdbqBvo7EWIO0M0gFEWfg1FhrU_boE4Fc2VGwGet hashmaliciousUnknownBrowse
                                                                                Signature requested on jennifer.white OCF-3 Response Letter - Unsigned.msgGet hashmaliciousHTMLPhisherBrowse
                                                                                  Review_and_sign_today CFA_Agreements0001.14.pdf..msgGet hashmaliciousHTMLPhisherBrowse
                                                                                    18.244.18.27Orden#46789_2024_Optoflux_mexico_sderls.exeGet hashmaliciousAgentTesla, DarkTortillaBrowse
                                                                                      https://nekofile.eu.org/f8e2cb54931bf39d6c12eo5ncGet hashmaliciousUnknownBrowse
                                                                                        https://www.canva.com/design/DAGHzVFnwZE/G_g8Yp1JfGIicllbdLc4cA/view?utm_content=DAGHzVFnwZE&utm_campaign=designshare&utm_medium=link&utm_source=editorGet hashmaliciousUnknownBrowse
                                                                                          0af4a52e.0cce76886785b0ff1283f346.workers.devemailantonio.cataneo@axactor.com.msgGet hashmaliciousHTMLPhisherBrowse
                                                                                            file.exeGet hashmaliciousFormBookBrowse
                                                                                              https://mobile-sides-vertical-2.xv2.us/Get hashmaliciousUnknownBrowse

                                                                                                Domains

                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                ip-api.comOrden#46789_2024_Optoflux_mexico_sderlsTY.exeGet hashmaliciousAgentTesla, DarkTortillaBrowse
                                                                                                • 208.95.112.1
                                                                                                Orden#46789_2024_Optoflux_mexico_sderlsTYP.exeGet hashmaliciousAgentTesla, DarkTortillaBrowse
                                                                                                • 208.95.112.1
                                                                                                Jailkeeper.bat.exeGet hashmaliciousGuLoaderBrowse
                                                                                                • 208.95.112.1
                                                                                                mAJY4CrF1A.exeGet hashmaliciousBlank Grabber, DCRat, Umbral StealerBrowse
                                                                                                • 208.95.112.1
                                                                                                245ad05af518252d59b13d1ce0921595767f112513f7b6fdce647f40535c600b_dump.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                • 208.95.112.1
                                                                                                z48FACTRE870988000000000.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                • 208.95.112.1
                                                                                                Swift 409452623.88 copy.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                • 208.95.112.1
                                                                                                data-sheet.vbsGet hashmaliciousPXRECVOWEIWOEI StealerBrowse
                                                                                                • 208.95.112.1
                                                                                                RICHIESTA-QUOTAZIONI.jarGet hashmaliciousSTRRATBrowse
                                                                                                • 208.95.112.1
                                                                                                Enquiry_-_Dubai.jsGet hashmaliciousPXRECVOWEIWOEI StealerBrowse
                                                                                                • 208.95.112.1
                                                                                                smtp.zoho.euOrden#46789_2024_Optoflux_mexico_sderlsTY.exeGet hashmaliciousAgentTesla, DarkTortillaBrowse
                                                                                                • 185.230.214.164
                                                                                                Orden#46789_2024_Optoflux_mexico_sderlsTYP.exeGet hashmaliciousAgentTesla, DarkTortillaBrowse
                                                                                                • 185.230.214.164
                                                                                                okPY77wv6E.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                • 185.230.214.164
                                                                                                RFQ678903423_PROD_HASUE_de_Mexicso_MAT_MEX.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                • 185.230.214.164
                                                                                                RFQ678903423_PROD_INQUIRY_SHANG_NOG_INDUSTRYs.exeGet hashmaliciousGuLoaderBrowse
                                                                                                • 185.230.214.164
                                                                                                RFQ678903423_PROD_INQUIRY_SHANG_NOG_INDUSTRY.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                • 185.230.214.164
                                                                                                INQUIRY#46789_MAY24_PLANEX_SERVICES_CONTRACTING_GOODS.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                • 185.230.214.164
                                                                                                VBG dk Payment Receipt --doc87349281.batGet hashmaliciousRemcos, AgentTesla, DBatLoaderBrowse
                                                                                                • 185.230.214.164
                                                                                                RFQ_on_SAK-TC233L-32F200N_INFINEON_PN_PHARMA.pdf.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                • 89.36.170.164
                                                                                                1qwF1J2Njh.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                • 185.230.212.164
                                                                                                sb.scorecardresearch.comINQUIRY-13062024.exeGet hashmaliciousAgentTesla, DarkTortillaBrowse
                                                                                                • 18.244.18.122
                                                                                                https://www.linkedin.com/redir/redirect?url=https%3A%2F%2Fassets-usa.mkt.dynamics.com%2F12f924f7-8132-ef11-8e4b-0022482ab022%2Fdigitalassets%2Fstandaloneforms%2F5d3fb7d5-9432-ef11-8409-7c1e520bad93&urlhash=FTy9&trk=public_profile-settings_topcard-websiteGet hashmaliciousUnknownBrowse
                                                                                                • 18.244.18.32
                                                                                                https://www.linkedin.com/redir/redirect?url=https%3A%2F%2Fassets-usa%2Emkt%2Edynamics%2Ecom%2F5513f990-d232-ef11-8e4b-000d3a98a01a%2Fdigitalassets%2Fstandaloneforms%2F12aaa575-c233-ef11-8409-000d3a4effc3&urlhash=z-cH&trk=public_profile-settings_topcard-websiteGet hashmaliciousHTMLPhisherBrowse
                                                                                                • 108.139.243.121
                                                                                                https://nekofile.eu.org/f8e2cb54931bf39d6c12eo5ncGet hashmaliciousUnknownBrowse
                                                                                                • 18.244.18.27
                                                                                                https://www.canva.com/design/DAGIxlOtbP0/wg4kXFv68FVeiaUc7WfPPw/view?utm_content=DAGIxlOtbP0&utm_campaign=designshare&utm_medium=link&utm_source=editorGet hashmaliciousHTMLPhisherBrowse
                                                                                                • 18.65.39.28
                                                                                                ORDEN DE COMPRA URGENTEsxlx..exeGet hashmaliciousFormBookBrowse
                                                                                                • 18.244.18.122
                                                                                                https://www.barstoolsports.com/blog/3517288/i-would-fucking-kill-you-right-now-if-i-could-kelly-and-tate-finally-met-in-chicago-and-boy-oh-boy-was-it-fireworks#story-commentsGet hashmaliciousUnknownBrowse
                                                                                                • 18.239.83.126
                                                                                                http://mibs-neotenies-b73c3308-57653002eca0e1-3ad8141911d9be9-258.pages.dev/Get hashmaliciousHTMLPhisherBrowse
                                                                                                • 18.239.83.91
                                                                                                https://www.canva.com/design/DAGH7auLJhk/J8O7k7PopfnMFSHoCZmi3A/viewGet hashmaliciousHTMLPhisherBrowse
                                                                                                • 18.239.83.126
                                                                                                TT-SWIFT-Schindler.exeGet hashmaliciousFormBookBrowse
                                                                                                • 108.139.243.74

                                                                                                ASNs

                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                AMAZON-02USOrden#46789_2024_Optoflux_mexico_sderls.exeGet hashmaliciousAgentTesla, DarkTortillaBrowse
                                                                                                • 18.244.18.122
                                                                                                INQUIRY-13062024.exeGet hashmaliciousAgentTesla, DarkTortillaBrowse
                                                                                                • 18.244.18.32
                                                                                                https://www.linkedin.com/redir/redirect?url=https%3A%2F%2Fassets-usa.mkt.dynamics.com%2F12f924f7-8132-ef11-8e4b-0022482ab022%2Fdigitalassets%2Fstandaloneforms%2F5d3fb7d5-9432-ef11-8409-7c1e520bad93&urlhash=FTy9&trk=public_profile-settings_topcard-websiteGet hashmaliciousUnknownBrowse
                                                                                                • 18.244.18.32
                                                                                                http://asteris.comGet hashmaliciousUnknownBrowse
                                                                                                • 54.228.225.234
                                                                                                https://www.google.com.br/url?q=//www.google.it/amp/s/newhopeaustralia.ubpages.com/fund-summary/Get hashmaliciousUnknownBrowse
                                                                                                • 13.32.99.123
                                                                                                AirWaybill_Document Pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                • 76.223.105.230
                                                                                                https://edworking.com/share/workspace/clxw0fp4e0tq913ofsrqas5otGet hashmaliciousHTMLPhisherBrowse
                                                                                                • 18.245.31.89
                                                                                                1Vkf7silOj.exeGet hashmaliciousLummaC, Amadey, Mars Stealer, PureLog Stealer, RedLine, SmokeLoader, StealcBrowse
                                                                                                • 54.67.42.145
                                                                                                jAyXs6UP5r.elfGet hashmaliciousUnknownBrowse
                                                                                                • 52.31.185.135
                                                                                                b4ngl4d3shS3N941.x86.elfGet hashmaliciousUnknownBrowse
                                                                                                • 34.249.145.219
                                                                                                TMNET-AS-APTMNetInternetServiceProviderMYRemittance_ITWWX 5824.pdfGet hashmaliciousHTMLPhisherBrowse
                                                                                                • 23.51.56.185
                                                                                                3jeKnZMljk.elfGet hashmaliciousMiraiBrowse
                                                                                                • 1.9.7.212
                                                                                                iDUGkVNndq.elfGet hashmaliciousMiraiBrowse
                                                                                                • 23.51.50.72
                                                                                                3RzVV7rQr8.elfGet hashmaliciousMiraiBrowse
                                                                                                • 115.132.194.218
                                                                                                oniCmGMx16.exeGet hashmaliciousUnknownBrowse
                                                                                                • 60.50.80.19
                                                                                                jew.mips.elfGet hashmaliciousUnknownBrowse
                                                                                                • 175.136.184.172
                                                                                                http://pub-20346a63221f4f17b0dfd4183beda90b.r2.dev/5.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                • 23.51.49.155
                                                                                                I6e9WczGlf.elfGet hashmaliciousMiraiBrowse
                                                                                                • 115.132.18.17
                                                                                                uxO2FYr0cj.elfGet hashmaliciousMiraiBrowse
                                                                                                • 147.158.9.173
                                                                                                VapIQOTGj7.elfGet hashmaliciousGafgyt, Mirai, Moobot, OkiruBrowse
                                                                                                • 118.101.171.192
                                                                                                AKAMAI-ASUSOrden#46789_2024_Optoflux_mexico_sderlsTYP.exeGet hashmaliciousAgentTesla, DarkTortillaBrowse
                                                                                                • 104.126.112.182
                                                                                                https://kregeurope-my.sharepoint.com/:o:/g/personal/miguel_camino_kreg-europe_com/EozPcA50-69FlIOJAmjO4UIBZmHxAaxb-zbUcCeOEDUK3w?e=fP78tKGet hashmaliciousUnknownBrowse
                                                                                                • 184.28.89.164
                                                                                                26_june_DY5204.pdfGet hashmaliciousUnknownBrowse
                                                                                                • 23.47.168.24
                                                                                                https://www.zoominfo.com/pic/kirkham-insurance/354239330Get hashmaliciousUnknownBrowse
                                                                                                • 184.28.89.148
                                                                                                https://worker-aliggggg.farnazmonsef1.workers.dev/Get hashmaliciousUnknownBrowse
                                                                                                • 92.123.12.134
                                                                                                https://mars.773670658.workers.dev/Get hashmaliciousUnknownBrowse
                                                                                                • 2.19.126.80
                                                                                                https://iojne3.pages.dev/Get hashmaliciousUnknownBrowse
                                                                                                • 2.16.202.16
                                                                                                https://linnil.pwq.workers.dev/Get hashmaliciousUnknownBrowse
                                                                                                • 2.19.244.157
                                                                                                https://netorg6238144-my.sharepoint.com/:o:/g/personal/mmcmahon_osstx_com/EkT4vwfVM0tDmFfS4_4BpegBhz3vzZWWBX2bkJ5f08zK_g?e=5%3aShvZLL&at=9Get hashmaliciousHTMLPhisherBrowse
                                                                                                • 92.123.12.152
                                                                                                7jDEYnLCon.dmgGet hashmaliciousUnknownBrowse
                                                                                                • 96.6.108.223
                                                                                                AMAZON-AESUSOrden#46789_2024_Optoflux_mexico_sderlsTYP.exeGet hashmaliciousAgentTesla, DarkTortillaBrowse
                                                                                                • 54.227.187.23
                                                                                                INQUIRY-13062024.exeGet hashmaliciousAgentTesla, DarkTortillaBrowse
                                                                                                • 54.227.187.23
                                                                                                https://edworking.com/share/workspace/clxw0fp4e0tq913ofsrqas5otGet hashmaliciousHTMLPhisherBrowse
                                                                                                • 52.3.138.231
                                                                                                SJ5SyRpCFA.elfGet hashmaliciousUnknownBrowse
                                                                                                • 54.14.53.232
                                                                                                jAyXs6UP5r.elfGet hashmaliciousUnknownBrowse
                                                                                                • 54.9.150.108
                                                                                                f6RyWmGZLw.elfGet hashmaliciousUnknownBrowse
                                                                                                • 44.198.41.22
                                                                                                https://www.zoominfo.com/pic/kirkham-insurance/354239330Get hashmaliciousUnknownBrowse
                                                                                                • 52.73.99.88
                                                                                                http://page-timefthrturtuj.pages.dev/Get hashmaliciousHTMLPhisherBrowse
                                                                                                • 34.237.163.203
                                                                                                KEMPER NORTH AMERICA WIRE REMITTANCE.xlsxGet hashmaliciousHTMLPhisherBrowse
                                                                                                • 34.234.52.18
                                                                                                KEMPER NORTH AMERICA WIRE REMITTANCE.xlsxGet hashmaliciousHTMLPhisherBrowse
                                                                                                • 54.224.152.184

                                                                                                JA3 Fingerprints

                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                28a2c9bd18a11de089ef85a160da29e4INQUIRY-13062024.exeGet hashmaliciousAgentTesla, DarkTortillaBrowse
                                                                                                • 40.127.169.103
                                                                                                • 184.28.90.27
                                                                                                https://www.linkedin.com/redir/redirect?url=https%3A%2F%2Fassets-usa.mkt.dynamics.com%2F12f924f7-8132-ef11-8e4b-0022482ab022%2Fdigitalassets%2Fstandaloneforms%2F5d3fb7d5-9432-ef11-8409-7c1e520bad93&urlhash=FTy9&trk=public_profile-settings_topcard-websiteGet hashmaliciousUnknownBrowse
                                                                                                • 40.127.169.103
                                                                                                • 184.28.90.27
                                                                                                https://www.linkedin.com/redir/redirect?url=https%3A%2F%2Fassets-usa.mkt.dynamics.com%2F12f924f7-8132-ef11-8e4b-0022482ab022%2Fdigitalassets%2Fstandaloneforms%2F5d3fb7d5-9432-ef11-8409-7c1e520bad93&urlhash=FTy9&trk=public_profile-settings_topcard-websiteGet hashmaliciousUnknownBrowse
                                                                                                • 40.127.169.103
                                                                                                • 184.28.90.27
                                                                                                https://www.asteris.com/wp-content/cache/min/1/statistic/js/stat.jsGet hashmaliciousUnknownBrowse
                                                                                                • 40.127.169.103
                                                                                                • 184.28.90.27
                                                                                                http://asteris.comGet hashmaliciousUnknownBrowse
                                                                                                • 40.127.169.103
                                                                                                • 184.28.90.27
                                                                                                https://www.google.com.br/url?q=//www.google.it/amp/s/newhopeaustralia.ubpages.com/fund-summary/Get hashmaliciousUnknownBrowse
                                                                                                • 40.127.169.103
                                                                                                • 184.28.90.27
                                                                                                https://edworking.com/share/workspace/clxw0fp4e0tq913ofsrqas5otGet hashmaliciousHTMLPhisherBrowse
                                                                                                • 40.127.169.103
                                                                                                • 184.28.90.27
                                                                                                1Vkf7silOj.exeGet hashmaliciousLummaC, Amadey, Mars Stealer, PureLog Stealer, RedLine, SmokeLoader, StealcBrowse
                                                                                                • 40.127.169.103
                                                                                                • 184.28.90.27
                                                                                                https://gtus365-my.sharepoint.com/personal/kristen_brill_us_gt_com/Access%20Requests/pendingreq.aspx?mbypass=1&ApproveAccessRequest=true&AccessRequestID=%7B4EE0BFC1-33C1-49DD-A800-4ADCF89CF283%7DGet hashmaliciousUnknownBrowse
                                                                                                • 40.127.169.103
                                                                                                • 184.28.90.27
                                                                                                http://viewtoday.co.za/wp-content/uploads/2019/08/afrihost-h-fc-rgb-01.pngGet hashmaliciousUnknownBrowse
                                                                                                • 40.127.169.103
                                                                                                • 184.28.90.27
                                                                                                3b5074b1b5d032e5620f69f9f700ff0eOrden#46789_2024_Optoflux_mexico_sderlsTY.exeGet hashmaliciousAgentTesla, DarkTortillaBrowse
                                                                                                • 142.250.186.68
                                                                                                INQUIRY-12062024.exeGet hashmaliciousAgentTesla, DarkTortillaBrowse
                                                                                                • 142.250.186.68
                                                                                                Order 000293884849900.bat.exeGet hashmaliciousGuLoaderBrowse
                                                                                                • 142.250.186.68
                                                                                                https://www.linkedin.com/redir/redirect?url=https%3A%2F%2Fassets-usa.mkt.dynamics.com%2F12f924f7-8132-ef11-8e4b-0022482ab022%2Fdigitalassets%2Fstandaloneforms%2F5d3fb7d5-9432-ef11-8409-7c1e520bad93&urlhash=FTy9&trk=public_profile-settings_topcard-websiteGet hashmaliciousUnknownBrowse
                                                                                                • 142.250.186.68
                                                                                                qRD5vu6vkf.exeGet hashmaliciousXWormBrowse
                                                                                                • 142.250.186.68
                                                                                                https://edworking.com/share/workspace/clxw0fp4e0tq913ofsrqas5otGet hashmaliciousHTMLPhisherBrowse
                                                                                                • 142.250.186.68
                                                                                                1Vkf7silOj.exeGet hashmaliciousLummaC, Amadey, Mars Stealer, PureLog Stealer, RedLine, SmokeLoader, StealcBrowse
                                                                                                • 142.250.186.68
                                                                                                SecuriteInfo.com.Win64.RATX-gen.17621.16341.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                • 142.250.186.68
                                                                                                LOADING ADVICE.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                • 142.250.186.68
                                                                                                26_june_DY5204.pdfGet hashmaliciousUnknownBrowse
                                                                                                • 142.250.186.68

                                                                                                Dropped Files

                                                                                                No context

                                                                                                Created / dropped Files

                                                                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                File Type:ASCII text
                                                                                                Category:dropped
                                                                                                Size (bytes):294
                                                                                                Entropy (8bit):5.206214071882782
                                                                                                Encrypted:false
                                                                                                SSDEEP:6:5e2UQL+q2P92nKuAl9OmbnIFUt8ue2GG1Zmw+ue2GQLVkwO92nKuAl9OmbjLJ:cBQ+v4HAahFUt8DzG1/+DzQV5LHAaSJ
                                                                                                MD5:F2E1585289F11EEA276DE6BC8641FD40
                                                                                                SHA1:0705972CA8A0C88FA5944B73525404B28767A75C
                                                                                                SHA-256:94E9CE2425F0404FE20C9935F4EA42D22A732A7829557527B2B002F32A7A2E93
                                                                                                SHA-512:3F4928B2D5F7B316C9CF8EEE081C59DDA8CB7117B83359108EFDA52AEBF1ACCFCE703F3FB5B07AF53CBD4FFC10BE99A51A1020F9361120E10D79228097918ACD
                                                                                                Malicious:false
                                                                                                Preview:2024/06/27-03:04:46.391 119c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/06/27-03:04:46.393 119c Recovering log #3.2024/06/27-03:04:46.393 119c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                                                                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                File Type:ASCII text
                                                                                                Category:dropped
                                                                                                Size (bytes):294
                                                                                                Entropy (8bit):5.206214071882782
                                                                                                Encrypted:false
                                                                                                SSDEEP:6:5e2UQL+q2P92nKuAl9OmbnIFUt8ue2GG1Zmw+ue2GQLVkwO92nKuAl9OmbjLJ:cBQ+v4HAahFUt8DzG1/+DzQV5LHAaSJ
                                                                                                MD5:F2E1585289F11EEA276DE6BC8641FD40
                                                                                                SHA1:0705972CA8A0C88FA5944B73525404B28767A75C
                                                                                                SHA-256:94E9CE2425F0404FE20C9935F4EA42D22A732A7829557527B2B002F32A7A2E93
                                                                                                SHA-512:3F4928B2D5F7B316C9CF8EEE081C59DDA8CB7117B83359108EFDA52AEBF1ACCFCE703F3FB5B07AF53CBD4FFC10BE99A51A1020F9361120E10D79228097918ACD
                                                                                                Malicious:false
                                                                                                Preview:2024/06/27-03:04:46.391 119c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/06/27-03:04:46.393 119c Recovering log #3.2024/06/27-03:04:46.393 119c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                                                                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                File Type:ASCII text
                                                                                                Category:dropped
                                                                                                Size (bytes):335
                                                                                                Entropy (8bit):5.171808905186343
                                                                                                Encrypted:false
                                                                                                SSDEEP:6:5eIYVq2P92nKuAl9Ombzo2jMGIFUt8ueyE3AgZmw+ueyE3AIkwO92nKuAl9Ombzz:cIYVv4HAa8uFUt8DPwg/+DPwI5LHAa8z
                                                                                                MD5:ED95ADD5D595004E899CF9E5564530B5
                                                                                                SHA1:811F3A3A21F7258C4A35FBD7E226FEE64AD6C3E5
                                                                                                SHA-256:8E21AD6E87657142389E4E412CC2AC944552EDB091C3A02FD896F92802463315
                                                                                                SHA-512:450E89FE5597BCCD9D3C4DA57916CAC892227BE062EC583FC386A961A9EE69144F9050B158BA3217E7F8AE1D6759D775423417EF120775C8146FBACD992F2C68
                                                                                                Malicious:false
                                                                                                Preview:2024/06/27-03:04:46.482 d50 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/06/27-03:04:46.483 d50 Recovering log #3.2024/06/27-03:04:46.483 d50 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                                                                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                File Type:ASCII text
                                                                                                Category:dropped
                                                                                                Size (bytes):335
                                                                                                Entropy (8bit):5.171808905186343
                                                                                                Encrypted:false
                                                                                                SSDEEP:6:5eIYVq2P92nKuAl9Ombzo2jMGIFUt8ueyE3AgZmw+ueyE3AIkwO92nKuAl9Ombzz:cIYVv4HAa8uFUt8DPwg/+DPwI5LHAa8z
                                                                                                MD5:ED95ADD5D595004E899CF9E5564530B5
                                                                                                SHA1:811F3A3A21F7258C4A35FBD7E226FEE64AD6C3E5
                                                                                                SHA-256:8E21AD6E87657142389E4E412CC2AC944552EDB091C3A02FD896F92802463315
                                                                                                SHA-512:450E89FE5597BCCD9D3C4DA57916CAC892227BE062EC583FC386A961A9EE69144F9050B158BA3217E7F8AE1D6759D775423417EF120775C8146FBACD992F2C68
                                                                                                Malicious:false
                                                                                                Preview:2024/06/27-03:04:46.482 d50 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/06/27-03:04:46.483 d50 Recovering log #3.2024/06/27-03:04:46.483 d50 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                                                                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\48401899-ec09-4f8e-b75e-66e68ea3fe50.tmp

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                File Type:JSON data
                                                                                                Category:modified
                                                                                                Size (bytes):508
                                                                                                Entropy (8bit):5.055704311240922
                                                                                                Encrypted:false
                                                                                                SSDEEP:12:YH/um3RA8sqPlsBdOg2HUcaq3QYiubxnP7E4T3OF+:Y2sRdsamdMHH3QYhbxP7nbI+
                                                                                                MD5:7F3300B1A34ED01DA3CE7118DF2AEF19
                                                                                                SHA1:522249BA969EED41D543FD5574F11CCF03F5DEA7
                                                                                                SHA-256:D4188764096A8C952F79A74FEE0A54EE5BCD68C106C8A2B0370C25BC63C7FA1F
                                                                                                SHA-512:C3C451BF7D19B9D4EAA72DB1EECA3DF1F319759541E43224BCE7ECAC484E79AC6CF13F9217968124335EF6631224270F00D50A8AD0D29C7754CCAE7C7CA6A4EC
                                                                                                Malicious:false
                                                                                                Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13364031898471179","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":165464},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G","CAYSABiAgICA+P////8B":"Offline"}}}

                                                                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                File Type:JSON data
                                                                                                Category:dropped
                                                                                                Size (bytes):508
                                                                                                Entropy (8bit):5.055704311240922
                                                                                                Encrypted:false
                                                                                                SSDEEP:12:YH/um3RA8sqPlsBdOg2HUcaq3QYiubxnP7E4T3OF+:Y2sRdsamdMHH3QYhbxP7nbI+
                                                                                                MD5:7F3300B1A34ED01DA3CE7118DF2AEF19
                                                                                                SHA1:522249BA969EED41D543FD5574F11CCF03F5DEA7
                                                                                                SHA-256:D4188764096A8C952F79A74FEE0A54EE5BCD68C106C8A2B0370C25BC63C7FA1F
                                                                                                SHA-512:C3C451BF7D19B9D4EAA72DB1EECA3DF1F319759541E43224BCE7ECAC484E79AC6CF13F9217968124335EF6631224270F00D50A8AD0D29C7754CCAE7C7CA6A4EC
                                                                                                Malicious:false
                                                                                                Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13364031898471179","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":165464},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G","CAYSABiAgICA+P////8B":"Offline"}}}

                                                                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                File Type:data
                                                                                                Category:dropped
                                                                                                Size (bytes):4099
                                                                                                Entropy (8bit):5.233963708515959
                                                                                                Encrypted:false
                                                                                                SSDEEP:96:QqBpCqGp3Al+NehBmkID2w6bNMhugoKTNY+No/KTNcygLPGLLUbzSRiDW:rBpJGp3AoqBmki25ZEVoKTNY+NoCTNLf
                                                                                                MD5:45C574BDBED0A13A842FCB2119AACA0A
                                                                                                SHA1:988D0037CCCD6ED87065F6792D517DAD6789A0DB
                                                                                                SHA-256:57A23A80081C7AB9D866292ED4F17D6EEFF76B0BDE5A3F07514905DD3845F8AC
                                                                                                SHA-512:1E4196B63AD10870A8719398FDBBD6132F64F76A62389B2E1B5143B9BAE2E0AA0BA6AFC3002129EBED9A10519FA3A2B3BC49AED708B71C67DBCD938A9A3EF7E0
                                                                                                Malicious:false
                                                                                                Preview:*...#................version.1..namespace-.1a.o................next-map-id.1.Pnamespace-047a745d_5c98_4926_b446_942fb948d072-https://rna-resource.acrobat.com/.0.K..r................next-map-id.2.Snamespace-bdf2fbfe_e08b_407d_8a81_9a6094e373a0-https://rna-v2-resource.acrobat.com/.1.m.Fr................next-map-id.3.Snamespace-24b9c7f4_3e31_4d11_a607_ac91d6485c9e-https://rna-v2-resource.acrobat.com/.2.8.o................next-map-id.4.Pnamespace-bc60f291_faa7_4492_8b22_e186b4ce62c1-https://rna-resource.acrobat.com/.3.A-N^...............Pnamespace-047a745d_5c98_4926_b446_942fb948d072-https://rna-resource.acrobat.com/-j..^...............Pnamespace-bc60f291_faa7_4492_8b22_e186b4ce62c1-https://rna-resource.acrobat.com/[.|.a...............Snamespace-bdf2fbfe_e08b_407d_8a81_9a6094e373a0-https://rna-v2-resource.acrobat.com/....a...............Snamespace-24b9c7f4_3e31_4d11_a607_ac91d6485c9e-https://rna-v2-resource.acrobat.com/.W.@o................next-map-id.5.Pnamespace-8fb46ac3_c992_47ca_bb04_

                                                                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                File Type:ASCII text
                                                                                                Category:dropped
                                                                                                Size (bytes):323
                                                                                                Entropy (8bit):5.21480614182675
                                                                                                Encrypted:false
                                                                                                SSDEEP:6:5eu7TVq2P92nKuAl9OmbzNMxIFUt8ueXgZmw+uesUYIkwO92nKuAl9OmbzNMFLJ:caTVv4HAa8jFUt8DXg/+DsUYI5LHAa8E
                                                                                                MD5:6E4049CAF5EC2709AFB7417BB3F873A7
                                                                                                SHA1:6B73A16CB6ADDFEB802CEAEE5D9A61E62BBB3A3F
                                                                                                SHA-256:EAABD6DB76F5297AB8466800B116C2CDAE7FB78D8251BA40E31007078DCFFA22
                                                                                                SHA-512:397F7CF31E6AA3CA4863D9E267CB0FBBCD484B1E24C9A776BC3EA60F9001E9C3C0340739D04DEA26424366B9EA0BD2A4A0234883CFBA2EAA2424FF06D37DD3BD
                                                                                                Malicious:false
                                                                                                Preview:2024/06/27-03:04:46.894 d50 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/06/27-03:04:46.895 d50 Recovering log #3.2024/06/27-03:04:46.896 d50 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                                                                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                File Type:ASCII text
                                                                                                Category:dropped
                                                                                                Size (bytes):323
                                                                                                Entropy (8bit):5.21480614182675
                                                                                                Encrypted:false
                                                                                                SSDEEP:6:5eu7TVq2P92nKuAl9OmbzNMxIFUt8ueXgZmw+uesUYIkwO92nKuAl9OmbzNMFLJ:caTVv4HAa8jFUt8DXg/+DsUYI5LHAa8E
                                                                                                MD5:6E4049CAF5EC2709AFB7417BB3F873A7
                                                                                                SHA1:6B73A16CB6ADDFEB802CEAEE5D9A61E62BBB3A3F
                                                                                                SHA-256:EAABD6DB76F5297AB8466800B116C2CDAE7FB78D8251BA40E31007078DCFFA22
                                                                                                SHA-512:397F7CF31E6AA3CA4863D9E267CB0FBBCD484B1E24C9A776BC3EA60F9001E9C3C0340739D04DEA26424366B9EA0BD2A4A0234883CFBA2EAA2424FF06D37DD3BD
                                                                                                Malicious:false
                                                                                                Preview:2024/06/27-03:04:46.894 d50 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/06/27-03:04:46.895 d50 Recovering log #3.2024/06/27-03:04:46.896 d50 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                                                                                                C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240627070451Z-198.bmp

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                File Type:PC bitmap, Windows 3.x format, 124 x -152 x 32, cbSize 75446, bits offset 54
                                                                                                Category:dropped
                                                                                                Size (bytes):75446
                                                                                                Entropy (8bit):1.736679494931189
                                                                                                Encrypted:false
                                                                                                SSDEEP:96:5pMhC49FdYrdeYTmPZ8aoipbFt+5EWDKh2/9KUQQFuLwxma3gZKgSYWu:GFV8yF6RR/90HLs9gZKCn
                                                                                                MD5:6C98A804262E5FEE2CC6AEE1F630CE54
                                                                                                SHA1:4B705E495E96972F7611DC162AB7B4D2498059BD
                                                                                                SHA-256:1805C25B2256AF512530565790C28A85D0363D56330A8FE896CB7C60AE2C86CE
                                                                                                SHA-512:92BDC6A9083DD64508D0D2EC5B78878FD6B375B470FF34E3FC3F1756B7CEF4562DE42FF10824DB24C1CDAB05DEF350B5C3CD3398C7BAF23B9F19CA4B3C98C463
                                                                                                Malicious:false
                                                                                                Preview:BM.&......6...(...|...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                File Type:data
                                                                                                Category:dropped
                                                                                                Size (bytes):893
                                                                                                Entropy (8bit):7.366016576663508
                                                                                                Encrypted:false
                                                                                                SSDEEP:24:hBntmDvKUQQDvKUr7C5fpqp8gPvXHmXvponXux:3ntmD5QQD5XC5RqHHXmXvp++x
                                                                                                MD5:D4AE187B4574036C2D76B6DF8A8C1A30
                                                                                                SHA1:B06F409FA14BAB33CBAF4A37811B8740B624D9E5
                                                                                                SHA-256:A2CE3A0FA7D2A833D1801E01EC48E35B70D84F3467CC9F8FAB370386E13879C7
                                                                                                SHA-512:1F44A360E8BB8ADA22BC5BFE001F1BABB4E72005A46BC2A94C33C4BD149FF256CCE6F35D65CA4F7FC2A5B9E15494155449830D2809C8CF218D0B9196EC646B0C
                                                                                                Malicious:false
                                                                                                Preview:0..y..*.H.........j0..f...1.0...*.H.........N0..J0..2.......D....'..09...@k0...*.H........0?1$0"..U....Digital Signature Trust Co.1.0...U....DST Root CA X30...000930211219Z..210930140115Z0?1$0"..U....Digital Signature Trust Co.1.0...U....DST Root CA X30.."0...*.H.............0..........P..W..be......,k0.[...}.@......3vI*.?!I..N..>H.e...!.e.*.2....w..{........s.z..2..~..0....*8.y.1.P..e.Qc...a.Ka..Rk...K.(.H......>.... .[.*....p....%.tr.{j.4.0...h.{T....Z...=d.....Ap..r.&.8U9C....\@........%.......:..n.>..\..<.i....*.)W..=....]......B0@0...U.......0....0...U...........0...U.........{,q...K.u...`...0...*.H...............,...\...(f7:...?K.... ]..YD.>.>..K.t.....t..~.....K. D....}..j.....N..:.pI...........:^H...X._..Z.....Y..n......f3.Y[...sG.+..7H..VK....r2...D.SrmC.&H.Rg.X..gvqx...V..9$1....Z0G..P.......dc`........}...=2.e..|.Wv..(9..e...w.j..w.......)...55.1.

                                                                                                C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                File Type:data
                                                                                                Category:dropped
                                                                                                Size (bytes):252
                                                                                                Entropy (8bit):3.0264678871426307
                                                                                                Encrypted:false
                                                                                                SSDEEP:3:kkFklF7Ft/kN/ltfllXlE/E/KRkzllPlzRkwWBARLNDU+ZMlKlBkvclcMlVHblBQ:kKNN/LxliBAIdQZV7I7kc3
                                                                                                MD5:9E285D5E18CE7A66CC4E444EEB4444ED
                                                                                                SHA1:03F09A72FB534EFAC85DE563F0A60A5088AE6A5A
                                                                                                SHA-256:448F53307A083263B6AFB38CCDF86CBA0F43889E1DB99048B259CA47C60AAC3A
                                                                                                SHA-512:7A5E635164918C8FB3BB2CFA528C9F025ADF4E5404800343FEB459B0A3EF2D751B14677DEDDBBF43C4EA64487015F9EE818D773ACDA9ED6FB5446B759655128C
                                                                                                Malicious:false
                                                                                                Preview:p...... ....`.....,P`...(....................................................... ........!.M........(...........}...h.t.t.p.:././.a.p.p.s...i.d.e.n.t.r.u.s.t...c.o.m./.r.o.o.t.s./.d.s.t.r.o.o.t.c.a.x.3...p.7.c...".3.7.d.-.6.0.7.9.b.8.c.0.9.2.9.c.0."...

                                                                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.6120

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                File Type:PostScript document text
                                                                                                Category:dropped
                                                                                                Size (bytes):185099
                                                                                                Entropy (8bit):5.182478651346149
                                                                                                Encrypted:false
                                                                                                SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
                                                                                                MD5:94185C5850C26B3C6FC24ABC385CDA58
                                                                                                SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
                                                                                                SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
                                                                                                SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
                                                                                                Malicious:false
                                                                                                Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

                                                                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                File Type:PostScript document text
                                                                                                Category:dropped
                                                                                                Size (bytes):185099
                                                                                                Entropy (8bit):5.182478651346149
                                                                                                Encrypted:false
                                                                                                SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
                                                                                                MD5:94185C5850C26B3C6FC24ABC385CDA58
                                                                                                SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
                                                                                                SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
                                                                                                SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
                                                                                                Malicious:false
                                                                                                Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

                                                                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                File Type:JSON data
                                                                                                Category:dropped
                                                                                                Size (bytes):295
                                                                                                Entropy (8bit):5.3653512949460005
                                                                                                Encrypted:false
                                                                                                SSDEEP:6:YEQXJ2HXC5IJoK/x+FIbRI6XVW7+0YToAvJM3g98kUwPeUkwRe9:YvXKXCNK/UYpW7NGMbLUkee9
                                                                                                MD5:3231806DFDAF1B585CBC0904BBD7A871
                                                                                                SHA1:3AC517E61CDAB789A03B064F93005CBDA9FE693F
                                                                                                SHA-256:5303FD8AD78C23BAFF95B32FA42755183578961E4962848362BC47880E1E5D51
                                                                                                SHA-512:A672C3C56A0088198A4F41AC169EC617DC63F8836E38DBA86B3083F29A0E2D2AF70F813F9A1E8E902F75EC8BA56CCD3F5E0AF52220C468908F20C6FB7FF902AC
                                                                                                Malicious:false
                                                                                                Preview:{"analyticsData":{"responseGUID":"9f85ebb3-dd3c-45c0-8831-3246f92bd42d","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1719646438399,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                File Type:JSON data
                                                                                                Category:dropped
                                                                                                Size (bytes):294
                                                                                                Entropy (8bit):5.305025744015222
                                                                                                Encrypted:false
                                                                                                SSDEEP:6:YEQXJ2HXC5IJoK/x+FIbRI6XVW7+0YToAvJfBoTfXpnrPeUkwRe9:YvXKXCNK/UYpW7NGWTfXcUkee9
                                                                                                MD5:49C21C7E4D39381BA4D49BA48A438557
                                                                                                SHA1:DF60D88E8405698D334A110ECC3C1AA408FDFBC9
                                                                                                SHA-256:06EFD7BD1CB7987A4AA2C89474CE8114A795356F2725C1A957327462ED1D1F27
                                                                                                SHA-512:1DA5767F2CB04F39304DEB75761EF73CD03AAE9500AB8F23E1E54769FE32A3E0532945EB073AB89939D050D7D3119EA2058DF18195D48AF7823BCCFE50BC56A0
                                                                                                Malicious:false
                                                                                                Preview:{"analyticsData":{"responseGUID":"9f85ebb3-dd3c-45c0-8831-3246f92bd42d","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1719646438399,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                File Type:JSON data
                                                                                                Category:dropped
                                                                                                Size (bytes):294
                                                                                                Entropy (8bit):5.28328523937303
                                                                                                Encrypted:false
                                                                                                SSDEEP:6:YEQXJ2HXC5IJoK/x+FIbRI6XVW7+0YToAvJfBD2G6UpnrPeUkwRe9:YvXKXCNK/UYpW7NGR22cUkee9
                                                                                                MD5:A43E376EB280833E409BB8E014965D0F
                                                                                                SHA1:D9CF5FBB174533A6D2CC6700BC46AA08F8BFE46E
                                                                                                SHA-256:2D7732E03EBB045BE695807A9FBEEA515F790804857B0C33DB6978E5D2C86115
                                                                                                SHA-512:D8ACD1DB7C10FDE7FB834F86DCE325AB38292AF63F9FA8DF73B7049CF732C4A227512A95FFB98F14036F26C22140FDFFC2244A88F682148BD685944E83A26BC7
                                                                                                Malicious:false
                                                                                                Preview:{"analyticsData":{"responseGUID":"9f85ebb3-dd3c-45c0-8831-3246f92bd42d","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1719646438399,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                File Type:JSON data
                                                                                                Category:dropped
                                                                                                Size (bytes):285
                                                                                                Entropy (8bit):5.344313923779894
                                                                                                Encrypted:false
                                                                                                SSDEEP:6:YEQXJ2HXC5IJoK/x+FIbRI6XVW7+0YToAvJfPmwrPeUkwRe9:YvXKXCNK/UYpW7NGH56Ukee9
                                                                                                MD5:DAE135B60BDDBE3FF340050BAF425137
                                                                                                SHA1:11494C22F02E2E724FC135B84B40EC8A2CCDA728
                                                                                                SHA-256:1E2E585035FFB8F752B5D52CCE78489D02F6D6A1ABF9C79AC73923EDC32C183C
                                                                                                SHA-512:1F0E80CDD4DE5615E2A2D4D80FD6CF4EAE6688AAF01CFC9D2BCAD189DAE375AEF564271B0CB8DC577B4B13F49F94AB3B3A235F690D5F678C3E42E788D8ACA7F5
                                                                                                Malicious:false
                                                                                                Preview:{"analyticsData":{"responseGUID":"9f85ebb3-dd3c-45c0-8831-3246f92bd42d","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1719646438399,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                File Type:JSON data
                                                                                                Category:dropped
                                                                                                Size (bytes):292
                                                                                                Entropy (8bit):5.302925800169433
                                                                                                Encrypted:false
                                                                                                SSDEEP:6:YEQXJ2HXC5IJoK/x+FIbRI6XVW7+0YToAvJfJWCtMdPeUkwRe9:YvXKXCNK/UYpW7NGBS8Ukee9
                                                                                                MD5:0A1C6813978A1376CC39868D53587D14
                                                                                                SHA1:9CEC9B38C4D3EBF7364A68E50CCA39D0B4CE31B4
                                                                                                SHA-256:4C9D367E2BFFC1ED18A674E26005AC91AF0CC661408F63DF485DCE01DD5EEC5C
                                                                                                SHA-512:63E2481FAABCC03ABFFE7CEEA05EF538C267FEA53EFC1BC47A5D733F36EA8BEBB263B0DE511C492C1D126B2D2C4409E1C73A63B1CD548CF7FC986932C77301B7
                                                                                                Malicious:false
                                                                                                Preview:{"analyticsData":{"responseGUID":"9f85ebb3-dd3c-45c0-8831-3246f92bd42d","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1719646438399,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                File Type:JSON data
                                                                                                Category:dropped
                                                                                                Size (bytes):289
                                                                                                Entropy (8bit):5.288768649106141
                                                                                                Encrypted:false
                                                                                                SSDEEP:6:YEQXJ2HXC5IJoK/x+FIbRI6XVW7+0YToAvJf8dPeUkwRe9:YvXKXCNK/UYpW7NGU8Ukee9
                                                                                                MD5:BB23E3E7911BA93920EF5FA36B20C692
                                                                                                SHA1:1776D2DDEF1A83286DA34B1A77DE2EF2F3FCC7CF
                                                                                                SHA-256:B4DCE2B88C3BE7E0772FC0271511E4C16F988408BB5ADBA4935DC275538D20FB
                                                                                                SHA-512:E2D58A024ABFE1680FB3F4A6C2B2E9351E705F4A94F03FC19FE2497FF64553109C8C86EFEC65CBD8E355CA5E2480D9C2704E6C26382D3344D0125473EBAA5C14
                                                                                                Malicious:false
                                                                                                Preview:{"analyticsData":{"responseGUID":"9f85ebb3-dd3c-45c0-8831-3246f92bd42d","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1719646438399,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                File Type:JSON data
                                                                                                Category:dropped
                                                                                                Size (bytes):292
                                                                                                Entropy (8bit):5.2895096142781615
                                                                                                Encrypted:false
                                                                                                SSDEEP:6:YEQXJ2HXC5IJoK/x+FIbRI6XVW7+0YToAvJfQ1rPeUkwRe9:YvXKXCNK/UYpW7NGY16Ukee9
                                                                                                MD5:C365ACD8DE83A90348CF8C0F406B2E52
                                                                                                SHA1:AFAC7CA7ED7D8E931A1E99FB15B0F70DF14AA443
                                                                                                SHA-256:C569E76C4A1D25B7F613CC2B34FFC066BCBCA7109B8771B3095E97DFB3ED060A
                                                                                                SHA-512:6FC7A8BE0C1418598731344B14803DD9EBA28BBEA37B8B5CCE36ABB150D35CDEBC4CD7694E20058E03BA23860699087C4841155EC7EAD50312A20D09F37FA64D
                                                                                                Malicious:false
                                                                                                Preview:{"analyticsData":{"responseGUID":"9f85ebb3-dd3c-45c0-8831-3246f92bd42d","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1719646438399,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                File Type:JSON data
                                                                                                Category:dropped
                                                                                                Size (bytes):289
                                                                                                Entropy (8bit):5.307734216890185
                                                                                                Encrypted:false
                                                                                                SSDEEP:6:YEQXJ2HXC5IJoK/x+FIbRI6XVW7+0YToAvJfFldPeUkwRe9:YvXKXCNK/UYpW7NGz8Ukee9
                                                                                                MD5:638F03C6CED0069BB0B8C159E5472422
                                                                                                SHA1:4547FF93ADD00DA70106EB627DA8E2967A37B8B7
                                                                                                SHA-256:8D5FD65DDFAF1004B12B49BED4827886DE80C3582DEBD57248A994CA72698006
                                                                                                SHA-512:C59086F4AE25AAD47977A464988139EE62E0B55502975629E0D5056F8D0DE17A2ECE6B21938029907FA0F561920E17D1D11E42A7C9171D839966ACFD7FF8DF78
                                                                                                Malicious:false
                                                                                                Preview:{"analyticsData":{"responseGUID":"9f85ebb3-dd3c-45c0-8831-3246f92bd42d","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1719646438399,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                File Type:JSON data
                                                                                                Category:dropped
                                                                                                Size (bytes):1372
                                                                                                Entropy (8bit):5.741149399429592
                                                                                                Encrypted:false
                                                                                                SSDEEP:24:Yv6XUKtipKLgENRcbrZbq00iCCBrwJo++ns8ct4mFJNh:YvAEpEgigrNt0wSJn+ns8cvFJr
                                                                                                MD5:593D2B32F1E9D51487343CABCD8AF8C7
                                                                                                SHA1:2C7159C29EA1FB618E9797808CFF9EE69400ED51
                                                                                                SHA-256:9ADCC5C487A856536BA872FFD99B3E1929FFDF938DF11520B5ACADA1E1F447B0
                                                                                                SHA-512:3A09ACAC214C134A2CDCFA7125C3BAD652CA92F47452930ADB8EFD27CE67F56FE3999D718CE1EEBE036F4AB3BC4C42F67536BA9B127A0B54382989A38875E520
                                                                                                Malicious:false
                                                                                                Preview:{"analyticsData":{"responseGUID":"9f85ebb3-dd3c-45c0-8831-3246f92bd42d","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1719646438399,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"79887_247329ActionBlock_0","campaignId":79887,"containerId":"1","controlGroupId":"","treatmentId":"acc56846-d570-4500-a26e-7f8cf2b4acad","variationId":"247329"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJUcnkgQWNyb2JhdCBQcm8ifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNSIsImZvbnRfc3R5bGUiOiIwIn0sImRlc2NyaXB0aW9uX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTMiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIDctZGF5IHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0byBwcmVtaXVtIFBERiBhbmQgZS1zaWduaW5nIHRvb2xzLiIsImJ

                                                                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                File Type:JSON data
                                                                                                Category:dropped
                                                                                                Size (bytes):289
                                                                                                Entropy (8bit):5.2970346404782465
                                                                                                Encrypted:false
                                                                                                SSDEEP:6:YEQXJ2HXC5IJoK/x+FIbRI6XVW7+0YToAvJfYdPeUkwRe9:YvXKXCNK/UYpW7NGg8Ukee9
                                                                                                MD5:FBFF53BBD9A894F2C6D5D193A789ED3F
                                                                                                SHA1:600FA98FD2DD5C273D8A81885017623BB5ED8929
                                                                                                SHA-256:F35F62400A12DD8648B7B421FCA62782C8D2D6D6B5BB1703A8E0E4CB836BE024
                                                                                                SHA-512:37FEA4356597E2491075DC922570CC2C94DC12C9652F22011B26C8C200F7EE5A0545288AA2B24BA80780B24EA4101B8D0255F80FC823C1611A1126616991C52D
                                                                                                Malicious:false
                                                                                                Preview:{"analyticsData":{"responseGUID":"9f85ebb3-dd3c-45c0-8831-3246f92bd42d","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1719646438399,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                File Type:JSON data
                                                                                                Category:dropped
                                                                                                Size (bytes):1395
                                                                                                Entropy (8bit):5.776420460862777
                                                                                                Encrypted:false
                                                                                                SSDEEP:24:Yv6XUKtiErLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNJ:YvAEEHgDv3W2aYQfgB5OUupHrQ9FJ/
                                                                                                MD5:1DF75A92EB2B0892961AA21079252DEA
                                                                                                SHA1:76F876134E1AC72FF1D9C2AAED5E54C5B62F9137
                                                                                                SHA-256:A6424BB172EF6CC96F3454DB5AB98FF901A774094AE83C51B01E0B8F6AE74CED
                                                                                                SHA-512:FCD10E32922BACC9FFF4E25A3F19B73A493F927A698EE5C0C99B135BEBA5BE9BFF193E1C349E96560E606D20014F528B4DB32A55837777183013A0FE026B1E67
                                                                                                Malicious:false
                                                                                                Preview:{"analyticsData":{"responseGUID":"9f85ebb3-dd3c-45c0-8831-3246f92bd42d","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1719646438399,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

                                                                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                File Type:JSON data
                                                                                                Category:dropped
                                                                                                Size (bytes):291
                                                                                                Entropy (8bit):5.280602118629923
                                                                                                Encrypted:false
                                                                                                SSDEEP:6:YEQXJ2HXC5IJoK/x+FIbRI6XVW7+0YToAvJfbPtdPeUkwRe9:YvXKXCNK/UYpW7NGDV8Ukee9
                                                                                                MD5:7126E50E99C9C582BAD01FDC506B8631
                                                                                                SHA1:345FFF9BF25317C2501832401DB0C11FF4E30364
                                                                                                SHA-256:802FEEBC930A18B8E67432573ABF87464022A6FDEC0FDDFD8E857C943CB7F704
                                                                                                SHA-512:F992BBBC9886BCDCBC63CB4B8FEC130B674D9C29238E6117922749E4B6A2D260411BFDA7270B75159738EB6FDEBB064E891B56EF3BF56283A771D05FE4214EA2
                                                                                                Malicious:false
                                                                                                Preview:{"analyticsData":{"responseGUID":"9f85ebb3-dd3c-45c0-8831-3246f92bd42d","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1719646438399,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                File Type:JSON data
                                                                                                Category:dropped
                                                                                                Size (bytes):287
                                                                                                Entropy (8bit):5.281584542818818
                                                                                                Encrypted:false
                                                                                                SSDEEP:6:YEQXJ2HXC5IJoK/x+FIbRI6XVW7+0YToAvJf21rPeUkwRe9:YvXKXCNK/UYpW7NG+16Ukee9
                                                                                                MD5:D75FA4E53587A68A9CC6925801A8C521
                                                                                                SHA1:85617BDC7CAAA5ABCAB31849934CA8AAED02ADC6
                                                                                                SHA-256:847ED4C4CFE1C49EFD1E6130C18B947E67BD73C17D6ED72DBF1FBCFB6D046EA4
                                                                                                SHA-512:1ABE067ACAA37FCA10AB8D9F9A35FCD2C80838C4810092E6157138BB11488DFBABAC347A8C6202AA29CE22D2865C47DD21B8CC5A37ACFA7AD9ADF5EBEC1E6D36
                                                                                                Malicious:false
                                                                                                Preview:{"analyticsData":{"responseGUID":"9f85ebb3-dd3c-45c0-8831-3246f92bd42d","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1719646438399,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                File Type:JSON data
                                                                                                Category:dropped
                                                                                                Size (bytes):289
                                                                                                Entropy (8bit):5.303575951162173
                                                                                                Encrypted:false
                                                                                                SSDEEP:6:YEQXJ2HXC5IJoK/x+FIbRI6XVW7+0YToAvJfbpatdPeUkwRe9:YvXKXCNK/UYpW7NGVat8Ukee9
                                                                                                MD5:85852231EB434B1ABA9E948193C1EFE8
                                                                                                SHA1:6A573D6B01744B2EF9CD1B6F3020417A44E794F3
                                                                                                SHA-256:D3D343144BBBDBC57D1669E9F43E8FBD9951096C28DEDBE55FC8B6696B2EEAA2
                                                                                                SHA-512:E60BF39DDB69472CD5B6C86E917D9610867E99869A4CC43F314168631C479FCDCDB7959AFC60A10B94F4291F5BABDBE3664603EC06FADE9F3B97EEAD71CA1EE7
                                                                                                Malicious:false
                                                                                                Preview:{"analyticsData":{"responseGUID":"9f85ebb3-dd3c-45c0-8831-3246f92bd42d","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1719646438399,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                File Type:JSON data
                                                                                                Category:dropped
                                                                                                Size (bytes):286
                                                                                                Entropy (8bit):5.254974405491068
                                                                                                Encrypted:false
                                                                                                SSDEEP:6:YEQXJ2HXC5IJoK/x+FIbRI6XVW7+0YToAvJfshHHrPeUkwRe9:YvXKXCNK/UYpW7NGUUUkee9
                                                                                                MD5:6F93B8B1603C977B44C48C95242045F2
                                                                                                SHA1:FC868E7D48CBB61E24ACE953D787E6E3199A08DC
                                                                                                SHA-256:4206A8442B37EF67EA0475E7A2ACA2FCE137A556E2E97EAB224E96DCCB17B9A2
                                                                                                SHA-512:A47B2BF6F0274114346D4D33C7E9BADBB7BA4E27D2EB042C087234281B05766DAB660DD21FC33A04F238C367842908FC6E82E402834821A519CB2B0B20BB3E27
                                                                                                Malicious:false
                                                                                                Preview:{"analyticsData":{"responseGUID":"9f85ebb3-dd3c-45c0-8831-3246f92bd42d","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1719646438399,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                File Type:JSON data
                                                                                                Category:dropped
                                                                                                Size (bytes):782
                                                                                                Entropy (8bit):5.372716562630634
                                                                                                Encrypted:false
                                                                                                SSDEEP:12:YvXKXCNK/UYpW7NGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWl:Yv6XUKti5168CgEXX5kcIfANhc
                                                                                                MD5:3BDC0C1CAB7C01E417011A3E2AD84D69
                                                                                                SHA1:906594ACD3C780A3918775FD8EBD61EE01167270
                                                                                                SHA-256:27C78EF617E33F0868E8C274C3EE8D8C365F37555D4F33BF70D1FCA34680CC39
                                                                                                SHA-512:71D1B2D57B83DBBFAD57921D13489611934C9439F6E78BBB4C8162BA1A9F2C9553255E15DBE8BFC47B567E24A0019B2CA2EF4F6624D362D4DBA98BB78FA697DF
                                                                                                Malicious:false
                                                                                                Preview:{"analyticsData":{"responseGUID":"9f85ebb3-dd3c-45c0-8831-3246f92bd42d","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1719646438399,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1719471898454}}}}

                                                                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                File Type:data
                                                                                                Category:dropped
                                                                                                Size (bytes):4
                                                                                                Entropy (8bit):0.8112781244591328
                                                                                                Encrypted:false
                                                                                                SSDEEP:3:e:e
                                                                                                MD5:DC84B0D741E5BEAE8070013ADDCC8C28
                                                                                                SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
                                                                                                SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
                                                                                                SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
                                                                                                Malicious:false
                                                                                                Preview:....

                                                                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                File Type:JSON data
                                                                                                Category:dropped
                                                                                                Size (bytes):2814
                                                                                                Entropy (8bit):5.111295210224451
                                                                                                Encrypted:false
                                                                                                SSDEEP:24:Y47Cnb8r2WA2Yudl2LSJnXaXL6ayY2NusJnqUyMjjsj0S/InB75s054dQ9eBhuFz:YYgbBWAD+lugH7j+WFs0OQ9ECz
                                                                                                MD5:7B3FF76595F8BD724B1C04FC3E5E8CD8
                                                                                                SHA1:E190FC3B8587AE02235FEC806B2517308C65AB5C
                                                                                                SHA-256:67966267AD6EC572A5D02810C4A4045CBE6E7597A8D47E36BC5EF3AA0E052FF2
                                                                                                SHA-512:7A57DA995A5E332B068723A694B064EEB883680BA94A5EE3C60F60D180D6728A78A7A3DC65EEC205CC849DB10CB949C25C91235FF9E887291D0A5A836E6B8740
                                                                                                Malicious:false
                                                                                                Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"4c54a8c79fed509d27f12ddeaed51332","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1719471898000},{"id":"Edit_InApp_Aug2020","info":{"dg":"0e52d0d7f9d8bf18801ee4ae2f143916","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":1719471897000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"621611efb8547fca590204cf42be27df","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1372,"ts":1719471897000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"d35b792c1a464bae3ee9000b1abada8a","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file","size":292,"ts":1719471897000},{"id":"DC_FirstMile_Right_Sec_Surface","info":{"dg":"039d1e508f60fb5e4edca5775fa7fed8","sid":"DC_FirstMile_Right_Sec_Surface"},"mimeType":"file","size":294,"ts":1719471897000},{"id":"DC_Reader_More_LHP_Banner","info":{"dg":"448d17e64bbc0d07c28fce08d883f58f","sid":"DC_Reader_More_LHP_Banner"},"mimeType":"file","size":289,"

                                                                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 19, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 19
                                                                                                Category:dropped
                                                                                                Size (bytes):12288
                                                                                                Entropy (8bit):0.9854152307746152
                                                                                                Encrypted:false
                                                                                                SSDEEP:24:TLHRx/XYKQvGJF7urs6I1RZKHs/Ds/SpeDo4zJwtNBwtNbRZ6bRZ4nDoF:TVl2GL7ms6ggOVpe/zutYtp6PEY
                                                                                                MD5:49F8485E18F3637E680E60C9249BE2DE
                                                                                                SHA1:57E1DE304878A48FEB5F03FDC588C1DE0C16BBF4
                                                                                                SHA-256:0C3603E9ED66D4F6435A523784DD7FADB48C78596077169FA7670678B1AB0EC1
                                                                                                SHA-512:14A1F0AE48D36A6373C72CC5830982A56FBFCE3D0C1FBD41B2EE2A5EBDCD1B5996DF94789074F6E458D5D5B834FE264EF8704EAE51460CF05E8A6169D14EECC3
                                                                                                Malicious:false
                                                                                                Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                File Type:SQLite Rollback Journal
                                                                                                Category:dropped
                                                                                                Size (bytes):8720
                                                                                                Entropy (8bit):1.3355322300920638
                                                                                                Encrypted:false
                                                                                                SSDEEP:24:7+tkAD1RZKHs/Ds/SpeDoPzJwtNBwtNbRZ6bRZWf1RZKKqLBx/XYKQvGJF7ursv:7MkGgOVpeIzutYtp6PM/qll2GL7msv
                                                                                                MD5:CE6F1458FECA70A7731074512E13041E
                                                                                                SHA1:F399E85F729DB0545EA2F1640401476E5E203B2C
                                                                                                SHA-256:730763927D2E1A74BCF0D7F3555D33C7AD822D0CB8EE5D1EDBC4AD556594A767
                                                                                                SHA-512:BF26B0D79F13BD4DDFBCD6D82EDE2DA598A6931E71CA19098163EC2E50441DA2E513983A92B85F95D3697AE202E0B044274AA013BD09475C886F506FE75C3165
                                                                                                Malicious:false
                                                                                                Preview:.... .c.....9 M=......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j...#..#.#.#.#.#.#.#.#.7.7........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Orden#46789_2024_Optoflux_mexico_sderlss.exe.log

                                                                                                Download File
                                                                                                Process:C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exe
                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):1216
                                                                                                Entropy (8bit):5.34331486778365
                                                                                                Encrypted:false
                                                                                                SSDEEP:24:MLU84qpE4KlKDE4KhKiKhIE4Kx1qE4qXKIE4oKNzKoZAE4Kze0E4j:Mgv2HKlYHKh3oIHKx1qHitHo6hAHKzea
                                                                                                MD5:FB53815DEEC334028DBDE4E3660E26D0
                                                                                                SHA1:7F491359EC244406DFC8AA39FC9B727D677E4FDF
                                                                                                SHA-256:C3EC8D6C079B1940D82374A85E9DC41ED9FF683ADA338F89E375AA7AC777749D
                                                                                                SHA-512:5CC466901D7911BE1E1731162CC01C371444AAFA9A504F1F22516F60C888048EB78B5C5A12215EE2B127BD67A19677E370686465E85E08BC14015F8FAB049E49
                                                                                                Malicious:true
                                                                                                Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a

                                                                                                C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\vexplorerez.exe.log

                                                                                                Download File
                                                                                                Process:C:\Users\user\AppData\Roaming\vexplorerez.exe
                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):1216
                                                                                                Entropy (8bit):5.34331486778365
                                                                                                Encrypted:false
                                                                                                SSDEEP:24:MLU84qpE4KlKDE4KhKiKhIE4Kx1qE4qXKIE4oKNzKoZAE4Kze0E4j:Mgv2HKlYHKh3oIHKx1qHitHo6hAHKzea
                                                                                                MD5:FB53815DEEC334028DBDE4E3660E26D0
                                                                                                SHA1:7F491359EC244406DFC8AA39FC9B727D677E4FDF
                                                                                                SHA-256:C3EC8D6C079B1940D82374A85E9DC41ED9FF683ADA338F89E375AA7AC777749D
                                                                                                SHA-512:5CC466901D7911BE1E1731162CC01C371444AAFA9A504F1F22516F60C888048EB78B5C5A12215EE2B127BD67A19677E370686465E85E08BC14015F8FAB049E49
                                                                                                Malicious:false
                                                                                                Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a

                                                                                                C:\Users\user\AppData\Local\Temp\MSI7e6f.LOG

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):246
                                                                                                Entropy (8bit):3.534010397435022
                                                                                                Encrypted:false
                                                                                                SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8EQve:Qw946cPbiOxDlbYnuRKvQm
                                                                                                MD5:12471CD1FBAC00C38FC855C2C7ED254E
                                                                                                SHA1:426789A1C51AA75A6EB97577F01F7C99B39302DC
                                                                                                SHA-256:9AFA9F0DC17163F615F2B7E1252A6452FB04F6674905460C520635BB7C8EBE40
                                                                                                SHA-512:2599A6D84C1379AD958B04262B4A198403F511D479D3EFA240F567E22710D0C54F2E5AD0163DA89D107F221985E98391BF596556D80CA80C337E4343C0241645
                                                                                                Malicious:false
                                                                                                Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.7./.0.6./.2.0.2.4. . .0.3.:.0.4.:.5.6. .=.=.=.....

                                                                                                C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-06-27 03-04-48-810.log

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                File Type:ASCII text, with very long lines (393)
                                                                                                Category:dropped
                                                                                                Size (bytes):16525
                                                                                                Entropy (8bit):5.376360055978702
                                                                                                Encrypted:false
                                                                                                SSDEEP:384:6b1sdmfenwop+WP21h2RPjRNg7JjO2on6oU6CyuJw1oaNIIu9EMuJuF6MKK9g9JQ:vIn
                                                                                                MD5:1336667A75083BF81E2632FABAA88B67
                                                                                                SHA1:46E40800B27D95DAED0DBB830E0D0BA85C031D40
                                                                                                SHA-256:F81B7C83E0B979F04D3763B4F88CD05BC8FBB2F441EBFAB75826793B869F75D1
                                                                                                SHA-512:D039D8650CF7B149799D42C7415CBF94D4A0A4BF389B615EF7D1B427BC51727D3441AA37D8C178E7E7E89D69C95666EB14C31B56CDFBD3937E4581A31A69081A
                                                                                                Malicious:false
                                                                                                Preview:SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:961+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="SetConfig:

                                                                                                C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                File Type:ASCII text, with very long lines (393), with CRLF line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):15114
                                                                                                Entropy (8bit):5.334730870969514
                                                                                                Encrypted:false
                                                                                                SSDEEP:384:liMj/h65jinJS0uvzrB4UbaVvWCtE/DKAj+a4k4ZYg+fJNKRTqIxDmD6Xw6bruea:Y9Z
                                                                                                MD5:D2762BBB4492EB3AE20BED36C518D01D
                                                                                                SHA1:17F3D23CCFA0C12A17A625EEEBD45837B6169FDD
                                                                                                SHA-256:52F98DFB40F64BFB9C224FC23E25DED5AF86F97E8D008DD3DB5295EB86D3F17B
                                                                                                SHA-512:B4F5AB3E918596772E4F5B121C84087C3A18AF3A1FB9B03184C4D087D32F445050FC7DE911B99B20B33CBD5C2E7EF9DACEA3C9AEAD3B3F5E2E753C7909B5AB99
                                                                                                Malicious:false
                                                                                                Preview:SessionID=82a4aaa8-6066-40aa-b9fd-011b61c18b7b.1719471888822 Timestamp=2024-06-27T03:04:48:823-0400 ThreadID=5580 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=82a4aaa8-6066-40aa-b9fd-011b61c18b7b.1719471888822 Timestamp=2024-06-27T03:04:48:823-0400 ThreadID=5580 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=82a4aaa8-6066-40aa-b9fd-011b61c18b7b.1719471888822 Timestamp=2024-06-27T03:04:48:823-0400 ThreadID=5580 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=82a4aaa8-6066-40aa-b9fd-011b61c18b7b.1719471888822 Timestamp=2024-06-27T03:04:48:823-0400 ThreadID=5580 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=82a4aaa8-6066-40aa-b9fd-011b61c18b7b.1719471888822 Timestamp=2024-06-27T03:04:48:824-0400 ThreadID=5580 Component=ngl-lib_NglAppLib Description="SetConf

                                                                                                C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):29752
                                                                                                Entropy (8bit):5.399564293828346
                                                                                                Encrypted:false
                                                                                                SSDEEP:768:GLxxlyVUFcAzWL8VWL1ANSFld5YjMWLvJ8Uy++NSXl3WLd5WLrbhhVClkVMwDGbz:X
                                                                                                MD5:49899D70E8B3B5903696612A2AC8912D
                                                                                                SHA1:4064849805EEA9A52A0320232E44087AAB465AEC
                                                                                                SHA-256:0790CA94979A984FAB1AD747B0BC4B10FF65B23EB8C8AD0AF60D89A8171B4D36
                                                                                                SHA-512:55FA6488558E7D4875DBD350FEC6A05EF684219293A5CCCDEB54B6D26DD03A356146B54869427382BBC4DEDD5281F228AD87E03A86878CE372700E38B6133457
                                                                                                Malicious:false
                                                                                                Preview:04-10-2023 02:39:31:.---2---..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : ***************************************..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : ***************************************..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : Starting NGL..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..04-10-2023 02:39:31:.Closing File..04-10-

                                                                                                C:\Users\user\AppData\Local\Temp\acrocef_low\66dfb3d7-f806-44fd-9780-dd05473ac8f5.tmp

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
                                                                                                Category:dropped
                                                                                                Size (bytes):1419751
                                                                                                Entropy (8bit):7.976496077007677
                                                                                                Encrypted:false
                                                                                                SSDEEP:24576:/M7oMOWLaGZ4ZwYIGNP8dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:RVWLaGZ4ZwZGm3mlind9i4ufFXpAXkru
                                                                                                MD5:E787F9888A1628BE8234F19E8EE26D68
                                                                                                SHA1:44D5180C06ADBBDAADDBCE350CE4DEC997CD83E5
                                                                                                SHA-256:3A09F3799148DA49F039A35AEDD22F368FB35B8D6022C4691C10606F704DAF80
                                                                                                SHA-512:EE9B602898706CC0F33AA570E29A79A58ED748E1B738D74DF0C8C8DF193E23421B47AC8C862623ED774289D94FA90662A4CC436B80479D6420433D81752E9CA9
                                                                                                Malicious:false
                                                                                                Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                                                                                                C:\Users\user\AppData\Local\Temp\acrocef_low\73abc99f-3cac-4a7f-b00b-b13f4bc059bd.tmp

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
                                                                                                Category:dropped
                                                                                                Size (bytes):386528
                                                                                                Entropy (8bit):7.9736851559892425
                                                                                                Encrypted:false
                                                                                                SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
                                                                                                MD5:5C48B0AD2FEF800949466AE872E1F1E2
                                                                                                SHA1:337D617AE142815EDDACB48484628C1F16692A2F
                                                                                                SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
                                                                                                SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
                                                                                                Malicious:false
                                                                                                Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

                                                                                                C:\Users\user\AppData\Local\Temp\acrocef_low\8c3dde6b-c248-4edf-8cc5-b1b725bad028.tmp

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
                                                                                                Category:dropped
                                                                                                Size (bytes):758601
                                                                                                Entropy (8bit):7.98639316555857
                                                                                                Encrypted:false
                                                                                                SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
                                                                                                MD5:3A49135134665364308390AC398006F1
                                                                                                SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
                                                                                                SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
                                                                                                SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
                                                                                                Malicious:false
                                                                                                Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

                                                                                                C:\Users\user\AppData\Local\Temp\acrocef_low\e15e47aa-277d-4b20-ad08-97da4cf44a42.tmp

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 647360
                                                                                                Category:dropped
                                                                                                Size (bytes):1407294
                                                                                                Entropy (8bit):7.97605879016224
                                                                                                Encrypted:false
                                                                                                SSDEEP:24576:/yowYIGNP4bdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07WWL07oBGZd:twZG6b3mlind9i4ufFXpAXkrfUs0qWLa
                                                                                                MD5:8D04FDC5022E491B91EC6B32F003430B
                                                                                                SHA1:6619D46E06076B5669D4CC677D6D8F638189E46A
                                                                                                SHA-256:7682C53053D66EF0B1A89335C88C4420226B10AFAC87A286E6E1A6BC795FEE61
                                                                                                SHA-512:AA96FA56D3C5C4200BAA917D3091ADB1A5FAE7D534DD9C909D8B60AE13E902D6B71D42C2823319483414987E4B41079FA241B3D0A384EE4B281B63F834917E7D
                                                                                                Malicious:false
                                                                                                Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                                                                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                                                                                                Download File
                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Jun 27 06:04:51 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                Category:dropped
                                                                                                Size (bytes):2677
                                                                                                Entropy (8bit):3.9778870056218048
                                                                                                Encrypted:false
                                                                                                SSDEEP:48:8MLdeTaWtaHmidAKZdA19ehwiZUklqehHMy+3:8HzLmMy
                                                                                                MD5:88628E71EB9FDE319ADC5DC2A35772E1
                                                                                                SHA1:E3637474945235B3111F25D874F97A86F4B0AA55
                                                                                                SHA-256:FEFF06949AE756BAC53969DE1CFFB728F95F76FF2A6CA8222D2DFFF5C37C71A7
                                                                                                SHA-512:81C63A7B541DCDAF0231774EC855D2F561FAFE42308D14008AA22DEF1BEEB6AC31AD48D72FAA4E646AEAD79D3B3993CE963F3589F8B0D7F5ABF8BC7F06CDFE0D
                                                                                                Malicious:false
                                                                                                Preview:L..................F.@.. ...$+.,.....DSN`...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X.8....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.8....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.8....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.8..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.8...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............k.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                                                                                                Download File
                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Jun 27 06:04:51 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                Category:dropped
                                                                                                Size (bytes):2679
                                                                                                Entropy (8bit):3.9926815262740267
                                                                                                Encrypted:false
                                                                                                SSDEEP:48:8PdeTaWtaHmidAKZdA1weh/iZUkAQkqehWMy+2:8Mz59QBMy
                                                                                                MD5:632283E5E000C8181B68EC16E7C4006C
                                                                                                SHA1:C6CD6C9960E3BEC591802CB2F006FDA8B930F5BA
                                                                                                SHA-256:CDA869A0CAA9C6E087B3C9E499D9D6B0644ED924EA1E978091F3969BAB364464
                                                                                                SHA-512:194F33DA071AA413DF66698A9EFA0238302DE9ADB7A179E33B699CDF3C0CDEC18A629E95BDF2ECA503D355A64C70FC23FEE020FB156C3303C1AEEA291F420A38
                                                                                                Malicious:false
                                                                                                Preview:L..................F.@.. ...$+.,.....FEN`...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X.8....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.8....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.8....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.8..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.8...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............k.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                                                                                                Download File
                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                Category:dropped
                                                                                                Size (bytes):2693
                                                                                                Entropy (8bit):4.005826869937279
                                                                                                Encrypted:false
                                                                                                SSDEEP:48:8xcdeTaWtsHmidAKZdA14tseh7sFiZUkmgqeh7sgMy+BX:8xdzDnqMy
                                                                                                MD5:AABD4B52F6809B74A895436A1A1FF08A
                                                                                                SHA1:367C3360B559C5BE391723DF4EC9007E94AE1F27
                                                                                                SHA-256:C3390749A14307CC07A2DDD2CB6CBEB728CDF1D0A9727750A34A98D9E6FBAEB5
                                                                                                SHA-512:65F3627A153F7C74D0ACF938656294FEB9B30D6A2E316F094585F843B6143190858AF6AF081C10B84F16E0A4181C3BB49CCA17C980E80B1710FA934965FDF560
                                                                                                Malicious:false
                                                                                                Preview:L..................F.@.. ...$+.,......e>....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X.8....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.8....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.8....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.8..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDW.n...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............k.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                                                                                                Download File
                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Jun 27 06:04:51 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                Category:dropped
                                                                                                Size (bytes):2681
                                                                                                Entropy (8bit):3.9912995622061285
                                                                                                Encrypted:false
                                                                                                SSDEEP:48:8h3deTaWtaHmidAKZdA1vehDiZUkwqehyMy+R:8uzaIMy
                                                                                                MD5:F9C68FB56F0516C467D2426417685CAA
                                                                                                SHA1:AB41E34175CD135C2269E30C11B28D9071DDB619
                                                                                                SHA-256:F6F9EA47F5D3E1F149E09268A7BC507D9D365DB8AF15D23C01EA342943E7E668
                                                                                                SHA-512:A0819DD51E62A58D3ECB62A08057E0BB873DF35A50E78A6E84C1D2C62F698EDDF1341B660216613F27E1E60627D9D9C7AFA60525F27B9928571DA31E621EBA71
                                                                                                Malicious:false
                                                                                                Preview:L..................F.@.. ...$+.,....g/+N`...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X.8....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.8....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.8....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.8..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.8...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............k.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                                                                                                Download File
                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Jun 27 06:04:51 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                Category:dropped
                                                                                                Size (bytes):2681
                                                                                                Entropy (8bit):3.981030113690901
                                                                                                Encrypted:false
                                                                                                SSDEEP:48:8ddeTaWtaHmidAKZdA1hehBiZUk1W1qeh0My+C:8uza9UMy
                                                                                                MD5:917EF02701138D58608E14F208E8FCE4
                                                                                                SHA1:D68A9F41D5313303179F06E2FC3A3CB895CD25D1
                                                                                                SHA-256:EB1AB04E06D453CA8DB4675330792D1DFB835507E34CF12B47CE14D680F49D0A
                                                                                                SHA-512:1BBB193C93D3F0EBEF2B14D8BB38C1516671525E7031133D1DAEAFB19C7815D962B7D0CFA8F5645BFB583AFD10D41A1CF5ACC0DFAB0C6A0CC775D9EE2D40EF66
                                                                                                Malicious:false
                                                                                                Preview:L..................F.@.. ...$+.,......KN`...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X.8....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.8....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.8....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.8..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.8...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............k.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                                                                                                Download File
                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Jun 27 06:04:51 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                Category:dropped
                                                                                                Size (bytes):2683
                                                                                                Entropy (8bit):3.9946370788296317
                                                                                                Encrypted:false
                                                                                                SSDEEP:48:8sdeTaWtaHmidAKZdA1duT+ehOuTbbiZUk5OjqehOuTbqMy+yT+:8tzkT/TbxWOvTbqMy7T
                                                                                                MD5:588DBCEC59450E49B088DCC0621FCBDD
                                                                                                SHA1:E742CEDAA7AE672DABCC16AED0A271EEFB7C2F50
                                                                                                SHA-256:288D8C7CC6D7639EF42914B061C062AF6675BD89DEFF95D535B933984F05C093
                                                                                                SHA-512:CB59FB8D33D8E31AA2A098429A21A5F2B5318422AABD1B1735891F75B17D6E0CE4EAF9796A7A1A35BAB23518A21B7426AF113C80305848C614EDC1D5E847BC6F
                                                                                                Malicious:false
                                                                                                Preview:L..................F.@.. ...$+.,......!N`...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X.8....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.8....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.8....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.8..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.8...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............k.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                C:\Users\user\AppData\Roaming\PABILOS MOTORES #5 Y 6.pdf

                                                                                                Download File
                                                                                                Process:C:\Users\user\AppData\Roaming\vexplorerez.exe
                                                                                                File Type:PDF document, version 1.3, 1 pages
                                                                                                Category:dropped
                                                                                                Size (bytes):26507
                                                                                                Entropy (8bit):7.813803154001479
                                                                                                Encrypted:false
                                                                                                SSDEEP:768:MOjgqbD1EAw5Sa7OJOo8gxraB21BiqKIA+hF:MagoD1EAuSumGgxraQe+X
                                                                                                MD5:9CF473B9B836B8811841BEF458BD5474
                                                                                                SHA1:F46E568C480C692F218F28C5066472D9AFFDA54D
                                                                                                SHA-256:6B1411273CC92BE9697DB4C28034C98802E947563849FD441D71E6C768CC72C3
                                                                                                SHA-512:8B2D4F7515F9F28C30C83D0BCC4BA119F2CC7F3F9C203E0E69FA3C1BF0E105CF0B36F6895917A0385174EFB659780211C620268E5CBEC59C36DD51D468ECF68B
                                                                                                Malicious:false
                                                                                                Preview:%PDF-1.3..%......4 0 obj..<<../Author (Author)../Keywords (keyword1, keyword2)../CreationDate (D:20240506185230Z)../Title (Title)../Creator (XSL-FO http://www.w3.org/1999/XSL/Format)../Subject (Subject)../Producer (Fonet, Version=1.0.0.0, Culture=neutral, PublicKeyToken=52effa152c4a9dc6, 1.0.0.0)..>>..endobj..5 0 obj..<<../Filter /FlateDecode../Length 3948..>>..stream..x^.\.r.J.}.W.13.}............f..ez...,..fq....d.*-..b.,.FB.u.dVVV...;+V1C......Bop..T.......@....W.)U...)....|i......pNt...zK.....?..K.Q5...5......F.S...?.^...Z..C...5J.....1...P....V.%.w..Wy...+..#BX...@.a..p.5.Ke.....*.....%N5.;.Rj.k...L5...jt..@.._..Ip4t';...... .U$ea.."...`.B..O[?......;......9.XC.f2.8.q|....]Di.>....c.],....^.A.].S5....=7K.J...7..\..IH.xk...... .n.K...Kw.....^d.V.UhZ.A|`..c.hLc...j|&...o"l.......=.....*....y.3....38....P0(AD=G..i..L.3...<.h...X..\.........;....pB.=./\..9..j...E\Wr.UA7[z.......+...:C1.S..4.*,..]:.o;....^.#w......2.......b..$.&..)...'`v..F.I...fBE.m.a`..;{

                                                                                                C:\Users\user\AppData\Roaming\vexplorerez.exe

                                                                                                Download File
                                                                                                Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                Category:dropped
                                                                                                Size (bytes):881664
                                                                                                Entropy (8bit):6.50593051717965
                                                                                                Encrypted:false
                                                                                                SSDEEP:12288:z1I6SaGRIuDJpW2YwPUqw2yK1WHV+m/SIo6I6JT/sudfpdCcqXQ:nEpIaY/smfXCcsQ
                                                                                                MD5:AF0DCCDCAC71A9EC9395BBAC08C232A8
                                                                                                SHA1:C9647A1D282DB7ED314AF4C17A86DC5D92F752DC
                                                                                                SHA-256:A8726088FFFCB88C32528D617D58D5C0D028C28115842F0C2A4F7A7FE5192E82
                                                                                                SHA-512:554AB8AF23E8B9438F7D89191C3DEE457E80F93202D55BD0CDB80BE3CF94C25A1D0F8464C51B274AA55CA67ED34C672F25FB0B6E10791C33AB54EAD27E1CD333
                                                                                                Malicious:true
                                                                                                Antivirus:
                                                                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                • Antivirus: ReversingLabs, Detection: 66%
                                                                                                • Antivirus: Virustotal, Detection: 73%, Browse
                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....WH..........."...P.............~.... ........@.. ....................................`.................................(...S....................t............................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc...............r..............@..B................`.......H...........p....................................................................B!........................................................................................................................................................... (........................................................................................................................................................................ (.......? ......B ...(....*&..(.....*.s ........s!........s"........s#.

                                                                                                C:\Users\user\AppData\Roaming\vexplorerez.exe:Zone.Identifier

                                                                                                Download File
                                                                                                Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                Category:modified
                                                                                                Size (bytes):26
                                                                                                Entropy (8bit):3.95006375643621
                                                                                                Encrypted:false
                                                                                                SSDEEP:3:ggPYV:rPYV
                                                                                                MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                Malicious:true
                                                                                                Preview:[ZoneTransfer]....ZoneId=0

                                                                                                Chrome Cache Entry: 202

                                                                                                Download File
                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                Category:downloaded
                                                                                                Size (bytes):277414
                                                                                                Entropy (8bit):5.111338036329316
                                                                                                Encrypted:false
                                                                                                SSDEEP:6144:REa6/7LY8CTCkXmN/UFbPms3JeL2yYp89uMuY1tE6v1pHe7Bbc2A4IM:3cUFbPjO4899lTHeNbc2pIM
                                                                                                MD5:2BF49D80D39E784E004A785C3F6F1F54
                                                                                                SHA1:92D0D5640F050F1A19D2D4CDD0417B2DAD926242
                                                                                                SHA-256:9048FEA17EBE181D7510D6EC8D4763231CB5B54634F7EAC26F39C7876D38AA28
                                                                                                SHA-512:CF29D2C71058DEA6B47A1D607DD4B321E8D343A743EC2331C46FC4FFBEBD46F14DDB0D704C0250766135D1F6F1C480E6EAE3135228007831DB4AECC1EC5524DE
                                                                                                Malicious:false
                                                                                                URL:https://verificacfdi.facturaelectronica.sat.gob.mx/Scripts/Jquery/jquery-3.1.1.js
                                                                                                Preview:/*!.. * jQuery JavaScript Library v3.1.1.. * https://jquery.com/.. *.. * Includes Sizzle.js.. * https://sizzlejs.com/.. *.. * Copyright jQuery Foundation and other contributors.. * Released under the MIT license.. * https://jquery.org/license.. *.. * Date: 2016-09-22T22:30Z.. */..( function( global, factory ) {....."use strict";.....if ( typeof module === "object" && typeof module.exports === "object" ) {......// For CommonJS and CommonJS-like environments where a proper `window`....// is present, execute the factory and get jQuery.....// For environments that do not have a `window` with a `document`....// (such as Node.js), expose a factory as module.exports.....// This accentuates the need for the creation of a real `window`.....// e.g. var jQuery = require("jquery")(window);....// See ticket #14549 for more info.....module.exports = global.document ?.....factory( global, true ) :.....function( w ) {......if ( !w.document ) {.......throw new Error( "jQuery requires a window with a do

                                                                                                Chrome Cache Entry: 203

                                                                                                Download File
                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                File Type:GIF image data, version 89a, 1 x 1
                                                                                                Category:dropped
                                                                                                Size (bytes):43
                                                                                                Entropy (8bit):3.0314906788435274
                                                                                                Encrypted:false
                                                                                                SSDEEP:3:CUkwltxlHh/:P/
                                                                                                MD5:325472601571F31E1BF00674C368D335
                                                                                                SHA1:2DAEAA8B5F19F0BC209D976C02BD6ACB51B00B0A
                                                                                                SHA-256:B1442E85B03BDCAF66DC58C7ABB98745DD2687D86350BE9A298A1D9382AC849B
                                                                                                SHA-512:717EA0FF7F3F624C268ECCB244E24EC1305AB21557ABB3D6F1A7E183FF68A2D28F13D1D2AF926C9EF6D1FB16DD8CBE34CD98CACF79091DDDC7874DCEE21ECFDC
                                                                                                Malicious:false
                                                                                                Preview:GIF89a.............!.......,...........D..;

                                                                                                Chrome Cache Entry: 204

                                                                                                Download File
                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):10586
                                                                                                Entropy (8bit):5.103728105800952
                                                                                                Encrypted:false
                                                                                                SSDEEP:192:6+WsfwikPWeukKndMK6n3lBgSL1j9ZhitdW:zwPWeuZdMPn3ngSJ/IW
                                                                                                MD5:9074C04E325D29746F4384B32309A9B6
                                                                                                SHA1:91D20E0C22B7EF87AC64F51ABE86BD3BF56127E5
                                                                                                SHA-256:CC422949162DE0C36F1DDD391D7B85866AE8F1139853A58C0AC9FAF98939C66F
                                                                                                SHA-512:AF7D14F3AEECC3C07E015D8995E7DD396BBA55D7CFEB9214728731B7B0C92EB9BDDD51CFD6E8DB4BEF451B22B3A56D1FCBFF39FC2AED0E798B5F4E9E9E786283
                                                                                                Malicious:false
                                                                                                Preview://'use strict';....var MX = MX || {};....// Variable de la URL que se encuentra en Gruntfile.js para obtener la URl segun ambiente...MX.root ='https://framework-gb.cdn.gob.mx/';..MX.emailService = 'https://www.gob.mx/subscribe';..MX.trackingID = '';......MX.comscore = 'gobmx';..MX.path = MX.root + 'assets/';..MX.imagesPath = MX.path + 'images/';..MX.scriptsPath = MX.path + 'scripts/';..MX.stylesPath = MX.path + 'styles/';....MX.gobmxPath = 'https://www.gob.mx/';..../**.. * [getParse URL parse current URL].. * @return {[string]} [url ID].. */..var getParseURL = function() {.. var urlHost = window.location.host,.. urlPath = window.location.pathname,.. host = urlHost.toLowerCase().split( '.' ),.. path = urlPath.toLowerCase(),.. hostClean = host.slice( 0, 2 ).join( '.' ),.. pathClean;.... if ( !isNaN( host[ 0 ] ) ) hostClean = urlHost;.... if ( path.indexOf( '.' ) !== -1 ) {.. var _end = path.indexOf( '.' );..

                                                                                                Chrome Cache Entry: 205

                                                                                                Download File
                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (951), with CRLF line terminators
                                                                                                Category:downloaded
                                                                                                Size (bytes):227537
                                                                                                Entropy (8bit):4.692151556235474
                                                                                                Encrypted:false
                                                                                                SSDEEP:3072:NRhN1vRlALNa9tVNrUVe0hb2ISSWgtZgG5NJpmsjUKpU8qvLuZ:VvRlALNa9tVNGJt5lUK8LW
                                                                                                MD5:E888A83B28C810EC7CBD565430577BA2
                                                                                                SHA1:B4D3D33F61BC4F17C897804FF95BD7A271E4BA11
                                                                                                SHA-256:908E5AD4259321A03B5619394D232A931F984A03C8C38ADCAD982A48F07FADA1
                                                                                                SHA-512:F672D74A447511A5C5CEE3C76DC506CB68FC8E6DCC4850A3DF4A97008D3D40DBD7C2F8F969828F5AE092BB0B5AF96FA41C84C16AD717405727D7613FC52BA8F8
                                                                                                Malicious:false
                                                                                                URL:https://verificacfdi.facturaelectronica.sat.gob.mx/Content/main.css
                                                                                                Preview:.@charset "UTF-8"; /*!.. * Bootstrap v3.3.5 (http://getbootstrap.com).. * Copyright 2011-2015 Twitter, Inc... * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE).. */ /*! normalize.css v3.0.3 | MIT License | github.com/necolas/normalize.css */.....label, sub, sup {.. vertical-align: baseline..}.....btn, .btn-group, .btn-group-vertical, .caret, .checkbox-inline, .radio-inline, img {.. vertical-align: middle..}....hr, img {.. border: 0..}....body, figure {.. margin: 0..}.....btn-group > .btn-group, .btn-toolbar .btn, .btn-toolbar .btn-group, .btn-toolbar .input-group, .col-xs-1, .col-xs-10, .col-xs-11, .col-xs-12, .col-xs-2, .col-xs-3, .col-xs-4, .col-xs-5, .col-xs-6, .col-xs-7, .col-xs-8, .col-xs-9, .dropdown-menu {.. float: left..}.....img-responsive, .img-thumbnail, .table, label {.. max-width: 100%..}.....navbar-fixed-bottom .navbar-collapse, .navbar-fixed-top .navbar-collapse, .pre-scrollable {.. max-height: 340px..}....html {.. fon

                                                                                                Chrome Cache Entry: 206

                                                                                                Download File
                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                Category:downloaded
                                                                                                Size (bytes):363
                                                                                                Entropy (8bit):4.480200357031714
                                                                                                Encrypted:false
                                                                                                SSDEEP:6:y4QPhDz+fF3123R0jb/0xKfEOYnadZ8lF3fKA0J6Ay0Hoy2HpYlK:rQPhqFqR0n/0xQdkhDMy0IygpYk
                                                                                                MD5:74D33189E095E90ADD36891D525F78DE
                                                                                                SHA1:288B509060D96C25EF0CEC189403E415D4DF3F19
                                                                                                SHA-256:DBACE1FF474F1D70C7204A62E83488310E20D698F074672E7C7A002E96AE93B5
                                                                                                SHA-512:5AE015F23740249BBD49C5075ADBBEF3A3E0FA2304996D7D3364F8BD948BA143F7A667AB0EC4C5097DC59F6F220EE6A3E1BDEE0467125298FE50E4159EDE65A6
                                                                                                Malicious:false
                                                                                                URL:https://verificacfdi.facturaelectronica.sat.gob.mx/Scripts/Jquery/FuncionesComunes.js
                                                                                                Preview:.//Funciones que anula la escritura de caracteres que generar un error en el sumbit del UpdatePanel..function supressUpdatePanelRequestErrorCharacters(inputName) {.. document.querySelector(inputName).onkeydown = function (e) {.. if (e != undefined) {.. if (e.char == "<" || e.char == ">").. return false;.. }.. }..}

                                                                                                Chrome Cache Entry: 207

                                                                                                Download File
                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):171
                                                                                                Entropy (8bit):4.632229786684446
                                                                                                Encrypted:false
                                                                                                SSDEEP:3:rdxkouVKQMB3tGFUvzTIAKYkRZtoAcMdN4e/AHGeffUDF/0UbKKHacWWGu:rzQ4QW3tSUbTIJYkRZ0Mf4OAS/0UNHXJ
                                                                                                MD5:5A68B858AD41438915E67BEB2F42372D
                                                                                                SHA1:8AC95A3FF704E47D3F37EF025C8BB569F8B81A03
                                                                                                SHA-256:AE083B063AD2CF1BF6D05FF5C3E950CC586382152A9E1FF864E611D05AA94C53
                                                                                                SHA-512:075CA75FEACCED083A7C3C023DB9DD8C390F8C05F3333F1D9DDB4310ADC8C5C25055EFFE14B2DC655D253642A7F75D41B9303B513C8B7B987DD1FA576072732F
                                                                                                Malicious:false
                                                                                                Preview:.<!DOCTYPE html>..<html>..<head>.. <title></title>...<meta charset="utf-8" />..</head>..<body>.. <h1>.. Recurso no encontrado.. </h1>..</body>..</html>..

                                                                                                Chrome Cache Entry: 208

                                                                                                Download File
                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                File Type:ASCII text, with no line terminators
                                                                                                Category:downloaded
                                                                                                Size (bytes):52
                                                                                                Entropy (8bit):4.279780045430952
                                                                                                Encrypted:false
                                                                                                SSDEEP:3:O6nCkoqS5XkiCnL4yY:OLp5XrosL
                                                                                                MD5:7020867540E3A0AA53DC9C7598D8A222
                                                                                                SHA1:88BAC34A377017D940EB3AE6A60AA79E8DFFEBD8
                                                                                                SHA-256:CC69F954DB4959643C953BFF7E4997E14CC6131A733AB955E51AA73E3B77A2FC
                                                                                                SHA-512:D803C4043612459660421FF05C0F57B81B13039926C466538F707D464D8BA2F24FAEC4F154FDA601DED61155AC82ED325AFABD68B5224F8EF45C7FB1187A95D6
                                                                                                Malicious:false
                                                                                                URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISJQmNeWkOjolr4RIFDY4EELYSBQ17I2IrEgUNeUa0xhIFDe2yIUw=?alt=proto
                                                                                                Preview:CiQKBw2OBBC2GgAKBw17I2IrGgAKBw15RrTGGgAKBw3tsiFMGgA=

                                                                                                Chrome Cache Entry: 209

                                                                                                Download File
                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                File Type:HTML document, Unicode text, UTF-8 text, with very long lines (620), with CRLF line terminators
                                                                                                Category:downloaded
                                                                                                Size (bytes):16542
                                                                                                Entropy (8bit):5.052242029893631
                                                                                                Encrypted:false
                                                                                                SSDEEP:192:mR09r0YIeAsKeeG1VpZOcELvE8BxLaz5hHgRjAkUXEPeY:mR09r0YI7gDOcUE2dpBdv
                                                                                                MD5:5C9F92C233ED1FD2DAFE15AF9B9DE62D
                                                                                                SHA1:2BCE42A7CB888E30B7F5D147D9FF1A2E89DAC930
                                                                                                SHA-256:9B58513546FEBE74394746594974A110C6021AEBE58257C6EAEBDA1CA589972C
                                                                                                SHA-512:CB94D54DAEBC9121344A0916B901ECABF1DF765FC7DA836009E33435EEBDCA34545A9CD81CD2ED5E21259A1DD5174217C167EC55092971D7F283A1C92C86EFC2
                                                                                                Malicious:false
                                                                                                URL:https://verificacfdi.facturaelectronica.sat.gob.mx/?id=39CA617E-9953-41BD-9564-C41A1E1C5584&re=OOMM710314363&rr=PCM910225B86&tt=6090.00&fe=aUIAsQ==
                                                                                                Preview:....<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">..<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">..<head><meta http-equiv="CACHE-CONTROL" content="NO-CACHE" /><meta http-equiv="PRAGMA" content="NO-CACHE" /><meta http-equiv="X-UA-Compatible" content="IE=edge" /><meta http-equiv="X-UA-Compatible" content="IE=8;IE=9" /><meta property="gobmxhelper" content="no plugins" /><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><link rel="shortcut icon" href="Content/images/favicon.ico" type="image/vnd.microsoft.icon" /><link rel="icon" href="Content/images/favicon.ico" type="image/vnd.microsoft.icon" /><link href="Content/main.css" rel="stylesheet" /><link href="Content/satMain.css" rel="stylesheet" />.... <script src="/../Scripts/Jquery/jquery-3.1.1.js" type="text/javascript"></script>.. <script src="../Scripts/gobmx.js" type="text/javascript"></script>.. <script src="/../Scripts/Jquery/jquery.

                                                                                                Chrome Cache Entry: 210

                                                                                                Download File
                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                File Type:SVG Scalable Vector Graphics image
                                                                                                Category:downloaded
                                                                                                Size (bytes):38088
                                                                                                Entropy (8bit):3.8548461270116787
                                                                                                Encrypted:false
                                                                                                SSDEEP:384:n9i6YvqzqcpmSXW7g80WnWU2GjjgLjpSbuQpem+2xWAg3Amf2IKAtzmgUx:EuucygHWjjg/g6m+qWAg3N+haygU
                                                                                                MD5:79FD77AADD6C0599E4E9D19312D92732
                                                                                                SHA1:D29A2256D573672B86E34D2A83EB4CB7B4F9D996
                                                                                                SHA-256:054738EC7D89D77EF5CFBEAF156ABBD925CF8819EE0104554FE318AC0709CE70
                                                                                                SHA-512:745C8F0A025BA2BA21F549F75D942E809415696F3CECB273C3610C0C5214565B4931A946C41D4F89E43AD3FA1C4344E2AA8DFD8723F0F510D52483E3DEB815F2
                                                                                                Malicious:false
                                                                                                URL:https://verificacfdi.facturaelectronica.sat.gob.mx/Content/images/pleca.svg
                                                                                                Preview:<svg id="Capa_1" data-name="Capa 1" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 635.01 33"><defs><style>.cls-1{fill:#13322b;}.cls-2{fill:#235b4e;}.cls-3{fill:#d4c19c;}</style></defs><title>pleca plumaje_con fondo</title><rect class="cls-1" x="0.01" width="635" height="33"/><path class="cls-2" d="M124,27.28h-3.51a2,2,0,0,0-.82-.84l-3.76-1.21a.78.78,0,0,1-.39-.73,1,1,0,0,1,.53-.91l.54-.06c2.17.52,4.24,1,6.37.11.53-.26.67-.27.78-.23s.27.2.52.83A6.41,6.41,0,0,1,124,27.28ZM27.29,24.5,27,24.23a.89.89,0,0,0-.67.4A1.73,1.73,0,0,0,26,26.36l.51.92h2.7A15.6,15.6,0,0,0,27.29,24.5ZM162,27.28a7.92,7.92,0,0,0-2.24-3.22c-2.22-1.72-8.74-4-17.89-6.19A1.92,1.92,0,0,0,141,18a.86.86,0,0,0-.47.77,1.41,1.41,0,0,0,1.07,1,55.44,55.44,0,0,1,15.23,5.12,2.57,2.57,0,0,1,1.49,2.22c0,.05,0,.11,0,.16Zm3.54-2.46-.82,2.46h1.44c.16-.74.3-1.51.43-2.32,0-.55-.13-.85-.2-.86S165.84,24.3,165.56,24.82Zm-27-2.55A2.65,2.65,0,0,0,140,23.88l12.66,3.4h2.29l.14-.18-.12-.33A45.9,45.9,0,0,0,138.52,22.27ZM72.05,1.71c2-.59,4.52-1.1

                                                                                                Chrome Cache Entry: 211

                                                                                                Download File
                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                File Type:GIF image data, version 89a, 1 x 1
                                                                                                Category:downloaded
                                                                                                Size (bytes):43
                                                                                                Entropy (8bit):3.0314906788435274
                                                                                                Encrypted:false
                                                                                                SSDEEP:3:CUkwltxlHh/:P/
                                                                                                MD5:325472601571F31E1BF00674C368D335
                                                                                                SHA1:2DAEAA8B5F19F0BC209D976C02BD6ACB51B00B0A
                                                                                                SHA-256:B1442E85B03BDCAF66DC58C7ABB98745DD2687D86350BE9A298A1D9382AC849B
                                                                                                SHA-512:717EA0FF7F3F624C268ECCB244E24EC1305AB21557ABB3D6F1A7E183FF68A2D28F13D1D2AF926C9EF6D1FB16DD8CBE34CD98CACF79091DDDC7874DCEE21ECFDC
                                                                                                Malicious:false
                                                                                                URL:https://sb.scorecardresearch.com/p?c1=2&c2=17183199&ns_site=gobmx&name=verificacfdi.facturaelectronica.index
                                                                                                Preview:GIF89a.............!.......,...........D..;

                                                                                                Chrome Cache Entry: 212

                                                                                                Download File
                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 309x42, components 3
                                                                                                Category:downloaded
                                                                                                Size (bytes):14202
                                                                                                Entropy (8bit):7.9399709052460326
                                                                                                Encrypted:false
                                                                                                SSDEEP:384:5rT1mLT/NSloH2GWZ40ponSNLKp0CU92+aUyyTcc:76CoHUq0pNWOCU92+aUyyTcc
                                                                                                MD5:D6EBBB72744C1FCE8D75A15CBC326BFB
                                                                                                SHA1:BEB8AE56562C046253E08D669143B1DAB54756C8
                                                                                                SHA-256:CA03EA1F293B5E0BFE26FF4844E228907B537211DB34B523BC8F6ADFCF57E202
                                                                                                SHA-512:A1D8AFE560B8169A98A314FC515398A3DD7BA7178BB30F28A96E19C9ED4BE58A7ABEDB91CF6291A397BF8F58C49F4AA42584007B30276D6C8B3C97B0C06753C7
                                                                                                Malicious:false
                                                                                                URL:https://verificacfdi.facturaelectronica.sat.gob.mx/Content/images/Logo_SHCP_SAT-.jpg
                                                                                                Preview:......JFIF.....d.d......Ducky.......d.....&Adobe.d................!......)...7x............................................................................................................................................*.5..................................................................................................P!2. 0"4..1#3$..........................!..1".AQ2#...Baq..R.$ Pb34u....%.......................!1..AQaq.2..."....Br# 0P.R..3.......................!1AQa.q.. P...0....................nil....lS...26P............-.=.x.z=h.:z..;i..B.........r1n.Y...:....4...s..9.f3......^.n|.[.[...!.A|Z........~M...Gn.*|!.J...b.s.......oGx.Zy.....C.Wj. 2.Y.....Zh.E..__...|}<.g7D..s...r..n......sokrw._....g.xN..@.5..=...4..r..(LwB.@.b.....C....._O.l_g...._.3...y...X.J..j.1lN.]>.+;4.o.N..m.n.....az.v..\..3...L...1..,..1...xV&$...s(.3..q...Wv.....W.O.....C.>.0.6Q.<|BR..,.>qL.....1.12.\....[.zm."....}..................................q......].......+I.].Q......*...4.'.y

                                                                                                Chrome Cache Entry: 213

                                                                                                Download File
                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                File Type:SVG Scalable Vector Graphics image
                                                                                                Category:dropped
                                                                                                Size (bytes):38088
                                                                                                Entropy (8bit):3.8548461270116787
                                                                                                Encrypted:false
                                                                                                SSDEEP:384:n9i6YvqzqcpmSXW7g80WnWU2GjjgLjpSbuQpem+2xWAg3Amf2IKAtzmgUx:EuucygHWjjg/g6m+qWAg3N+haygU
                                                                                                MD5:79FD77AADD6C0599E4E9D19312D92732
                                                                                                SHA1:D29A2256D573672B86E34D2A83EB4CB7B4F9D996
                                                                                                SHA-256:054738EC7D89D77EF5CFBEAF156ABBD925CF8819EE0104554FE318AC0709CE70
                                                                                                SHA-512:745C8F0A025BA2BA21F549F75D942E809415696F3CECB273C3610C0C5214565B4931A946C41D4F89E43AD3FA1C4344E2AA8DFD8723F0F510D52483E3DEB815F2
                                                                                                Malicious:false
                                                                                                Preview:<svg id="Capa_1" data-name="Capa 1" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 635.01 33"><defs><style>.cls-1{fill:#13322b;}.cls-2{fill:#235b4e;}.cls-3{fill:#d4c19c;}</style></defs><title>pleca plumaje_con fondo</title><rect class="cls-1" x="0.01" width="635" height="33"/><path class="cls-2" d="M124,27.28h-3.51a2,2,0,0,0-.82-.84l-3.76-1.21a.78.78,0,0,1-.39-.73,1,1,0,0,1,.53-.91l.54-.06c2.17.52,4.24,1,6.37.11.53-.26.67-.27.78-.23s.27.2.52.83A6.41,6.41,0,0,1,124,27.28ZM27.29,24.5,27,24.23a.89.89,0,0,0-.67.4A1.73,1.73,0,0,0,26,26.36l.51.92h2.7A15.6,15.6,0,0,0,27.29,24.5ZM162,27.28a7.92,7.92,0,0,0-2.24-3.22c-2.22-1.72-8.74-4-17.89-6.19A1.92,1.92,0,0,0,141,18a.86.86,0,0,0-.47.77,1.41,1.41,0,0,0,1.07,1,55.44,55.44,0,0,1,15.23,5.12,2.57,2.57,0,0,1,1.49,2.22c0,.05,0,.11,0,.16Zm3.54-2.46-.82,2.46h1.44c.16-.74.3-1.51.43-2.32,0-.55-.13-.85-.2-.86S165.84,24.3,165.56,24.82Zm-27-2.55A2.65,2.65,0,0,0,140,23.88l12.66,3.4h2.29l.14-.18-.12-.33A45.9,45.9,0,0,0,138.52,22.27ZM72.05,1.71c2-.59,4.52-1.1

                                                                                                Chrome Cache Entry: 214

                                                                                                Download File
                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                File Type:SVG Scalable Vector Graphics image
                                                                                                Category:downloaded
                                                                                                Size (bytes):115641
                                                                                                Entropy (8bit):4.224767269103439
                                                                                                Encrypted:false
                                                                                                SSDEEP:1536:SSA8LesrOcTueN2RmiOUSWSSTMTaAt9vqJ6MSpyICA5+moiX1X:0HekrUCE
                                                                                                MD5:0DE5B16C621032944EDACEC636341764
                                                                                                SHA1:3A843BDC90891B3889DBD9D6362FE5231E0E1A20
                                                                                                SHA-256:8DB80AAC32446005454902A9BDA741717C00CF545D72FF2F3AB174B55A6466D2
                                                                                                SHA-512:D7F5E5CA0756EAABB83BBB5BAF30A6516D084E765B0C6693921BF49895A043B28B0B9FAC1D1352722146A5C7BD15D62099D3E44DAFE3A9C4E11A84FE8AA35ACA
                                                                                                Malicious:false
                                                                                                URL:https://verificacfdi.facturaelectronica.sat.gob.mx/Content/images/logofooter.svg
                                                                                                Preview:<svg id="Capa_1" data-name="Capa 1" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 772.07 227.24"><defs><style>.cls-1{fill:#fff;}</style></defs><title>Logo_794x265</title><path class="cls-1" d="M205.49,124.74a49.21,49.21,0,0,0-3.74-15.61,1.61,1.61,0,0,0-1.39-.59,1,1,0,0,0-.77.28v.62A54.75,54.75,0,0,1,203,123.86c.31,2.57-.15,5.72-1.45,9.89a32.84,32.84,0,0,0-.1,7.67c0,1-.51,1.51-.95,1.51s-.94-.4-1-1.59c-.23-2.91-.31-5.43-.38-7.64l0-.24a48.12,48.12,0,0,0-1-10.59c-.4-1.73-2.08-4.3-5-7.65a21.62,21.62,0,0,1-2.74-5.91c-.14-.44-.24-.91-.37-1.44s-.31-1.18-.48-1.73l-1-3.27a.76.76,0,0,0-.66-.32,1.9,1.9,0,0,0-1.39.73,1.25,1.25,0,0,0-.24,1l2.78,9.46a17.4,17.4,0,0,0,3.41,4.86l.07.07c.77.87,1.46,1.67,2.12,2.54a8.23,8.23,0,0,1,1.59,4.48c.46,3.23.83,7.84,1.18,14.5l1.88,9.55a31.84,31.84,0,0,1-.4,10.61c-.11,1.42.08,1.88.23,2l.2.06c.16,0,.64-.11,1.64-1.08,2.66-3.23,2.51-14.18,2.39-23a44.07,44.07,0,0,1,1.26-7.14,22.09,22.09,0,0,0,.92-6.48" transform="translate(-10.96 -19.45)"/><path class="cls-1" d="M196,

                                                                                                Chrome Cache Entry: 215

                                                                                                Download File
                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                File Type:SVG Scalable Vector Graphics image
                                                                                                Category:dropped
                                                                                                Size (bytes):115641
                                                                                                Entropy (8bit):4.224767269103439
                                                                                                Encrypted:false
                                                                                                SSDEEP:1536:SSA8LesrOcTueN2RmiOUSWSSTMTaAt9vqJ6MSpyICA5+moiX1X:0HekrUCE
                                                                                                MD5:0DE5B16C621032944EDACEC636341764
                                                                                                SHA1:3A843BDC90891B3889DBD9D6362FE5231E0E1A20
                                                                                                SHA-256:8DB80AAC32446005454902A9BDA741717C00CF545D72FF2F3AB174B55A6466D2
                                                                                                SHA-512:D7F5E5CA0756EAABB83BBB5BAF30A6516D084E765B0C6693921BF49895A043B28B0B9FAC1D1352722146A5C7BD15D62099D3E44DAFE3A9C4E11A84FE8AA35ACA
                                                                                                Malicious:false
                                                                                                Preview:<svg id="Capa_1" data-name="Capa 1" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 772.07 227.24"><defs><style>.cls-1{fill:#fff;}</style></defs><title>Logo_794x265</title><path class="cls-1" d="M205.49,124.74a49.21,49.21,0,0,0-3.74-15.61,1.61,1.61,0,0,0-1.39-.59,1,1,0,0,0-.77.28v.62A54.75,54.75,0,0,1,203,123.86c.31,2.57-.15,5.72-1.45,9.89a32.84,32.84,0,0,0-.1,7.67c0,1-.51,1.51-.95,1.51s-.94-.4-1-1.59c-.23-2.91-.31-5.43-.38-7.64l0-.24a48.12,48.12,0,0,0-1-10.59c-.4-1.73-2.08-4.3-5-7.65a21.62,21.62,0,0,1-2.74-5.91c-.14-.44-.24-.91-.37-1.44s-.31-1.18-.48-1.73l-1-3.27a.76.76,0,0,0-.66-.32,1.9,1.9,0,0,0-1.39.73,1.25,1.25,0,0,0-.24,1l2.78,9.46a17.4,17.4,0,0,0,3.41,4.86l.07.07c.77.87,1.46,1.67,2.12,2.54a8.23,8.23,0,0,1,1.59,4.48c.46,3.23.83,7.84,1.18,14.5l1.88,9.55a31.84,31.84,0,0,1-.4,10.61c-.11,1.42.08,1.88.23,2l.2.06c.16,0,.64-.11,1.64-1.08,2.66-3.23,2.51-14.18,2.39-23a44.07,44.07,0,0,1,1.26-7.14,22.09,22.09,0,0,0,.92-6.48" transform="translate(-10.96 -19.45)"/><path class="cls-1" d="M196,

                                                                                                Chrome Cache Entry: 216

                                                                                                Download File
                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                File Type:SVG Scalable Vector Graphics image
                                                                                                Category:downloaded
                                                                                                Size (bytes):95811
                                                                                                Entropy (8bit):4.2320428591574135
                                                                                                Encrypted:false
                                                                                                SSDEEP:1536:HRR288TnjN+OErlJRd3zOnJcBhea09vZtlUJkqXF2TW:HMqFd3ywCtqN
                                                                                                MD5:D54221941E772358A959861D3B4A4A87
                                                                                                SHA1:F491DF9C1F822AD6E1528DEB4B7D6E5C1BF8F37E
                                                                                                SHA-256:3383DA948D673BAB3636127152D3D8D5212D85BC553537F01554B2A829C17936
                                                                                                SHA-512:BD378B8EBE2285B332B41DE41A61EA48043C0841C369CB835C28DB24E04289AA418F54DBB39F7F14D03F55225ADD7D952636F23FCBA9846A575361A4FBDF50C6
                                                                                                Malicious:false
                                                                                                URL:https://verificacfdi.facturaelectronica.sat.gob.mx/Content/images/logoheader.svg
                                                                                                Preview:<svg id="Capa_1" data-name="Capa 1" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 123.55 36.37"><defs><style>.cls-1{fill:#dac6a1;}.cls-2{fill:#fff;}</style></defs><title>Logo_128x50</title><path class="cls-1" d="M33.65,23.53a7.88,7.88,0,0,0-.6-2.5.28.28,0,0,0-.22-.09.17.17,0,0,0-.13,0v.09a8.69,8.69,0,0,1,.55,2.31A3.81,3.81,0,0,1,33,25a5.07,5.07,0,0,0,0,1.23c0,.17-.09.24-.16.24s-.15-.06-.16-.25c0-.47,0-.87-.06-1.22v0a7.88,7.88,0,0,0-.17-1.7A3.57,3.57,0,0,0,31.67,22a3.5,3.5,0,0,1-.44-1c0-.07,0-.14-.06-.23s-.05-.19-.08-.27L30.93,20a.13.13,0,0,0-.11-.05.29.29,0,0,0-.22.12.24.24,0,0,0,0,.16L31,21.77a2.89,2.89,0,0,0,.54.78h0a4.1,4.1,0,0,1,.34.41,1.26,1.26,0,0,1,.26.71c.07.52.13,1.26.19,2.32l.3,1.53a5,5,0,0,1-.07,1.7c0,.23,0,.3,0,.32h0s.11,0,.27-.17c.42-.52.4-2.27.38-3.68a6.53,6.53,0,0,1,.2-1.14,3.49,3.49,0,0,0,.15-1" transform="translate(-2.52 -6.68)"/><path class="cls-1" d="M32.12,21.23l0-.27a.34.34,0,0,0-.05-.14.5.5,0,0,0-.3-.24h-.13s0,0,0,.06a2.4,2.4,0,0,0,.72,1.44h.06s0-.05,0-.15l-.19-

                                                                                                Chrome Cache Entry: 217

                                                                                                Download File
                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 150x100, components 3
                                                                                                Category:dropped
                                                                                                Size (bytes):6550
                                                                                                Entropy (8bit):7.59777320425023
                                                                                                Encrypted:false
                                                                                                SSDEEP:192:WIJrR/zzjzzjzzjA4dywkK5sTlmxOJvVgUBTy6GycgLV:HJHdywkKYb9pBTiycC
                                                                                                MD5:AAE80A604245BE11AC98DB2FD9827EED
                                                                                                SHA1:96805246AC496676FD4822B2F1F611CD0E4A6639
                                                                                                SHA-256:BE8F6C24205AE163823C9BF3BFF39E2A22551A48425249D2B0580DA11093CC4D
                                                                                                SHA-512:1C36EE346D39B691D3C50126F29FAD455CBE16EDA512F0A2BEC5DC0A735C991440ADFE99DAAE3E51F8B32E976D8B71C270D2E62BE3ADEC4F305CB8DF789E1259
                                                                                                Malicious:false
                                                                                                Preview:......JFIF.....`.`.....C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......d...."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..{U[!k`......2T.<{...*...s..~.Ab8!v.O}...._.........:{..._.........:{.*A..2.8..%....c..#..'.j.9..M.m.....X......z.I..BT....y...8*......En..9.r...M..=1...mu>.(....3I..f.kP.a. ....S...l.$...-..d>.....Q....$q..[v@....OO\...C...1X...K....H.6......kI...6...Kv#.h..>.6>..........m...>....5.?.3c...p.q.5...=..y..\.../.l~......m.=.@.../.l~......m.=.E../.l~......m.=.E

                                                                                                Chrome Cache Entry: 218

                                                                                                Download File
                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                File Type:PNG image data, 165 x 20, 8-bit/color RGBA, non-interlaced
                                                                                                Category:dropped
                                                                                                Size (bytes):2323
                                                                                                Entropy (8bit):7.878862786676429
                                                                                                Encrypted:false
                                                                                                SSDEEP:48:K+rGZXPs95Pfr1LZoJ/HHz+DCr+JosIuKFgDkF+XgQ0HM:fMPsbPtZoRiDivuKF+mI0HM
                                                                                                MD5:34A1FF43589273CA202E1FA5BC6D110B
                                                                                                SHA1:D257A59FDA9CB767B2089381932484F90D661D9E
                                                                                                SHA-256:90EB6BE376630182DC8548CF0D827BC840B381A799E89ABCC3A404B6DAE890BB
                                                                                                SHA-512:32782B75338940899E6E6BD4E5BF34A3316814187B49D476F382788A06083361D91E2AA751BAAEF1DBCE9C587F05AC1D2C697E891EE3EADA616A6D3500CC69D3
                                                                                                Malicious:false
                                                                                                Preview:.PNG........IHDR....................sRGB.........IDATh..k.]U..;..!......\*.%.C..h.W.1...KbH`."T..".m...bb.....3<.....Q..O.F.S.F...wx..`QDa..O.:......{..t%.Yk.._k.{.:..s.%K....0.../..qOg<...0.!i..3....&.w......Q.[`....^|.8.m...)...........h..+u...\T....o*...>.p.....^...7..0..kx............$...!<.P.%..S.......uJ.9..~..&.......X...Z..jp.88...^...$..G....).....O.}.&..rF...S.n.....{..1..x.<...Z..m.[./j.6..0..P)..X.O...w.I.7......&.8p?x........\j......o...&....>.(W..Xj1.../...1.E.oY..?aW5..\..`p...W.,...-.N.T..`........_...^.jH...L...}6Z....@w......W.]t...7..R.....gC.t...o..S...'..O..jZ.....j....Df....bm..y.0.&..G....D.t|...a].G.70.qzdd.Y.{5x.L.....w..z.K...uWwW...f...`......O...........L...>..s.........\.>(.KL..........C....].....-...Ss.IAP..k.z[..z,..m..V..M.....1.........9p>..G.......#.^v$j.R...j.m.. ..E..x?X.l.Y.....K.0.M....~or;.W.w".6!..p|$.....@w......`4.c.....O.hM....&2...-.Z......B...........ljM7.+...I.h.*.;Q%.....>..<X.v....{.?Vc.t......#.).G

                                                                                                Chrome Cache Entry: 219

                                                                                                Download File
                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                File Type:GIF image data, version 89a, 24 x 24
                                                                                                Category:dropped
                                                                                                Size (bytes):2545
                                                                                                Entropy (8bit):7.155350736412842
                                                                                                Encrypted:false
                                                                                                SSDEEP:48:HXvqZ5vmZv9Cd9c567nXCp1MWBXpSP+km6dAuzvdEKP:H/YJndGU7nyp1RXplkHdAiv6
                                                                                                MD5:E6E64CCD6DF5F0F9AF773B9B11BC47CB
                                                                                                SHA1:08E1943408BDC906A9E18F2A1132A96638661869
                                                                                                SHA-256:1AA7AE8DCAF973282D89CACA5596EF55BA25552E196B1FE666945B81391B3C3C
                                                                                                SHA-512:0068F7D631A2A3EAE7CED9C382E5092BEC191321A72528266EF090495B78C0B691EC690CEC060DC143DD644934B48B414F9FFAB2BE6A9F4B2DADA1B6BFC3E6C4
                                                                                                Malicious:false
                                                                                                Preview:GIF89a..........???....................................................................................!..NETSCAPE2.0.....!..Created with ajaxload.info.!.......,........... .$.AeZ...<...Q46.<...A.......H.a....:....ID0.F...a\xG.3...!...O:-....Rj...TJ..*........t...........~."...ds]......)t...-"...i;H>.n.Qg]_*......R.3.....GI?.....v$...j3!.!.......,........... .$.0eZ..y..0..q ..P..W...)";..qX.^..D50......<H3.!.....k-.n..a. .(.i...d.$P@y.w`.J..#.....?..y........o...g.....f....'8..{..'C.p`j.n."...2.{.`x...jy.4...C,.4..o#n.$.....!.!.......,........... .$. eZ...$.2.....q....E. ....p$H@D/.....G.D.j8v#..P((D..... ..N.(3..#.y....(@...gUx*.kK.).....?K...............$..."....*.......K.....W......x..?.G...#.W....n.h.K,.....+.....*!.!.......,........... .$ .eZ..Y.$1..Q(c......O'"............. 1....q.d"..A.....V.x8p..4988.MRC.@....e*.3@.iI.)..'.?I.........@.......,.....#.........5..,.....".E..z...?..@.E...@.....).....*!.!.......,........... .$.(e..$....C.E1..;...('2$..

                                                                                                Chrome Cache Entry: 220

                                                                                                Download File
                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                File Type:ASCII text, with very long lines (39257), with CRLF line terminators
                                                                                                Category:downloaded
                                                                                                Size (bytes):40326
                                                                                                Entropy (8bit):5.245555585297941
                                                                                                Encrypted:false
                                                                                                SSDEEP:384:bvrc3TrJ1vMZCKZ4pLRy6DkfDLcbTzcXanT2rxb64aKQr1vySAwBaPUge6ydE:bTaYB4Hy7mTzcaTKStrwSAwBaPUTdE
                                                                                                MD5:DA9DC1C32E89C02FC1E9EEB7E5AAB91E
                                                                                                SHA1:3EFB110EFA6068CE6B586A67F87DA5125310BC30
                                                                                                SHA-256:398CDF1B27EF247E5BC77805F266BB441E60355463FC3D1776F41AAE58B08CF1
                                                                                                SHA-512:D4730EBC4CA62624B8300E292F27FD79D42A9277E409545DF7DC916189ED9DF13E46FAA37E3924B85A7C7EA8C76BF65A05ECA69B4029B550430536EC6DF8552A
                                                                                                Malicious:false
                                                                                                URL:https://verificacfdi.facturaelectronica.sat.gob.mx/ScriptResource.axd?d=Jw6tUGWnA15YEa3ai3FadEjFAMI9YAbkwgRdmvOEC-2nDfSRk7L8Fx1WTdJIhWLMlhQstu533kTk581SGHR8YsV49ndLNmXon2KOXVbLCgvlJBd5JAQoJFcHor4b5mLoG-zPkCosojdb3IC8VA9On523o281&t=2e7d0aca
                                                                                                Preview://----------------------------------------------------------..// Copyright (C) Microsoft Corporation. All rights reserved...//----------------------------------------------------------..// MicrosoftAjaxWebForms.js..Type._registerScript("MicrosoftAjaxWebForms.js",["MicrosoftAjaxCore.js","MicrosoftAjaxSerialization.js","MicrosoftAjaxNetwork.js","MicrosoftAjaxComponentModel.js"]);Type.registerNamespace("Sys.WebForms");Sys.WebForms.BeginRequestEventArgs=function(c,b,a){Sys.WebForms.BeginRequestEventArgs.initializeBase(this);this._request=c;this._postBackElement=b;this._updatePanelsToUpdate=a};Sys.WebForms.BeginRequestEventArgs.prototype={get_postBackElement:function(){return this._postBackElement},get_request:function(){return this._request},get_updatePanelsToUpdate:function(){return this._updatePanelsToUpdate?Array.clone(this._updatePanelsToUpdate):[]}};Sys.WebForms.BeginRequestEventArgs.registerClass("Sys.WebForms.BeginRequestEventArgs",Sys.EventArgs);Sys.WebForms.EndRequestEventArgs=fun

                                                                                                Chrome Cache Entry: 221

                                                                                                Download File
                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                Category:downloaded
                                                                                                Size (bytes):10586
                                                                                                Entropy (8bit):5.103728105800952
                                                                                                Encrypted:false
                                                                                                SSDEEP:192:6+WsfwikPWeukKndMK6n3lBgSL1j9ZhitdW:zwPWeuZdMPn3ngSJ/IW
                                                                                                MD5:9074C04E325D29746F4384B32309A9B6
                                                                                                SHA1:91D20E0C22B7EF87AC64F51ABE86BD3BF56127E5
                                                                                                SHA-256:CC422949162DE0C36F1DDD391D7B85866AE8F1139853A58C0AC9FAF98939C66F
                                                                                                SHA-512:AF7D14F3AEECC3C07E015D8995E7DD396BBA55D7CFEB9214728731B7B0C92EB9BDDD51CFD6E8DB4BEF451B22B3A56D1FCBFF39FC2AED0E798B5F4E9E9E786283
                                                                                                Malicious:false
                                                                                                URL:https://verificacfdi.facturaelectronica.sat.gob.mx/Scripts/gobmx/main.js
                                                                                                Preview://'use strict';....var MX = MX || {};....// Variable de la URL que se encuentra en Gruntfile.js para obtener la URl segun ambiente...MX.root ='https://framework-gb.cdn.gob.mx/';..MX.emailService = 'https://www.gob.mx/subscribe';..MX.trackingID = '';......MX.comscore = 'gobmx';..MX.path = MX.root + 'assets/';..MX.imagesPath = MX.path + 'images/';..MX.scriptsPath = MX.path + 'scripts/';..MX.stylesPath = MX.path + 'styles/';....MX.gobmxPath = 'https://www.gob.mx/';..../**.. * [getParse URL parse current URL].. * @return {[string]} [url ID].. */..var getParseURL = function() {.. var urlHost = window.location.host,.. urlPath = window.location.pathname,.. host = urlHost.toLowerCase().split( '.' ),.. path = urlPath.toLowerCase(),.. hostClean = host.slice( 0, 2 ).join( '.' ),.. pathClean;.... if ( !isNaN( host[ 0 ] ) ) hostClean = urlHost;.... if ( path.indexOf( '.' ) !== -1 ) {.. var _end = path.indexOf( '.' );..

                                                                                                Chrome Cache Entry: 222

                                                                                                Download File
                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                File Type:Web Open Font Format (Version 2), TrueType, length 19172, version 1.0
                                                                                                Category:downloaded
                                                                                                Size (bytes):19172
                                                                                                Entropy (8bit):7.986272653969849
                                                                                                Encrypted:false
                                                                                                SSDEEP:384:Ilgjo21aYq24KoEX8J2ewKprK8lwNPz+TCD3nRmaKTdxZe:IlIjq24ku2exprKNVYA
                                                                                                MD5:BC3AA95DCA08F5FEE5291E34959C27BC
                                                                                                SHA1:7B7C670EF2F0BA7FC0CE6437E523CCBDC847FDE2
                                                                                                SHA-256:8767F01CAA430C5BD4E3B008A8E9DFE022156A4E91A23C394FDCB05C267F1B94
                                                                                                SHA-512:85CC524212A46027603F8D6874A7CAB0FA3073945D1E19114E078CEE8D3A569F223F29E46AE6193F50A6920999021F813DC8D31DB5E742193DAF03642E71771E
                                                                                                Malicious:false
                                                                                                URL:https://verificacfdi.facturaelectronica.sat.gob.mx/Content/fonts/montserrat/montserrat-v14-latin-regular.woff2
                                                                                                Preview:wOF2......J........D..J..........................X.."....`.....d..m.....,..6..(..6.$..>. .....h..U.....6.g.y.&..G;.a.[E.O......+...3..1.......1w....i.........Z......gH...d.:f.h8...f.T...~......zX|lw..N.|.o.'..r.M++>.p>..6[.....=(5..o'..Z.t.i......+.%..K.L9...(+...*s.....Q...!.....6/....l9v.......%...zf...*....v....a...$Py..y.V...f.6jD...*.f]..M...eq3.....J5...]....D.g@..]1BA...b.9e.G.5.o.w....I..*.......#$$.PQBL..Kc.u....w'....v......<..~...}_..V.<.......I.....{..U8].v&6.w...Y_W.VW.i......'....,2..v.X....D. ..5.L..a.G.}=.!...0..#!.lO...6.|!U.u...g6..C.Ms...:..[.u?.*q.VUv..p..6^....+..9..T.\.......#..X."l..A.l6...bJ.6..........5YN.QJ.8.Tf.2a(....@>.r.d.<..._...e...?0l.:......M.. '>=!(...'b...b..RQ:.f..^..aC:J...WP:*j.e..j.f+m*...9.n..;.\..?N.....[.s...+p..g#.L....g{E.\m..y.a....@J.. ....P@X*..0.....)i}..S.:G...%7p.2.r.B,....K.e.;.W...E...?q...;k2~..XH..j>.fO.t.....X.`.+X.B................C*.l9.a3.*Q(..y...e.......;.........dt..j.......M...;K."""""

                                                                                                Chrome Cache Entry: 223

                                                                                                Download File
                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                File Type:GIF image data, version 89a, 24 x 24
                                                                                                Category:downloaded
                                                                                                Size (bytes):2545
                                                                                                Entropy (8bit):7.155350736412842
                                                                                                Encrypted:false
                                                                                                SSDEEP:48:HXvqZ5vmZv9Cd9c567nXCp1MWBXpSP+km6dAuzvdEKP:H/YJndGU7nyp1RXplkHdAiv6
                                                                                                MD5:E6E64CCD6DF5F0F9AF773B9B11BC47CB
                                                                                                SHA1:08E1943408BDC906A9E18F2A1132A96638661869
                                                                                                SHA-256:1AA7AE8DCAF973282D89CACA5596EF55BA25552E196B1FE666945B81391B3C3C
                                                                                                SHA-512:0068F7D631A2A3EAE7CED9C382E5092BEC191321A72528266EF090495B78C0B691EC690CEC060DC143DD644934B48B414F9FFAB2BE6A9F4B2DADA1B6BFC3E6C4
                                                                                                Malicious:false
                                                                                                URL:https://verificacfdi.facturaelectronica.sat.gob.mx/Images/ajax-loader.gif
                                                                                                Preview:GIF89a..........???....................................................................................!..NETSCAPE2.0.....!..Created with ajaxload.info.!.......,........... .$.AeZ...<...Q46.<...A.......H.a....:....ID0.F...a\xG.3...!...O:-....Rj...TJ..*........t...........~."...ds]......)t...-"...i;H>.n.Qg]_*......R.3.....GI?.....v$...j3!.!.......,........... .$.0eZ..y..0..q ..P..W...)";..qX.^..D50......<H3.!.....k-.n..a. .(.i...d.$P@y.w`.J..#.....?..y........o...g.....f....'8..{..'C.p`j.n."...2.{.`x...jy.4...C,.4..o#n.$.....!.!.......,........... .$. eZ...$.2.....q....E. ....p$H@D/.....G.D.j8v#..P((D..... ..N.(3..#.y....(@...gUx*.kK.).....?K...............$..."....*.......K.....W......x..?.G...#.W....n.h.K,.....+.....*!.!.......,........... .$ .eZ..Y.$1..Q(c......O'"............. 1....q.d"..A.....V.x8p..4988.MRC.@....e*.3@.iI.)..'.?I.........@.......,.....#.........5..,.....".E..z...?..@.E...@.....).....*!.!.......,........... .$.(e..$....C.E1..;...('2$..

                                                                                                Chrome Cache Entry: 224

                                                                                                Download File
                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 309x42, components 3
                                                                                                Category:dropped
                                                                                                Size (bytes):14202
                                                                                                Entropy (8bit):7.9399709052460326
                                                                                                Encrypted:false
                                                                                                SSDEEP:384:5rT1mLT/NSloH2GWZ40ponSNLKp0CU92+aUyyTcc:76CoHUq0pNWOCU92+aUyyTcc
                                                                                                MD5:D6EBBB72744C1FCE8D75A15CBC326BFB
                                                                                                SHA1:BEB8AE56562C046253E08D669143B1DAB54756C8
                                                                                                SHA-256:CA03EA1F293B5E0BFE26FF4844E228907B537211DB34B523BC8F6ADFCF57E202
                                                                                                SHA-512:A1D8AFE560B8169A98A314FC515398A3DD7BA7178BB30F28A96E19C9ED4BE58A7ABEDB91CF6291A397BF8F58C49F4AA42584007B30276D6C8B3C97B0C06753C7
                                                                                                Malicious:false
                                                                                                Preview:......JFIF.....d.d......Ducky.......d.....&Adobe.d................!......)...7x............................................................................................................................................*.5..................................................................................................P!2. 0"4..1#3$..........................!..1".AQ2#...Baq..R.$ Pb34u....%.......................!1..AQaq.2..."....Br# 0P.R..3.......................!1AQa.q.. P...0....................nil....lS...26P............-.=.x.z=h.:z..;i..B.........r1n.Y...:....4...s..9.f3......^.n|.[.[...!.A|Z........~M...Gn.*|!.J...b.s.......oGx.Zy.....C.Wj. 2.Y.....Zh.E..__...|}<.g7D..s...r..n......sokrw._....g.xN..@.5..=...4..r..(LwB.@.b.....C....._O.l_g...._.3...y...X.J..j.1lN.]>.+;4.o.N..m.n.....az.v..\..3...L...1..,..1...xV&$...s(.3..q...Wv.....W.O.....C.>.0.6Q.<|BR..,.>qL.....1.12.\....[.zm."....}..................................q......].......+I.].Q......*...4.'.y

                                                                                                Chrome Cache Entry: 225

                                                                                                Download File
                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 150x100, components 3
                                                                                                Category:downloaded
                                                                                                Size (bytes):8018
                                                                                                Entropy (8bit):7.733485433152068
                                                                                                Encrypted:false
                                                                                                SSDEEP:192:WIvffWHjj7fpBMoBNB93lM1PicsBTDqYcgLV:HvffwjjrpB3NB9VuQBTLcC
                                                                                                MD5:7127F8CCD19AEAA0FD38774DEE00DE74
                                                                                                SHA1:C62C551FC6FCDA555E85856F8F75D7AED456A349
                                                                                                SHA-256:949986CD983195E67A154EEC1A55BEEB7ACF9316A53460914304FD704A24EA92
                                                                                                SHA-512:BC66E55F1C5C7B04C59616C7C9C6ED9AAE474CAB461AC6B31EC2810EAE41A05F4ABF1367E3D7B7E574A9CC4C5AC5C15652F10CE4DAF20A397B1249D382680490
                                                                                                Malicious:false
                                                                                                URL:https://verificacfdi.facturaelectronica.sat.gob.mx/GeneraCaptcha.aspx?Data=1LVPX20r2GK+kt4A9gpDNAE9bwt4zsYAweKGuK+m2DJUdhTaWeb7goLjoBqRH1VXeJVO4tvi/S7F0Kk1oXndr1UXV8QnRFWV0jFzaZf6Zkw=
                                                                                                Preview:......JFIF.....`.`.....C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......d...."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...a..1.B$.'..J...#..1...U].~O/f.._..w.o.|.p8.;m...o....|...........m...vm.<..o......Q.......`...l..|.].c....3|.+.N9^..kg...6.h..~Q....g.G.q.1...-..2 ..2o...+!.s.FW=..F;c(.q.IF6yr+|.>W....}.8..1.c(..*..7e.c0. .IA...R2..ol#.U.Spc10.7.A.yb6...1......a$.K...*. ....._............./b...|...........+.M5..X.N.N.@w7....9.i.c..3..m..H\...Ye`....c.?w.+..)>D0.....

                                                                                                Chrome Cache Entry: 226

                                                                                                Download File
                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                File Type:PNG image data, 165 x 20, 8-bit/color RGBA, non-interlaced
                                                                                                Category:downloaded
                                                                                                Size (bytes):2323
                                                                                                Entropy (8bit):7.878862786676429
                                                                                                Encrypted:false
                                                                                                SSDEEP:48:K+rGZXPs95Pfr1LZoJ/HHz+DCr+JosIuKFgDkF+XgQ0HM:fMPsbPtZoRiDivuKF+mI0HM
                                                                                                MD5:34A1FF43589273CA202E1FA5BC6D110B
                                                                                                SHA1:D257A59FDA9CB767B2089381932484F90D661D9E
                                                                                                SHA-256:90EB6BE376630182DC8548CF0D827BC840B381A799E89ABCC3A404B6DAE890BB
                                                                                                SHA-512:32782B75338940899E6E6BD4E5BF34A3316814187B49D476F382788A06083361D91E2AA751BAAEF1DBCE9C587F05AC1D2C697E891EE3EADA616A6D3500CC69D3
                                                                                                Malicious:false
                                                                                                URL:https://verificacfdi.facturaelectronica.sat.gob.mx/Images/icons_full.png
                                                                                                Preview:.PNG........IHDR....................sRGB.........IDATh..k.]U..;..!......\*.%.C..h.W.1...KbH`."T..".m...bb.....3<.....Q..O.F.S.F...wx..`QDa..O.:......{..t%.Yk.._k.{.:..s.%K....0.../..qOg<...0.!i..3....&.w......Q.[`....^|.8.m...)...........h..+u...\T....o*...>.p.....^...7..0..kx............$...!<.P.%..S.......uJ.9..~..&.......X...Z..jp.88...^...$..G....).....O.}.&..rF...S.n.....{..1..x.<...Z..m.[./j.6..0..P)..X.O...w.I.7......&.8p?x........\j......o...&....>.(W..Xj1.../...1.E.oY..?aW5..\..`p...W.,...-.N.T..`........_...^.jH...L...}6Z....@w......W.]t...7..R.....gC.t...o..S...'..O..jZ.....j....Df....bm..y.0.&..G....D.t|...a].G.70.qzdd.Y.{5x.L.....w..z.K...uWwW...f...`......O...........L...>..s.........\.>(.KL..........C....].....-...Ss.IAP..k.z[..z,..m..V..M.....1.........9p>..G.......#.^v$j.R...j.m.. ..E..x?X.l.Y.....K.0.M....~or;.W.w".6!..p|$.....@w......`4.c.....O.hM....&2...-.Z......B...........ljM7.+...I.h.*.;Q%.....>..<X.v....{.?Vc.t......#.).G

                                                                                                Chrome Cache Entry: 227

                                                                                                Download File
                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                File Type:HTML document, Unicode text, UTF-8 text, with very long lines (12591), with CRLF line terminators
                                                                                                Category:downloaded
                                                                                                Size (bytes):16437
                                                                                                Entropy (8bit):5.273948983727031
                                                                                                Encrypted:false
                                                                                                SSDEEP:384:yXlYTr8HfuZjovgngj/EafeB0ymt4WQI7mYSaF1gC:yLH2BovggDEafs0ymmWQu5j
                                                                                                MD5:C67CE9D137B35BA6B1F92644A9B72E1E
                                                                                                SHA1:2B38A49FF683E2C5849F72D84EB574973CB5EE92
                                                                                                SHA-256:4FF0BC82AF979987C9BFF222D548824DE262D2CA4DF6788129FC1C4B17E5632B
                                                                                                SHA-512:6B7261C06B578FD1948314588964F04125F66D586C572AF86166261445C7C9A750651A38E0701F1A4D61969B81C3A76A7B88BCF70C829C8D65D029E9FCD832B1
                                                                                                Malicious:false
                                                                                                URL:https://verificacfdi.facturaelectronica.sat.gob.mx/Scripts/gobmx.js
                                                                                                Preview:/// <reference path="modernizr.js" />../// <reference path="modernizr.js" />../*! ** GOB.mx - Grafica Base v1.1.0 */..// ** ultima modificacion: '2-1-2016';....../* Modernizr (Custom Build) | MIT & BSD.. * Build: http://modernizr.com/download/#-shiv-printshiv-load-mq-cssclasses-svg.. */..;window.Modernizr=function(e,t,n){function x(e){f.cssText=e}function T(e,t){return x(prefixes.join(e+";")+(t||""))}function N(e,t){return typeof e===t}function C(e,t){return!!~(""+e).indexOf(t)}function k(e,t,r){for(var i in e){var s=t[e[i]];if(s!==n)return r===!1?e[i]:N(s,"function")?s.bind(r||t):s}return!1}var r="2.8.3",i={},s=!0,o=t.documentElement,u="modernizr",a=t.createElement(u),f=a.style,l,c={}.toString,h={svg:"http://www.w3.org/2000/svg"},p={},d={},v={},m=[],g=m.slice,y,b=function(e,n,r,i){var s,a,f,l,c=t.createElement("div"),h=t.body,p=h||t.createElement("body");if(parseInt(r,10))while(r--)f=t.createElement("div"),f.id=i?i[r]:u+(r+1),c.appendChild(f);return s=["&#173;",'<style id="s',u,'">',

                                                                                                Chrome Cache Entry: 228

                                                                                                Download File
                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                Category:downloaded
                                                                                                Size (bytes):171
                                                                                                Entropy (8bit):4.632229786684446
                                                                                                Encrypted:false
                                                                                                SSDEEP:3:rdxkouVKQMB3tGFUvzTIAKYkRZtoAcMdN4e/AHGeffUDF/0UbKKHacWWGu:rzQ4QW3tSUbTIJYkRZ0Mf4OAS/0UNHXJ
                                                                                                MD5:5A68B858AD41438915E67BEB2F42372D
                                                                                                SHA1:8AC95A3FF704E47D3F37EF025C8BB569F8B81A03
                                                                                                SHA-256:AE083B063AD2CF1BF6D05FF5C3E950CC586382152A9E1FF864E611D05AA94C53
                                                                                                SHA-512:075CA75FEACCED083A7C3C023DB9DD8C390F8C05F3333F1D9DDB4310ADC8C5C25055EFFE14B2DC655D253642A7F75D41B9303B513C8B7B987DD1FA576072732F
                                                                                                Malicious:false
                                                                                                URL:https://verificacfdi.facturaelectronica.sat.gob.mx/Content/images/favicon.ico
                                                                                                Preview:.<!DOCTYPE html>..<html>..<head>.. <title></title>...<meta charset="utf-8" />..</head>..<body>.. <h1>.. Recurso no encontrado.. </h1>..</body>..</html>..

                                                                                                Chrome Cache Entry: 229

                                                                                                Download File
                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                Category:downloaded
                                                                                                Size (bytes):3049
                                                                                                Entropy (8bit):4.562738584246836
                                                                                                Encrypted:false
                                                                                                SSDEEP:48:x324pelWiedmyEyF6avAmiCTGT2ImDT5PtVwTC8k:x32KeljEF6UZiCSiImDT5Pnw2Z
                                                                                                MD5:B77259A8CC0C0BAD7FEA60F8B52AF9D2
                                                                                                SHA1:784B60DA4C9365BFA72182FFBEC189630A0AAF6A
                                                                                                SHA-256:2F5D6330C175704877879A188AB4D9A7E3D64772C954AE6E0C7613A63F6951CA
                                                                                                SHA-512:954EA6800220F78CECD9CA11FE41B77FEDDA344A28A17F0C7D2407FC475A53058EFCE6A986FAA3699973BCC05D0F33B0D17613DE882760D66BD0855CC7A3313E
                                                                                                Malicious:false
                                                                                                URL:https://verificacfdi.facturaelectronica.sat.gob.mx/Content/satMain.css
                                                                                                Preview:.body {.. font-size: 18px;..}....span {.. display: inline-block;.. margin-bottom: 5px;.. font-weight: 700;..}.....styling {.. background: #f5f5f5;.. border: 1px solid #ccc;.. border-radius: 5px;.. padding: 20px;.. text-align: center;.. /* height: 150px;.. overflow: auto; */..}.....signin {.. display: inline;.. margin-bottom: 0px;.. font-weight: 300;..}.....seccion {.. background: white;.. border: 1px solid #eeeeee;.. border-radius: 3px 3px 0 0;.. margin: 10px 0 30px 0;.. moz-border-radius: 3px 3px 0 0;.. padding: 25px 25px;.. position: relative;.. webkit-border-radius: 3px 3px 0 0;..}.....btn {.. white-space: normal;..}.....derechaFondo {.. text-align: right;.. vertical-align: bottom;..}.....subtitle {.. margin-bottom: 15px;.. text-align: left;.. font-size: 14px;..}.....limpiarCampo {.. position: relative;.. left: -20px;.. top: 1px;.. height: 11px;.. width: 11px;.. cursor: pointer;..}.

                                                                                                Chrome Cache Entry: 230

                                                                                                Download File
                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                File Type:Web Open Font Format, TrueType, length 6896, version 1.0
                                                                                                Category:downloaded
                                                                                                Size (bytes):6896
                                                                                                Entropy (8bit):5.878792980478225
                                                                                                Encrypted:false
                                                                                                SSDEEP:96:eSleH0BlES3WBhmNswwuwoDHqWnCJkN5FezIA05J3hHudnrcc6M5XDD:eJUHEC3NHwuBCJkNj29Ac6QD
                                                                                                MD5:0AE25876A2EE7D3C3BC83C07D4C3EBE9
                                                                                                SHA1:4D586339529406E981653A8E5984826A034C7D96
                                                                                                SHA-256:79481CDCD235B25D170C92561784AEA14592D4E4C4130E71DB2E9A9D8C0A4839
                                                                                                SHA-512:3A0E55C6F625BC06EE09A06CB4AFBB7625A4770E15705E194769AF13C76E3066E6F029D73933DC7E10A7D12A3D2928D1E6CA114008F09195483331AB63750500
                                                                                                Malicious:false
                                                                                                URL:https://verificacfdi.facturaelectronica.sat.gob.mx/Content/fonts/icogobmx.woff?xc1rry
                                                                                                Preview:wOFF........................................OS/2.......`...`...)cmap...h.........{@qgasp................glyf... ...|...|.4.Lhead.......6...6....hhea.......$...$.^..hmtx.......H...H7...loca...@...&...&&...maxp...h... ... ....name.......E...EW...post....... ... ...............................3...................................@.............@............... .............$.......d.......$.......d...@............. ............. .......................................L....................... ... ..............................`...`...........................79..................79..................79...........i........'..7.#..i.)..F.............N.S.............O..........!.!.%....'....7.........b.c.U................8......d...d...,...C,.8...............V.s.........!"&'..=.467>.3!2...........#.!"...........;.267>.=.467>.3!2...........;.267>.5.4&'..#1......+."&'..=.467>.;.2.......!"...........3!267>.5.4&'..#1.!"&'..5467>.3!2..........#15!"&'..5467>.3!2..........#1...3......................|.>.

                                                                                                Chrome Cache Entry: 231

                                                                                                Download File
                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                Category:downloaded
                                                                                                Size (bytes):23063
                                                                                                Entropy (8bit):4.7535440881548165
                                                                                                Encrypted:false
                                                                                                SSDEEP:384:GvUzYI+Vi4g1V5it1ONhA6w+Kv8i/4CYzLKL4DrLU0iTxZTAzIzrwDlTWMClQip9:bkON69kClQq8hDRJHp2tWU25Zt/gREVG
                                                                                                MD5:90EA7274F19755002360945D54C2A0D7
                                                                                                SHA1:647B5D8BF7D119A2C97895363A07A0C6EB8CD284
                                                                                                SHA-256:40732E9DCFA704CF615E4691BB07AECFD1CC5E063220A46E4A7FF6560C77F5DB
                                                                                                SHA-512:7474667800FF52A0031029CC338F81E1586F237EB07A49183008C8EC44A8F67B37E5E896573F089A50283DF96A1C8F185E53D667741331B647894532669E2C07
                                                                                                Malicious:false
                                                                                                URL:https://verificacfdi.facturaelectronica.sat.gob.mx/WebResource.axd?d=pynGkmcFUV13He1Qd6_TZHwW6XRihCOnHM9egjAHbYcsLY6sfUAO2WNK0odN5m-KEJzYuA2&t=638533548567617406
                                                                                                Preview:function WebForm_PostBackOptions(eventTarget, eventArgument, validation, validationGroup, actionUrl, trackFocus, clientSubmit) {.. this.eventTarget = eventTarget;.. this.eventArgument = eventArgument;.. this.validation = validation;.. this.validationGroup = validationGroup;.. this.actionUrl = actionUrl;.. this.trackFocus = trackFocus;.. this.clientSubmit = clientSubmit;..}..function WebForm_DoPostBackWithOptions(options) {.. var validationResult = true;.. if (options.validation) {.. if (typeof(Page_ClientValidate) == 'function') {.. validationResult = Page_ClientValidate(options.validationGroup);.. }.. }.. if (validationResult) {.. if ((typeof(options.actionUrl) != "undefined") && (options.actionUrl != null) && (options.actionUrl.length > 0)) {.. theForm.action = options.actionUrl;.. }.. if (options.trackFocus) {.. var lastFocus = theForm.elements["__LASTFOCUS"];.. if ((typeo

                                                                                                Chrome Cache Entry: 232

                                                                                                Download File
                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                File Type:SVG Scalable Vector Graphics image
                                                                                                Category:dropped
                                                                                                Size (bytes):95811
                                                                                                Entropy (8bit):4.2320428591574135
                                                                                                Encrypted:false
                                                                                                SSDEEP:1536:HRR288TnjN+OErlJRd3zOnJcBhea09vZtlUJkqXF2TW:HMqFd3ywCtqN
                                                                                                MD5:D54221941E772358A959861D3B4A4A87
                                                                                                SHA1:F491DF9C1F822AD6E1528DEB4B7D6E5C1BF8F37E
                                                                                                SHA-256:3383DA948D673BAB3636127152D3D8D5212D85BC553537F01554B2A829C17936
                                                                                                SHA-512:BD378B8EBE2285B332B41DE41A61EA48043C0841C369CB835C28DB24E04289AA418F54DBB39F7F14D03F55225ADD7D952636F23FCBA9846A575361A4FBDF50C6
                                                                                                Malicious:false
                                                                                                Preview:<svg id="Capa_1" data-name="Capa 1" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 123.55 36.37"><defs><style>.cls-1{fill:#dac6a1;}.cls-2{fill:#fff;}</style></defs><title>Logo_128x50</title><path class="cls-1" d="M33.65,23.53a7.88,7.88,0,0,0-.6-2.5.28.28,0,0,0-.22-.09.17.17,0,0,0-.13,0v.09a8.69,8.69,0,0,1,.55,2.31A3.81,3.81,0,0,1,33,25a5.07,5.07,0,0,0,0,1.23c0,.17-.09.24-.16.24s-.15-.06-.16-.25c0-.47,0-.87-.06-1.22v0a7.88,7.88,0,0,0-.17-1.7A3.57,3.57,0,0,0,31.67,22a3.5,3.5,0,0,1-.44-1c0-.07,0-.14-.06-.23s-.05-.19-.08-.27L30.93,20a.13.13,0,0,0-.11-.05.29.29,0,0,0-.22.12.24.24,0,0,0,0,.16L31,21.77a2.89,2.89,0,0,0,.54.78h0a4.1,4.1,0,0,1,.34.41,1.26,1.26,0,0,1,.26.71c.07.52.13,1.26.19,2.32l.3,1.53a5,5,0,0,1-.07,1.7c0,.23,0,.3,0,.32h0s.11,0,.27-.17c.42-.52.4-2.27.38-3.68a6.53,6.53,0,0,1,.2-1.14,3.49,3.49,0,0,0,.15-1" transform="translate(-2.52 -6.68)"/><path class="cls-1" d="M32.12,21.23l0-.27a.34.34,0,0,0-.05-.14.5.5,0,0,0-.3-.24h-.13s0,0,0,.06a2.4,2.4,0,0,0,.72,1.44h.06s0-.05,0-.15l-.19-

                                                                                                Chrome Cache Entry: 233

                                                                                                Download File
                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 150x100, components 3
                                                                                                Category:downloaded
                                                                                                Size (bytes):7646
                                                                                                Entropy (8bit):7.6759134259998305
                                                                                                Encrypted:false
                                                                                                SSDEEP:96:whIED1NGAj3f9UuuusuuuWuuuh0ZQEH2bUO1CcUsuuuWuuuW7i4+IKVBTy6JCD9Z:WI41wsSQ2w97i4yBTy6mcgLV
                                                                                                MD5:BF1D9AA912C98F643A29389A3FE7EE6E
                                                                                                SHA1:CCE462B0A264823BB217A4BF005EFD26EE3D2A36
                                                                                                SHA-256:60341940165737C0327613230B559985D20B02A832FAEB4DB050798999468245
                                                                                                SHA-512:B560F452CC340E9400D088AE7F3BA86FBCA48B0787E1185466D27E4CBD8EFB2E53F806ABF4D7DE065BCDBCC977BAF4BD146BEECF55CF813D1732A80AD253EC69
                                                                                                Malicious:false
                                                                                                URL:https://verificacfdi.facturaelectronica.sat.gob.mx/GeneraCaptcha.aspx?Data=Bg84WUOtzLw2IAgAeg0yUvzHWlnRreqPgZf4Mlye7xko+/kPbbsO27A5M4r42qd54PtHil1KboqqyFs2YoGo78JB2/9nh+i4Iec5biWn1b4=
                                                                                                Preview:......JFIF.....`.`.....C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......d...."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..uU..!P.....w.w.......W(#.4`.9.FF.J.....A..=.........,jx..EUxS....9.9?.....,jx..EUxS....9.9..,..X&.........2.....W..y'..L.j........y..I\t8U ryL.T...i.......$}.....6. .{s..<0..(Uue..0..I..p...9 ..{.2w.3N.T..p.2d...P....vLc.}..m.1h.n[.t..ga..Dv.]16.P...q..`.a~J.......g8..._#..*.Ubr..-....1..R.......O..cS...*..(........O..cS...*..(.....V.n.VE...2....j>U8....

                                                                                                Chrome Cache Entry: 234

                                                                                                Download File
                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                Category:downloaded
                                                                                                Size (bytes):14398
                                                                                                Entropy (8bit):3.861255126915413
                                                                                                Encrypted:false
                                                                                                SSDEEP:96:JZ1j3sROOdcLQS98DegKdGdSWiDSvcB6Utrq5swEtDlMzuaRfMrOca+N2KwbK1ec:Q/cLD99alctm5eBCr4uTKOqemB9
                                                                                                MD5:B5D392D635C0FCB98B307EFBF794450E
                                                                                                SHA1:4D13B4E3009A34C503FF9607F6C0C958FBC322A4
                                                                                                SHA-256:216D242E6E114F62D00969B62AEEAB481DC0DDE5F55788C07BF61B3BC7C2B927
                                                                                                SHA-512:0856975CCBF2D65575E1AC41E714AFE454D066941595E6687A94D4821803DDC9259E075E6F524762B0A5D446318BA68E538A13137255984A3AA7C1791E1861BA
                                                                                                Malicious:false
                                                                                                URL:https://verificacfdi.facturaelectronica.sat.gob.mx/Scripts/Jquery/jquery.maskedinput.js
                                                                                                Preview:./*..Masked Input plugin for jQuery..Copyright (c) 2007-2009 Josh Bush (digitalbush.com)..Licensed under the MIPL (Microsoft Public License)..Version: 1.2.2 (03/09/2009 22:39:06)..==================================================..Modified by: Axay.catl Valenzuela Faddul..Date: 2011-05..Description: 1) "paste" event modified in order to set caret on mask's last position...2) "blur" event unbinded...3) Setting caret on last match position when "focus" event occurs...4) Allow deletion of selected partial text...==================================================..Modified by: Miguel A. Palizada..Date: 2011-06..Description: 1) Supress clear mask method when lost focus or escape key pressed...2) Allow pasting for unformated text...3) Fix edition to prevent autocomplete behavior...4) Block edition when text completed...5) Hexadecimal charset definition added...==================================================..Modified by: Cristobal Espinosa Villase.or..Date: 2012-03-19..Descri

                                                                                                Chrome Cache Entry: 235

                                                                                                Download File
                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                File Type:ASCII text, with very long lines (65329), with CRLF line terminators
                                                                                                Category:downloaded
                                                                                                Size (bytes):102801
                                                                                                Entropy (8bit):5.336080509196147
                                                                                                Encrypted:false
                                                                                                SSDEEP:1536:MGLiogSomRYvoGtT+KHsVS0bT79DSsi46j/LPyR7kbE:MGLXGFKT79DSs6WCE
                                                                                                MD5:C89EAA5B28DF1E17376BE71D71649173
                                                                                                SHA1:2B34DF4C66BB57DE5A24A2EF0896271DFCA4F4CD
                                                                                                SHA-256:66B804E7A96A87C11E1DD74EA04AC2285DF5AD9043F48046C3E5000114D39B1C
                                                                                                SHA-512:B73D56304986CD587DA17BEBF21341B450D41861824102CC53885D863B118F6FDF2456B20791B9A7AE56DF91403F342550AF9E46F7401429FBA1D4A15A6BD3C0
                                                                                                Malicious:false
                                                                                                URL:https://verificacfdi.facturaelectronica.sat.gob.mx/ScriptResource.axd?d=uHIkleVeDJf4xS50Krz-yPqbr3Ah7us24wZAnCCM2F8AgYCzZsY4mUc_XNtj-Xm14k9QllBneNK8RJhA6dNV9vVqPcB6QNXha041RYm3ONnVxrc2ET2RbUeNWb_8ZAnSLPPPSvpeHe3doGTQt8vIjs-OP3w1&t=2e7d0aca
                                                                                                Preview://----------------------------------------------------------..// Copyright (C) Microsoft Corporation. All rights reserved...//----------------------------------------------------------..// MicrosoftAjax.js..Function.__typeName="Function";Function.__class=true;Function.createCallback=function(b,a){return function(){var e=arguments.length;if(e>0){var d=[];for(var c=0;c<e;c++)d[c]=arguments[c];d[e]=a;return b.apply(this,d)}return b.call(this,a)}};Function.createDelegate=function(a,b){return function(){return b.apply(a,arguments)}};Function.emptyFunction=Function.emptyMethod=function(){};Function.validateParameters=function(c,b,a){return Function._validateParams(c,b,a)};Function._validateParams=function(g,e,c){var a,d=e.length;c=c||typeof c==="undefined";a=Function._validateParameterCount(g,e,c);if(a){a.popStackFrame();return a}for(var b=0,i=g.length;b<i;b++){var f=e[Math.min(b,d-1)],h=f.name;if(f.parameterArray)h+="["+(b-d+1)+"]";else if(!c&&b>=d)break;a=Function._validateParameter(g[b],f

                                                                                                \Device\Null

                                                                                                Download File
                                                                                                Process:C:\Windows\SysWOW64\PING.EXE
                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):1607
                                                                                                Entropy (8bit):4.76085226484577
                                                                                                Encrypted:false
                                                                                                SSDEEP:12:PKMRJpTeTeTeTeTeTeTeTeTeTeTeTeTeTeTeTeTeTeTeTeTeTeTeTeTeTeTeT0sR:/ZTAokItULVDv
                                                                                                MD5:5040A956CEED74BBC4F0ED871791EA24
                                                                                                SHA1:E99982033A3263C3D69FE812A23E1F59F0CDDDC2
                                                                                                SHA-256:0871CCAE12C6B67BB8E64760D4850125AE4744A508CCA5A55A7A90813E53CF02
                                                                                                SHA-512:834C9885244E4AD260FF322E1437676D1672DC40BF907D4A3D796D348FF612951C963BA52B1C23163EDEEAEA51DBA262C3EC7EF9F063D5AC612D2AFF6B366D6A
                                                                                                Malicious:false
                                                                                                Preview:..Pinging 127.0.0.1 with 32 bytes of data:..Reply from 127.0.0.1: bytes=32 time<1ms TTL=128..Reply from 127.0.0.1: bytes=32 time<1ms TTL=128..Reply from 127.0.0.1: bytes=32 time<1ms TTL=128..Reply from 127.0.0.1: bytes=32 time<1ms TTL=128..Reply from 127.0.0.1: bytes=32 time<1ms TTL=128..Reply from 127.0.0.1: bytes=32 time<1ms TTL=128..Reply from 127.0.0.1: bytes=32 time<1ms TTL=128..Reply from 127.0.0.1: bytes=32 time<1ms TTL=128..Reply from 127.0.0.1: bytes=32 time<1ms TTL=128..Reply from 127.0.0.1: bytes=32 time<1ms TTL=128..Reply from 127.0.0.1: bytes=32 time<1ms TTL=128..Reply from 127.0.0.1: bytes=32 time<1ms TTL=128..Reply from 127.0.0.1: bytes=32 time<1ms TTL=128..Reply from 127.0.0.1: bytes=32 time<1ms TTL=128..Reply from 127.0.0.1: bytes=32 time<1ms TTL=128..Reply from 127.0.0.1: bytes=32 time<1ms TTL=128..Reply from 127.0.0.1: bytes=32 time<1ms TTL=128..Reply from 127.0.0.1: bytes=32 time<1ms TTL=128..Reply from 127.0.0.1: bytes=32 time<1ms TTL=128..Reply from 127.0.0.1: byt

                                                                                                Static File Info

                                                                                                General

                                                                                                File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                Entropy (8bit):6.50593051717965
                                                                                                TrID:
                                                                                                • Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                                                                                                • Win32 Executable (generic) a (10002005/4) 49.96%
                                                                                                • Win16/32 Executable Delphi generic (2074/23) 0.01%
                                                                                                • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                • DOS Executable Generic (2002/1) 0.01%
                                                                                                File name:Orden#46789_2024_Optoflux_mexico_sderlss.exe
                                                                                                File size:881'664 bytes
                                                                                                MD5:af0dccdcac71a9ec9395bbac08c232a8
                                                                                                SHA1:c9647a1d282db7ed314af4c17a86dc5d92f752dc
                                                                                                SHA256:a8726088fffcb88c32528d617d58d5c0d028c28115842f0c2a4f7a7fe5192e82
                                                                                                SHA512:554ab8af23e8b9438f7d89191c3dee457e80f93202d55bd0cdb80be3cf94c25a1d0f8464c51b274aa55ca67ed34c672f25fb0b6e10791c33ab54ead27e1cd333
                                                                                                SSDEEP:12288:z1I6SaGRIuDJpW2YwPUqw2yK1WHV+m/SIo6I6JT/sudfpdCcqXQ:nEpIaY/smfXCcsQ
                                                                                                TLSH:5115AFAF76DDBB9CC46B0A356B322130C7298F570942A54734C3CC5DAA3E39AAC564D3
                                                                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....WH..........."...P.............~.... ........@.. ....................................`................................

                                                                                                File Icon

                                                                                                Icon Hash:24ed8d96b2ade832

                                                                                                Static PE Info

                                                                                                General

                                                                                                Entrypoint:0x4cb87e
                                                                                                Entrypoint Section:.text
                                                                                                Digitally signed:false
                                                                                                Imagebase:0x400000
                                                                                                Subsystem:windows gui
                                                                                                Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                                DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                Time Stamp:0xE485717 [Fri Aug 5 09:38:31 1977 UTC]
                                                                                                TLS Callbacks:
                                                                                                CLR (.Net) Version:
                                                                                                OS Version Major:4
                                                                                                OS Version Minor:0
                                                                                                File Version Major:4
                                                                                                File Version Minor:0
                                                                                                Subsystem Version Major:4
                                                                                                Subsystem Version Minor:0
                                                                                                Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                Entrypoint Preview

                                                                                                Instruction
                                                                                                jmp dword ptr [00402000h]
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al

                                                                                                Data Directories

                                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0xcb8280x53.text
                                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0xcc0000xd5f0.rsrc
                                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0xd74000x0.rsrc
                                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0xda0000xc.reloc
                                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                Sections

                                                                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                .text0x20000xc98840xc9a002682d8d1f43390d1f2b15ff88771ed1fFalse0.6158846094234346data6.510177835455973IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                .rsrc0xcc0000xd5f00xd600c5fbfbff6f8d316654766f61bd874460False0.08606527453271028data3.698245581137731IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                .reloc0xda0000xc0x200b0080c5c9bb484e9dbf003151d8ffd72False0.044921875data0.09800417566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                Resources

                                                                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                RT_ICON0xcc0e80xd228Device independent bitmap graphic, 101 x 256 x 32, image size 51712, resolution 9055 x 9055 px/m0.07864312267657993
                                                                                                RT_GROUP_ICON0xd93100x14data1.15
                                                                                                RT_VERSION0xd93240x2ccdata0.49441340782122906

                                                                                                Imports

                                                                                                DLLImport
                                                                                                mscoree.dll_CorExeMain

                                                                                                Network Behavior

                                                                                                Network Port Distribution

                                                                                                TCP Packets

                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                Jun 27, 2024 09:02:21.513609886 CEST49674443192.168.2.523.1.237.91
                                                                                                Jun 27, 2024 09:02:21.513619900 CEST49675443192.168.2.523.1.237.91
                                                                                                Jun 27, 2024 09:02:21.638607979 CEST49673443192.168.2.523.1.237.91
                                                                                                Jun 27, 2024 09:02:26.318733931 CEST49705443192.168.2.5142.250.186.68
                                                                                                Jun 27, 2024 09:02:26.318779945 CEST44349705142.250.186.68192.168.2.5
                                                                                                Jun 27, 2024 09:02:26.319029093 CEST49705443192.168.2.5142.250.186.68
                                                                                                Jun 27, 2024 09:02:26.329905033 CEST49705443192.168.2.5142.250.186.68
                                                                                                Jun 27, 2024 09:02:26.329955101 CEST44349705142.250.186.68192.168.2.5
                                                                                                Jun 27, 2024 09:02:27.002639055 CEST44349705142.250.186.68192.168.2.5
                                                                                                Jun 27, 2024 09:02:27.002826929 CEST49705443192.168.2.5142.250.186.68
                                                                                                Jun 27, 2024 09:02:27.007376909 CEST49705443192.168.2.5142.250.186.68
                                                                                                Jun 27, 2024 09:02:27.007385969 CEST44349705142.250.186.68192.168.2.5
                                                                                                Jun 27, 2024 09:02:27.007822037 CEST44349705142.250.186.68192.168.2.5
                                                                                                Jun 27, 2024 09:02:27.060350895 CEST49705443192.168.2.5142.250.186.68
                                                                                                Jun 27, 2024 09:02:27.239826918 CEST49705443192.168.2.5142.250.186.68
                                                                                                Jun 27, 2024 09:02:27.284504890 CEST44349705142.250.186.68192.168.2.5
                                                                                                Jun 27, 2024 09:02:27.634829044 CEST44349705142.250.186.68192.168.2.5
                                                                                                Jun 27, 2024 09:02:27.635175943 CEST44349705142.250.186.68192.168.2.5
                                                                                                Jun 27, 2024 09:02:27.635204077 CEST44349705142.250.186.68192.168.2.5
                                                                                                Jun 27, 2024 09:02:27.635232925 CEST44349705142.250.186.68192.168.2.5
                                                                                                Jun 27, 2024 09:02:27.635231972 CEST49705443192.168.2.5142.250.186.68
                                                                                                Jun 27, 2024 09:02:27.635246992 CEST44349705142.250.186.68192.168.2.5
                                                                                                Jun 27, 2024 09:02:27.635315895 CEST49705443192.168.2.5142.250.186.68
                                                                                                Jun 27, 2024 09:02:27.635333061 CEST44349705142.250.186.68192.168.2.5
                                                                                                Jun 27, 2024 09:02:27.635350943 CEST44349705142.250.186.68192.168.2.5
                                                                                                Jun 27, 2024 09:02:27.635385990 CEST49705443192.168.2.5142.250.186.68
                                                                                                Jun 27, 2024 09:02:27.635428905 CEST49705443192.168.2.5142.250.186.68
                                                                                                Jun 27, 2024 09:02:27.654957056 CEST49705443192.168.2.5142.250.186.68
                                                                                                Jun 27, 2024 09:02:31.123001099 CEST49674443192.168.2.523.1.237.91
                                                                                                Jun 27, 2024 09:02:31.123008013 CEST49675443192.168.2.523.1.237.91
                                                                                                Jun 27, 2024 09:02:31.247883081 CEST49673443192.168.2.523.1.237.91
                                                                                                Jun 27, 2024 09:02:32.891612053 CEST4434970323.1.237.91192.168.2.5
                                                                                                Jun 27, 2024 09:02:32.891801119 CEST49703443192.168.2.523.1.237.91
                                                                                                Jun 27, 2024 09:02:33.618927002 CEST49709443192.168.2.5184.28.90.27
                                                                                                Jun 27, 2024 09:02:33.618972063 CEST44349709184.28.90.27192.168.2.5
                                                                                                Jun 27, 2024 09:02:33.619031906 CEST49709443192.168.2.5184.28.90.27
                                                                                                Jun 27, 2024 09:02:33.622039080 CEST49709443192.168.2.5184.28.90.27
                                                                                                Jun 27, 2024 09:02:33.622057915 CEST44349709184.28.90.27192.168.2.5
                                                                                                Jun 27, 2024 09:02:34.302803993 CEST44349709184.28.90.27192.168.2.5
                                                                                                Jun 27, 2024 09:02:34.302881956 CEST49709443192.168.2.5184.28.90.27
                                                                                                Jun 27, 2024 09:02:34.305011988 CEST49709443192.168.2.5184.28.90.27
                                                                                                Jun 27, 2024 09:02:34.305069923 CEST44349709184.28.90.27192.168.2.5
                                                                                                Jun 27, 2024 09:02:34.305476904 CEST44349709184.28.90.27192.168.2.5
                                                                                                Jun 27, 2024 09:02:34.355144024 CEST49709443192.168.2.5184.28.90.27
                                                                                                Jun 27, 2024 09:02:34.400501013 CEST44349709184.28.90.27192.168.2.5
                                                                                                Jun 27, 2024 09:02:34.576040983 CEST44349709184.28.90.27192.168.2.5
                                                                                                Jun 27, 2024 09:02:34.576136112 CEST44349709184.28.90.27192.168.2.5
                                                                                                Jun 27, 2024 09:02:34.576212883 CEST49709443192.168.2.5184.28.90.27
                                                                                                Jun 27, 2024 09:02:34.578258991 CEST49709443192.168.2.5184.28.90.27
                                                                                                Jun 27, 2024 09:02:34.578306913 CEST44349709184.28.90.27192.168.2.5
                                                                                                Jun 27, 2024 09:02:34.614671946 CEST49710443192.168.2.5184.28.90.27
                                                                                                Jun 27, 2024 09:02:34.614774942 CEST44349710184.28.90.27192.168.2.5
                                                                                                Jun 27, 2024 09:02:34.614980936 CEST49710443192.168.2.5184.28.90.27
                                                                                                Jun 27, 2024 09:02:34.615294933 CEST49710443192.168.2.5184.28.90.27
                                                                                                Jun 27, 2024 09:02:34.615324974 CEST44349710184.28.90.27192.168.2.5
                                                                                                Jun 27, 2024 09:02:35.254837990 CEST44349710184.28.90.27192.168.2.5
                                                                                                Jun 27, 2024 09:02:35.254920006 CEST49710443192.168.2.5184.28.90.27
                                                                                                Jun 27, 2024 09:02:35.256472111 CEST49710443192.168.2.5184.28.90.27
                                                                                                Jun 27, 2024 09:02:35.256499052 CEST44349710184.28.90.27192.168.2.5
                                                                                                Jun 27, 2024 09:02:35.256823063 CEST44349710184.28.90.27192.168.2.5
                                                                                                Jun 27, 2024 09:02:35.258047104 CEST49710443192.168.2.5184.28.90.27
                                                                                                Jun 27, 2024 09:02:35.304512978 CEST44349710184.28.90.27192.168.2.5
                                                                                                Jun 27, 2024 09:02:35.531112909 CEST44349710184.28.90.27192.168.2.5
                                                                                                Jun 27, 2024 09:02:35.531204939 CEST44349710184.28.90.27192.168.2.5
                                                                                                Jun 27, 2024 09:02:35.531318903 CEST49710443192.168.2.5184.28.90.27
                                                                                                Jun 27, 2024 09:02:35.532426119 CEST49710443192.168.2.5184.28.90.27
                                                                                                Jun 27, 2024 09:02:35.532453060 CEST44349710184.28.90.27192.168.2.5
                                                                                                Jun 27, 2024 09:02:35.532469988 CEST49710443192.168.2.5184.28.90.27
                                                                                                Jun 27, 2024 09:02:35.532478094 CEST44349710184.28.90.27192.168.2.5
                                                                                                Jun 27, 2024 09:02:41.546853065 CEST49711443192.168.2.540.127.169.103
                                                                                                Jun 27, 2024 09:02:41.546891928 CEST4434971140.127.169.103192.168.2.5
                                                                                                Jun 27, 2024 09:02:41.546976089 CEST49711443192.168.2.540.127.169.103
                                                                                                Jun 27, 2024 09:02:41.548490047 CEST49711443192.168.2.540.127.169.103
                                                                                                Jun 27, 2024 09:02:41.548501968 CEST4434971140.127.169.103192.168.2.5
                                                                                                Jun 27, 2024 09:02:42.335454941 CEST4434971140.127.169.103192.168.2.5
                                                                                                Jun 27, 2024 09:02:42.335521936 CEST49711443192.168.2.540.127.169.103
                                                                                                Jun 27, 2024 09:02:42.341411114 CEST49711443192.168.2.540.127.169.103
                                                                                                Jun 27, 2024 09:02:42.341433048 CEST4434971140.127.169.103192.168.2.5
                                                                                                Jun 27, 2024 09:02:42.341708899 CEST4434971140.127.169.103192.168.2.5
                                                                                                Jun 27, 2024 09:02:42.388438940 CEST49711443192.168.2.540.127.169.103
                                                                                                Jun 27, 2024 09:02:43.094372988 CEST49711443192.168.2.540.127.169.103
                                                                                                Jun 27, 2024 09:02:43.136523008 CEST4434971140.127.169.103192.168.2.5
                                                                                                Jun 27, 2024 09:02:43.358851910 CEST4434971140.127.169.103192.168.2.5
                                                                                                Jun 27, 2024 09:02:43.358886957 CEST4434971140.127.169.103192.168.2.5
                                                                                                Jun 27, 2024 09:02:43.358895063 CEST4434971140.127.169.103192.168.2.5
                                                                                                Jun 27, 2024 09:02:43.358905077 CEST4434971140.127.169.103192.168.2.5
                                                                                                Jun 27, 2024 09:02:43.358941078 CEST4434971140.127.169.103192.168.2.5
                                                                                                Jun 27, 2024 09:02:43.358987093 CEST49711443192.168.2.540.127.169.103
                                                                                                Jun 27, 2024 09:02:43.359009027 CEST4434971140.127.169.103192.168.2.5
                                                                                                Jun 27, 2024 09:02:43.359033108 CEST49711443192.168.2.540.127.169.103
                                                                                                Jun 27, 2024 09:02:43.359069109 CEST49711443192.168.2.540.127.169.103
                                                                                                Jun 27, 2024 09:02:43.359214067 CEST4434971140.127.169.103192.168.2.5
                                                                                                Jun 27, 2024 09:02:43.359275103 CEST49711443192.168.2.540.127.169.103
                                                                                                Jun 27, 2024 09:02:43.359281063 CEST4434971140.127.169.103192.168.2.5
                                                                                                Jun 27, 2024 09:02:43.359359980 CEST4434971140.127.169.103192.168.2.5
                                                                                                Jun 27, 2024 09:02:43.359407902 CEST49711443192.168.2.540.127.169.103
                                                                                                Jun 27, 2024 09:02:44.029515982 CEST49711443192.168.2.540.127.169.103
                                                                                                Jun 27, 2024 09:02:44.029547930 CEST4434971140.127.169.103192.168.2.5
                                                                                                Jun 27, 2024 09:02:44.029561043 CEST49711443192.168.2.540.127.169.103
                                                                                                Jun 27, 2024 09:02:44.029567957 CEST4434971140.127.169.103192.168.2.5
                                                                                                Jun 27, 2024 09:02:45.241853952 CEST5886353192.168.2.51.1.1.1
                                                                                                Jun 27, 2024 09:02:45.246984005 CEST53588631.1.1.1192.168.2.5
                                                                                                Jun 27, 2024 09:02:45.247082949 CEST5886353192.168.2.51.1.1.1
                                                                                                Jun 27, 2024 09:02:45.252645016 CEST53588631.1.1.1192.168.2.5
                                                                                                Jun 27, 2024 09:02:45.717365026 CEST5886353192.168.2.51.1.1.1
                                                                                                Jun 27, 2024 09:02:45.722564936 CEST53588631.1.1.1192.168.2.5
                                                                                                Jun 27, 2024 09:02:45.722723961 CEST5886353192.168.2.51.1.1.1
                                                                                                Jun 27, 2024 09:03:21.940057039 CEST58864443192.168.2.540.127.169.103
                                                                                                Jun 27, 2024 09:03:21.940114021 CEST4435886440.127.169.103192.168.2.5
                                                                                                Jun 27, 2024 09:03:21.940187931 CEST58864443192.168.2.540.127.169.103
                                                                                                Jun 27, 2024 09:03:21.940844059 CEST58864443192.168.2.540.127.169.103
                                                                                                Jun 27, 2024 09:03:21.940860987 CEST4435886440.127.169.103192.168.2.5
                                                                                                Jun 27, 2024 09:03:22.738348007 CEST4435886440.127.169.103192.168.2.5
                                                                                                Jun 27, 2024 09:03:22.738441944 CEST58864443192.168.2.540.127.169.103
                                                                                                Jun 27, 2024 09:03:22.742876053 CEST58864443192.168.2.540.127.169.103
                                                                                                Jun 27, 2024 09:03:22.742902040 CEST4435886440.127.169.103192.168.2.5
                                                                                                Jun 27, 2024 09:03:22.743149042 CEST4435886440.127.169.103192.168.2.5
                                                                                                Jun 27, 2024 09:03:22.752394915 CEST58864443192.168.2.540.127.169.103
                                                                                                Jun 27, 2024 09:03:22.792509079 CEST4435886440.127.169.103192.168.2.5
                                                                                                Jun 27, 2024 09:03:23.070729971 CEST4435886440.127.169.103192.168.2.5
                                                                                                Jun 27, 2024 09:03:23.070765972 CEST4435886440.127.169.103192.168.2.5
                                                                                                Jun 27, 2024 09:03:23.070815086 CEST4435886440.127.169.103192.168.2.5
                                                                                                Jun 27, 2024 09:03:23.070945978 CEST58864443192.168.2.540.127.169.103
                                                                                                Jun 27, 2024 09:03:23.070986986 CEST4435886440.127.169.103192.168.2.5
                                                                                                Jun 27, 2024 09:03:23.071005106 CEST58864443192.168.2.540.127.169.103
                                                                                                Jun 27, 2024 09:03:23.071031094 CEST58864443192.168.2.540.127.169.103
                                                                                                Jun 27, 2024 09:03:23.071835041 CEST4435886440.127.169.103192.168.2.5
                                                                                                Jun 27, 2024 09:03:23.071876049 CEST4435886440.127.169.103192.168.2.5
                                                                                                Jun 27, 2024 09:03:23.071903944 CEST58864443192.168.2.540.127.169.103
                                                                                                Jun 27, 2024 09:03:23.071913004 CEST4435886440.127.169.103192.168.2.5
                                                                                                Jun 27, 2024 09:03:23.071938038 CEST58864443192.168.2.540.127.169.103
                                                                                                Jun 27, 2024 09:03:23.071957111 CEST4435886440.127.169.103192.168.2.5
                                                                                                Jun 27, 2024 09:03:23.074637890 CEST58864443192.168.2.540.127.169.103
                                                                                                Jun 27, 2024 09:03:23.079034090 CEST58864443192.168.2.540.127.169.103
                                                                                                Jun 27, 2024 09:03:23.079068899 CEST4435886440.127.169.103192.168.2.5
                                                                                                Jun 27, 2024 09:03:23.079085112 CEST58864443192.168.2.540.127.169.103
                                                                                                Jun 27, 2024 09:03:23.079092026 CEST4435886440.127.169.103192.168.2.5
                                                                                                Jun 27, 2024 09:03:40.181551933 CEST58865443192.168.2.5142.250.186.68
                                                                                                Jun 27, 2024 09:03:40.181616068 CEST44358865142.250.186.68192.168.2.5
                                                                                                Jun 27, 2024 09:03:40.181689024 CEST58865443192.168.2.5142.250.186.68
                                                                                                Jun 27, 2024 09:03:40.186439037 CEST58865443192.168.2.5142.250.186.68
                                                                                                Jun 27, 2024 09:03:40.186460972 CEST44358865142.250.186.68192.168.2.5
                                                                                                Jun 27, 2024 09:03:40.821712971 CEST44358865142.250.186.68192.168.2.5
                                                                                                Jun 27, 2024 09:03:40.821938992 CEST58865443192.168.2.5142.250.186.68
                                                                                                Jun 27, 2024 09:03:40.823698997 CEST58865443192.168.2.5142.250.186.68
                                                                                                Jun 27, 2024 09:03:40.823710918 CEST44358865142.250.186.68192.168.2.5
                                                                                                Jun 27, 2024 09:03:40.823923111 CEST44358865142.250.186.68192.168.2.5
                                                                                                Jun 27, 2024 09:03:40.872713089 CEST58865443192.168.2.5142.250.186.68
                                                                                                Jun 27, 2024 09:03:40.897694111 CEST58865443192.168.2.5142.250.186.68
                                                                                                Jun 27, 2024 09:03:40.940502882 CEST44358865142.250.186.68192.168.2.5
                                                                                                Jun 27, 2024 09:03:41.098380089 CEST44358865142.250.186.68192.168.2.5
                                                                                                Jun 27, 2024 09:03:41.098512888 CEST44358865142.250.186.68192.168.2.5
                                                                                                Jun 27, 2024 09:03:41.098588943 CEST58865443192.168.2.5142.250.186.68
                                                                                                Jun 27, 2024 09:03:41.098603010 CEST44358865142.250.186.68192.168.2.5
                                                                                                Jun 27, 2024 09:03:41.098638058 CEST44358865142.250.186.68192.168.2.5
                                                                                                Jun 27, 2024 09:03:41.098685980 CEST58865443192.168.2.5142.250.186.68
                                                                                                Jun 27, 2024 09:03:41.098725080 CEST44358865142.250.186.68192.168.2.5
                                                                                                Jun 27, 2024 09:03:41.098964930 CEST44358865142.250.186.68192.168.2.5
                                                                                                Jun 27, 2024 09:03:41.099023104 CEST58865443192.168.2.5142.250.186.68
                                                                                                Jun 27, 2024 09:03:41.109157085 CEST58865443192.168.2.5142.250.186.68
                                                                                                Jun 27, 2024 09:04:54.938437939 CEST58891443192.168.2.5142.250.184.228
                                                                                                Jun 27, 2024 09:04:54.938492060 CEST44358891142.250.184.228192.168.2.5
                                                                                                Jun 27, 2024 09:04:54.938559055 CEST58891443192.168.2.5142.250.184.228
                                                                                                Jun 27, 2024 09:04:54.941217899 CEST58891443192.168.2.5142.250.184.228
                                                                                                Jun 27, 2024 09:04:54.941235065 CEST44358891142.250.184.228192.168.2.5
                                                                                                Jun 27, 2024 09:04:55.084928989 CEST58896443192.168.2.518.244.18.27
                                                                                                Jun 27, 2024 09:04:55.084994078 CEST4435889618.244.18.27192.168.2.5
                                                                                                Jun 27, 2024 09:04:55.085156918 CEST58896443192.168.2.518.244.18.27
                                                                                                Jun 27, 2024 09:04:55.085331917 CEST58896443192.168.2.518.244.18.27
                                                                                                Jun 27, 2024 09:04:55.085364103 CEST4435889618.244.18.27192.168.2.5
                                                                                                Jun 27, 2024 09:04:55.575128078 CEST44358891142.250.184.228192.168.2.5
                                                                                                Jun 27, 2024 09:04:55.575414896 CEST58891443192.168.2.5142.250.184.228
                                                                                                Jun 27, 2024 09:04:55.575489044 CEST44358891142.250.184.228192.168.2.5
                                                                                                Jun 27, 2024 09:04:55.579469919 CEST44358891142.250.184.228192.168.2.5
                                                                                                Jun 27, 2024 09:04:55.579574108 CEST58891443192.168.2.5142.250.184.228
                                                                                                Jun 27, 2024 09:04:55.580754995 CEST58891443192.168.2.5142.250.184.228
                                                                                                Jun 27, 2024 09:04:55.580956936 CEST44358891142.250.184.228192.168.2.5
                                                                                                Jun 27, 2024 09:04:55.647449017 CEST58891443192.168.2.5142.250.184.228
                                                                                                Jun 27, 2024 09:04:55.647475004 CEST44358891142.250.184.228192.168.2.5
                                                                                                Jun 27, 2024 09:04:55.731394053 CEST4435889618.244.18.27192.168.2.5
                                                                                                Jun 27, 2024 09:04:55.731950998 CEST58896443192.168.2.518.244.18.27
                                                                                                Jun 27, 2024 09:04:55.732026100 CEST4435889618.244.18.27192.168.2.5
                                                                                                Jun 27, 2024 09:04:55.733099937 CEST4435889618.244.18.27192.168.2.5
                                                                                                Jun 27, 2024 09:04:55.733174086 CEST58896443192.168.2.518.244.18.27
                                                                                                Jun 27, 2024 09:04:55.737292051 CEST58896443192.168.2.518.244.18.27
                                                                                                Jun 27, 2024 09:04:55.737380028 CEST4435889618.244.18.27192.168.2.5
                                                                                                Jun 27, 2024 09:04:55.737689972 CEST58896443192.168.2.518.244.18.27
                                                                                                Jun 27, 2024 09:04:55.737709999 CEST4435889618.244.18.27192.168.2.5
                                                                                                Jun 27, 2024 09:04:55.757075071 CEST58891443192.168.2.5142.250.184.228
                                                                                                Jun 27, 2024 09:04:55.836843967 CEST58896443192.168.2.518.244.18.27
                                                                                                Jun 27, 2024 09:04:56.008507013 CEST4435889618.244.18.27192.168.2.5
                                                                                                Jun 27, 2024 09:04:56.008598089 CEST4435889618.244.18.27192.168.2.5
                                                                                                Jun 27, 2024 09:04:56.008827925 CEST58896443192.168.2.518.244.18.27
                                                                                                Jun 27, 2024 09:04:56.009351969 CEST58896443192.168.2.518.244.18.27
                                                                                                Jun 27, 2024 09:04:56.009399891 CEST4435889618.244.18.27192.168.2.5
                                                                                                Jun 27, 2024 09:04:56.013343096 CEST58901443192.168.2.518.244.18.27
                                                                                                Jun 27, 2024 09:04:56.013379097 CEST4435890118.244.18.27192.168.2.5
                                                                                                Jun 27, 2024 09:04:56.013468027 CEST58901443192.168.2.518.244.18.27
                                                                                                Jun 27, 2024 09:04:56.013762951 CEST58901443192.168.2.518.244.18.27
                                                                                                Jun 27, 2024 09:04:56.013782024 CEST4435890118.244.18.27192.168.2.5
                                                                                                Jun 27, 2024 09:04:56.299103022 CEST58905443192.168.2.518.244.18.27
                                                                                                Jun 27, 2024 09:04:56.299113035 CEST4435890518.244.18.27192.168.2.5
                                                                                                Jun 27, 2024 09:04:56.299170971 CEST58905443192.168.2.518.244.18.27
                                                                                                Jun 27, 2024 09:04:56.299617052 CEST58905443192.168.2.518.244.18.27
                                                                                                Jun 27, 2024 09:04:56.299632072 CEST4435890518.244.18.27192.168.2.5
                                                                                                Jun 27, 2024 09:04:56.340795040 CEST58907443192.168.2.523.51.56.185
                                                                                                Jun 27, 2024 09:04:56.340830088 CEST4435890723.51.56.185192.168.2.5
                                                                                                Jun 27, 2024 09:04:56.340900898 CEST58907443192.168.2.523.51.56.185
                                                                                                Jun 27, 2024 09:04:56.341211081 CEST58907443192.168.2.523.51.56.185
                                                                                                Jun 27, 2024 09:04:56.341228008 CEST4435890723.51.56.185192.168.2.5
                                                                                                Jun 27, 2024 09:04:56.614172935 CEST58914443192.168.2.552.202.204.11
                                                                                                Jun 27, 2024 09:04:56.614228010 CEST4435891452.202.204.11192.168.2.5
                                                                                                Jun 27, 2024 09:04:56.614301920 CEST58914443192.168.2.552.202.204.11
                                                                                                Jun 27, 2024 09:04:56.614531040 CEST58914443192.168.2.552.202.204.11
                                                                                                Jun 27, 2024 09:04:56.614547968 CEST4435891452.202.204.11192.168.2.5
                                                                                                Jun 27, 2024 09:04:56.762950897 CEST4435890118.244.18.27192.168.2.5
                                                                                                Jun 27, 2024 09:04:56.765038967 CEST58901443192.168.2.518.244.18.27
                                                                                                Jun 27, 2024 09:04:56.765077114 CEST4435890118.244.18.27192.168.2.5
                                                                                                Jun 27, 2024 09:04:56.765465021 CEST4435890118.244.18.27192.168.2.5
                                                                                                Jun 27, 2024 09:04:56.767502069 CEST58901443192.168.2.518.244.18.27
                                                                                                Jun 27, 2024 09:04:56.767577887 CEST4435890118.244.18.27192.168.2.5
                                                                                                Jun 27, 2024 09:04:56.767676115 CEST58901443192.168.2.518.244.18.27
                                                                                                Jun 27, 2024 09:04:56.812520981 CEST4435890118.244.18.27192.168.2.5
                                                                                                Jun 27, 2024 09:04:56.833579063 CEST58901443192.168.2.518.244.18.27
                                                                                                Jun 27, 2024 09:04:56.905571938 CEST4435890723.51.56.185192.168.2.5
                                                                                                Jun 27, 2024 09:04:56.906910896 CEST58907443192.168.2.523.51.56.185
                                                                                                Jun 27, 2024 09:04:56.906934977 CEST4435890723.51.56.185192.168.2.5
                                                                                                Jun 27, 2024 09:04:56.908003092 CEST4435890723.51.56.185192.168.2.5
                                                                                                Jun 27, 2024 09:04:56.908071041 CEST58907443192.168.2.523.51.56.185
                                                                                                Jun 27, 2024 09:04:56.908509970 CEST58907443192.168.2.523.51.56.185
                                                                                                Jun 27, 2024 09:04:56.908574104 CEST4435890723.51.56.185192.168.2.5
                                                                                                Jun 27, 2024 09:04:56.958218098 CEST58907443192.168.2.523.51.56.185
                                                                                                Jun 27, 2024 09:04:56.958234072 CEST4435890723.51.56.185192.168.2.5
                                                                                                Jun 27, 2024 09:04:57.041002989 CEST4435890118.244.18.27192.168.2.5
                                                                                                Jun 27, 2024 09:04:57.041089058 CEST4435890118.244.18.27192.168.2.5
                                                                                                Jun 27, 2024 09:04:57.041152000 CEST58901443192.168.2.518.244.18.27
                                                                                                Jun 27, 2024 09:04:57.045861006 CEST4435890518.244.18.27192.168.2.5
                                                                                                Jun 27, 2024 09:04:57.050928116 CEST58905443192.168.2.518.244.18.27
                                                                                                Jun 27, 2024 09:04:57.050951004 CEST4435890518.244.18.27192.168.2.5
                                                                                                Jun 27, 2024 09:04:57.051332951 CEST4435890518.244.18.27192.168.2.5
                                                                                                Jun 27, 2024 09:04:57.053237915 CEST58905443192.168.2.518.244.18.27
                                                                                                Jun 27, 2024 09:04:57.053306103 CEST4435890518.244.18.27192.168.2.5
                                                                                                Jun 27, 2024 09:04:57.060188055 CEST58901443192.168.2.518.244.18.27
                                                                                                Jun 27, 2024 09:04:57.060208082 CEST4435890118.244.18.27192.168.2.5
                                                                                                Jun 27, 2024 09:04:57.138689995 CEST58905443192.168.2.518.244.18.27
                                                                                                Jun 27, 2024 09:04:57.154045105 CEST58907443192.168.2.523.51.56.185
                                                                                                Jun 27, 2024 09:04:57.186036110 CEST4435891452.202.204.11192.168.2.5
                                                                                                Jun 27, 2024 09:04:57.337222099 CEST58914443192.168.2.552.202.204.11
                                                                                                Jun 27, 2024 09:04:57.404510975 CEST58914443192.168.2.552.202.204.11
                                                                                                Jun 27, 2024 09:04:57.404556990 CEST4435891452.202.204.11192.168.2.5
                                                                                                Jun 27, 2024 09:04:57.405818939 CEST4435891452.202.204.11192.168.2.5
                                                                                                Jun 27, 2024 09:04:57.405839920 CEST4435891452.202.204.11192.168.2.5
                                                                                                Jun 27, 2024 09:04:57.405893087 CEST58914443192.168.2.552.202.204.11
                                                                                                Jun 27, 2024 09:04:57.405903101 CEST4435891452.202.204.11192.168.2.5
                                                                                                Jun 27, 2024 09:04:57.406030893 CEST58914443192.168.2.552.202.204.11
                                                                                                Jun 27, 2024 09:04:57.490817070 CEST58914443192.168.2.552.202.204.11
                                                                                                Jun 27, 2024 09:04:57.491029978 CEST4435891452.202.204.11192.168.2.5
                                                                                                Jun 27, 2024 09:04:57.491138935 CEST58914443192.168.2.552.202.204.11
                                                                                                Jun 27, 2024 09:04:57.532505035 CEST4435891452.202.204.11192.168.2.5
                                                                                                Jun 27, 2024 09:04:57.636949062 CEST58914443192.168.2.552.202.204.11
                                                                                                Jun 27, 2024 09:04:57.636970997 CEST4435891452.202.204.11192.168.2.5
                                                                                                Jun 27, 2024 09:04:57.650146961 CEST4435891452.202.204.11192.168.2.5
                                                                                                Jun 27, 2024 09:04:57.650206089 CEST58914443192.168.2.552.202.204.11
                                                                                                Jun 27, 2024 09:04:57.653207064 CEST58914443192.168.2.552.202.204.11
                                                                                                Jun 27, 2024 09:04:57.653224945 CEST4435891452.202.204.11192.168.2.5
                                                                                                Jun 27, 2024 09:04:57.658807039 CEST58916443192.168.2.552.202.204.11
                                                                                                Jun 27, 2024 09:04:57.658849955 CEST4435891652.202.204.11192.168.2.5
                                                                                                Jun 27, 2024 09:04:57.658931017 CEST58916443192.168.2.552.202.204.11
                                                                                                Jun 27, 2024 09:04:57.659128904 CEST58916443192.168.2.552.202.204.11
                                                                                                Jun 27, 2024 09:04:57.659142017 CEST4435891652.202.204.11192.168.2.5
                                                                                                Jun 27, 2024 09:04:57.704581022 CEST58917443192.168.2.518.244.18.27
                                                                                                Jun 27, 2024 09:04:57.704644918 CEST4435891718.244.18.27192.168.2.5
                                                                                                Jun 27, 2024 09:04:57.704880953 CEST58917443192.168.2.518.244.18.27
                                                                                                Jun 27, 2024 09:04:57.705271006 CEST58917443192.168.2.518.244.18.27
                                                                                                Jun 27, 2024 09:04:57.705290079 CEST4435891718.244.18.27192.168.2.5
                                                                                                Jun 27, 2024 09:04:57.930347919 CEST49703443192.168.2.523.1.237.91
                                                                                                Jun 27, 2024 09:04:57.930385113 CEST4434970323.1.237.91192.168.2.5
                                                                                                Jun 27, 2024 09:04:58.253779888 CEST4435891652.202.204.11192.168.2.5
                                                                                                Jun 27, 2024 09:04:58.267038107 CEST58916443192.168.2.552.202.204.11
                                                                                                Jun 27, 2024 09:04:58.267062902 CEST4435891652.202.204.11192.168.2.5
                                                                                                Jun 27, 2024 09:04:58.268224955 CEST4435891652.202.204.11192.168.2.5
                                                                                                Jun 27, 2024 09:04:58.268296957 CEST58916443192.168.2.552.202.204.11
                                                                                                Jun 27, 2024 09:04:58.268306971 CEST4435891652.202.204.11192.168.2.5
                                                                                                Jun 27, 2024 09:04:58.268349886 CEST58916443192.168.2.552.202.204.11
                                                                                                Jun 27, 2024 09:04:58.269784927 CEST58916443192.168.2.552.202.204.11
                                                                                                Jun 27, 2024 09:04:58.269855022 CEST4435891652.202.204.11192.168.2.5
                                                                                                Jun 27, 2024 09:04:58.269995928 CEST58916443192.168.2.552.202.204.11
                                                                                                Jun 27, 2024 09:04:58.270004034 CEST4435891652.202.204.11192.168.2.5
                                                                                                Jun 27, 2024 09:04:58.270030022 CEST58916443192.168.2.552.202.204.11
                                                                                                Jun 27, 2024 09:04:58.270035982 CEST4435891652.202.204.11192.168.2.5
                                                                                                Jun 27, 2024 09:04:58.270073891 CEST58916443192.168.2.552.202.204.11
                                                                                                Jun 27, 2024 09:04:58.456188917 CEST4435891718.244.18.27192.168.2.5
                                                                                                Jun 27, 2024 09:04:58.456633091 CEST58917443192.168.2.518.244.18.27
                                                                                                Jun 27, 2024 09:04:58.456657887 CEST4435891718.244.18.27192.168.2.5
                                                                                                Jun 27, 2024 09:04:58.460171938 CEST4435891718.244.18.27192.168.2.5
                                                                                                Jun 27, 2024 09:04:58.460274935 CEST58917443192.168.2.518.244.18.27
                                                                                                Jun 27, 2024 09:04:58.461930037 CEST58917443192.168.2.518.244.18.27
                                                                                                Jun 27, 2024 09:04:58.462100983 CEST4435891718.244.18.27192.168.2.5
                                                                                                Jun 27, 2024 09:04:58.462412119 CEST58917443192.168.2.518.244.18.27
                                                                                                Jun 27, 2024 09:04:58.462419987 CEST4435891718.244.18.27192.168.2.5
                                                                                                Jun 27, 2024 09:04:58.515481949 CEST4435891652.202.204.11192.168.2.5
                                                                                                Jun 27, 2024 09:04:58.515507936 CEST4435891652.202.204.11192.168.2.5
                                                                                                Jun 27, 2024 09:04:58.515573978 CEST58916443192.168.2.552.202.204.11
                                                                                                Jun 27, 2024 09:04:58.515583038 CEST4435891652.202.204.11192.168.2.5
                                                                                                Jun 27, 2024 09:04:58.515634060 CEST58916443192.168.2.552.202.204.11
                                                                                                Jun 27, 2024 09:04:58.517916918 CEST58916443192.168.2.552.202.204.11
                                                                                                Jun 27, 2024 09:04:58.517951965 CEST4435891652.202.204.11192.168.2.5
                                                                                                Jun 27, 2024 09:04:58.553381920 CEST58917443192.168.2.518.244.18.27
                                                                                                Jun 27, 2024 09:04:58.735913038 CEST4435891718.244.18.27192.168.2.5
                                                                                                Jun 27, 2024 09:04:58.735989094 CEST4435891718.244.18.27192.168.2.5
                                                                                                Jun 27, 2024 09:04:58.736031055 CEST58917443192.168.2.518.244.18.27
                                                                                                Jun 27, 2024 09:04:58.736613989 CEST58917443192.168.2.518.244.18.27
                                                                                                Jun 27, 2024 09:04:58.736618996 CEST4435891718.244.18.27192.168.2.5
                                                                                                Jun 27, 2024 09:04:58.738264084 CEST58928443192.168.2.518.244.18.27
                                                                                                Jun 27, 2024 09:04:58.738305092 CEST4435892818.244.18.27192.168.2.5
                                                                                                Jun 27, 2024 09:04:58.738415003 CEST58928443192.168.2.518.244.18.27
                                                                                                Jun 27, 2024 09:04:58.738631964 CEST58928443192.168.2.518.244.18.27
                                                                                                Jun 27, 2024 09:04:58.738641977 CEST4435892818.244.18.27192.168.2.5
                                                                                                Jun 27, 2024 09:04:59.667064905 CEST4435892818.244.18.27192.168.2.5
                                                                                                Jun 27, 2024 09:04:59.668301105 CEST58928443192.168.2.518.244.18.27
                                                                                                Jun 27, 2024 09:04:59.668329954 CEST4435892818.244.18.27192.168.2.5
                                                                                                Jun 27, 2024 09:04:59.668682098 CEST4435892818.244.18.27192.168.2.5
                                                                                                Jun 27, 2024 09:04:59.669125080 CEST58928443192.168.2.518.244.18.27
                                                                                                Jun 27, 2024 09:04:59.669187069 CEST4435892818.244.18.27192.168.2.5
                                                                                                Jun 27, 2024 09:04:59.669409037 CEST58928443192.168.2.518.244.18.27
                                                                                                Jun 27, 2024 09:04:59.674663067 CEST58929443192.168.2.523.47.168.24
                                                                                                Jun 27, 2024 09:04:59.674761057 CEST4435892923.47.168.24192.168.2.5
                                                                                                Jun 27, 2024 09:04:59.674848080 CEST58929443192.168.2.523.47.168.24
                                                                                                Jun 27, 2024 09:04:59.675230026 CEST58929443192.168.2.523.47.168.24
                                                                                                Jun 27, 2024 09:04:59.675267935 CEST4435892923.47.168.24192.168.2.5
                                                                                                Jun 27, 2024 09:04:59.716500998 CEST4435892818.244.18.27192.168.2.5
                                                                                                Jun 27, 2024 09:04:59.942173958 CEST4435892818.244.18.27192.168.2.5
                                                                                                Jun 27, 2024 09:04:59.942553043 CEST4435892818.244.18.27192.168.2.5
                                                                                                Jun 27, 2024 09:04:59.942647934 CEST58928443192.168.2.518.244.18.27
                                                                                                Jun 27, 2024 09:05:00.016833067 CEST58928443192.168.2.518.244.18.27
                                                                                                Jun 27, 2024 09:05:00.016861916 CEST4435892818.244.18.27192.168.2.5
                                                                                                Jun 27, 2024 09:05:00.233095884 CEST4435892923.47.168.24192.168.2.5
                                                                                                Jun 27, 2024 09:05:00.233808994 CEST58929443192.168.2.523.47.168.24
                                                                                                Jun 27, 2024 09:05:00.233833075 CEST4435892923.47.168.24192.168.2.5
                                                                                                Jun 27, 2024 09:05:00.234859943 CEST4435892923.47.168.24192.168.2.5
                                                                                                Jun 27, 2024 09:05:00.234915018 CEST58929443192.168.2.523.47.168.24
                                                                                                Jun 27, 2024 09:05:00.249430895 CEST58929443192.168.2.523.47.168.24
                                                                                                Jun 27, 2024 09:05:00.249536037 CEST4435892923.47.168.24192.168.2.5
                                                                                                Jun 27, 2024 09:05:00.249929905 CEST58929443192.168.2.523.47.168.24
                                                                                                Jun 27, 2024 09:05:00.249950886 CEST4435892923.47.168.24192.168.2.5
                                                                                                Jun 27, 2024 09:05:00.346318007 CEST4435892923.47.168.24192.168.2.5
                                                                                                Jun 27, 2024 09:05:00.346419096 CEST58929443192.168.2.523.47.168.24
                                                                                                Jun 27, 2024 09:05:00.347270012 CEST58929443192.168.2.523.47.168.24
                                                                                                Jun 27, 2024 09:05:00.347295046 CEST4435892923.47.168.24192.168.2.5
                                                                                                Jun 27, 2024 09:05:05.477674961 CEST44358891142.250.184.228192.168.2.5
                                                                                                Jun 27, 2024 09:05:05.477757931 CEST44358891142.250.184.228192.168.2.5
                                                                                                Jun 27, 2024 09:05:05.477818966 CEST58891443192.168.2.5142.250.184.228
                                                                                                Jun 27, 2024 09:05:05.601434946 CEST58891443192.168.2.5142.250.184.228
                                                                                                Jun 27, 2024 09:05:05.601485968 CEST44358891142.250.184.228192.168.2.5
                                                                                                Jun 27, 2024 09:05:15.904637098 CEST4435890723.51.56.185192.168.2.5
                                                                                                Jun 27, 2024 09:05:15.904737949 CEST4435890723.51.56.185192.168.2.5
                                                                                                Jun 27, 2024 09:05:15.904917002 CEST58907443192.168.2.523.51.56.185
                                                                                                Jun 27, 2024 09:05:26.860496044 CEST4435890518.244.18.27192.168.2.5
                                                                                                Jun 27, 2024 09:05:26.860600948 CEST4435890518.244.18.27192.168.2.5
                                                                                                Jun 27, 2024 09:05:26.860723972 CEST58905443192.168.2.518.244.18.27
                                                                                                Jun 27, 2024 09:05:27.601449966 CEST58905443192.168.2.518.244.18.27
                                                                                                Jun 27, 2024 09:05:27.601488113 CEST4435890518.244.18.27192.168.2.5
                                                                                                Jun 27, 2024 09:05:33.351769924 CEST5893180192.168.2.5208.95.112.1
                                                                                                Jun 27, 2024 09:05:33.358064890 CEST8058931208.95.112.1192.168.2.5
                                                                                                Jun 27, 2024 09:05:33.358145952 CEST5893180192.168.2.5208.95.112.1
                                                                                                Jun 27, 2024 09:05:33.358421087 CEST5893180192.168.2.5208.95.112.1
                                                                                                Jun 27, 2024 09:05:33.363353014 CEST8058931208.95.112.1192.168.2.5
                                                                                                Jun 27, 2024 09:05:33.835439920 CEST8058931208.95.112.1192.168.2.5
                                                                                                Jun 27, 2024 09:05:33.880690098 CEST5893180192.168.2.5208.95.112.1
                                                                                                Jun 27, 2024 09:05:34.448694944 CEST58932587192.168.2.5185.230.214.164
                                                                                                Jun 27, 2024 09:05:34.453756094 CEST58758932185.230.214.164192.168.2.5
                                                                                                Jun 27, 2024 09:05:34.453934908 CEST58932587192.168.2.5185.230.214.164
                                                                                                Jun 27, 2024 09:05:35.082981110 CEST58758932185.230.214.164192.168.2.5
                                                                                                Jun 27, 2024 09:05:35.084459066 CEST58932587192.168.2.5185.230.214.164
                                                                                                Jun 27, 2024 09:05:35.089339018 CEST58758932185.230.214.164192.168.2.5
                                                                                                Jun 27, 2024 09:05:35.281023026 CEST58758932185.230.214.164192.168.2.5
                                                                                                Jun 27, 2024 09:05:35.333975077 CEST58932587192.168.2.5185.230.214.164
                                                                                                Jun 27, 2024 09:05:35.368050098 CEST58758932185.230.214.164192.168.2.5
                                                                                                Jun 27, 2024 09:05:35.368237019 CEST58932587192.168.2.5185.230.214.164
                                                                                                Jun 27, 2024 09:05:35.373131990 CEST58758932185.230.214.164192.168.2.5
                                                                                                Jun 27, 2024 09:05:35.556241989 CEST58758932185.230.214.164192.168.2.5
                                                                                                Jun 27, 2024 09:05:35.561017036 CEST58932587192.168.2.5185.230.214.164
                                                                                                Jun 27, 2024 09:05:35.566215038 CEST58758932185.230.214.164192.168.2.5
                                                                                                Jun 27, 2024 09:05:35.749921083 CEST58758932185.230.214.164192.168.2.5
                                                                                                Jun 27, 2024 09:05:35.749948025 CEST58758932185.230.214.164192.168.2.5
                                                                                                Jun 27, 2024 09:05:35.749963045 CEST58758932185.230.214.164192.168.2.5
                                                                                                Jun 27, 2024 09:05:35.749979973 CEST58758932185.230.214.164192.168.2.5
                                                                                                Jun 27, 2024 09:05:35.750021935 CEST58932587192.168.2.5185.230.214.164
                                                                                                Jun 27, 2024 09:05:35.750071049 CEST58932587192.168.2.5185.230.214.164
                                                                                                Jun 27, 2024 09:05:35.755700111 CEST58932587192.168.2.5185.230.214.164
                                                                                                Jun 27, 2024 09:05:35.760798931 CEST58758932185.230.214.164192.168.2.5
                                                                                                Jun 27, 2024 09:05:35.943392038 CEST58758932185.230.214.164192.168.2.5
                                                                                                Jun 27, 2024 09:05:35.959094048 CEST58932587192.168.2.5185.230.214.164
                                                                                                Jun 27, 2024 09:05:35.964095116 CEST58758932185.230.214.164192.168.2.5
                                                                                                Jun 27, 2024 09:05:36.146471024 CEST58758932185.230.214.164192.168.2.5
                                                                                                Jun 27, 2024 09:05:36.147869110 CEST58932587192.168.2.5185.230.214.164
                                                                                                Jun 27, 2024 09:05:36.152915001 CEST58758932185.230.214.164192.168.2.5
                                                                                                Jun 27, 2024 09:05:36.335213900 CEST58758932185.230.214.164192.168.2.5
                                                                                                Jun 27, 2024 09:05:36.335716963 CEST58932587192.168.2.5185.230.214.164
                                                                                                Jun 27, 2024 09:05:36.340620995 CEST58758932185.230.214.164192.168.2.5
                                                                                                Jun 27, 2024 09:05:36.561707973 CEST58758932185.230.214.164192.168.2.5
                                                                                                Jun 27, 2024 09:05:36.562899113 CEST58932587192.168.2.5185.230.214.164
                                                                                                Jun 27, 2024 09:05:36.567805052 CEST58758932185.230.214.164192.168.2.5
                                                                                                Jun 27, 2024 09:05:36.750346899 CEST58758932185.230.214.164192.168.2.5
                                                                                                Jun 27, 2024 09:05:36.750670910 CEST58932587192.168.2.5185.230.214.164
                                                                                                Jun 27, 2024 09:05:36.755645990 CEST58758932185.230.214.164192.168.2.5
                                                                                                Jun 27, 2024 09:05:36.938435078 CEST58758932185.230.214.164192.168.2.5
                                                                                                Jun 27, 2024 09:05:36.938663006 CEST58932587192.168.2.5185.230.214.164
                                                                                                Jun 27, 2024 09:05:36.943623066 CEST58758932185.230.214.164192.168.2.5
                                                                                                Jun 27, 2024 09:05:37.125943899 CEST58758932185.230.214.164192.168.2.5
                                                                                                Jun 27, 2024 09:05:37.126555920 CEST58932587192.168.2.5185.230.214.164
                                                                                                Jun 27, 2024 09:05:37.126621008 CEST58932587192.168.2.5185.230.214.164
                                                                                                Jun 27, 2024 09:05:37.126656055 CEST58932587192.168.2.5185.230.214.164
                                                                                                Jun 27, 2024 09:05:37.126679897 CEST58932587192.168.2.5185.230.214.164
                                                                                                Jun 27, 2024 09:05:37.131489038 CEST58758932185.230.214.164192.168.2.5
                                                                                                Jun 27, 2024 09:05:37.131520987 CEST58758932185.230.214.164192.168.2.5
                                                                                                Jun 27, 2024 09:05:37.131552935 CEST58758932185.230.214.164192.168.2.5
                                                                                                Jun 27, 2024 09:05:37.131623983 CEST58758932185.230.214.164192.168.2.5
                                                                                                Jun 27, 2024 09:05:37.652324915 CEST58758932185.230.214.164192.168.2.5
                                                                                                Jun 27, 2024 09:05:37.693660021 CEST58932587192.168.2.5185.230.214.164
                                                                                                Jun 27, 2024 09:05:38.943366051 CEST58932587192.168.2.5185.230.214.164
                                                                                                Jun 27, 2024 09:05:38.948340893 CEST58758932185.230.214.164192.168.2.5
                                                                                                Jun 27, 2024 09:05:39.130861998 CEST58758932185.230.214.164192.168.2.5
                                                                                                Jun 27, 2024 09:05:39.131270885 CEST58758932185.230.214.164192.168.2.5
                                                                                                Jun 27, 2024 09:05:39.131349087 CEST58932587192.168.2.5185.230.214.164
                                                                                                Jun 27, 2024 09:05:39.131382942 CEST58758932185.230.214.164192.168.2.5
                                                                                                Jun 27, 2024 09:05:39.131434917 CEST58932587192.168.2.5185.230.214.164
                                                                                                Jun 27, 2024 09:05:39.135054111 CEST58932587192.168.2.5185.230.214.164
                                                                                                Jun 27, 2024 09:05:39.135886908 CEST58933587192.168.2.5185.230.214.164
                                                                                                Jun 27, 2024 09:05:39.140856028 CEST58758933185.230.214.164192.168.2.5
                                                                                                Jun 27, 2024 09:05:39.140940905 CEST58933587192.168.2.5185.230.214.164
                                                                                                Jun 27, 2024 09:05:39.738022089 CEST58758933185.230.214.164192.168.2.5
                                                                                                Jun 27, 2024 09:05:39.738171101 CEST58933587192.168.2.5185.230.214.164
                                                                                                Jun 27, 2024 09:05:39.744155884 CEST58758933185.230.214.164192.168.2.5
                                                                                                Jun 27, 2024 09:05:39.926981926 CEST58758933185.230.214.164192.168.2.5
                                                                                                Jun 27, 2024 09:05:39.927398920 CEST58933587192.168.2.5185.230.214.164
                                                                                                Jun 27, 2024 09:05:39.932269096 CEST58758933185.230.214.164192.168.2.5
                                                                                                Jun 27, 2024 09:05:40.118558884 CEST58758933185.230.214.164192.168.2.5
                                                                                                Jun 27, 2024 09:05:40.119002104 CEST58933587192.168.2.5185.230.214.164
                                                                                                Jun 27, 2024 09:05:40.123953104 CEST58758933185.230.214.164192.168.2.5
                                                                                                Jun 27, 2024 09:05:40.309268951 CEST58758933185.230.214.164192.168.2.5
                                                                                                Jun 27, 2024 09:05:40.309322119 CEST58758933185.230.214.164192.168.2.5
                                                                                                Jun 27, 2024 09:05:40.309360027 CEST58758933185.230.214.164192.168.2.5
                                                                                                Jun 27, 2024 09:05:40.309422970 CEST58933587192.168.2.5185.230.214.164
                                                                                                Jun 27, 2024 09:05:40.310841084 CEST58933587192.168.2.5185.230.214.164
                                                                                                Jun 27, 2024 09:05:40.315726995 CEST58758933185.230.214.164192.168.2.5
                                                                                                Jun 27, 2024 09:05:40.499850988 CEST58758933185.230.214.164192.168.2.5
                                                                                                Jun 27, 2024 09:05:40.501295090 CEST58933587192.168.2.5185.230.214.164
                                                                                                Jun 27, 2024 09:05:40.506266117 CEST58758933185.230.214.164192.168.2.5
                                                                                                Jun 27, 2024 09:05:40.690485001 CEST58758933185.230.214.164192.168.2.5
                                                                                                Jun 27, 2024 09:05:40.740575075 CEST58933587192.168.2.5185.230.214.164
                                                                                                Jun 27, 2024 09:05:40.822334051 CEST58758933185.230.214.164192.168.2.5
                                                                                                Jun 27, 2024 09:05:40.822624922 CEST58933587192.168.2.5185.230.214.164
                                                                                                Jun 27, 2024 09:05:40.827660084 CEST58758933185.230.214.164192.168.2.5
                                                                                                Jun 27, 2024 09:05:41.011905909 CEST58758933185.230.214.164192.168.2.5
                                                                                                Jun 27, 2024 09:05:41.012998104 CEST58933587192.168.2.5185.230.214.164
                                                                                                Jun 27, 2024 09:05:41.017786026 CEST58758933185.230.214.164192.168.2.5
                                                                                                Jun 27, 2024 09:05:41.248948097 CEST58758933185.230.214.164192.168.2.5
                                                                                                Jun 27, 2024 09:05:41.265928030 CEST58933587192.168.2.5185.230.214.164
                                                                                                Jun 27, 2024 09:05:41.270890951 CEST58758933185.230.214.164192.168.2.5
                                                                                                Jun 27, 2024 09:05:41.455282927 CEST58758933185.230.214.164192.168.2.5
                                                                                                Jun 27, 2024 09:05:41.456567049 CEST58933587192.168.2.5185.230.214.164
                                                                                                Jun 27, 2024 09:05:41.461550951 CEST58758933185.230.214.164192.168.2.5
                                                                                                Jun 27, 2024 09:05:41.645682096 CEST58758933185.230.214.164192.168.2.5
                                                                                                Jun 27, 2024 09:05:41.645932913 CEST58933587192.168.2.5185.230.214.164
                                                                                                Jun 27, 2024 09:05:41.650847912 CEST58758933185.230.214.164192.168.2.5
                                                                                                Jun 27, 2024 09:05:41.834711075 CEST58758933185.230.214.164192.168.2.5
                                                                                                Jun 27, 2024 09:05:41.836456060 CEST58933587192.168.2.5185.230.214.164
                                                                                                Jun 27, 2024 09:05:41.836721897 CEST58933587192.168.2.5185.230.214.164
                                                                                                Jun 27, 2024 09:05:41.836772919 CEST58933587192.168.2.5185.230.214.164
                                                                                                Jun 27, 2024 09:05:41.836816072 CEST58933587192.168.2.5185.230.214.164
                                                                                                Jun 27, 2024 09:05:41.836956024 CEST58933587192.168.2.5185.230.214.164
                                                                                                Jun 27, 2024 09:05:41.837002993 CEST58933587192.168.2.5185.230.214.164
                                                                                                Jun 27, 2024 09:05:41.837054968 CEST58933587192.168.2.5185.230.214.164
                                                                                                Jun 27, 2024 09:05:41.837090969 CEST58933587192.168.2.5185.230.214.164
                                                                                                Jun 27, 2024 09:05:41.837124109 CEST58933587192.168.2.5185.230.214.164
                                                                                                Jun 27, 2024 09:05:41.837153912 CEST58933587192.168.2.5185.230.214.164
                                                                                                Jun 27, 2024 09:05:41.843362093 CEST58758933185.230.214.164192.168.2.5
                                                                                                Jun 27, 2024 09:05:41.843375921 CEST58758933185.230.214.164192.168.2.5
                                                                                                Jun 27, 2024 09:05:41.843384981 CEST58758933185.230.214.164192.168.2.5
                                                                                                Jun 27, 2024 09:05:41.843395948 CEST58758933185.230.214.164192.168.2.5
                                                                                                Jun 27, 2024 09:05:41.843432903 CEST58758933185.230.214.164192.168.2.5
                                                                                                Jun 27, 2024 09:05:41.843506098 CEST58758933185.230.214.164192.168.2.5
                                                                                                Jun 27, 2024 09:05:41.843514919 CEST58758933185.230.214.164192.168.2.5
                                                                                                Jun 27, 2024 09:05:41.843523979 CEST58758933185.230.214.164192.168.2.5
                                                                                                Jun 27, 2024 09:05:41.843533039 CEST58758933185.230.214.164192.168.2.5
                                                                                                Jun 27, 2024 09:05:41.843543053 CEST58758933185.230.214.164192.168.2.5
                                                                                                Jun 27, 2024 09:05:42.531210899 CEST58758933185.230.214.164192.168.2.5
                                                                                                Jun 27, 2024 09:05:42.571129084 CEST58933587192.168.2.5185.230.214.164
                                                                                                Jun 27, 2024 09:05:54.897950888 CEST58935443192.168.2.5142.250.184.228
                                                                                                Jun 27, 2024 09:05:54.897993088 CEST44358935142.250.184.228192.168.2.5
                                                                                                Jun 27, 2024 09:05:54.898083925 CEST58935443192.168.2.5142.250.184.228
                                                                                                Jun 27, 2024 09:05:54.898463964 CEST58935443192.168.2.5142.250.184.228
                                                                                                Jun 27, 2024 09:05:54.898483992 CEST44358935142.250.184.228192.168.2.5
                                                                                                Jun 27, 2024 09:05:55.537595034 CEST44358935142.250.184.228192.168.2.5
                                                                                                Jun 27, 2024 09:05:55.537961960 CEST58935443192.168.2.5142.250.184.228
                                                                                                Jun 27, 2024 09:05:55.537985086 CEST44358935142.250.184.228192.168.2.5
                                                                                                Jun 27, 2024 09:05:55.539082050 CEST44358935142.250.184.228192.168.2.5
                                                                                                Jun 27, 2024 09:05:55.539457083 CEST58935443192.168.2.5142.250.184.228
                                                                                                Jun 27, 2024 09:05:55.539614916 CEST44358935142.250.184.228192.168.2.5
                                                                                                Jun 27, 2024 09:05:55.584000111 CEST58935443192.168.2.5142.250.184.228
                                                                                                Jun 27, 2024 09:06:00.912045956 CEST58907443192.168.2.523.51.56.185
                                                                                                Jun 27, 2024 09:06:00.912075043 CEST4435890723.51.56.185192.168.2.5
                                                                                                Jun 27, 2024 09:06:05.442409039 CEST44358935142.250.184.228192.168.2.5
                                                                                                Jun 27, 2024 09:06:05.442576885 CEST44358935142.250.184.228192.168.2.5
                                                                                                Jun 27, 2024 09:06:05.442786932 CEST58935443192.168.2.5142.250.184.228
                                                                                                Jun 27, 2024 09:06:05.624600887 CEST58935443192.168.2.5142.250.184.228
                                                                                                Jun 27, 2024 09:06:05.624645948 CEST44358935142.250.184.228192.168.2.5
                                                                                                Jun 27, 2024 09:06:11.816943884 CEST8058931208.95.112.1192.168.2.5
                                                                                                Jun 27, 2024 09:06:11.817011118 CEST5893180192.168.2.5208.95.112.1
                                                                                                Jun 27, 2024 09:06:24.443677902 CEST5893180192.168.2.5208.95.112.1
                                                                                                Jun 27, 2024 09:06:24.448579073 CEST8058931208.95.112.1192.168.2.5

                                                                                                UDP Packets

                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                Jun 27, 2024 09:02:26.304248095 CEST5146553192.168.2.51.1.1.1
                                                                                                Jun 27, 2024 09:02:26.311280966 CEST53514651.1.1.1192.168.2.5
                                                                                                Jun 27, 2024 09:02:45.241367102 CEST53507811.1.1.1192.168.2.5
                                                                                                Jun 27, 2024 09:04:50.591523886 CEST6253053192.168.2.51.1.1.1
                                                                                                Jun 27, 2024 09:04:50.591701031 CEST5340653192.168.2.51.1.1.1
                                                                                                Jun 27, 2024 09:04:50.598099947 CEST53625691.1.1.1192.168.2.5
                                                                                                Jun 27, 2024 09:04:50.625637054 CEST53563271.1.1.1192.168.2.5
                                                                                                Jun 27, 2024 09:04:50.842434883 CEST53534061.1.1.1192.168.2.5
                                                                                                Jun 27, 2024 09:04:51.825556993 CEST53590021.1.1.1192.168.2.5
                                                                                                Jun 27, 2024 09:04:54.020270109 CEST53555081.1.1.1192.168.2.5
                                                                                                Jun 27, 2024 09:04:54.928817034 CEST6292553192.168.2.51.1.1.1
                                                                                                Jun 27, 2024 09:04:54.928941965 CEST6064353192.168.2.51.1.1.1
                                                                                                Jun 27, 2024 09:04:54.935516119 CEST53629251.1.1.1192.168.2.5
                                                                                                Jun 27, 2024 09:04:54.935638905 CEST53606431.1.1.1192.168.2.5
                                                                                                Jun 27, 2024 09:04:55.076797962 CEST6457153192.168.2.51.1.1.1
                                                                                                Jun 27, 2024 09:04:55.076955080 CEST5802353192.168.2.51.1.1.1
                                                                                                Jun 27, 2024 09:04:55.084039927 CEST53645711.1.1.1192.168.2.5
                                                                                                Jun 27, 2024 09:04:55.084397078 CEST53580231.1.1.1192.168.2.5
                                                                                                Jun 27, 2024 09:04:56.361176014 CEST5905253192.168.2.51.1.1.1
                                                                                                Jun 27, 2024 09:04:56.361357927 CEST5376153192.168.2.51.1.1.1
                                                                                                Jun 27, 2024 09:04:56.474667072 CEST53537611.1.1.1192.168.2.5
                                                                                                Jun 27, 2024 09:04:57.696599007 CEST6489053192.168.2.51.1.1.1
                                                                                                Jun 27, 2024 09:04:57.696890116 CEST5022653192.168.2.51.1.1.1
                                                                                                Jun 27, 2024 09:04:57.703572035 CEST53648901.1.1.1192.168.2.5
                                                                                                Jun 27, 2024 09:04:57.703964949 CEST53502261.1.1.1192.168.2.5
                                                                                                Jun 27, 2024 09:05:08.858289003 CEST53540431.1.1.1192.168.2.5
                                                                                                Jun 27, 2024 09:05:27.701533079 CEST53531541.1.1.1192.168.2.5
                                                                                                Jun 27, 2024 09:05:33.306639910 CEST6495653192.168.2.51.1.1.1
                                                                                                Jun 27, 2024 09:05:33.314498901 CEST53649561.1.1.1192.168.2.5
                                                                                                Jun 27, 2024 09:05:34.437616110 CEST5238953192.168.2.51.1.1.1
                                                                                                Jun 27, 2024 09:05:34.447928905 CEST53523891.1.1.1192.168.2.5
                                                                                                Jun 27, 2024 09:05:50.241868019 CEST53627291.1.1.1192.168.2.5
                                                                                                Jun 27, 2024 09:05:50.350295067 CEST53496741.1.1.1192.168.2.5
                                                                                                Jun 27, 2024 09:06:05.472246885 CEST6203153192.168.2.51.1.1.1
                                                                                                Jun 27, 2024 09:06:05.480074883 CEST53620311.1.1.1192.168.2.5
                                                                                                Jun 27, 2024 09:06:10.168314934 CEST138138192.168.2.5192.168.2.255
                                                                                                Jun 27, 2024 09:06:20.513946056 CEST53602111.1.1.1192.168.2.5
                                                                                                Jun 27, 2024 09:06:35.584687948 CEST6086153192.168.2.51.1.1.1
                                                                                                Jun 27, 2024 09:06:35.593835115 CEST53608611.1.1.1192.168.2.5

                                                                                                ICMP Packets

                                                                                                TimestampSource IPDest IPChecksumCodeType
                                                                                                Jun 27, 2024 09:04:50.842647076 CEST192.168.2.51.1.1.1c276(Port unreachable)Destination Unreachable

                                                                                                DNS Queries

                                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                Jun 27, 2024 09:02:26.304248095 CEST192.168.2.51.1.1.10x1f8eStandard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                Jun 27, 2024 09:04:50.591523886 CEST192.168.2.51.1.1.10x9140Standard query (0)verificacfdi.facturaelectronica.sat.gob.mxA (IP address)IN (0x0001)false
                                                                                                Jun 27, 2024 09:04:50.591701031 CEST192.168.2.51.1.1.10xacd8Standard query (0)verificacfdi.facturaelectronica.sat.gob.mx65IN (0x0001)false
                                                                                                Jun 27, 2024 09:04:54.928817034 CEST192.168.2.51.1.1.10x6707Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                Jun 27, 2024 09:04:54.928941965 CEST192.168.2.51.1.1.10xcf1dStandard query (0)www.google.com65IN (0x0001)false
                                                                                                Jun 27, 2024 09:04:55.076797962 CEST192.168.2.51.1.1.10xae21Standard query (0)sb.scorecardresearch.comA (IP address)IN (0x0001)false
                                                                                                Jun 27, 2024 09:04:55.076955080 CEST192.168.2.51.1.1.10xd20bStandard query (0)sb.scorecardresearch.com65IN (0x0001)false
                                                                                                Jun 27, 2024 09:04:56.361176014 CEST192.168.2.51.1.1.10x1feaStandard query (0)verificacfdi.facturaelectronica.sat.gob.mxA (IP address)IN (0x0001)false
                                                                                                Jun 27, 2024 09:04:56.361357927 CEST192.168.2.51.1.1.10xb5b4Standard query (0)verificacfdi.facturaelectronica.sat.gob.mx65IN (0x0001)false
                                                                                                Jun 27, 2024 09:04:57.696599007 CEST192.168.2.51.1.1.10x783fStandard query (0)sb.scorecardresearch.comA (IP address)IN (0x0001)false
                                                                                                Jun 27, 2024 09:04:57.696890116 CEST192.168.2.51.1.1.10x8e8cStandard query (0)sb.scorecardresearch.com65IN (0x0001)false
                                                                                                Jun 27, 2024 09:05:33.306639910 CEST192.168.2.51.1.1.10x1e34Standard query (0)ip-api.comA (IP address)IN (0x0001)false
                                                                                                Jun 27, 2024 09:05:34.437616110 CEST192.168.2.51.1.1.10xe6ceStandard query (0)smtp.zoho.euA (IP address)IN (0x0001)false
                                                                                                Jun 27, 2024 09:06:05.472246885 CEST192.168.2.51.1.1.10x1cc1Standard query (0)smtp.zoho.euA (IP address)IN (0x0001)false
                                                                                                Jun 27, 2024 09:06:35.584687948 CEST192.168.2.51.1.1.10x2a84Standard query (0)smtp.zoho.euA (IP address)IN (0x0001)false

                                                                                                DNS Answers

                                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                Jun 27, 2024 09:02:26.311280966 CEST1.1.1.1192.168.2.50x1f8eNo error (0)www.google.com142.250.186.68A (IP address)IN (0x0001)false
                                                                                                Jun 27, 2024 09:04:50.609314919 CEST1.1.1.1192.168.2.50x9140No error (0)verificacfdi.facturaelectronica.sat.gob.mxprodcfdiverifica.cloudapp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                Jun 27, 2024 09:04:50.842434883 CEST1.1.1.1192.168.2.50xacd8No error (0)verificacfdi.facturaelectronica.sat.gob.mxprodcfdiverifica.cloudapp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                Jun 27, 2024 09:04:54.935516119 CEST1.1.1.1192.168.2.50x6707No error (0)www.google.com142.250.184.228A (IP address)IN (0x0001)false
                                                                                                Jun 27, 2024 09:04:54.935638905 CEST1.1.1.1192.168.2.50xcf1dNo error (0)www.google.com65IN (0x0001)false
                                                                                                Jun 27, 2024 09:04:55.084039927 CEST1.1.1.1192.168.2.50xae21No error (0)sb.scorecardresearch.com18.244.18.27A (IP address)IN (0x0001)false
                                                                                                Jun 27, 2024 09:04:55.084039927 CEST1.1.1.1192.168.2.50xae21No error (0)sb.scorecardresearch.com18.244.18.38A (IP address)IN (0x0001)false
                                                                                                Jun 27, 2024 09:04:55.084039927 CEST1.1.1.1192.168.2.50xae21No error (0)sb.scorecardresearch.com18.244.18.32A (IP address)IN (0x0001)false
                                                                                                Jun 27, 2024 09:04:55.084039927 CEST1.1.1.1192.168.2.50xae21No error (0)sb.scorecardresearch.com18.244.18.122A (IP address)IN (0x0001)false
                                                                                                Jun 27, 2024 09:04:56.474667072 CEST1.1.1.1192.168.2.50xb5b4No error (0)verificacfdi.facturaelectronica.sat.gob.mxprodcfdiverifica.cloudapp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                Jun 27, 2024 09:04:56.523967028 CEST1.1.1.1192.168.2.50x1feaNo error (0)verificacfdi.facturaelectronica.sat.gob.mxprodcfdiverifica.cloudapp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                Jun 27, 2024 09:04:57.703572035 CEST1.1.1.1192.168.2.50x783fNo error (0)sb.scorecardresearch.com18.244.18.27A (IP address)IN (0x0001)false
                                                                                                Jun 27, 2024 09:04:57.703572035 CEST1.1.1.1192.168.2.50x783fNo error (0)sb.scorecardresearch.com18.244.18.38A (IP address)IN (0x0001)false
                                                                                                Jun 27, 2024 09:04:57.703572035 CEST1.1.1.1192.168.2.50x783fNo error (0)sb.scorecardresearch.com18.244.18.32A (IP address)IN (0x0001)false
                                                                                                Jun 27, 2024 09:04:57.703572035 CEST1.1.1.1192.168.2.50x783fNo error (0)sb.scorecardresearch.com18.244.18.122A (IP address)IN (0x0001)false
                                                                                                Jun 27, 2024 09:05:33.314498901 CEST1.1.1.1192.168.2.50x1e34No error (0)ip-api.com208.95.112.1A (IP address)IN (0x0001)false
                                                                                                Jun 27, 2024 09:05:34.447928905 CEST1.1.1.1192.168.2.50xe6ceNo error (0)smtp.zoho.eu185.230.214.164A (IP address)IN (0x0001)false
                                                                                                Jun 27, 2024 09:06:05.480074883 CEST1.1.1.1192.168.2.50x1cc1No error (0)smtp.zoho.eu185.230.214.164A (IP address)IN (0x0001)false
                                                                                                Jun 27, 2024 09:06:35.593835115 CEST1.1.1.1192.168.2.50x2a84No error (0)smtp.zoho.eu185.230.214.164A (IP address)IN (0x0001)false

                                                                                                HTTP Request Dependency Graph

                                                                                                • ipinfo.io
                                                                                                • www.google.com
                                                                                                • fs.microsoft.com
                                                                                                • slscr.update.microsoft.com
                                                                                                • https:
                                                                                                  • sb.scorecardresearch.com
                                                                                                  • p13n.adobe.io
                                                                                                • armmf.adobe.com
                                                                                                • ip-api.com

                                                                                                HTTP Packets

                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                0192.168.2.558931208.95.112.1807784C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Jun 27, 2024 09:05:33.358421087 CEST80OUTGET /line/?fields=hosting HTTP/1.1
                                                                                                Host: ip-api.com
                                                                                                Connection: Keep-Alive
                                                                                                Jun 27, 2024 09:05:33.835439920 CEST175INHTTP/1.1 200 OK
                                                                                                Date: Thu, 27 Jun 2024 07:05:33 GMT
                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                Content-Length: 6
                                                                                                Access-Control-Allow-Origin: *
                                                                                                X-Ttl: 60
                                                                                                X-Rl: 44
                                                                                                Data Raw: 66 61 6c 73 65 0a
                                                                                                Data Ascii: false


                                                                                                HTTPS Proxied Packets

                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                0192.168.2.54970434.117.186.192443
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-06-27 07:02:19 UTC59OUTGET / HTTP/1.1
                                                                                                Host: ipinfo.io
                                                                                                Connection: Keep-Alive
                                                                                                2024-06-27 07:02:19 UTC513INHTTP/1.1 200 OK
                                                                                                server: nginx/1.24.0
                                                                                                date: Thu, 27 Jun 2024 07:02:19 GMT
                                                                                                content-type: application/json; charset=utf-8
                                                                                                Content-Length: 319
                                                                                                access-control-allow-origin: *
                                                                                                x-frame-options: SAMEORIGIN
                                                                                                x-xss-protection: 1; mode=block
                                                                                                x-content-type-options: nosniff
                                                                                                referrer-policy: strict-origin-when-cross-origin
                                                                                                x-envoy-upstream-service-time: 1
                                                                                                via: 1.1 google
                                                                                                strict-transport-security: max-age=2592000; includeSubDomains
                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                Connection: close
                                                                                                2024-06-27 07:02:19 UTC319INData Raw: 7b 0a 20 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 33 33 22 2c 0a 20 20 22 68 6f 73 74 6e 61 6d 65 22 3a 20 22 73 74 61 74 69 63 2d 63 70 65 2d 38 2d 34 36 2d 31 32 33 2d 33 33 2e 63 65 6e 74 75 72 79 6c 69 6e 6b 2e 63 6f 6d 22 2c 0a 20 20 22 63 69 74 79 22 3a 20 22 4e 65 77 20 59 6f 72 6b 20 43 69 74 79 22 2c 0a 20 20 22 72 65 67 69 6f 6e 22 3a 20 22 4e 65 77 20 59 6f 72 6b 22 2c 0a 20 20 22 63 6f 75 6e 74 72 79 22 3a 20 22 55 53 22 2c 0a 20 20 22 6c 6f 63 22 3a 20 22 34 30 2e 37 31 34 33 2c 2d 37 34 2e 30 30 36 30 22 2c 0a 20 20 22 6f 72 67 22 3a 20 22 41 53 33 33 35 36 20 4c 65 76 65 6c 20 33 20 50 61 72 65 6e 74 2c 20 4c 4c 43 22 2c 0a 20 20 22 70 6f 73 74 61 6c 22 3a 20 22 31 30 30 30 31 22 2c 0a 20 20 22 74 69 6d 65 7a 6f 6e 65 22 3a 20 22
                                                                                                Data Ascii: { "ip": "8.46.123.33", "hostname": "static-cpe-8-46-123-33.centurylink.com", "city": "New York City", "region": "New York", "country": "US", "loc": "40.7143,-74.0060", "org": "AS3356 Level 3 Parent, LLC", "postal": "10001", "timezone": "


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                1192.168.2.549705142.250.186.684436084C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-06-27 07:02:27 UTC123OUTGET /images/branding/googlelogo/1x/googlelogo_color_272x92dp.png HTTP/1.1
                                                                                                Host: www.google.com
                                                                                                Connection: Keep-Alive
                                                                                                2024-06-27 07:02:27 UTC671INHTTP/1.1 200 OK
                                                                                                Accept-Ranges: bytes
                                                                                                Content-Type: image/png
                                                                                                Cross-Origin-Resource-Policy: cross-origin
                                                                                                Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable"
                                                                                                Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
                                                                                                Content-Length: 5969
                                                                                                Date: Thu, 27 Jun 2024 07:02:27 GMT
                                                                                                Expires: Thu, 27 Jun 2024 07:02:27 GMT
                                                                                                Cache-Control: private, max-age=31536000
                                                                                                Last-Modified: Tue, 22 Oct 2019 18:30:00 GMT
                                                                                                X-Content-Type-Options: nosniff
                                                                                                Server: sffe
                                                                                                X-XSS-Protection: 0
                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                Connection: close
                                                                                                2024-06-27 07:02:27 UTC719INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 10 00 00 00 5c 08 06 00 00 00 a6 e7 ea b6 00 00 17 18 49 44 41 54 78 01 ed 5d 0b 94 1c 55 99 be 3a d3 81 c0 2e 82 c2 2a 82 08 12 10 90 05 92 aa 9a 84 90 d8 5d b7 7b b2 41 e2 41 81 28 b8 bb 0a 08 8a 1b 5c 84 98 05 e5 31 9a ae 9a 09 89 c0 02 0a 41 40 36 e1 81 06 17 10 1f 90 cc 24 01 f4 08 28 c8 43 58 58 7c 10 1e 64 fa 11 92 49 55 75 1e 99 64 7a ef b7 e6 b8 a4 b7 67 e6 bf d5 75 bb aa 87 fb 9d 73 4f e7 31 d3 d3 67 ea d6 57 ff fd ff ef ff 7e 16 07 66 76 ad db 2b ed 54 4c ee 7a a7 71 d7 9f 63 bb c1 65 b6 eb 3b dc f1 7b c4 df e7 8b bf 5f 22 d6 b9 d9 ee 60 56 da f5 8f 4e 77 55 77 67 1a 1a 1a ef 4c a4 7b 36 1f cc 9d ca 79 dc 0d ee b2 5d ff cf e2 b5 2a b3 32 79 6f bb 78 7d 5e 7c ef cd dc f5 ff 29 dd e5 ed cb
                                                                                                Data Ascii: PNGIHDR\IDATx]U:.*]{AA(\1A@6$(CXX|dIUudzgusO1gW~fv+TLzqce;{_"`VNwUwgL{6y]*2yox}^|)
                                                                                                2024-06-27 07:02:27 UTC1390INData Raw: 43 84 69 68 68 02 89 07 5d 5d d5 77 73 d7 7f 4c 92 3c e6 31 0d 0d 0d 4d 20 82 0c 3e 2f 79 6c b9 86 1e 79 68 68 8c 59 68 02 99 79 ed d0 6e dc f5 d6 48 94 69 57 21 d9 ca 34 34 34 34 81 70 27 38 47 82 3c d6 a1 8c ca 34 34 34 34 81 20 f7 21 d3 24 27 92 95 5f 60 80 86 86 86 26 10 f4 ba c8 68 3d 40 38 0c d0 d0 d0 d0 04 c2 f3 c1 9d 54 02 41 6f 0c 03 34 34 34 34 81 a0 23 96 da 69 9b 71 fd 27 74 d5 a5 75 a0 a1 09 a4 da c5 de 8d c5 54 01 e2 2b 6a f4 41 53 79 6a 54 d3 e9 f6 75 dc e8 28 66 cd 79 c5 ac 75 77 81 1b bf 2d 65 8d 42 c9 b6 2a 85 ac 35 84 57 fc 1d ff 2e fe ff ae a2 6d 7e bd 9c 35 2d 7c 5f 22 3e ff 6a d6 be ad af bd 63 5b 6f fb bc 6d 2b da ef 1e ec 4b fd 76 eb 8a 54 61 6b 5f aa 22 fe 5c 15 7f 1e 14 ab 3c d8 db f6 8c f8 ba 1f 89 75 b1 f8 da e3 f1 7d 2c 01 c0
                                                                                                Data Ascii: Cihh]]wsL<1M >/ylyhhYhynHiW!4444p'8G<4444 !$'_`&h=@8TAo4444#iq'tuT+jASyjTu(fyuw-eB*5W.m~5-|_">jc[om+KvTak_"\<u},
                                                                                                2024-06-27 07:02:27 UTC1390INData Raw: 43 0f b1 f7 8a 23 ce 72 99 ca cc 96 87 c6 1d 31 aa d5 c4 4e b1 23 71 fd 11 92 83 b0 09 5a 54 77 92 40 20 90 a4 4b 44 a3 cf 23 ca 0d 59 51 5c 48 8c 42 9e c5 91 aa 36 2c bc 92 96 44 f5 1e 1c f3 11 88 13 5c 3c cc 85 5c 2a 71 21 ef ad 1a 46 8a 35 80 ea ec a3 c6 15 b3 d6 4f 24 7e e6 6d 6c 04 88 68 62 89 c4 b1 e2 9e 46 fb 59 aa 4f b2 94 78 9f fb 24 a2 9d 11 f3 6b 19 c7 3b 55 86 3c a6 3b c1 fe ac 01 80 7c 32 6e f0 56 d3 09 a4 f6 98 91 b5 7c 62 14 fa 5f 88 56 1a e9 db c2 51 9b f2 b3 10 55 d7 3a b0 cf 25 26 51 5f 1e eb 04 62 77 07 5f 67 35 28 e7 26 7e 90 aa f7 28 64 cd 27 11 16 32 02 68 6a 43 e3 19 a2 c8 6c 10 99 fa ba 11 c1 83 6c 7f b2 de 63 45 ea 09 91 93 d8 8d 45 80 a1 5f b3 f1 22 2f f2 3b 6a 14 32 b4 62 fc b0 ee 76 f0 9f 21 b6 5a 78 c8 75 b0 08 20 f6 c2 8c 38
                                                                                                Data Ascii: C#r1N#qZTw@ KD#YQ\HB6,D\<\*q!F5O$~mlhbFYOx$k;U<;|2nV|b_VQU:%&Q_bw_g5(&~(d'2hjCllcEE_"/;j2bv!Zxu 8
                                                                                                2024-06-27 07:02:27 UTC1390INData Raw: 0d 7f e3 9a a7 13 2f d6 0f 98 42 60 68 10 d1 bf f2 33 ec 6d d8 de 97 3a 9d 56 3e 6d bb 45 71 19 f7 0e ca e7 c0 e7 dd c5 81 2c bf f9 10 e2 3e 7c 89 29 42 6e be 77 64 93 85 64 d8 77 3d 0d 3a f8 3f 02 43 21 9a cc 5d 01 30 40 4a 72 86 c6 d2 d9 cb aa 6d 2c 01 80 7a 51 90 da 6f c9 47 31 a7 72 f2 b0 12 e0 f4 e4 83 89 5d b8 eb c3 74 e1 52 65 c8 d4 b6 ee da 27 cd e6 d5 bb 1d 4c ac 7e bc 25 5a f8 95 7c 7e e4 57 44 72 d4 a3 7c 8e cd cb 77 3b a4 f6 e9 4f 95 17 a0 08 c0 14 00 1a 93 a6 2b 51 73 e6 29 21 88 c3 2f 71 eb 7b 30 5f 8e ff 26 5c 18 7c 40 90 c8 7a c9 6e d6 65 18 f2 c3 62 c4 cc ae 75 7b 71 37 78 44 22 7a 7a 7a b4 06 2c 6a b7 62 39 6b 7e 49 51 33 dd bf 12 37 d0 1f ea 3b b0 b7 bd 42 24 91 73 14 4d bc fb 2a e5 e7 e3 73 d6 73 3f e3 f9 e0 4e 62 1e eb 56 05 f3 75 db
                                                                                                Data Ascii: /B`h3m:V>mEq,>|)Bnwddw=:?C!]0@Jrm,zQoG1r]tRe'L~%Z|~WDr|w;O+Qs)!/q{0_&\|@znebu{q7xD"zzz,jb9k~IQ37;B$sM*ss?NbVu
                                                                                                2024-06-27 07:02:27 UTC1080INData Raw: 35 71 cf fd be 90 35 3f c2 54 03 c2 2c 54 56 70 03 c7 73 5c 81 fd bf b7 04 19 75 d6 44 94 b2 1d 27 29 0e 2d 51 3e 5b 8b 11 13 4c 01 44 27 ee 49 22 09 da af 92 38 f0 fe 98 f4 af 46 4c 58 b1 60 2b a1 60 3f 55 60 54 04 55 75 92 08 04 78 79 e6 84 dd f0 30 41 45 44 2d 79 98 37 10 12 a6 d1 13 09 ca a5 b6 eb bd d6 ac 88 03 ea 43 94 7e 59 93 51 33 08 79 11 ca aa 51 db ce 95 b2 e6 95 aa 1b a5 44 3e 62 2f 11 1d 2c c2 78 cb 48 89 03 ef 87 a8 03 93 fe 15 02 33 61 6c d7 ff 56 54 0f af bf 54 1a fd 63 98 00 85 40 90 a8 57 42 20 84 36 8b 02 b7 1e 8e 9a 38 10 e1 14 73 c6 34 16 27 a0 04 84 f0 cb 76 fc 5b b8 1b 94 23 26 8d 6d f0 21 e1 4e 70 4e 6e c1 7a 85 9b 53 be 09 a9 c4 ad 6e 44 24 8d 46 1c c5 ac e9 d4 cc e2 50 0e e8 3d c4 8d df dd 68 44 b2 b3 81 ae 07 fa 90 66 77 91 43
                                                                                                Data Ascii: 5q5?T,TVps\uD')-Q>[LD'I"8FLX`+`?U`TUuxy0AED-y7C~YQ3yQD>b/,xH3alVTTc@WB 68s4'v[#&m!NpNnzSnD$FP=hDfwC


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                2192.168.2.549709184.28.90.27443
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-06-27 07:02:34 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
                                                                                                Connection: Keep-Alive
                                                                                                Accept: */*
                                                                                                Accept-Encoding: identity
                                                                                                User-Agent: Microsoft BITS/7.8
                                                                                                Host: fs.microsoft.com
                                                                                                2024-06-27 07:02:34 UTC467INHTTP/1.1 200 OK
                                                                                                Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                                                                                Content-Type: application/octet-stream
                                                                                                ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                                                                                Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                                                                                Server: ECAcc (lpl/EF06)
                                                                                                X-CID: 11
                                                                                                X-Ms-ApiVersion: Distribute 1.2
                                                                                                X-Ms-Region: prod-neu-z1
                                                                                                Cache-Control: public, max-age=119243
                                                                                                Date: Thu, 27 Jun 2024 07:02:34 GMT
                                                                                                Connection: close
                                                                                                X-CID: 2


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                3192.168.2.549710184.28.90.27443
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-06-27 07:02:35 UTC239OUTGET /fs/windows/config.json HTTP/1.1
                                                                                                Connection: Keep-Alive
                                                                                                Accept: */*
                                                                                                Accept-Encoding: identity
                                                                                                If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
                                                                                                Range: bytes=0-2147483646
                                                                                                User-Agent: Microsoft BITS/7.8
                                                                                                Host: fs.microsoft.com
                                                                                                2024-06-27 07:02:35 UTC515INHTTP/1.1 200 OK
                                                                                                ApiVersion: Distribute 1.1
                                                                                                Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                                                                                Content-Type: application/octet-stream
                                                                                                ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                                                                                Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                                                                                Server: ECAcc (lpl/EF06)
                                                                                                X-CID: 11
                                                                                                X-Ms-ApiVersion: Distribute 1.2
                                                                                                X-Ms-Region: prod-weu-z1
                                                                                                Cache-Control: public, max-age=119225
                                                                                                Date: Thu, 27 Jun 2024 07:02:35 GMT
                                                                                                Content-Length: 55
                                                                                                Connection: close
                                                                                                X-CID: 2
                                                                                                2024-06-27 07:02:35 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
                                                                                                Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                4192.168.2.54971140.127.169.103443
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-06-27 07:02:43 UTC306OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=DaBCeBYVef88UT7&MD=3egcAMFP HTTP/1.1
                                                                                                Connection: Keep-Alive
                                                                                                Accept: */*
                                                                                                User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                                                                Host: slscr.update.microsoft.com
                                                                                                2024-06-27 07:02:43 UTC560INHTTP/1.1 200 OK
                                                                                                Cache-Control: no-cache
                                                                                                Pragma: no-cache
                                                                                                Content-Type: application/octet-stream
                                                                                                Expires: -1
                                                                                                Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                                                                ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"
                                                                                                MS-CorrelationId: 688e85b5-67e3-439b-bdfb-a024ef52be9d
                                                                                                MS-RequestId: 37fca114-58a0-4cd3-90c7-0a4146e7c309
                                                                                                MS-CV: BvYtqNmxSkWiChu7.0
                                                                                                X-Microsoft-SLSClientCache: 2880
                                                                                                Content-Disposition: attachment; filename=environment.cab
                                                                                                X-Content-Type-Options: nosniff
                                                                                                Date: Thu, 27 Jun 2024 07:02:42 GMT
                                                                                                Connection: close
                                                                                                Content-Length: 24490
                                                                                                2024-06-27 07:02:43 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
                                                                                                Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
                                                                                                2024-06-27 07:02:43 UTC8666INData Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31
                                                                                                Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                5192.168.2.55886440.127.169.103443
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-06-27 07:03:22 UTC306OUTGET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=DaBCeBYVef88UT7&MD=3egcAMFP HTTP/1.1
                                                                                                Connection: Keep-Alive
                                                                                                Accept: */*
                                                                                                User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                                                                Host: slscr.update.microsoft.com
                                                                                                2024-06-27 07:03:23 UTC560INHTTP/1.1 200 OK
                                                                                                Cache-Control: no-cache
                                                                                                Pragma: no-cache
                                                                                                Content-Type: application/octet-stream
                                                                                                Expires: -1
                                                                                                Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                                                                ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440"
                                                                                                MS-CorrelationId: 65180726-fd0e-4869-b5c9-e6aca9cb1282
                                                                                                MS-RequestId: 8c07b13f-0b20-48bd-aa50-178d1c21ba8e
                                                                                                MS-CV: fENPMXm9c0mvX119.0
                                                                                                X-Microsoft-SLSClientCache: 1440
                                                                                                Content-Disposition: attachment; filename=environment.cab
                                                                                                X-Content-Type-Options: nosniff
                                                                                                Date: Thu, 27 Jun 2024 07:03:22 GMT
                                                                                                Connection: close
                                                                                                Content-Length: 30005
                                                                                                2024-06-27 07:03:23 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e
                                                                                                Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
                                                                                                2024-06-27 07:03:23 UTC14181INData Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f
                                                                                                Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                6192.168.2.558865142.250.186.684436588C:\Users\user\AppData\Roaming\vexplorerez.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-06-27 07:03:40 UTC123OUTGET /images/branding/googlelogo/1x/googlelogo_color_272x92dp.png HTTP/1.1
                                                                                                Host: www.google.com
                                                                                                Connection: Keep-Alive
                                                                                                2024-06-27 07:03:41 UTC671INHTTP/1.1 200 OK
                                                                                                Accept-Ranges: bytes
                                                                                                Content-Type: image/png
                                                                                                Cross-Origin-Resource-Policy: cross-origin
                                                                                                Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable"
                                                                                                Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
                                                                                                Content-Length: 5969
                                                                                                Date: Thu, 27 Jun 2024 07:03:41 GMT
                                                                                                Expires: Thu, 27 Jun 2024 07:03:41 GMT
                                                                                                Cache-Control: private, max-age=31536000
                                                                                                Last-Modified: Tue, 22 Oct 2019 18:30:00 GMT
                                                                                                X-Content-Type-Options: nosniff
                                                                                                Server: sffe
                                                                                                X-XSS-Protection: 0
                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                Connection: close
                                                                                                2024-06-27 07:03:41 UTC719INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 10 00 00 00 5c 08 06 00 00 00 a6 e7 ea b6 00 00 17 18 49 44 41 54 78 01 ed 5d 0b 94 1c 55 99 be 3a d3 81 c0 2e 82 c2 2a 82 08 12 10 90 05 92 aa 9a 84 90 d8 5d b7 7b b2 41 e2 41 81 28 b8 bb 0a 08 8a 1b 5c 84 98 05 e5 31 9a ae 9a 09 89 c0 02 0a 41 40 36 e1 81 06 17 10 1f 90 cc 24 01 f4 08 28 c8 43 58 58 7c 10 1e 64 fa 11 92 49 55 75 1e 99 64 7a ef b7 e6 b8 a4 b7 67 e6 bf d5 75 bb aa 87 fb 9d 73 4f e7 31 d3 d3 67 ea d6 57 ff fd ff ef ff 7e 16 07 66 76 ad db 2b ed 54 4c ee 7a a7 71 d7 9f 63 bb c1 65 b6 eb 3b dc f1 7b c4 df e7 8b bf 5f 22 d6 b9 d9 ee 60 56 da f5 8f 4e 77 55 77 67 1a 1a 1a ef 4c a4 7b 36 1f cc 9d ca 79 dc 0d ee b2 5d ff cf e2 b5 2a b3 32 79 6f bb 78 7d 5e 7c ef cd dc f5 ff 29 dd e5 ed cb
                                                                                                Data Ascii: PNGIHDR\IDATx]U:.*]{AA(\1A@6$(CXX|dIUudzgusO1gW~fv+TLzqce;{_"`VNwUwgL{6y]*2yox}^|)
                                                                                                2024-06-27 07:03:41 UTC1390INData Raw: 43 84 69 68 68 02 89 07 5d 5d d5 77 73 d7 7f 4c 92 3c e6 31 0d 0d 0d 4d 20 82 0c 3e 2f 79 6c b9 86 1e 79 68 68 8c 59 68 02 99 79 ed d0 6e dc f5 d6 48 94 69 57 21 d9 ca 34 34 34 34 81 70 27 38 47 82 3c d6 a1 8c ca 34 34 34 34 81 20 f7 21 d3 24 27 92 95 5f 60 80 86 86 86 26 10 f4 ba c8 68 3d 40 38 0c d0 d0 d0 d0 04 c2 f3 c1 9d 54 02 41 6f 0c 03 34 34 34 34 81 a0 23 96 da 69 9b 71 fd 27 74 d5 a5 75 a0 a1 09 a4 da c5 de 8d c5 54 01 e2 2b 6a f4 41 53 79 6a 54 d3 e9 f6 75 dc e8 28 66 cd 79 c5 ac 75 77 81 1b bf 2d 65 8d 42 c9 b6 2a 85 ac 35 84 57 fc 1d ff 2e fe ff ae a2 6d 7e bd 9c 35 2d 7c 5f 22 3e ff 6a d6 be ad af bd 63 5b 6f fb bc 6d 2b da ef 1e ec 4b fd 76 eb 8a 54 61 6b 5f aa 22 fe 5c 15 7f 1e 14 ab 3c d8 db f6 8c f8 ba 1f 89 75 b1 f8 da e3 f1 7d 2c 01 c0
                                                                                                Data Ascii: Cihh]]wsL<1M >/ylyhhYhynHiW!4444p'8G<4444 !$'_`&h=@8TAo4444#iq'tuT+jASyjTu(fyuw-eB*5W.m~5-|_">jc[om+KvTak_"\<u},
                                                                                                2024-06-27 07:03:41 UTC1390INData Raw: 43 0f b1 f7 8a 23 ce 72 99 ca cc 96 87 c6 1d 31 aa d5 c4 4e b1 23 71 fd 11 92 83 b0 09 5a 54 77 92 40 20 90 a4 4b 44 a3 cf 23 ca 0d 59 51 5c 48 8c 42 9e c5 91 aa 36 2c bc 92 96 44 f5 1e 1c f3 11 88 13 5c 3c cc 85 5c 2a 71 21 ef ad 1a 46 8a 35 80 ea ec a3 c6 15 b3 d6 4f 24 7e e6 6d 6c 04 88 68 62 89 c4 b1 e2 9e 46 fb 59 aa 4f b2 94 78 9f fb 24 a2 9d 11 f3 6b 19 c7 3b 55 86 3c a6 3b c1 fe ac 01 80 7c 32 6e f0 56 d3 09 a4 f6 98 91 b5 7c 62 14 fa 5f 88 56 1a e9 db c2 51 9b f2 b3 10 55 d7 3a b0 cf 25 26 51 5f 1e eb 04 62 77 07 5f 67 35 28 e7 26 7e 90 aa f7 28 64 cd 27 11 16 32 02 68 6a 43 e3 19 a2 c8 6c 10 99 fa ba 11 c1 83 6c 7f b2 de 63 45 ea 09 91 93 d8 8d 45 80 a1 5f b3 f1 22 2f f2 3b 6a 14 32 b4 62 fc b0 ee 76 f0 9f 21 b6 5a 78 c8 75 b0 08 20 f6 c2 8c 38
                                                                                                Data Ascii: C#r1N#qZTw@ KD#YQ\HB6,D\<\*q!F5O$~mlhbFYOx$k;U<;|2nV|b_VQU:%&Q_bw_g5(&~(d'2hjCllcEE_"/;j2bv!Zxu 8
                                                                                                2024-06-27 07:03:41 UTC1390INData Raw: 0d 7f e3 9a a7 13 2f d6 0f 98 42 60 68 10 d1 bf f2 33 ec 6d d8 de 97 3a 9d 56 3e 6d bb 45 71 19 f7 0e ca e7 c0 e7 dd c5 81 2c bf f9 10 e2 3e 7c 89 29 42 6e be 77 64 93 85 64 d8 77 3d 0d 3a f8 3f 02 43 21 9a cc 5d 01 30 40 4a 72 86 c6 d2 d9 cb aa 6d 2c 01 80 7a 51 90 da 6f c9 47 31 a7 72 f2 b0 12 e0 f4 e4 83 89 5d b8 eb c3 74 e1 52 65 c8 d4 b6 ee da 27 cd e6 d5 bb 1d 4c ac 7e bc 25 5a f8 95 7c 7e e4 57 44 72 d4 a3 7c 8e cd cb 77 3b a4 f6 e9 4f 95 17 a0 08 c0 14 00 1a 93 a6 2b 51 73 e6 29 21 88 c3 2f 71 eb 7b 30 5f 8e ff 26 5c 18 7c 40 90 c8 7a c9 6e d6 65 18 f2 c3 62 c4 cc ae 75 7b 71 37 78 44 22 7a 7a 7a b4 06 2c 6a b7 62 39 6b 7e 49 51 33 dd bf 12 37 d0 1f ea 3b b0 b7 bd 42 24 91 73 14 4d bc fb 2a e5 e7 e3 73 d6 73 3f e3 f9 e0 4e 62 1e eb 56 05 f3 75 db
                                                                                                Data Ascii: /B`h3m:V>mEq,>|)Bnwddw=:?C!]0@Jrm,zQoG1r]tRe'L~%Z|~WDr|w;O+Qs)!/q{0_&\|@znebu{q7xD"zzz,jb9k~IQ37;B$sM*ss?NbVu
                                                                                                2024-06-27 07:03:41 UTC1080INData Raw: 35 71 cf fd be 90 35 3f c2 54 03 c2 2c 54 56 70 03 c7 73 5c 81 fd bf b7 04 19 75 d6 44 94 b2 1d 27 29 0e 2d 51 3e 5b 8b 11 13 4c 01 44 27 ee 49 22 09 da af 92 38 f0 fe 98 f4 af 46 4c 58 b1 60 2b a1 60 3f 55 60 54 04 55 75 92 08 04 78 79 e6 84 dd f0 30 41 45 44 2d 79 98 37 10 12 a6 d1 13 09 ca a5 b6 eb bd d6 ac 88 03 ea 43 94 7e 59 93 51 33 08 79 11 ca aa 51 db ce 95 b2 e6 95 aa 1b a5 44 3e 62 2f 11 1d 2c c2 78 cb 48 89 03 ef 87 a8 03 93 fe 15 02 33 61 6c d7 ff 56 54 0f af bf 54 1a fd 63 98 00 85 40 90 a8 57 42 20 84 36 8b 02 b7 1e 8e 9a 38 10 e1 14 73 c6 34 16 27 a0 04 84 f0 cb 76 fc 5b b8 1b 94 23 26 8d 6d f0 21 e1 4e 70 4e 6e c1 7a 85 9b 53 be 09 a9 c4 ad 6e 44 24 8d 46 1c c5 ac e9 d4 cc e2 50 0e e8 3d c4 8d df dd 68 44 b2 b3 81 ae 07 fa 90 66 77 91 43
                                                                                                Data Ascii: 5q5?T,TVps\uD')-Q>[LD'I"8FLX`+`?U`TUuxy0AED-y7C~YQ3yQD>b/,xH3alVTTc@WB 68s4'v[#&m!NpNnzSnD$FP=hDfwC


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                7192.168.2.55889618.244.18.274432504C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-06-27 07:04:55 UTC685OUTGET /p?c1=2&c2=17183199&ns_site=gobmx&name=verificacfdi.facturaelectronica.index HTTP/1.1
                                                                                                Host: sb.scorecardresearch.com
                                                                                                Connection: keep-alive
                                                                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                sec-ch-ua-mobile: ?0
                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                Sec-Fetch-Site: cross-site
                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                Sec-Fetch-Dest: image
                                                                                                Referer: https://verificacfdi.facturaelectronica.sat.gob.mx/
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                2024-06-27 07:04:56 UTC705INHTTP/1.1 302 Found
                                                                                                Content-Length: 0
                                                                                                Connection: close
                                                                                                Date: Thu, 27 Jun 2024 07:04:55 GMT
                                                                                                Location: /p2?c1=2&c2=17183199&ns_site=gobmx&name=verificacfdi.facturaelectronica.index
                                                                                                set-cookie: UID=191df4f50134ef0437b32a91719471895; SameSite=None; Secure; domain=.scorecardresearch.com; path=/; max-age=33696000
                                                                                                set-cookie: XID=191df4f50134ef0437b32a91719471895; SameSite=None; Secure; Partitioned; domain=.scorecardresearch.com; path=/; max-age=33696000
                                                                                                Accept-CH: UA, Platform, Arch, Model, Mobile
                                                                                                X-Cache: Miss from cloudfront
                                                                                                Via: 1.1 012ed5015dc2306833b5abb65b3a0378.cloudfront.net (CloudFront)
                                                                                                X-Amz-Cf-Pop: FRA56-P11
                                                                                                X-Amz-Cf-Id: blJK4XquQ8fztN5jv42LYAGa9O9MSIabNiDMv7B6IHMjoFWZI1sqiw==


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                8192.168.2.55890118.244.18.274432504C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-06-27 07:04:56 UTC771OUTGET /p?c1=2&c2=17183199&ns_site=gobmx&name=verificacfdi.facturaelectronica.index HTTP/1.1
                                                                                                Host: sb.scorecardresearch.com
                                                                                                Connection: keep-alive
                                                                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                sec-ch-ua-mobile: ?0
                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                Sec-Fetch-Site: cross-site
                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                Sec-Fetch-Dest: image
                                                                                                Referer: https://verificacfdi.facturaelectronica.sat.gob.mx/
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                Cookie: UID=191df4f50134ef0437b32a91719471895; XID=191df4f50134ef0437b32a91719471895
                                                                                                2024-06-27 07:04:57 UTC639INHTTP/1.1 200 OK
                                                                                                Content-Type: image/gif
                                                                                                Content-Length: 43
                                                                                                Connection: close
                                                                                                Date: Thu, 27 Jun 2024 07:04:56 GMT
                                                                                                set-cookie: UID=191df4f50134ef0437b32a91719471895; SameSite=None; Secure; domain=.scorecardresearch.com; path=/; max-age=33696000
                                                                                                set-cookie: XID=191df4f50134ef0437b32a91719471895; SameSite=None; Secure; Partitioned; domain=.scorecardresearch.com; path=/; max-age=33696000
                                                                                                Accept-CH: UA, Platform, Arch, Model, Mobile
                                                                                                X-Cache: Miss from cloudfront
                                                                                                Via: 1.1 553c17cdbfc8c5ba81390077b0e5d2d4.cloudfront.net (CloudFront)
                                                                                                X-Amz-Cf-Pop: FRA56-P11
                                                                                                X-Amz-Cf-Id: m0Mzqy64KyTvHnaiQCrt2Hf-Ho1LQtzpRwOFZQVvwXrg8dxvy8GLKg==
                                                                                                2024-06-27 07:04:57 UTC43INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 ff ff ff 00 00 00 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 02 44 01 00 3b
                                                                                                Data Ascii: GIF89a!,D;


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                9192.168.2.55891452.202.204.114433140C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-06-27 07:04:57 UTC1353OUTOPTIONS /psdk/v2/content?surfaceId=ACROBAT_READER_MASTER_SURFACEID&surfaceId=DC_READER_LAUNCH_CARD&surfaceId=DC_Reader_RHP_Banner&surfaceId=DC_Reader_RHP_Retention&surfaceId=Edit_InApp_Aug2020&surfaceId=DC_FirstMile_Right_Sec_Surface&surfaceId=DC_Reader_Upsell_Cards&surfaceId=DC_FirstMile_Home_View_Surface&surfaceId=DC_Reader_RHP_Intent_Banner&surfaceId=DC_Reader_Disc_LHP_Banner&surfaceId=DC_Reader_Edit_LHP_Banner&surfaceId=DC_Reader_Convert_LHP_Banner&surfaceId=DC_Reader_Sign_LHP_Banner&surfaceId=DC_Reader_More_LHP_Banner&surfaceId=DC_Reader_Disc_LHP_Retention&surfaceId=DC_Reader_Home_LHP_Trial_Banner&adcProductLanguage=en-us&adcVersion=23.6.20320&adcProductType=SingleClientMini&adcOSType=WIN&adcCountryCode=US&adcXAPIClientID=api_reader_desktop_win_23.6.20320&encodingScheme=BASE_64 HTTP/1.1
                                                                                                Host: p13n.adobe.io
                                                                                                Connection: keep-alive
                                                                                                Accept: */*
                                                                                                Access-Control-Request-Method: GET
                                                                                                Access-Control-Request-Headers: x-adobe-uuid,x-adobe-uuid-type,x-api-key
                                                                                                Origin: https://rna-resource.acrobat.com
                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36
                                                                                                Sec-Fetch-Mode: cors
                                                                                                Sec-Fetch-Site: cross-site
                                                                                                Sec-Fetch-Dest: empty
                                                                                                Referer: https://rna-resource.acrobat.com/
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                2024-06-27 07:04:57 UTC508INHTTP/1.1 204 No Content
                                                                                                Server: openresty
                                                                                                Date: Thu, 27 Jun 2024 07:04:57 GMT
                                                                                                Content-Type: text/plain
                                                                                                Content-Length: 0
                                                                                                Connection: close
                                                                                                Access-Control-Allow-Origin: *
                                                                                                Access-Control-Allow-Methods: GET, OPTIONS
                                                                                                Access-Control-Allow-Headers: Authorization,Content-Type,X-Api-Key,cache-control,User-Agent,If-None-Match,x-adobe-uuid,x-adobe-uuid-type, X-Request-Id
                                                                                                Access-Control-Allow-Credentials: true
                                                                                                Access-Control-Expose-Headers: x-request-id
                                                                                                X-Request-Id: Sb0GKJ9GibeWloLzTVIqxpDHsklVwvom


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                10192.168.2.55891652.202.204.114433140C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-06-27 07:04:58 UTC1473OUTGET /psdk/v2/content?surfaceId=ACROBAT_READER_MASTER_SURFACEID&surfaceId=DC_READER_LAUNCH_CARD&surfaceId=DC_Reader_RHP_Banner&surfaceId=DC_Reader_RHP_Retention&surfaceId=Edit_InApp_Aug2020&surfaceId=DC_FirstMile_Right_Sec_Surface&surfaceId=DC_Reader_Upsell_Cards&surfaceId=DC_FirstMile_Home_View_Surface&surfaceId=DC_Reader_RHP_Intent_Banner&surfaceId=DC_Reader_Disc_LHP_Banner&surfaceId=DC_Reader_Edit_LHP_Banner&surfaceId=DC_Reader_Convert_LHP_Banner&surfaceId=DC_Reader_Sign_LHP_Banner&surfaceId=DC_Reader_More_LHP_Banner&surfaceId=DC_Reader_Disc_LHP_Retention&surfaceId=DC_Reader_Home_LHP_Trial_Banner&adcProductLanguage=en-us&adcVersion=23.6.20320&adcProductType=SingleClientMini&adcOSType=WIN&adcCountryCode=US&adcXAPIClientID=api_reader_desktop_win_23.6.20320&encodingScheme=BASE_64 HTTP/1.1
                                                                                                Host: p13n.adobe.io
                                                                                                Connection: keep-alive
                                                                                                sec-ch-ua: "Chromium";v="105"
                                                                                                sec-ch-ua-mobile: ?0
                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36
                                                                                                Accept: application/json, text/javascript, */*; q=0.01
                                                                                                x-adobe-uuid: 89d789c4-e7e5-4f75-95a4-57139ab6811f
                                                                                                x-adobe-uuid-type: visitorId
                                                                                                x-api-key: AdobeReader9
                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                Origin: https://rna-resource.acrobat.com
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                Sec-Fetch-Site: cross-site
                                                                                                Sec-Fetch-Mode: cors
                                                                                                Sec-Fetch-Dest: empty
                                                                                                Referer: https://rna-resource.acrobat.com/
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                2024-06-27 07:04:58 UTC544INHTTP/1.1 200
                                                                                                Server: openresty
                                                                                                Date: Thu, 27 Jun 2024 07:04:58 GMT
                                                                                                Content-Type: application/json;charset=UTF-8
                                                                                                Content-Length: 3120
                                                                                                Connection: close
                                                                                                x-request-id: YFhxQraaCmPH9i2Gzw8b8Fhe5TmWibep
                                                                                                vary: accept-encoding
                                                                                                Access-Control-Allow-Origin: *
                                                                                                Access-Control-Allow-Methods: GET, OPTIONS
                                                                                                Access-Control-Allow-Headers: Authorization,Content-Type,X-Api-Key,cache-control,User-Agent,If-None-Match,x-adobe-uuid,x-adobe-uuid-type, X-Request-Id
                                                                                                Access-Control-Allow-Credentials: true
                                                                                                Access-Control-Expose-Headers: x-request-id
                                                                                                2024-06-27 07:04:58 UTC3120INData Raw: 7b 22 73 75 72 66 61 63 65 73 22 3a 7b 22 44 43 5f 52 65 61 64 65 72 5f 52 48 50 5f 42 61 6e 6e 65 72 22 3a 7b 22 63 6f 6e 74 61 69 6e 65 72 73 22 3a 5b 7b 22 63 6f 6e 74 61 69 6e 65 72 49 64 22 3a 31 2c 22 63 6f 6e 74 61 69 6e 65 72 4c 61 62 65 6c 22 3a 22 4a 53 4f 4e 20 66 6f 72 20 52 65 61 64 65 72 20 44 43 20 52 48 50 20 42 61 6e 6e 65 72 22 2c 22 64 61 74 61 54 79 70 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 73 6f 6e 22 2c 22 64 61 74 61 22 3a 22 65 79 4a 6a 64 47 45 69 4f 6e 73 69 64 48 6c 77 5a 53 49 36 49 6d 4a 31 64 48 52 76 62 69 49 73 49 6e 52 6c 65 48 51 69 4f 69 4a 47 63 6d 56 6c 49 44 63 74 52 47 46 35 49 46 52 79 61 57 46 73 49 69 77 69 5a 32 39 66 64 58 4a 73 49 6a 6f 69 61 48 52 30 63 48 4d 36 4c 79 39 68 59 33 4a 76 59 6d 46 30
                                                                                                Data Ascii: {"surfaces":{"DC_Reader_RHP_Banner":{"containers":[{"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","dataType":"application/json","data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                11192.168.2.55891718.244.18.274432504C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-06-27 07:04:58 UTC470OUTGET /p?c1=2&c2=17183199&ns_site=gobmx&name=verificacfdi.facturaelectronica.index HTTP/1.1
                                                                                                Host: sb.scorecardresearch.com
                                                                                                Connection: keep-alive
                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                Accept: */*
                                                                                                Sec-Fetch-Site: none
                                                                                                Sec-Fetch-Mode: cors
                                                                                                Sec-Fetch-Dest: empty
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                Cookie: UID=191df4f50134ef0437b32a91719471895
                                                                                                2024-06-27 07:04:58 UTC705INHTTP/1.1 302 Found
                                                                                                Content-Length: 0
                                                                                                Connection: close
                                                                                                Date: Thu, 27 Jun 2024 07:04:58 GMT
                                                                                                Location: /p2?c1=2&c2=17183199&ns_site=gobmx&name=verificacfdi.facturaelectronica.index
                                                                                                set-cookie: UID=191df4f50134ef0437b32a91719471895; SameSite=None; Secure; domain=.scorecardresearch.com; path=/; max-age=33696000
                                                                                                set-cookie: XID=191df4f50134ef0437b32a91719471895; SameSite=None; Secure; Partitioned; domain=.scorecardresearch.com; path=/; max-age=33696000
                                                                                                Accept-CH: UA, Platform, Arch, Model, Mobile
                                                                                                X-Cache: Miss from cloudfront
                                                                                                Via: 1.1 0b761d2a74b283528cf840bf9ce44b20.cloudfront.net (CloudFront)
                                                                                                X-Amz-Cf-Pop: FRA56-P11
                                                                                                X-Amz-Cf-Id: HExRQw4awuFaRUhoY-A7XS3nf58idD3NLinK2x4Wd0MOuTC2UoF43w==


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                12192.168.2.55892818.244.18.274432504C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-06-27 07:04:59 UTC510OUTGET /p2?c1=2&c2=17183199&ns_site=gobmx&name=verificacfdi.facturaelectronica.index HTTP/1.1
                                                                                                Host: sb.scorecardresearch.com
                                                                                                Connection: keep-alive
                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                Accept: */*
                                                                                                Sec-Fetch-Site: none
                                                                                                Sec-Fetch-Mode: cors
                                                                                                Sec-Fetch-Dest: empty
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                Cookie: UID=191df4f50134ef0437b32a91719471895; XID=191df4f50134ef0437b32a91719471895
                                                                                                2024-06-27 07:04:59 UTC364INHTTP/1.1 200 OK
                                                                                                Content-Type: image/gif
                                                                                                Content-Length: 43
                                                                                                Connection: close
                                                                                                Date: Thu, 27 Jun 2024 07:04:59 GMT
                                                                                                Accept-CH: UA, Platform, Arch, Model, Mobile
                                                                                                X-Cache: Miss from cloudfront
                                                                                                Via: 1.1 b2d59a81483e9c35443be57826cea9fa.cloudfront.net (CloudFront)
                                                                                                X-Amz-Cf-Pop: FRA56-P11
                                                                                                X-Amz-Cf-Id: iqpyK51RFKHX8LUc_a0JtuKNAask6NQirMI28pDn_UAbGbDtOrmzGA==
                                                                                                2024-06-27 07:04:59 UTC43INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 ff ff ff 00 00 00 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 02 44 01 00 3b
                                                                                                Data Ascii: GIF89a!,D;


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                13192.168.2.55892923.47.168.244433140C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-06-27 07:05:00 UTC475OUTGET /onboarding/smskillreader.txt HTTP/1.1
                                                                                                Host: armmf.adobe.com
                                                                                                Connection: keep-alive
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36
                                                                                                Sec-Fetch-Site: same-origin
                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                Sec-Fetch-Dest: empty
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                If-None-Match: "78-5faa31cce96da"
                                                                                                If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
                                                                                                2024-06-27 07:05:00 UTC198INHTTP/1.1 304 Not Modified
                                                                                                Content-Type: text/plain; charset=UTF-8
                                                                                                Last-Modified: Mon, 01 May 2023 15:02:33 GMT
                                                                                                ETag: "78-5faa31cce96da"
                                                                                                Date: Thu, 27 Jun 2024 07:05:00 GMT
                                                                                                Connection: close


                                                                                                SMTP Packets

                                                                                                TimestampSource PortDest PortSource IPDest IPCommands
                                                                                                Jun 27, 2024 09:05:35.082981110 CEST58758932185.230.214.164192.168.2.5220 mx.zoho.eu SMTP Server ready June 27, 2024 9:05:34 AM CEST
                                                                                                Jun 27, 2024 09:05:35.084459066 CEST58932587192.168.2.5185.230.214.164EHLO 579569
                                                                                                Jun 27, 2024 09:05:35.281023026 CEST58758932185.230.214.164192.168.2.5250-mx.zoho.eu Hello 579569 (8.46.123.33 (8.46.123.33))
                                                                                                250-STARTTLS
                                                                                                Jun 27, 2024 09:05:35.368050098 CEST58758932185.230.214.164192.168.2.5250 SIZE 53477376
                                                                                                Jun 27, 2024 09:05:35.368237019 CEST58932587192.168.2.5185.230.214.164STARTTLS
                                                                                                Jun 27, 2024 09:05:35.556241989 CEST58758932185.230.214.164192.168.2.5220 Ready to start TLS.
                                                                                                Jun 27, 2024 09:05:39.738022089 CEST58758933185.230.214.164192.168.2.5220 mx.zoho.eu SMTP Server ready June 27, 2024 9:05:39 AM CEST
                                                                                                Jun 27, 2024 09:05:39.738171101 CEST58933587192.168.2.5185.230.214.164EHLO 579569
                                                                                                Jun 27, 2024 09:05:39.926981926 CEST58758933185.230.214.164192.168.2.5250-mx.zoho.eu Hello 579569 (8.46.123.33 (8.46.123.33))
                                                                                                250-STARTTLS
                                                                                                250 SIZE 53477376
                                                                                                Jun 27, 2024 09:05:39.927398920 CEST58933587192.168.2.5185.230.214.164STARTTLS
                                                                                                Jun 27, 2024 09:05:40.118558884 CEST58758933185.230.214.164192.168.2.5220 Ready to start TLS.

                                                                                                Statistics

                                                                                                CPU Usage

                                                                                                Click to jump to process

                                                                                                Memory Usage

                                                                                                Click to jump to process

                                                                                                High Level Behavior Distribution

                                                                                                Click to dive into process behavior distribution

                                                                                                Behavior

                                                                                                Click to jump to process

                                                                                                System Behavior

                                                                                                General

                                                                                                Target ID:0
                                                                                                Start time:03:02:24
                                                                                                Start date:27/06/2024
                                                                                                Path:C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exe
                                                                                                Wow64 process (32bit):true
                                                                                                Commandline:"C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exe"
                                                                                                Imagebase:0x180000
                                                                                                File size:881'664 bytes
                                                                                                MD5 hash:AF0DCCDCAC71A9EC9395BBAC08C232A8
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Yara matches:
                                                                                                • Rule: JoeSecurity_DarkTortilla, Description: Yara detected DarkTortilla Crypter, Source: 00000000.00000002.2231383633.00000000035D0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                • Rule: JoeSecurity_DarkTortilla, Description: Yara detected DarkTortilla Crypter, Source: 00000000.00000002.2235407237.00000000043A9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                • Rule: JoeSecurity_DarkTortilla, Description: Yara detected DarkTortilla Crypter, Source: 00000000.00000002.2235407237.0000000004362000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2235407237.0000000004362000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.2235407237.0000000004362000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                • Rule: JoeSecurity_DarkTortilla, Description: Yara detected DarkTortilla Crypter, Source: 00000000.00000002.2231383633.0000000003269000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2235407237.000000000444F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.2235407237.000000000444F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                • Rule: JoeSecurity_DarkTortilla, Description: Yara detected DarkTortilla Crypter, Source: 00000000.00000002.2237878639.0000000006BD0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                • Rule: JoeSecurity_DarkTortilla, Description: Yara detected DarkTortilla Crypter, Source: 00000000.00000002.2231383633.0000000003199000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                • Rule: JoeSecurity_DarkTortilla, Description: Yara detected DarkTortilla Crypter, Source: 00000000.00000002.2235407237.000000000420E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2235407237.000000000420E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.2235407237.000000000420E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                Reputation:low
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:3
                                                                                                Start time:03:02:33
                                                                                                Start date:27/06/2024
                                                                                                Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                Wow64 process (32bit):true
                                                                                                Commandline:"cmd" /c ping 127.0.0.1 -n 18 > nul && REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "vexplorerezz" /t REG_SZ /d "C:\Users\user\AppData\Roaming\vexplorerez.exe"
                                                                                                Imagebase:0x790000
                                                                                                File size:236'544 bytes
                                                                                                MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Reputation:high
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:4
                                                                                                Start time:03:02:33
                                                                                                Start date:27/06/2024
                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                Imagebase:0x7ff6d64d0000
                                                                                                File size:862'208 bytes
                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Reputation:high
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:5
                                                                                                Start time:03:02:33
                                                                                                Start date:27/06/2024
                                                                                                Path:C:\Windows\SysWOW64\PING.EXE
                                                                                                Wow64 process (32bit):true
                                                                                                Commandline:ping 127.0.0.1 -n 18
                                                                                                Imagebase:0x6c0000
                                                                                                File size:18'944 bytes
                                                                                                MD5 hash:B3624DD758CCECF93A1226CEF252CA12
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Reputation:moderate
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:7
                                                                                                Start time:03:02:43
                                                                                                Start date:27/06/2024
                                                                                                Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                Wow64 process (32bit):true
                                                                                                Commandline:"cmd" /c ping 127.0.0.1 -n 28 > nul && copy "C:\Users\user\Desktop\Orden#46789_2024_Optoflux_mexico_sderlss.exe" "C:\Users\user\AppData\Roaming\vexplorerez.exe" && ping 127.0.0.1 -n 28 > nul && "C:\Users\user\AppData\Roaming\vexplorerez.exe"
                                                                                                Imagebase:0x790000
                                                                                                File size:236'544 bytes
                                                                                                MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Reputation:high
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:8
                                                                                                Start time:03:02:43
                                                                                                Start date:27/06/2024
                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                Imagebase:0x7ff6d64d0000
                                                                                                File size:862'208 bytes
                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Reputation:high
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:9
                                                                                                Start time:03:02:43
                                                                                                Start date:27/06/2024
                                                                                                Path:C:\Windows\SysWOW64\PING.EXE
                                                                                                Wow64 process (32bit):true
                                                                                                Commandline:ping 127.0.0.1 -n 28
                                                                                                Imagebase:0x6c0000
                                                                                                File size:18'944 bytes
                                                                                                MD5 hash:B3624DD758CCECF93A1226CEF252CA12
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Reputation:moderate
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:10
                                                                                                Start time:03:02:50
                                                                                                Start date:27/06/2024
                                                                                                Path:C:\Windows\SysWOW64\reg.exe
                                                                                                Wow64 process (32bit):true
                                                                                                Commandline:REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "vexplorerezz" /t REG_SZ /d "C:\Users\user\AppData\Roaming\vexplorerez.exe"
                                                                                                Imagebase:0xb70000
                                                                                                File size:59'392 bytes
                                                                                                MD5 hash:CDD462E86EC0F20DE2A1D781928B1B0C
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Reputation:moderate
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:13
                                                                                                Start time:03:03:11
                                                                                                Start date:27/06/2024
                                                                                                Path:C:\Windows\SysWOW64\PING.EXE
                                                                                                Wow64 process (32bit):true
                                                                                                Commandline:ping 127.0.0.1 -n 28
                                                                                                Imagebase:0x6c0000
                                                                                                File size:18'944 bytes
                                                                                                MD5 hash:B3624DD758CCECF93A1226CEF252CA12
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Reputation:moderate
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:14
                                                                                                Start time:03:03:38
                                                                                                Start date:27/06/2024
                                                                                                Path:C:\Users\user\AppData\Roaming\vexplorerez.exe
                                                                                                Wow64 process (32bit):true
                                                                                                Commandline:"C:\Users\user\AppData\Roaming\vexplorerez.exe"
                                                                                                Imagebase:0x380000
                                                                                                File size:881'664 bytes
                                                                                                MD5 hash:AF0DCCDCAC71A9EC9395BBAC08C232A8
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Yara matches:
                                                                                                • Rule: JoeSecurity_DarkTortilla, Description: Yara detected DarkTortilla Crypter, Source: 0000000E.00000002.3909894478.0000000002FD9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000E.00000002.3925932017.0000000003F91000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000000E.00000002.3925932017.0000000003F91000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000E.00000002.3925932017.0000000004288000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000000E.00000002.3925932017.0000000004288000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                • Rule: JoeSecurity_DarkTortilla, Description: Yara detected DarkTortilla Crypter, Source: 0000000E.00000002.3925932017.0000000004165000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000E.00000002.3925932017.0000000004165000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000000E.00000002.3925932017.0000000004165000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                • Rule: JoeSecurity_DarkTortilla, Description: Yara detected DarkTortilla Crypter, Source: 0000000E.00000002.3925932017.0000000004012000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000E.00000002.3925932017.0000000004012000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000000E.00000002.3925932017.0000000004012000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                Antivirus matches:
                                                                                                • Detection: 100%, Joe Sandbox ML
                                                                                                • Detection: 66%, ReversingLabs
                                                                                                • Detection: 73%, Virustotal, Browse
                                                                                                Reputation:low
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:15
                                                                                                Start time:03:04:45
                                                                                                Start date:27/06/2024
                                                                                                Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Roaming\PABILOS MOTORES #5 Y 6.pdf"
                                                                                                Imagebase:0x7ff686a00000
                                                                                                File size:5'641'176 bytes
                                                                                                MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Reputation:moderate
                                                                                                Has exited:false

                                                                                                General

                                                                                                Target ID:16
                                                                                                Start time:03:04:46
                                                                                                Start date:27/06/2024
                                                                                                Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
                                                                                                Imagebase:0x7ff6413e0000
                                                                                                File size:3'581'912 bytes
                                                                                                MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Has exited:false

                                                                                                General

                                                                                                Target ID:17
                                                                                                Start time:03:04:46
                                                                                                Start date:27/06/2024
                                                                                                Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2108 --field-trial-handle=1352,i,2708377033144525548,1194782887510116328,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
                                                                                                Imagebase:0x7ff6413e0000
                                                                                                File size:3'581'912 bytes
                                                                                                MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Has exited:false

                                                                                                General

                                                                                                Target ID:18
                                                                                                Start time:03:04:47
                                                                                                Start date:27/06/2024
                                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://verificacfdi.facturaelectronica.sat.gob.mx/?id=39CA617E-9953-41BD-9564-C41A1E1C5584&re=OOMM710314363&rr=PCM910225B86&tt=6090.00&fe=aUIAsQ==
                                                                                                Imagebase:0x7ff715980000
                                                                                                File size:3'242'272 bytes
                                                                                                MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Has exited:false

                                                                                                General

                                                                                                Target ID:19
                                                                                                Start time:03:04:48
                                                                                                Start date:27/06/2024
                                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2396 --field-trial-handle=2232,i,15507267505217181504,13430371002107257238,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                                                                Imagebase:0x7ff715980000
                                                                                                File size:3'242'272 bytes
                                                                                                MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Has exited:false

                                                                                                General

                                                                                                Target ID:22
                                                                                                Start time:03:04:55
                                                                                                Start date:27/06/2024
                                                                                                Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                                                                                                Imagebase:0x3e0000
                                                                                                File size:42'064 bytes
                                                                                                MD5 hash:5D4073B2EB6D217C19F2B22F21BF8D57
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Yara matches:
                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000016.00000002.3577770513.00000000007B2000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000016.00000002.3577770513.00000000007B2000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:24
                                                                                                Start time:03:04:58
                                                                                                Start date:27/06/2024
                                                                                                Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                                Wow64 process (32bit):true
                                                                                                Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                                                                                                Imagebase:0xad0000
                                                                                                File size:42'064 bytes
                                                                                                MD5 hash:5D4073B2EB6D217C19F2B22F21BF8D57
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Yara matches:
                                                                                                • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000018.00000002.4510325826.0000000003171000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000018.00000002.4510325826.0000000003121000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000018.00000002.4510325826.0000000003121000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000018.00000002.4510325826.000000000314E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                Has exited:false

                                                                                                Disassembly

                                                                                                Reset < >

                                                                                                  Execution Graph

                                                                                                  Execution Coverage:18.6%
                                                                                                  Dynamic/Decrypted Code Coverage:100%
                                                                                                  Signature Coverage:8.4%
                                                                                                  Total number of Nodes:227
                                                                                                  Total number of Limit Nodes:17
                                                                                                  execution_graph 70763 1510c50 70764 1510c6c 70763->70764 70768 6b41378 70764->70768 70774 6b41388 70764->70774 70765 1510cb3 70769 6b413ac 70768->70769 70770 6b414b8 70769->70770 70780 6b45c84 70769->70780 70788 6b44c10 70769->70788 70793 6b44c03 70769->70793 70770->70765 70775 6b413ac 70774->70775 70776 6b414b8 70775->70776 70777 6b45c84 2 API calls 70775->70777 70778 6b44c10 GetCurrentThreadId 70775->70778 70779 6b44c03 GetCurrentThreadId 70775->70779 70776->70765 70777->70776 70778->70776 70779->70776 70782 6b45c89 70780->70782 70781 6b46ef5 70781->70770 70782->70781 70783 6b4667f 70782->70783 70798 6c9f4b0 70782->70798 70809 6c9f4c0 70782->70809 70783->70781 70820 6b739a8 70783->70820 70826 6b739b8 70783->70826 70790 6b44c35 70788->70790 70789 6b459a2 70789->70770 70790->70789 70791 6c9f4c0 GetCurrentThreadId 70790->70791 70792 6c9f4b0 GetCurrentThreadId 70790->70792 70791->70790 70792->70790 70795 6b44c35 70793->70795 70794 6b459a2 70794->70770 70795->70794 70796 6c9f4c0 GetCurrentThreadId 70795->70796 70797 6c9f4b0 GetCurrentThreadId 70795->70797 70796->70795 70797->70795 70800 6c9f4c0 70798->70800 70799 6c9f55b 70801 6c9f565 70799->70801 70807 6c9f4c0 GetCurrentThreadId 70799->70807 70808 6c9f4b0 GetCurrentThreadId 70799->70808 70800->70799 70803 6c9f590 70800->70803 70801->70782 70802 6c9f694 70802->70782 70803->70802 70832 6c9da5c 70803->70832 70805 6c9f6b8 70806 6c9da5c GetCurrentThreadId 70805->70806 70806->70802 70807->70801 70808->70801 70811 6c9f4d5 70809->70811 70810 6c9f55b 70812 6c9f565 70810->70812 70818 6c9f4c0 GetCurrentThreadId 70810->70818 70819 6c9f4b0 GetCurrentThreadId 70810->70819 70811->70810 70813 6c9f590 70811->70813 70812->70782 70814 6c9da5c GetCurrentThreadId 70813->70814 70817 6c9f694 70813->70817 70815 6c9f6b8 70814->70815 70816 6c9da5c GetCurrentThreadId 70815->70816 70816->70817 70817->70782 70818->70812 70819->70812 70821 6b739ea 70820->70821 70836 6b7abf0 70821->70836 70840 6b7abdf 70821->70840 70844 6b7abba 70821->70844 70822 6b79089 70822->70781 70827 6b739ea 70826->70827 70829 6b7abf0 DeleteFileW 70827->70829 70830 6b7abdf DeleteFileW 70827->70830 70831 6b7abba DeleteFileW 70827->70831 70828 6b79089 70828->70781 70829->70828 70830->70828 70831->70828 70833 6c9da67 70832->70833 70834 6c9f9ca 70833->70834 70835 6c9f9df GetCurrentThreadId 70833->70835 70834->70805 70835->70834 70837 6b7ac21 70836->70837 70849 6b7ae80 70837->70849 70838 6b7acd9 70838->70822 70841 6b7ac21 70840->70841 70843 6b7ae80 DeleteFileW 70841->70843 70842 6b7acd9 70842->70822 70843->70842 70845 6b7abc2 70844->70845 70846 6b7ac2e 70844->70846 70845->70822 70848 6b7ae80 DeleteFileW 70846->70848 70847 6b7acd9 70847->70822 70848->70847 70850 6b7ae94 70849->70850 70854 6b7b5b0 70850->70854 70858 6b7b5a2 70850->70858 70851 6b7b18b 70851->70838 70855 6b7b5d3 70854->70855 70862 6b7ba50 70855->70862 70859 6b7b5d3 70858->70859 70861 6b7ba50 DeleteFileW 70859->70861 70860 6b7b96c 70860->70851 70861->70860 70863 6b7ba96 DeleteFileW 70862->70863 70865 6b7b96c 70863->70865 70865->70851 70996 6b4edc0 70997 6b4ee06 GetCurrentProcess 70996->70997 70999 6b4ee51 70997->70999 71000 6b4ee58 GetCurrentThread 70997->71000 70999->71000 71001 6b4ee95 GetCurrentProcess 71000->71001 71002 6b4ee8e 71000->71002 71003 6b4eecb 71001->71003 71002->71001 71007 6b4f3a8 71003->71007 71005 6b4ef24 71010 6b4d8a0 71007->71010 71011 6b4f410 DuplicateHandle 71010->71011 71012 6b4eef3 GetCurrentThreadId 71011->71012 71012->71005 71013 148d030 71014 148d048 71013->71014 71015 148d0a2 71014->71015 71018 6c91cf4 CallWindowProcW 71014->71018 71020 6c948a1 71014->71020 71029 6c93b47 71014->71029 71033 6c93b48 71014->71033 71018->71015 71023 6c948d5 71020->71023 71021 6c94909 71022 6c91e1c CallWindowProcW 71021->71022 71025 6c94907 71022->71025 71023->71021 71024 6c948f9 71023->71024 71026 6c94afc CallWindowProcW 71024->71026 71027 6c94a30 CallWindowProcW 71024->71027 71028 6c94a27 CallWindowProcW 71024->71028 71026->71025 71027->71025 71028->71025 71030 6c93b48 71029->71030 71031 6c91cf4 CallWindowProcW 71030->71031 71032 6c93b8f 71031->71032 71032->71015 71034 6c93b6e 71033->71034 71035 6c91cf4 CallWindowProcW 71034->71035 71036 6c93b8f 71035->71036 71036->71015 70866 6c95f40 70867 6c95f50 70866->70867 70868 6c9603c 70867->70868 70869 6c95f92 70867->70869 70873 6c91cf4 70868->70873 70870 6c95fea CallWindowProcW 70869->70870 70872 6c95f99 70869->70872 70870->70872 70874 6c91cff 70873->70874 70875 6c94909 70874->70875 70877 6c948f9 70874->70877 70898 6c91e1c 70875->70898 70882 6c94a27 70877->70882 70887 6c94afc 70877->70887 70893 6c94a30 70877->70893 70878 6c94907 70884 6c94a31 70882->70884 70883 6c94ad0 70883->70878 70902 6c94ad9 70884->70902 70907 6c94ae8 70884->70907 70888 6c94aba 70887->70888 70889 6c94b0a 70887->70889 70891 6c94ad9 CallWindowProcW 70888->70891 70892 6c94ae8 CallWindowProcW 70888->70892 70890 6c94ad0 70890->70878 70891->70890 70892->70890 70895 6c94a44 70893->70895 70894 6c94ad0 70894->70878 70896 6c94ad9 CallWindowProcW 70895->70896 70897 6c94ae8 CallWindowProcW 70895->70897 70896->70894 70897->70894 70899 6c91e27 70898->70899 70900 6c95fea CallWindowProcW 70899->70900 70901 6c95f99 70899->70901 70900->70901 70901->70878 70903 6c94ae8 70902->70903 70904 6c94af9 70903->70904 70911 6c95e5c 70903->70911 70916 6c95dff 70903->70916 70904->70883 70908 6c94af9 70907->70908 70909 6c95e5c CallWindowProcW 70907->70909 70910 6c95dff CallWindowProcW 70907->70910 70908->70883 70909->70908 70910->70908 70912 6c95e76 70911->70912 70913 6c95ed6 70912->70913 70914 6c91e1c CallWindowProcW 70912->70914 70913->70904 70915 6c95f36 70914->70915 70915->70904 70917 6c95e1e 70916->70917 70918 6c95ed6 70917->70918 70919 6c91e1c CallWindowProcW 70917->70919 70918->70904 70920 6c95f36 70919->70920 70920->70904 70921 6b4eca8 70923 6b4ecb5 70921->70923 70922 6b4ecef 70923->70922 70925 6b4d800 70923->70925 70926 6b4d80b 70925->70926 70927 6b4fa08 70926->70927 70929 6b4f004 70926->70929 70930 6b4f00f 70929->70930 70934 6c91920 70930->70934 70940 6c9191b 70930->70940 70931 6b4fab1 70931->70927 70936 6c91a52 70934->70936 70937 6c91951 70934->70937 70935 6c9195d 70935->70931 70936->70931 70937->70935 70945 6c92a47 70937->70945 70949 6c92a58 70937->70949 70942 6c91920 70940->70942 70941 6c9195d 70941->70931 70942->70941 70943 6c92a58 CreateWindowExW 70942->70943 70944 6c92a47 CreateWindowExW 70942->70944 70943->70941 70944->70941 70946 6c92a4b 70945->70946 70947 6c92a0d 70945->70947 70946->70947 70953 6c93940 70946->70953 70947->70936 70947->70947 70950 6c92a83 70949->70950 70951 6c92b32 70950->70951 70952 6c93940 CreateWindowExW 70950->70952 70952->70951 70956 6c91cc8 70953->70956 70957 6c93990 CreateWindowExW 70956->70957 70959 6c93ab4 70957->70959 70960 6b4ca58 70964 6b4cb50 70960->70964 70971 6b4cb47 70960->70971 70961 6b4ca67 70965 6b4cb61 70964->70965 70968 6b4cb7c 70964->70968 70978 6b4c080 70965->70978 70968->70961 70972 6b4cb50 70971->70972 70973 6b4c080 GetModuleHandleW 70972->70973 70975 6b4cb7c 70972->70975 70974 6b4cb6c 70973->70974 70974->70975 70976 6b4cde3 2 API calls 70974->70976 70977 6b4cde8 2 API calls 70974->70977 70975->70961 70976->70975 70977->70975 70979 6b4cd40 GetModuleHandleW 70978->70979 70981 6b4cb6c 70979->70981 70981->70968 70982 6b4cde8 70981->70982 70987 6b4cde3 70981->70987 70983 6b4cdfc 70982->70983 70984 6b4c080 GetModuleHandleW 70982->70984 70986 6b4ce21 70983->70986 70992 6b4c0e8 70983->70992 70984->70983 70986->70968 70988 6b4c080 GetModuleHandleW 70987->70988 70989 6b4cdfc 70988->70989 70990 6b4c0e8 LoadLibraryExW 70989->70990 70991 6b4ce21 70989->70991 70990->70991 70991->70968 70993 6b4cfa8 LoadLibraryExW 70992->70993 70995 6b4d021 70993->70995 70995->70986 71037 6cf99f0 71038 6cf9b7b 71037->71038 71039 6cf9a16 71037->71039 71039->71038 71042 6cf9c70 PostMessageW 71039->71042 71044 6cf9c68 71039->71044 71043 6cf9cdc 71042->71043 71043->71039 71045 6cf9c70 PostMessageW 71044->71045 71046 6cf9cdc 71045->71046 71046->71039

                                                                                                  Executed Functions

                                                                                                  Function 01516BF8 Relevance: 11.2, Strings: 8, Instructions: 1213COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2228957910.0000000001510000.00000040.00000800.00020000.00000000.sdmp, Offset: 01510000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_1510000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: (ojq$(ojq$(ojq$,nq$,nq$,nq$,nq$Hnq
                                                                                                  • API String ID: 0-2317327999
                                                                                                  • Opcode ID: 6da19b4a19b6532898ed2dd6bb4e0708a2ba57bbd1592decc5af19290864ae4f
                                                                                                  • Instruction ID: 872204ba82696cd9a6a7ddb71819718e6afbde9082b14536d894061ebcbbe8fc
                                                                                                  • Opcode Fuzzy Hash: 6da19b4a19b6532898ed2dd6bb4e0708a2ba57bbd1592decc5af19290864ae4f
                                                                                                  • Instruction Fuzzy Hash: 60A27E71A002198FEB16CF6DC844AAEBBF6FF88300F158569E9059B369DB70DD45CB90
                                                                                                  Function 06CCF5C8 Relevance: 9.6, Strings: 7, Instructions: 852COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 879 6ccf5c8-6ccf5e7 880 6ccf5ed-6ccf5f3 879->880 881 6ccf795-6ccf7e6 879->881 882 6ccf634-6ccf648 880->882 883 6ccf5f5-6ccf5fc 880->883 907 6ccf7e8-6ccf7f5 881->907 908 6ccf800-6ccf81a 881->908 884 6ccf66a-6ccf673 882->884 885 6ccf64a-6ccf64e 882->885 887 6ccf5fe-6ccf60b 883->887 888 6ccf616-6ccf62f call 6ccd9b8 883->888 890 6ccf68d-6ccf6a9 884->890 891 6ccf675-6ccf682 884->891 885->884 889 6ccf650-6ccf65c 885->889 887->888 888->882 889->884 899 6ccf65e-6ccf664 889->899 902 6ccf6af-6ccf6ba 890->902 903 6ccf751-6ccf775 890->903 891->890 899->884 911 6ccf6bc-6ccf6c2 902->911 912 6ccf6d2-6ccf6d9 902->912 913 6ccf77f 903->913 914 6ccf777 903->914 907->908 922 6ccf81c-6ccf823 908->922 923 6ccf861-6ccf868 908->923 916 6ccf6c4 911->916 917 6ccf6c6-6ccf6c8 911->917 919 6ccf6ed-6ccf710 call 6ccad94 912->919 920 6ccf6db-6ccf6e5 912->920 913->881 914->913 916->912 917->912 930 6ccf721-6ccf732 919->930 931 6ccf712-6ccf71f 919->931 920->919 927 6ccf83d-6ccf852 922->927 928 6ccf825-6ccf832 922->928 925 6ccf86a-6ccf877 923->925 926 6ccf882-6ccf88b 923->926 925->926 932 6ccf88d-6ccf88f 926->932 933 6ccf891-6ccf894 926->933 927->923 938 6ccf854-6ccf85b 927->938 928->927 942 6ccf73f-6ccf74b 930->942 943 6ccf734-6ccf737 930->943 931->930 931->942 935 6ccf895-6ccf899 932->935 933->935 1114 6ccf89b call 6ccd9b8 935->1114 1115 6ccf89b call 6ccf5c8 935->1115 1116 6ccf89b call 6ccf5b9 935->1116 1117 6ccf89b call 6ccf794 935->1117 1118 6ccf89b call 6ccfd70 935->1118 938->923 941 6ccf8ef-6ccf91a call 6cc72c0 938->941 956 6ccf921-6ccf982 call 6cc72c0 941->956 942->902 942->903 943->942 944 6ccf8a1-6ccf8a6 945 6ccf8a8-6ccf8af 944->945 946 6ccf8e9-6ccf8ec 944->946 948 6ccf8c9-6ccf8de 945->948 949 6ccf8b1-6ccf8be 945->949 948->946 954 6ccf8e0-6ccf8e7 948->954 949->948 954->946 954->956 965 6ccf99a-6ccf9a0 956->965 966 6ccf984-6ccf997 956->966 967 6ccfa10-6ccfa68 965->967 968 6ccf9a2-6ccf9a9 965->968 970 6ccfa6f-6ccfac7 967->970 968->970 971 6ccf9af-6ccf9bf 968->971 976 6ccface-6ccfb81 970->976 971->976 977 6ccf9c5-6ccf9c9 971->977 1014 6ccfb83-6ccfbbd 976->1014 978 6ccf9cc-6ccf9ce 977->978 981 6ccf9d0-6ccf9e0 978->981 982 6ccf9f3-6ccf9f5 978->982 991 6ccf9cb 981->991 992 6ccf9e2-6ccf9f1 981->992 984 6ccfa04-6ccfa0d 982->984 985 6ccf9f7-6ccfa01 982->985 991->978 992->982 992->991 1019 6ccfbbf-6ccfbdc 1014->1019 1020 6ccfc2e-6ccfc86 1019->1020 1021 6ccfbde-6ccfbee 1019->1021 1024 6ccfc8d-6ccfd40 1020->1024 1021->1024 1025 6ccfbf4-6ccfbf8 1021->1025 1055 6ccfd43-6ccfd7d 1024->1055 1027 6ccfbfb-6ccfbfd 1025->1027 1029 6ccfbff-6ccfc0f 1027->1029 1030 6ccfc11-6ccfc13 1027->1030 1029->1030 1037 6ccfbfa 1029->1037 1032 6ccfc15-6ccfc1f 1030->1032 1033 6ccfc22-6ccfc2b 1030->1033 1037->1027 1060 6ccfd7f-6ccfd9a 1055->1060 1061 6ccfd9c-6ccfd9f 1060->1061 1062 6ccfdb2-6ccfdb8 1060->1062 1065 6ccfda8-6ccfdaf 1061->1065 1063 6ccfdba-6ccfdc1 1062->1063 1064 6ccfe32-6ccfe8a 1062->1064 1066 6ccfdc7-6ccfdcb 1063->1066 1067 6ccfe91-6ccfee9 1063->1067 1064->1067 1068 6ccfef0-6ccffc7 1066->1068 1069 6ccfdd1-6ccfdd5 1066->1069 1067->1068 1071 6ccfdd8-6ccfde5 1069->1071 1077 6ccfe0a-6ccfe17 1071->1077 1078 6ccfde7-6ccfdf7 1071->1078 1089 6ccfe19-6ccfe23 1077->1089 1090 6ccfe26-6ccfe2f 1077->1090 1086 6ccfdf9-6ccfe08 1078->1086 1087 6ccfdd7 1078->1087 1086->1077 1086->1087 1087->1071 1114->944 1115->944 1116->944 1117->944 1118->944
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2238376905.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6cc0000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: (nq$Hnq$Hnq$Hnq$Hnq$Hnq$PHjq
                                                                                                  • API String ID: 0-692710404
                                                                                                  • Opcode ID: 40f0259c671604b16a86886d37691587b8d901181ec36fcbaa51f1576ec35218
                                                                                                  • Instruction ID: 07c031fc918df8d625c41c094862969d14b12ad365a46b46b3e878aae07003d3
                                                                                                  • Opcode Fuzzy Hash: 40f0259c671604b16a86886d37691587b8d901181ec36fcbaa51f1576ec35218
                                                                                                  • Instruction Fuzzy Hash: 1452AE31B006148FCB58AB39C854AAE7BA7AFC9320F24856DD416DB3A5CF34DD46C791
                                                                                                  Function 06CE1D07 Relevance: 5.7, Instructions: 5666COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 1444 6ce1d07-6ce1d10 1445 6ce1d12-6ce1f4f 1444->1445 1446 6ce1cb3-6ce1ceb 1444->1446 1477 6ce3fa4-6ce428a 1445->1477 1478 6ce1f55-6ce2c9a 1445->1478 1553 6ce5243-6ce62be 1477->1553 1554 6ce4290-6ce523b 1477->1554 1888 6ce2f86-6ce328f 1478->1888 1889 6ce2ca0-6ce2f7e 1478->1889 2144 6ce62c4-6ce65fd 1553->2144 2145 6ce6605-6ce6618 1553->2145 1554->1553 2027 6ce3297-6ce3f9c 1888->2027 1889->1888 2027->1477 2144->2145 2149 6ce661e-6ce6cbd 2145->2149 2150 6ce6cc5-6ce7b9e call 6ce96e0 2145->2150 2149->2150 2532 6ce7ba4-6ce7bab 2150->2532
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2238467268.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6ce0000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: a103268b7b027e760666d70a6e0455ecb3756fd3f3e7220ac4a0038b0a39c169
                                                                                                  • Instruction ID: 6d43ac7dae6107d89a710c047d67b6fc9beb6074ea6bc671aeb3cf03541203ee
                                                                                                  • Opcode Fuzzy Hash: a103268b7b027e760666d70a6e0455ecb3756fd3f3e7220ac4a0038b0a39c169
                                                                                                  • Instruction Fuzzy Hash: 1BC3F970A12218CFCB58EF79DA896ADBBB6EB89300F4044EDD049A7354DE355E84CF51
                                                                                                  Function 06CE1D20 Relevance: 5.6, Instructions: 5633COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 2534 6ce1d20-6ce1f4f 2562 6ce3fa4-6ce428a 2534->2562 2563 6ce1f55-6ce2c9a 2534->2563 2638 6ce5243-6ce62be 2562->2638 2639 6ce4290-6ce523b 2562->2639 2973 6ce2f86-6ce328f 2563->2973 2974 6ce2ca0-6ce2f7e 2563->2974 3229 6ce62c4-6ce65fd 2638->3229 3230 6ce6605-6ce6618 2638->3230 2639->2638 3112 6ce3297-6ce3f9c 2973->3112 2974->2973 3112->2562 3229->3230 3234 6ce661e-6ce6cbd 3230->3234 3235 6ce6cc5-6ce7b9e call 6ce96e0 3230->3235 3234->3235 3617 6ce7ba4-6ce7bab 3235->3617
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2238467268.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6ce0000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 623e211c5d9558f5f9fdbe64586043a93101c5c972b3d0ea09d5b919ed1efbe6
                                                                                                  • Instruction ID: 6850fb919d1240f2a37120b3bd6617f1c665db31b5f34ca82133d10ba252883a
                                                                                                  • Opcode Fuzzy Hash: 623e211c5d9558f5f9fdbe64586043a93101c5c972b3d0ea09d5b919ed1efbe6
                                                                                                  • Instruction Fuzzy Hash: 0CC3F970A12218CFCB58EF79DA896ADBBB6EB89300F4044EDD049A7364DE355E84CF51
                                                                                                  Function 06B739B8 Relevance: 5.2, Instructions: 5170COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 4579 6b739b8-6b79081 call 6b79ea0 5536 6b79083 call 6b7abf0 4579->5536 5537 6b79083 call 6b7abdf 4579->5537 5538 6b79083 call 6b7abba 4579->5538 5534 6b79089-6b79090 5536->5534 5537->5534 5538->5534
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2237814218.0000000006B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B70000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6b70000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 4328e267d0c3554c5051b944014849d86d96511edaf1dfe4c27cf20603bd486e
                                                                                                  • Instruction ID: 4f9b70337b34e53630aabce1c03272599f56ed97afde54b29907beacafdfdb4b
                                                                                                  • Opcode Fuzzy Hash: 4328e267d0c3554c5051b944014849d86d96511edaf1dfe4c27cf20603bd486e
                                                                                                  • Instruction Fuzzy Hash: C6B3F870A11258CBCB54EF39DA896ACBBF6FB89300F4085EAD448A3368DE355D84DF51
                                                                                                  Function 06B45C84 Relevance: 1.3, Instructions: 1264COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2237684880.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6b40000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: bcdbc6bf13432c5bfdfdf908e23164e7e8c5e851aa46ef38a190d1c82bec2789
                                                                                                  • Instruction ID: df26cfec10061fc9739a1cf3e599856c61db8bca2a3d65a37d673a47600d790a
                                                                                                  • Opcode Fuzzy Hash: bcdbc6bf13432c5bfdfdf908e23164e7e8c5e851aa46ef38a190d1c82bec2789
                                                                                                  • Instruction Fuzzy Hash: 16B20974A10216CBCB55EF78DA98BADBBB6FB88300F4045E9D449A3268DF349D84CF51
                                                                                                  Function 06CC3D28 Relevance: .6, Instructions: 596COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2238376905.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6cc0000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 675fbe00cb168e900bd861b9df0def1fcd09f823be58b60b76bf448ae9173fa3
                                                                                                  • Instruction ID: 18707df5783f3a25f7e33340909ff8b0a0f0c02cec52c7d545607469600ea4db
                                                                                                  • Opcode Fuzzy Hash: 675fbe00cb168e900bd861b9df0def1fcd09f823be58b60b76bf448ae9173fa3
                                                                                                  • Instruction Fuzzy Hash: BE527C34A003468FCB54DF28C844B99B7B2FF89314F2582A9D5596F3A1DB71AD86CF80
                                                                                                  Function 06CC3D08 Relevance: .6, Instructions: 591COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2238376905.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6cc0000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 264f4066800b8ee46cd7afae99da99e4e3a1a05d131cf74619e14f3495882849
                                                                                                  • Instruction ID: 0052ce9f5b6938f6ccf15057615831930d79a0143adb9b2229298f6768a7d2e4
                                                                                                  • Opcode Fuzzy Hash: 264f4066800b8ee46cd7afae99da99e4e3a1a05d131cf74619e14f3495882849
                                                                                                  • Instruction Fuzzy Hash: FA526C74A003458FCB54DF28C944BD9B7B2FF89314F2582A9D5586F3A2DB71A986CF80
                                                                                                  Function 06CF39AD Relevance: .6, Instructions: 568COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2238528632.0000000006CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CF0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6cf0000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: a1f27cd17005c74af2321c8eba0360687c8e022129720c3328a0b47bd9df909c
                                                                                                  • Instruction ID: d413bb88ceda655b708b0bccb9d9100d7bc9300222368127bd63dd3562de121f
                                                                                                  • Opcode Fuzzy Hash: a1f27cd17005c74af2321c8eba0360687c8e022129720c3328a0b47bd9df909c
                                                                                                  • Instruction Fuzzy Hash: 5B22D071E102058FCB09EFB9D9889AEBBF6FF89200B51C56AD405A7369DF349C54CB90
                                                                                                  Function 06C91D1C Relevance: .3, Instructions: 253COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2238315738.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6c90000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 0fa4a8edffcfe6b42140d2dd9c1bd94eaa9cf51c51a06723237ddcf79fd386d3
                                                                                                  • Instruction ID: f1efb18c742c7842ecccb5984f4aca19778eef69361f648a83e0599dcf51e45a
                                                                                                  • Opcode Fuzzy Hash: 0fa4a8edffcfe6b42140d2dd9c1bd94eaa9cf51c51a06723237ddcf79fd386d3
                                                                                                  • Instruction Fuzzy Hash: F0A1A075E0025A9FCF45DFA4D8589DDBBBAFF89300F148219E419AB2A4DB30A945CB60
                                                                                                  Function 06C93C9B Relevance: .2, Instructions: 214COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2238315738.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6c90000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: e56b1633f3b4913e0c0dce8927bd567a783e968ee21b807b399056ccfad08c9b
                                                                                                  • Instruction ID: 17f44cea2e45a03e3ae601a2321552e0cd8aa90b0520faf4066c36a6c78db7e5
                                                                                                  • Opcode Fuzzy Hash: e56b1633f3b4913e0c0dce8927bd567a783e968ee21b807b399056ccfad08c9b
                                                                                                  • Instruction Fuzzy Hash: 90918079E1031A9FCF05DFB0D9449DDFBBAFF89300B158219E419AB264DB30A985CB60
                                                                                                  Function 06B41378 Relevance: .1, Instructions: 107COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2237684880.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6b40000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: d39eb45451f052e337ba3b1061526cfe4a07378dafb737752698aa6d88dc0649
                                                                                                  • Instruction ID: f92c08042f6bc1e96e868a8d538785ea36c5305f4c921068afde18e6d534ffc3
                                                                                                  • Opcode Fuzzy Hash: d39eb45451f052e337ba3b1061526cfe4a07378dafb737752698aa6d88dc0649
                                                                                                  • Instruction Fuzzy Hash: F241C470D01209DFCB48DFA9D444AEDBBF2FF89315F14806AD405AB261DB359985CF50
                                                                                                  Function 06B41388 Relevance: .1, Instructions: 105COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2237684880.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6b40000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 67acd4edf441f4829e079a6042f3b075faf258046cf893c1814628505aa0dd00
                                                                                                  • Instruction ID: 3ecfa3fb0dfb0cfd922329ebfb612eca93e07a369c0f721b210300cf3aedddab
                                                                                                  • Opcode Fuzzy Hash: 67acd4edf441f4829e079a6042f3b075faf258046cf893c1814628505aa0dd00
                                                                                                  • Instruction Fuzzy Hash: FD41C0B4E01209DFCB48DFAAD484AEDBBB2FF89315F14806AD405A7360DB359981CF90
                                                                                                  Function 06B4EDC0 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 1229 6b4edc0-6b4ee4f GetCurrentProcess 1233 6b4ee51-6b4ee57 1229->1233 1234 6b4ee58-6b4ee8c GetCurrentThread 1229->1234 1233->1234 1235 6b4ee95-6b4eec9 GetCurrentProcess 1234->1235 1236 6b4ee8e-6b4ee94 1234->1236 1238 6b4eed2-6b4eeed call 6b4f3a8 1235->1238 1239 6b4eecb-6b4eed1 1235->1239 1236->1235 1241 6b4eef3-6b4ef22 GetCurrentThreadId 1238->1241 1239->1238 1243 6b4ef24-6b4ef2a 1241->1243 1244 6b4ef2b-6b4ef8d 1241->1244 1243->1244
                                                                                                  APIs
                                                                                                  • GetCurrentProcess.KERNEL32 ref: 06B4EE3E
                                                                                                  • GetCurrentThread.KERNEL32 ref: 06B4EE7B
                                                                                                  • GetCurrentProcess.KERNEL32 ref: 06B4EEB8
                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 06B4EF11
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2237684880.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6b40000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Current$ProcessThread
                                                                                                  • String ID:
                                                                                                  • API String ID: 2063062207-0
                                                                                                  • Opcode ID: 2aa6669dd3e85f4a22eb9d53cb1a047d55f5f1e78b2ba7374d9dbc3dcea81958
                                                                                                  • Instruction ID: a68d097039ec86f269afb2d7680bb184ba5a19c4f0b0746b13c57c327455a7e4
                                                                                                  • Opcode Fuzzy Hash: 2aa6669dd3e85f4a22eb9d53cb1a047d55f5f1e78b2ba7374d9dbc3dcea81958
                                                                                                  • Instruction Fuzzy Hash: 355147B09013498FDB54EFAAD948BAEBBF5FF48304F208459E109A7360D7389945CB65
                                                                                                  Function 06CCC400 Relevance: 2.8, Strings: 2, Instructions: 318COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 5839 6ccc400-6ccc40d 5840 6ccc40f-6ccc446 5839->5840 5841 6ccc3d3-6ccc3fa 5839->5841 5846 6ccc44c-6ccc45f call 6ccaf94 5840->5846 5847 6ccc809-6ccc834 call 6cc72c0 5840->5847 5851 6ccc461-6ccc46b 5846->5851 5852 6ccc473-6ccc499 5846->5852 5862 6ccc83b-6ccc88b call 6cc72c0 5847->5862 5851->5852 5861 6ccc49f-6ccc4b5 call 6ccafa4 5852->5861 5852->5862 5866 6ccc4bb-6ccc4d5 5861->5866 5867 6ccc597-6ccc59b 5861->5867 5893 6ccc8ac-6ccc8b4 5862->5893 5894 6ccc88d-6ccc8a1 5862->5894 5876 6ccc4ed-6ccc509 5866->5876 5877 6ccc4d7-6ccc4e5 5866->5877 5869 6ccc59d-6ccc5a3 5867->5869 5870 6ccc5ab-6ccc5bb call 6ccafb4 5867->5870 5869->5870 5878 6ccc5bd-6ccc5d8 5870->5878 5879 6ccc5f2-6ccc610 call 6ccafc4 5870->5879 5888 6ccc50b-6ccc516 5876->5888 5889 6ccc566-6ccc58a 5876->5889 5877->5876 5938 6ccc5db call 6b72bb0 5878->5938 5939 6ccc5db call 6b72ba0 5878->5939 5892 6ccc615-6ccc62c call 6cc9658 5879->5892 5900 6ccc52e-6ccc53f 5888->5900 5901 6ccc518-6ccc51e 5888->5901 5907 6ccc58c 5889->5907 5908 6ccc594 5889->5908 5890 6ccc5de-6ccc5e6 5903 6ccc62e-6ccc63c 5892->5903 5904 6ccc644-6ccc660 5892->5904 5894->5893 5913 6ccc546-6ccc549 5900->5913 5914 6ccc541-6ccc544 5900->5914 5905 6ccc520 5901->5905 5906 6ccc522-6ccc524 5901->5906 5903->5904 5917 6ccc6d4-6ccc6f8 5904->5917 5918 6ccc662-6ccc66d 5904->5918 5905->5900 5906->5900 5907->5908 5908->5867 5915 6ccc54c-6ccc553 5913->5915 5914->5915 5919 6ccc559-6ccc564 5915->5919 5928 6ccc6fa 5917->5928 5929 6ccc702 5917->5929 5924 6ccc66f-6ccc675 5918->5924 5925 6ccc685-6ccc692 5918->5925 5919->5888 5919->5889 5930 6ccc679-6ccc67b 5924->5930 5931 6ccc677 5924->5931 5926 6ccc694-6ccc6a0 5925->5926 5927 6ccc6a6-6ccc6d2 call 6ccada4 5925->5927 5926->5927 5927->5917 5927->5918 5928->5929 5929->5847 5930->5925 5931->5925 5938->5890 5939->5890
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2238376905.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6cc0000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: PHjq$PHjq
                                                                                                  • API String ID: 0-3092175318
                                                                                                  • Opcode ID: 847b618d8ca03a0d552af03aafb10a1442abf75166f722b4d537b364d00c94d8
                                                                                                  • Instruction ID: bf335847323a94452e3a5003a1beb009191e7e6f436366590dea50ab2ee11435
                                                                                                  • Opcode Fuzzy Hash: 847b618d8ca03a0d552af03aafb10a1442abf75166f722b4d537b364d00c94d8
                                                                                                  • Instruction Fuzzy Hash: 08D11774B002048FCB54DF68D998AA9BBF6FF88720B1545ADE40AEB3A1DB35DD41CB50
                                                                                                  Function 015164F8 Relevance: 2.8, Strings: 2, Instructions: 291COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 5940 15164f8-151651f 5941 1516521-1516539 5940->5941 5942 151653b-151654b call 1516358 5940->5942 5946 1516550-1516555 5941->5946 5942->5946 6077 1516557 call 1516800 5946->6077 6078 1516557 call 15164f8 5946->6078 5948 151655d-1516563 5949 15167e9-151680e 5948->5949 5950 1516569-1516577 5948->5950 5956 1516810-1516816 5949->5956 5957 151681d-151682f 5949->5957 5954 1516579-1516580 5950->5954 5955 15165cf-15165d8 5950->5955 5960 1516586-151658b 5954->5960 5961 15166d9-1516705 5954->5961 5958 151670c-1516738 5955->5958 5959 15165de-15165e2 5955->5959 5956->5957 5972 15168c3-15168c5 5957->5972 5973 1516835-1516839 5957->5973 6010 151673f-15167a9 5958->6010 5962 15165f3-1516608 5959->5962 5963 15165e4-15165ed 5959->5963 5964 15165a3-15165b1 5960->5964 5965 151658d-1516593 5960->5965 5961->5958 6082 151660b call 1516bf8 5962->6082 6083 151660b call 1516be8 5962->6083 6084 151660b call 1516e38 5962->6084 5963->5958 5963->5962 5976 15165b3-15165b5 5964->5976 5977 15165ba-15165ca 5964->5977 5969 1516595 5965->5969 5970 1516597-15165a1 5965->5970 5969->5964 5970->5964 6085 15168c7 call 1516a51 5972->6085 6086 15168c7 call 1516a60 5972->6086 5979 1516849-1516856 5973->5979 5980 151683b-1516847 5973->5980 5974 1516611-1516618 5981 1516633-1516637 5974->5981 5982 151661a-1516625 5974->5982 5986 15166cf-15166d6 5976->5986 5977->5986 5997 1516858-1516862 5979->5997 5980->5997 5984 15167b0-15167e2 5981->5984 5985 151663d-1516641 5981->5985 6079 1516628 call 1518770 5982->6079 6080 1516628 call 1518762 5982->6080 6081 1516628 call 1518707 5982->6081 5984->5949 5985->5984 5990 1516647-1516652 5985->5990 5987 15168cd-15168d3 5995 15168d5-15168db 5987->5995 5996 15168df-15168e6 5987->5996 5988 151662e 5988->5986 5990->5984 6006 1516658-1516685 5990->6006 5999 1516941-15169a0 5995->5999 6000 15168dd 5995->6000 6008 1516864-1516873 5997->6008 6009 151688f-1516893 5997->6009 6024 15169a7-15169cb 5999->6024 6000->5996 6006->5984 6019 151668b-15166a7 6006->6019 6022 1516883-151688d 6008->6022 6023 1516875-151687c 6008->6023 6013 1516895-151689b 6009->6013 6014 151689f-15168a3 6009->6014 6010->5984 6020 15168e9-151693a 6013->6020 6021 151689d 6013->6021 6014->5996 6017 15168a5-15168a9 6014->6017 6017->6024 6025 15168af-15168c1 6017->6025 6019->6010 6034 15166ad-15166c7 6019->6034 6020->5999 6021->5996 6022->6009 6023->6022 6036 15169d1-15169d3 6024->6036 6037 15169cd-15169cf 6024->6037 6025->5996 6034->5984 6051 15166cd 6034->6051 6040 15169d5-15169d9 6036->6040 6041 15169e4-15169e6 6036->6041 6039 1516a49-1516a4c 6037->6039 6046 15169db-15169dd 6040->6046 6047 15169df-15169e2 6040->6047 6048 15169f9-15169ff 6041->6048 6049 15169e8-15169ec 6041->6049 6046->6039 6047->6039 6052 1516a01-1516a28 6048->6052 6053 1516a2a-1516a2c 6048->6053 6054 15169f2-15169f7 6049->6054 6055 15169ee-15169f0 6049->6055 6051->5986 6060 1516a33-1516a35 6052->6060 6053->6060 6054->6039 6055->6039 6064 1516a37-1516a39 6060->6064 6065 1516a3b-1516a3d 6060->6065 6064->6039 6068 1516a46 6065->6068 6069 1516a3f-1516a44 6065->6069 6068->6039 6069->6039 6077->5948 6078->5948 6079->5988 6080->5988 6081->5988 6082->5974 6083->5974 6084->5974 6085->5987 6086->5987
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2228957910.0000000001510000.00000040.00000800.00020000.00000000.sdmp, Offset: 01510000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_1510000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: Hnq$Hnq
                                                                                                  • API String ID: 0-3075287205
                                                                                                  • Opcode ID: b73e322df65e725dde24531498b3ee669996ba6d82d42161bc50ed556c3c26d7
                                                                                                  • Instruction ID: e06e67f61942f37b5e8b0a731ba329e190929653b981eefa63c1193d85c687fe
                                                                                                  • Opcode Fuzzy Hash: b73e322df65e725dde24531498b3ee669996ba6d82d42161bc50ed556c3c26d7
                                                                                                  • Instruction Fuzzy Hash: 30A1D3317002159FEB169F68D858BAE7BA6FB88711F144429F905CB399DFB0DC45CB90
                                                                                                  Function 01510D90 Relevance: 2.7, Strings: 2, Instructions: 234COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 6087 1510d90-1510dc8 6088 1510dca 6087->6088 6089 1510dcf-1510e21 6087->6089 6088->6089 6137 1510e24 call 15110e1 6089->6137 6138 1510e24 call 1511140 6089->6138 6139 1510e24 call 1511130 6089->6139 6092 1510e2a-1510e31 6093 1510e33-1510e3c 6092->6093 6094 1510e52 6092->6094 6096 1510e43-1510e46 6093->6096 6097 1510e3e-1510e41 6093->6097 6095 1510e55-1510e90 6094->6095 6102 1510f69-1510f80 6095->6102 6098 1510e50 6096->6098 6097->6098 6098->6095 6104 1510e95-1510eab 6102->6104 6105 1510f86 6102->6105 6110 1510ec2-1510ecb 6104->6110 6111 1510ead-1510ec0 6104->6111 6140 1510f86 call 1518dd0 6105->6140 6141 1510f86 call 1518de0 6105->6141 6106 1510f8c-1510fa7 6108 1510fb4-1511071 6106->6108 6109 1510fa9-1510faf 6106->6109 6135 1511077 call 6b405b0 6108->6135 6136 1511077 call 6b405c0 6108->6136 6112 15110cc-15110d5 6109->6112 6114 1510eda-1510ee4 6110->6114 6115 1510ecd-1510ed0 6110->6115 6113 1510ee5-1510f26 6111->6113 6122 1510f67-1510f68 6113->6122 6123 1510f28-1510f65 6113->6123 6114->6113 6115->6114 6122->6102 6123->6105 6131 151107d-15110ae 6134 15110ba-15110ca 6131->6134 6134->6112 6135->6131 6136->6131 6137->6092 6138->6092 6139->6092 6140->6106 6141->6106
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2228957910.0000000001510000.00000040.00000800.00020000.00000000.sdmp, Offset: 01510000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_1510000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: 8nq$8nq
                                                                                                  • API String ID: 0-110844384
                                                                                                  • Opcode ID: 599f5cf8ff80d92402ab6be2e4e5aed3434481e4d3b09d3b13f78e5bf21bd682
                                                                                                  • Instruction ID: 8eed882106bc3ca9baa1bc770cb42182714a309f52a04a7907f190c07a96796c
                                                                                                  • Opcode Fuzzy Hash: 599f5cf8ff80d92402ab6be2e4e5aed3434481e4d3b09d3b13f78e5bf21bd682
                                                                                                  • Instruction Fuzzy Hash: C8B1C474E01218CFDB65CFA5D944BDDBBF2BF89300F2085A9E419AB2A5DB305985CF50
                                                                                                  Function 0151D3C8 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2228957910.0000000001510000.00000040.00000800.00020000.00000000.sdmp, Offset: 01510000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_1510000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: Hnq$Tejq
                                                                                                  • API String ID: 0-2250170401
                                                                                                  • Opcode ID: 7705e70bb1ed83409bdd73285cecaf451fdb66589f4d53fc245d73435b6b25ff
                                                                                                  • Instruction ID: 044b231d6cfe288b1e8d8b28a360e06f93ad33a08cc6db303a040ff463825142
                                                                                                  • Opcode Fuzzy Hash: 7705e70bb1ed83409bdd73285cecaf451fdb66589f4d53fc245d73435b6b25ff
                                                                                                  • Instruction Fuzzy Hash: 1751B331B002168FDB05EBB998486AFBBFBFFC4220B158529E419CB395DE34DC068790
                                                                                                  Function 06CE0AB7 Relevance: 2.6, Strings: 2, Instructions: 101COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2238467268.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6ce0000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: TJoq$Tejq
                                                                                                  • API String ID: 0-1246290660
                                                                                                  • Opcode ID: ae315fbc65ae4b201fe1b5e194a4bb6dd8a5b98211a662abb530944d6620a2dd
                                                                                                  • Instruction ID: b907d705b401f230e43799751a063fd069f6c022c4f325badb47a003dae9efe9
                                                                                                  • Opcode Fuzzy Hash: ae315fbc65ae4b201fe1b5e194a4bb6dd8a5b98211a662abb530944d6620a2dd
                                                                                                  • Instruction Fuzzy Hash: BE31E7717142128FC705BBBDE998A6E7BFAFFC9210B01485ED045DB3A9DE748C0983A1
                                                                                                  Function 06CE0AD0 Relevance: 2.6, Strings: 2, Instructions: 91COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2238467268.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6ce0000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: TJoq$Tejq
                                                                                                  • API String ID: 0-1246290660
                                                                                                  • Opcode ID: baff1022ce0b7227c0bc73028f77d03c1e06f1baf804d5aa40bc71ca21a91d0e
                                                                                                  • Instruction ID: 03a66881f6e6a1721ba3db6767ebff370e6707fdeacf01f85cdb726d38e1efcf
                                                                                                  • Opcode Fuzzy Hash: baff1022ce0b7227c0bc73028f77d03c1e06f1baf804d5aa40bc71ca21a91d0e
                                                                                                  • Instruction Fuzzy Hash: 502181717101158BC745BBBDE998A2EB7EAFFC8610B40485DE545DB3A8DE749C0883A1
                                                                                                  Function 06CEE8A8 Relevance: 2.1, Strings: 1, Instructions: 881COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2238467268.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6ce0000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: @
                                                                                                  • API String ID: 0-2766056989
                                                                                                  • Opcode ID: 25d55605d18848f7c3be3c31f849afe6abb4c0771f1a4c40ef05cf6eb4b421a1
                                                                                                  • Instruction ID: b3db3e239f4e9b8b068e79530dd822c5d0d09b417cd07ac7db5ed80e8175897a
                                                                                                  • Opcode Fuzzy Hash: 25d55605d18848f7c3be3c31f849afe6abb4c0771f1a4c40ef05cf6eb4b421a1
                                                                                                  • Instruction Fuzzy Hash: 7E626E31E14205CFCB44EFB9E9996ADBBB6EF88300F4148A9E445E7368DE349C45CB91
                                                                                                  Function 06CEEDA5 Relevance: 1.8, Strings: 1, Instructions: 505COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2238467268.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6ce0000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: @
                                                                                                  • API String ID: 0-2766056989
                                                                                                  • Opcode ID: b40f6e8508a214d109610c79902760fd8e2f21151c748d2d1069f48716ba9edc
                                                                                                  • Instruction ID: a455990364cfdce3bdcf944696bd13ab55d423e6ce4080aa61c47c2ea52f090d
                                                                                                  • Opcode Fuzzy Hash: b40f6e8508a214d109610c79902760fd8e2f21151c748d2d1069f48716ba9edc
                                                                                                  • Instruction Fuzzy Hash: C312A030E18205CFCB05EFB4E99A6ADBFB6EB89700F0444AAE846D7365DE345C44CB91
                                                                                                  Function 06CC8FFC Relevance: 1.7, Strings: 1, Instructions: 452COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2238376905.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6cc0000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: (nq
                                                                                                  • API String ID: 0-2756854522
                                                                                                  • Opcode ID: 3cb6f7e080cec837696004b046e9e438d074d8328a71cc89eb9759e5b7edd2aa
                                                                                                  • Instruction ID: 81a4a17c8290c90500b04c4aebbc7c47064da6bcf446980fce56bcc20878db5f
                                                                                                  • Opcode Fuzzy Hash: 3cb6f7e080cec837696004b046e9e438d074d8328a71cc89eb9759e5b7edd2aa
                                                                                                  • Instruction Fuzzy Hash: C902F730A005089FCB98DF68D498AAD7BF2FF89314F1585A8E509DB3A5DB35EC85CB50
                                                                                                  Function 06C9398B Relevance: 1.6, APIs: 1, Instructions: 117COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 06C93AA2
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2238315738.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6c90000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CreateWindow
                                                                                                  • String ID:
                                                                                                  • API String ID: 716092398-0
                                                                                                  • Opcode ID: 155997da60cc02f0944f441c534eb5aa0bc55d40a4b2c41ec4cb59a7d5193a44
                                                                                                  • Instruction ID: 24ef96f484ac971dc7236b04d4f3a360cb42b5acde37519ccf18a76fcc9a093d
                                                                                                  • Opcode Fuzzy Hash: 155997da60cc02f0944f441c534eb5aa0bc55d40a4b2c41ec4cb59a7d5193a44
                                                                                                  • Instruction Fuzzy Hash: 1E51C0B1C00349AFDF14CF99C984ADEBBB5FF48300F24812AE818AB210DB759945CFA0
                                                                                                  Function 06C91CC8 Relevance: 1.6, APIs: 1, Instructions: 116COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 06C93AA2
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2238315738.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6c90000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CreateWindow
                                                                                                  • String ID:
                                                                                                  • API String ID: 716092398-0
                                                                                                  • Opcode ID: 7ea3a18e03fe6cef43b3edc87cc3c6af1f5c0d3432ce889b71567a20b43d966f
                                                                                                  • Instruction ID: 7399def72c4e90ce37dd07898f6f1de1575086db0baea2c2ae0d1195dd9845df
                                                                                                  • Opcode Fuzzy Hash: 7ea3a18e03fe6cef43b3edc87cc3c6af1f5c0d3432ce889b71567a20b43d966f
                                                                                                  • Instruction Fuzzy Hash: 3F51B0B1D003499FDF14CF9AC984ADEBBB5FF48310F24852AE819AB250DB75A945CF90
                                                                                                  Function 06C91E1C Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • CallWindowProcW.USER32(?,?,?,?,?), ref: 06C96011
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2238315738.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6c90000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CallProcWindow
                                                                                                  • String ID:
                                                                                                  • API String ID: 2714655100-0
                                                                                                  • Opcode ID: 487c709e4ff9efc038f91c3277463af76955bf1ef9a4d23d48393da57716dd4c
                                                                                                  • Instruction ID: 1df39d3ee5a607ea1a8713203d2deb8d74e0320d7682af6f8811019032ac7dc4
                                                                                                  • Opcode Fuzzy Hash: 487c709e4ff9efc038f91c3277463af76955bf1ef9a4d23d48393da57716dd4c
                                                                                                  • Instruction Fuzzy Hash: D24159B4900345CFDB54CF9AC888AAABBF5FF88314F24C459E519AB361D735A941CFA0
                                                                                                  Function 06B4D8A0 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,06B4F3D6,?,?,?,?,?), ref: 06B4F497
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2237684880.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6b40000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: DuplicateHandle
                                                                                                  • String ID:
                                                                                                  • API String ID: 3793708945-0
                                                                                                  • Opcode ID: 3fc8f37e3e0523d065304cd59a208fc1f6b8ee644e34d69cb7516a45ec450df3
                                                                                                  • Instruction ID: 3e3ac4698db025dbf46a0963a354a19ee3ab12501ee3695eb75429151ae5af37
                                                                                                  • Opcode Fuzzy Hash: 3fc8f37e3e0523d065304cd59a208fc1f6b8ee644e34d69cb7516a45ec450df3
                                                                                                  • Instruction Fuzzy Hash: FA21E9B5D002089FDB10DF9AD584AEEFBF9FB48310F14845AE914A7310D774A950CFA4
                                                                                                  Function 06B7BA50 Relevance: 1.6, APIs: 1, Instructions: 56fileCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • DeleteFileW.KERNEL32(00000000), ref: 06B7BAC0
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2237814218.0000000006B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B70000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6b70000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: DeleteFile
                                                                                                  • String ID:
                                                                                                  • API String ID: 4033686569-0
                                                                                                  • Opcode ID: adbae51c3bcdc1046396570c6109b544ab81140768086e48dc0bb98b90c7100f
                                                                                                  • Instruction ID: 853c3250f0cda0dde5f5b33d3a6213eef82f49c284c49cf91f9a36571deea032
                                                                                                  • Opcode Fuzzy Hash: adbae51c3bcdc1046396570c6109b544ab81140768086e48dc0bb98b90c7100f
                                                                                                  • Instruction Fuzzy Hash: 411133B1C0061A9BCB10DF9AC544AAEFBF4FF48320F14816AD828A7250D738A940CFA5
                                                                                                  Function 06B4C0E8 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • LoadLibraryExW.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,06B4CE21,00000800,00000000,00000000), ref: 06B4D012
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2237684880.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6b40000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: LibraryLoad
                                                                                                  • String ID:
                                                                                                  • API String ID: 1029625771-0
                                                                                                  • Opcode ID: 2e5a860f1c3ac571e3886064a4a51e2a3d128d9c830541c62507278d239fe95a
                                                                                                  • Instruction ID: a5d0a7481fad3817c92324e86eb6b4a9824d23fd72139cdc0a2b956bc0e56fb3
                                                                                                  • Opcode Fuzzy Hash: 2e5a860f1c3ac571e3886064a4a51e2a3d128d9c830541c62507278d239fe95a
                                                                                                  • Instruction Fuzzy Hash: 8411E4B6D013499FDB20DF9AC444ADEFBF8EF48710F10846AE919A7210C379A945CFA5
                                                                                                  Function 06B4C080 Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • GetModuleHandleW.KERNEL32(00000000,?,?,?,?,?,?,?,06B4CB6C), ref: 06B4CDA6
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2237684880.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6b40000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: HandleModule
                                                                                                  • String ID:
                                                                                                  • API String ID: 4139908857-0
                                                                                                  • Opcode ID: 59a993d11573f2119989164ac8214cbbaa24fdcdabf2602c097850d4cd04b5c7
                                                                                                  • Instruction ID: 2bb823b54e6a1e2d1d00f041a45a7308e166f65dc2ed80e70a490fb7219794ff
                                                                                                  • Opcode Fuzzy Hash: 59a993d11573f2119989164ac8214cbbaa24fdcdabf2602c097850d4cd04b5c7
                                                                                                  • Instruction Fuzzy Hash: 3E11F3B5C002498FDB10DF9AC444ADEFFF4EF89610F10846AD929B7210D379A545CFA5
                                                                                                  Function 06B4CD3D Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • GetModuleHandleW.KERNEL32(00000000,?,?,?,?,?,?,?,06B4CB6C), ref: 06B4CDA6
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2237684880.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6b40000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: HandleModule
                                                                                                  • String ID:
                                                                                                  • API String ID: 4139908857-0
                                                                                                  • Opcode ID: 675723cac2ccbed7777b973d7a1bd4c8fab0b922e8b345d14a97afc7137c96f2
                                                                                                  • Instruction ID: e50634f3896486d63669acd2319e1bdf490ae8d801c141e17ff428a6126a2d45
                                                                                                  • Opcode Fuzzy Hash: 675723cac2ccbed7777b973d7a1bd4c8fab0b922e8b345d14a97afc7137c96f2
                                                                                                  • Instruction Fuzzy Hash: 9411F0B5C002499FCB10DF9AD844ADEFFF8EF89610F10846AD828A7210D379A545CFA5
                                                                                                  Function 06CF9C68 Relevance: 1.5, APIs: 1, Instructions: 48windowCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • PostMessageW.USER32(?,?,?,?), ref: 06CF9CCD
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2238528632.0000000006CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CF0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6cf0000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: MessagePost
                                                                                                  • String ID:
                                                                                                  • API String ID: 410705778-0
                                                                                                  • Opcode ID: e4e4bba1a00995fb46c80cc10d831f1dc0b35e0d0a52b1ed271630eb8f2d82f5
                                                                                                  • Instruction ID: 54ae80ca37dbdb6c07f57c38467e9f755d38594ad1ed76d1f380101bc931f428
                                                                                                  • Opcode Fuzzy Hash: e4e4bba1a00995fb46c80cc10d831f1dc0b35e0d0a52b1ed271630eb8f2d82f5
                                                                                                  • Instruction Fuzzy Hash: CD11D3B58003499FDB50DF9AD985BDEFBF8FB48310F20841AE559A7210C379A544CFA5
                                                                                                  Function 06CF9C70 Relevance: 1.5, APIs: 1, Instructions: 44windowCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • PostMessageW.USER32(?,?,?,?), ref: 06CF9CCD
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2238528632.0000000006CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CF0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6cf0000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: MessagePost
                                                                                                  • String ID:
                                                                                                  • API String ID: 410705778-0
                                                                                                  • Opcode ID: b269af7de8c60de8f0123916fe58e689d11618b88d5b3b55088c437e0c920cf4
                                                                                                  • Instruction ID: 7f2249318342b602dac0cf52960034b91ea26ef0e4bfae25ba85d7a12f5de2e0
                                                                                                  • Opcode Fuzzy Hash: b269af7de8c60de8f0123916fe58e689d11618b88d5b3b55088c437e0c920cf4
                                                                                                  • Instruction Fuzzy Hash: E911D0B58003499FDB50DF9AD985BDEFBF8FB48320F20841AE558A7210C379A944CFA5
                                                                                                  Function 01518DE0 Relevance: 1.4, Strings: 1, Instructions: 199COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2228957910.0000000001510000.00000040.00000800.00020000.00000000.sdmp, Offset: 01510000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_1510000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: 4'jq
                                                                                                  • API String ID: 0-3676250632
                                                                                                  • Opcode ID: e56f8941561385d6456b55355b77a2aa0061ba7529e40c205e8a9c573da0da51
                                                                                                  • Instruction ID: 79c562d6fd2bfb51038a1dce63f81c579019bf8fad17decbe7f293173c0ec5d5
                                                                                                  • Opcode Fuzzy Hash: e56f8941561385d6456b55355b77a2aa0061ba7529e40c205e8a9c573da0da51
                                                                                                  • Instruction Fuzzy Hash: 04819234A00209DFDB26CF68C584A9EBBB6FF44310F1685A9E9149F366C734ED84CB91
                                                                                                  Function 06CC47A0 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2238376905.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6cc0000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: Hnq
                                                                                                  • API String ID: 0-2896580000
                                                                                                  • Opcode ID: 126213600ceb24a79b526e7baf9061acd4d42666d64a5a663ed05273f1126a20
                                                                                                  • Instruction ID: 824d2a21b2e4997393ffdfc499f6c617c1295d7e5403feac59b3e7ea52b57cf9
                                                                                                  • Opcode Fuzzy Hash: 126213600ceb24a79b526e7baf9061acd4d42666d64a5a663ed05273f1126a20
                                                                                                  • Instruction Fuzzy Hash: 49411436B002149FC7456F6998506BF3BDBEFC5220B65806AE806DB395DE39CC46D3D1
                                                                                                  Function 06CCF5B9 Relevance: 1.4, Strings: 1, Instructions: 141COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2238376905.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6cc0000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: PHjq
                                                                                                  • API String ID: 0-751881793
                                                                                                  • Opcode ID: fada7eaeec455d35c162ae306856adca553f0a1823c8de2627a391137065d182
                                                                                                  • Instruction ID: 8f6d995d14b8720ebdec01a6e06e1ca3332d0fb4b3ae339776134b5c72df97b2
                                                                                                  • Opcode Fuzzy Hash: fada7eaeec455d35c162ae306856adca553f0a1823c8de2627a391137065d182
                                                                                                  • Instruction Fuzzy Hash: 22515534A405058FDB58DF28C998BA9B7B6FF88720F1581ADE426DB274CB31ED45CB90
                                                                                                  Function 06CCBDB8 Relevance: 1.4, Strings: 1, Instructions: 120COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2238376905.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6cc0000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: Hnq
                                                                                                  • API String ID: 0-2896580000
                                                                                                  • Opcode ID: f585df33bb6edfdb00c97aa87ab73c303252ae4eb8c528296f636aebc0184243
                                                                                                  • Instruction ID: dcfe0faf55795f9543dbad726172cc6e4f2b70c873585783c8533f1351e8e19c
                                                                                                  • Opcode Fuzzy Hash: f585df33bb6edfdb00c97aa87ab73c303252ae4eb8c528296f636aebc0184243
                                                                                                  • Instruction Fuzzy Hash: 2341C234B002008FDBA4DA79D845BAA73EAAFC4B20F1484AEE505CB3A4CB74DD41CBD1
                                                                                                  Function 06CC9388 Relevance: 1.4, Strings: 1, Instructions: 115COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2238376905.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6cc0000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: (nq
                                                                                                  • API String ID: 0-2756854522
                                                                                                  • Opcode ID: 0e94ad6dc83d33bd081b25403e6aadbf7f658afc7f50e51ebd54f1b0cd78c4e1
                                                                                                  • Instruction ID: 75d93567f5782382b1785aac6bc7cfd4f3347653c9e8e584a82ef63d33e42f3d
                                                                                                  • Opcode Fuzzy Hash: 0e94ad6dc83d33bd081b25403e6aadbf7f658afc7f50e51ebd54f1b0cd78c4e1
                                                                                                  • Instruction Fuzzy Hash: 673127357082C14FE72AAB3A986437A3F969B91310F0C407DD516CB2C5EE79CA01D791
                                                                                                  Function 015199D8 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2228957910.0000000001510000.00000040.00000800.00020000.00000000.sdmp, Offset: 01510000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_1510000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: Tejq
                                                                                                  • API String ID: 0-2468842661
                                                                                                  • Opcode ID: d2e738ede02105f0ec1c63c455fac998f1f8d0dd3ef424709e5159b205fe3987
                                                                                                  • Instruction ID: 3db6f16b51651d710e180f9e70d4a8db909df20b0a60a2d3f8a021e2e3f3a09a
                                                                                                  • Opcode Fuzzy Hash: d2e738ede02105f0ec1c63c455fac998f1f8d0dd3ef424709e5159b205fe3987
                                                                                                  • Instruction Fuzzy Hash: 52412675D0021ACFEF25DFA5C845ADDBBB2BF89300F108169D909BB265DB715949CF40
                                                                                                  Function 06CCF794 Relevance: 1.4, Strings: 1, Instructions: 104COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2238376905.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6cc0000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: (nq
                                                                                                  • API String ID: 0-2756854522
                                                                                                  • Opcode ID: 84ba5f8ead6c87f4ba9a3dea65849c25023a787077f46926900408fa5c52e85e
                                                                                                  • Instruction ID: e3ac4ba44e0695fc711f0b95ff6f955175e2ca2057a871ace1f1fd1ec88a9d22
                                                                                                  • Opcode Fuzzy Hash: 84ba5f8ead6c87f4ba9a3dea65849c25023a787077f46926900408fa5c52e85e
                                                                                                  • Instruction Fuzzy Hash: E94162306006008FC7A59F39C848B553BA6BF86724F1585AED49ACB3A1DF74D94ACB40
                                                                                                  Function 06CC52B3 Relevance: 1.3, Strings: 1, Instructions: 97COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2238376905.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6cc0000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: Hnq
                                                                                                  • API String ID: 0-2896580000
                                                                                                  • Opcode ID: a058b38f50ff060edc6082d210a9a121efa41deb7bd608d5d8a560c46a1fc833
                                                                                                  • Instruction ID: 96f14655de0bb0713a074c1755789a60c9f928a3f3d1e3a6a70c743ab0f0ed88
                                                                                                  • Opcode Fuzzy Hash: a058b38f50ff060edc6082d210a9a121efa41deb7bd608d5d8a560c46a1fc833
                                                                                                  • Instruction Fuzzy Hash: 47316431B01611ABC798AF29841027EBAE6FFC0320B18461ED40997B90CF74FA52C7E1
                                                                                                  Function 015152C7 Relevance: 1.3, Strings: 1, Instructions: 89COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2228957910.0000000001510000.00000040.00000800.00020000.00000000.sdmp, Offset: 01510000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_1510000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: 8nq
                                                                                                  • API String ID: 0-2810462305
                                                                                                  • Opcode ID: a84184e8ccfe40a0ee4b20add18afba4104d075bc8b799bf27ccc1d677462bd2
                                                                                                  • Instruction ID: b38e6c5f79bd34eaa24d9663ba8aa71afc04a36468194d6ec56842d1ceb54e33
                                                                                                  • Opcode Fuzzy Hash: a84184e8ccfe40a0ee4b20add18afba4104d075bc8b799bf27ccc1d677462bd2
                                                                                                  • Instruction Fuzzy Hash: DC31D075E14209CFDB01CFA9C944AEDBBF1BF89300F20942AE419BB264EB345905CF50
                                                                                                  Function 06CC9060 Relevance: 1.3, Strings: 1, Instructions: 83COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2238376905.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6cc0000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: $jq
                                                                                                  • API String ID: 0-2886413773
                                                                                                  • Opcode ID: a155417b205a4f91aa1eba9b901eb3d74b66f406fc0a820a2922c5fe06c865e9
                                                                                                  • Instruction ID: b99719714c1ccdb659945b32b1f1dfb4c6bfd6023deb405fe94e7b337d5acdd0
                                                                                                  • Opcode Fuzzy Hash: a155417b205a4f91aa1eba9b901eb3d74b66f406fc0a820a2922c5fe06c865e9
                                                                                                  • Instruction Fuzzy Hash: E02160307411408FDB949A3EC858A2A77FAFF8E72075140ADD50ACB3A1DE31CD42CB66
                                                                                                  Function 06CC9050 Relevance: 1.3, Strings: 1, Instructions: 82COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2238376905.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6cc0000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: $jq
                                                                                                  • API String ID: 0-2886413773
                                                                                                  • Opcode ID: a9f573b75c11a661543dcac8031fce77b8fba6255f4242539795e96f25183ae1
                                                                                                  • Instruction ID: 37e3e824ad22f597f4fb9ca8c6dfce2ee24df65c6215a2b0a92680e68386404b
                                                                                                  • Opcode Fuzzy Hash: a9f573b75c11a661543dcac8031fce77b8fba6255f4242539795e96f25183ae1
                                                                                                  • Instruction Fuzzy Hash: B92162307011409FDBA59A3AC848A2977FAAF4A76171540ADE506CB2A1DB31CD41C7A1
                                                                                                  Function 06CEF818 Relevance: .6, Instructions: 596COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2238467268.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6ce0000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: b2d13def2ce24f081880d42ade49c925d5e43c8f7ccfc741e52ab04153b71fdf
                                                                                                  • Instruction ID: 2ab03de0812e36ed95cbc8932c8ddd3f68b086bc51f5d96a39b15048de5e0c4b
                                                                                                  • Opcode Fuzzy Hash: b2d13def2ce24f081880d42ade49c925d5e43c8f7ccfc741e52ab04153b71fdf
                                                                                                  • Instruction Fuzzy Hash: 73122931A153018FC706FBB8D998A6EBBB6EFC5200F45486ED445E739ADE389D05C3A1
                                                                                                  Function 06CEB8A8 Relevance: .5, Instructions: 457COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2238467268.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6ce0000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 21ea28a1d5f470e91efe19fd202277402c46d9b4704c89833abced70d59dd3a0
                                                                                                  • Instruction ID: 62487afa4b1f08b0ff7e36272eda2aceaa3c00090f1166f99e587abc12ff1817
                                                                                                  • Opcode Fuzzy Hash: 21ea28a1d5f470e91efe19fd202277402c46d9b4704c89833abced70d59dd3a0
                                                                                                  • Instruction Fuzzy Hash: 94F1B035A10205CBCB05FFB9EA88A7DBBB6FF84200F454869D445E73A8DE389C45DB90
                                                                                                  Function 06CC19E8 Relevance: .5, Instructions: 456COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2238376905.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6cc0000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: a9a70457d265f605c3aabb777d43da7c921da5c2d7c9e9ce96efd15e5ef7fbb3
                                                                                                  • Instruction ID: a1ca39f7cfdb027e6112c71c67ac63e2a632706c3f7ea05d3d6a2aa68ac24cf3
                                                                                                  • Opcode Fuzzy Hash: a9a70457d265f605c3aabb777d43da7c921da5c2d7c9e9ce96efd15e5ef7fbb3
                                                                                                  • Instruction Fuzzy Hash: E9224FB0D05B824BEBB8DF64898439EF790BB05360F20895FC0FAC9256D7799386DB45
                                                                                                  Function 06CC19E7 Relevance: .4, Instructions: 448COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2238376905.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6cc0000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: a06ed722d45582e837013daa785fbfb70f1c6b30b003167fc639acd486dc04cf
                                                                                                  • Instruction ID: ba8ef59e2c0930e44c6049eff17d90af45bc68bef5c3687217cb6e9009c951b5
                                                                                                  • Opcode Fuzzy Hash: a06ed722d45582e837013daa785fbfb70f1c6b30b003167fc639acd486dc04cf
                                                                                                  • Instruction Fuzzy Hash: A4123EB0D05B824BEBB8DF65898439EF790BB05360F20891FC0FAC9256D7799386DB45
                                                                                                  Function 06CEB1C0 Relevance: .4, Instructions: 438COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2238467268.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6ce0000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: c307634542f404ae2b7c1bcd624d141d4b84dec086226e4f890a15a0a94fb458
                                                                                                  • Instruction ID: 64234e898739e5dbcbd74e54a137c37ff4e2a81f3274d7e80236fdd19c09a2bf
                                                                                                  • Opcode Fuzzy Hash: c307634542f404ae2b7c1bcd624d141d4b84dec086226e4f890a15a0a94fb458
                                                                                                  • Instruction Fuzzy Hash: C7E1C431B10205CBCB45FBB9E6C9A7DBBFAEB88210F854869D445E7358DE389C44C7A1
                                                                                                  Function 06CEB7A5 Relevance: .4, Instructions: 433COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2238467268.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6ce0000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 107d797ef18a45013188134eea066eac29d7a77e82c283e1ce409c0bf3f03218
                                                                                                  • Instruction ID: 3ee0b90b40f043d92ffb116b7a0f240d4a4723d69abda57b00cffa3c59072085
                                                                                                  • Opcode Fuzzy Hash: 107d797ef18a45013188134eea066eac29d7a77e82c283e1ce409c0bf3f03218
                                                                                                  • Instruction Fuzzy Hash: CFE12C71A193858FC703EBB8D99877DBFB2EF46200F0944EAD485DB2A6DA384C45C761
                                                                                                  Function 06CEEE20 Relevance: .4, Instructions: 426COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2238467268.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6ce0000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 71b901f004f7376c6272453095cd8ad45639ea38eb194d2cc14492571e256c4a
                                                                                                  • Instruction ID: 4f3137900228ae20dad2588bfa265a97d7d21ae3ac2d149b6335e3d11498b8d5
                                                                                                  • Opcode Fuzzy Hash: 71b901f004f7376c6272453095cd8ad45639ea38eb194d2cc14492571e256c4a
                                                                                                  • Instruction Fuzzy Hash: 98F14C30E14219CFCB44EFB5E58A6ADBBB6FB88704F404969E856E7368DE345C448BD0
                                                                                                  Function 06CE9860 Relevance: .4, Instructions: 366COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2238467268.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6ce0000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 27d8cfd280f9df5f092d0b77316de2de277085f8ef82e0ff4aebf4284b60ee6b
                                                                                                  • Instruction ID: 2807012b1232fdce0f99ad931b621aa1cdd66e4cf9b37126e1e2843eeb109249
                                                                                                  • Opcode Fuzzy Hash: 27d8cfd280f9df5f092d0b77316de2de277085f8ef82e0ff4aebf4284b60ee6b
                                                                                                  • Instruction Fuzzy Hash: 6AC1BF31A10315CFCB05BBB9E98D66EBBFAEF88200F444968D845E7358DE389C58C791
                                                                                                  Function 06CEE230 Relevance: .4, Instructions: 351COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2238467268.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6ce0000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 57bf4670517b9576cce043d00f895db49f53f6b9e5191d6e01f94305d37f5e21
                                                                                                  • Instruction ID: 3c7fa1641773cab1cb18b996d2da4e1380788232680c2fc778f86cce5be26117
                                                                                                  • Opcode Fuzzy Hash: 57bf4670517b9576cce043d00f895db49f53f6b9e5191d6e01f94305d37f5e21
                                                                                                  • Instruction Fuzzy Hash: C4C1AE31A10214CFCB45FBB9D989A6DB7FAFF88240F404968D446E7369DE389C45C7A1
                                                                                                  Function 06CED967 Relevance: .4, Instructions: 351COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2238467268.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6ce0000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 07d5fc5266a1c104116ce0fad4b53a1d2d4b5677305cfc1c9b44e9aaca41830f
                                                                                                  • Instruction ID: 1278bc9db0c202d5f35e50baf9f12fcbb57dad598fc07c5f5ea514e8e2439658
                                                                                                  • Opcode Fuzzy Hash: 07d5fc5266a1c104116ce0fad4b53a1d2d4b5677305cfc1c9b44e9aaca41830f
                                                                                                  • Instruction Fuzzy Hash: 7BB1E6316193418FC746BB79D99862DBBF6EFC6200F45889ED0C6C73A6D9789C09C722
                                                                                                  Function 06CEE897 Relevance: .3, Instructions: 340COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2238467268.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6ce0000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: e7017559e6be4c3771921edee1b9a2220612f110f60461f79bf907cda0280e34
                                                                                                  • Instruction ID: 05ba5bb8e0f5b8bf6121e559342446b151812f97bd02e662eb380c2087564fac
                                                                                                  • Opcode Fuzzy Hash: e7017559e6be4c3771921edee1b9a2220612f110f60461f79bf907cda0280e34
                                                                                                  • Instruction Fuzzy Hash: 72C18175A10204CFCB48FFB9E589A6DBBF6FF88200F414869E445A7368DE389C59CB51
                                                                                                  Function 06CE0DED Relevance: .3, Instructions: 314COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2238467268.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6ce0000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: a1e9ca44d42715d049d10b2693940424d3c0560bfceba59389ad4cbf1dfc0d92
                                                                                                  • Instruction ID: 42f56aa9e4cc2b7c2020797c9ec16385ee4e6c32445bcb20262db2e7630a7640
                                                                                                  • Opcode Fuzzy Hash: a1e9ca44d42715d049d10b2693940424d3c0560bfceba59389ad4cbf1dfc0d92
                                                                                                  • Instruction Fuzzy Hash: 34C17834B11284CFC748EF7AC694869BBF6BF9960071484AED40ACB774EA35EC14CB80
                                                                                                  Function 06CEE222 Relevance: .3, Instructions: 298COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2238467268.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6ce0000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: ff957808f1e3a1cbaa321b5d4507d9c4fd7d4b7a67a81d4e47c9bcac95b6eaec
                                                                                                  • Instruction ID: bcda539128caca4179a023379c2ad3f1d3f806f8a261621536d795c795dcc62c
                                                                                                  • Opcode Fuzzy Hash: ff957808f1e3a1cbaa321b5d4507d9c4fd7d4b7a67a81d4e47c9bcac95b6eaec
                                                                                                  • Instruction Fuzzy Hash: 19A1EF31A10214CFCB45BBB9E98966DBBF6FF88240F414968D442E73A9DF389C44C7A1
                                                                                                  Function 06CEAAFC Relevance: .3, Instructions: 297COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2238467268.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6ce0000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: e683eb8cf7fa13391ab9268fd300b4864d3e046178c0e38b2952f16a134d2d2b
                                                                                                  • Instruction ID: 8f65ebbe2d5d93ca9bcb74c5a4f2d4fc90c79ab56584c0cc3a38b9629c3603e0
                                                                                                  • Opcode Fuzzy Hash: e683eb8cf7fa13391ab9268fd300b4864d3e046178c0e38b2952f16a134d2d2b
                                                                                                  • Instruction Fuzzy Hash: 52A1D171A10214CFCB05FBB9D989A6DBBFAFB88200F414969D445E73A8DE389C54C7A1
                                                                                                  Function 06CE9850 Relevance: .3, Instructions: 273COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2238467268.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6ce0000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 7cc39e2025aeb7ab42aa1a74f40906133950a4d0a7a610095c398b62cf59af85
                                                                                                  • Instruction ID: d1b8996f0476f9ed705b74fc70e0f9dca23e1238912459d9d28b9498c6d50825
                                                                                                  • Opcode Fuzzy Hash: 7cc39e2025aeb7ab42aa1a74f40906133950a4d0a7a610095c398b62cf59af85
                                                                                                  • Instruction Fuzzy Hash: 4591A035A10315CBCB05BFB9E5896AEBBF6EB88200F444968E845E7358DE389C45C7D1
                                                                                                  Function 06CEAB40 Relevance: .3, Instructions: 269COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2238467268.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6ce0000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: b1d6b462769eee5a04825175427f44ac9e1760d51497d7c4783034c2aa66a2a3
                                                                                                  • Instruction ID: 5ab6afbb116352d277a4f6d2e7ed90e7c34b558f57e074749810f3810f447b9c
                                                                                                  • Opcode Fuzzy Hash: b1d6b462769eee5a04825175427f44ac9e1760d51497d7c4783034c2aa66a2a3
                                                                                                  • Instruction Fuzzy Hash: 4F918071A10214CFCB05FBF9E989A6DBBFAFB88200F414969D445E7368DE389C54C7A1
                                                                                                  Function 06CED9C0 Relevance: .3, Instructions: 268COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2238467268.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6ce0000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 3003d2642081314788350cc68aca5011436040f4ffe67cf5d7e0658e3afa7eeb
                                                                                                  • Instruction ID: 55928cc9531d492c3579202a1ec3c177be90348bcbdc4e91e5229aa02c2ed239
                                                                                                  • Opcode Fuzzy Hash: 3003d2642081314788350cc68aca5011436040f4ffe67cf5d7e0658e3afa7eeb
                                                                                                  • Instruction Fuzzy Hash: CE91B5317147018BC745BBBDD59962EB7EBEFC4210F40886DE48A87358DE78AC08D762
                                                                                                  Function 06CCA0A8 Relevance: .2, Instructions: 223COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2238376905.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6cc0000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 0b7baa68fb9739c10f06a486a3254d85a0f1dc202bb08a439ae0ad8530a5fd9c
                                                                                                  • Instruction ID: 79205a37949755b31d38129138394c3bcb698dc1b4bd8766b3640b260724d7a0
                                                                                                  • Opcode Fuzzy Hash: 0b7baa68fb9739c10f06a486a3254d85a0f1dc202bb08a439ae0ad8530a5fd9c
                                                                                                  • Instruction Fuzzy Hash: C9A1D634A00208DFDB58DFA9D888F997BB1FF49325F1581B8E4099B276DB34E885CB50
                                                                                                  Function 01516800 Relevance: .2, Instructions: 206COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2228957910.0000000001510000.00000040.00000800.00020000.00000000.sdmp, Offset: 01510000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_1510000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: f03c328e20816aa552ffc10368fa92e43dbe7ea8068a10da556c9628a27373f5
                                                                                                  • Instruction ID: 6c6c6a3dcf34d71a6588b6915acd3ad14dd3df74bc96eeba3828dcefd43d2ec5
                                                                                                  • Opcode Fuzzy Hash: f03c328e20816aa552ffc10368fa92e43dbe7ea8068a10da556c9628a27373f5
                                                                                                  • Instruction Fuzzy Hash: 4C61EF717042519FE7169A7ED854B3E7BE6BB84210F14846AE802CF3A9DFB4CC45D790
                                                                                                  Function 01518770 Relevance: .2, Instructions: 188COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2228957910.0000000001510000.00000040.00000800.00020000.00000000.sdmp, Offset: 01510000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_1510000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: c5f1a26098c13ad8838df9a3aca965a74048a82aab4678b67568a0ecf54fa284
                                                                                                  • Instruction ID: 254c6f6243e6eba14e63f275cf6797f11c21595971bc271a6d3605b76db6240d
                                                                                                  • Opcode Fuzzy Hash: c5f1a26098c13ad8838df9a3aca965a74048a82aab4678b67568a0ecf54fa284
                                                                                                  • Instruction Fuzzy Hash: 3C619271B002059FDB15DF69D884AAEBBF6FF88320F148569E516DB3A5CB309C06CB90
                                                                                                  Function 06CEFDB4 Relevance: .2, Instructions: 176COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2238467268.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6ce0000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 448a6b3713ba85b94605bc35ca1f4a1e1cae919e586cd2ab7cecb3cee6bdf2e1
                                                                                                  • Instruction ID: 30a7e293636e27330d2ed7141df3e3678e479babeb68a9db3ea7c51775e7b988
                                                                                                  • Opcode Fuzzy Hash: 448a6b3713ba85b94605bc35ca1f4a1e1cae919e586cd2ab7cecb3cee6bdf2e1
                                                                                                  • Instruction Fuzzy Hash: 2C51B16050E3C14FC70397B898A46AA7FB5EF83100B0A45DFD4D5CB6A7D62C9C0AC362
                                                                                                  Function 0151ECA8 Relevance: .2, Instructions: 168COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2228957910.0000000001510000.00000040.00000800.00020000.00000000.sdmp, Offset: 01510000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_1510000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 37bbc646db0b5376ab038e6b0acdcd7599b0903c0938da0a330d14a488d67356
                                                                                                  • Instruction ID: cf81c89e586da44443cec5a717d4cef0663167a440bb7c74abfcf3eecf520e02
                                                                                                  • Opcode Fuzzy Hash: 37bbc646db0b5376ab038e6b0acdcd7599b0903c0938da0a330d14a488d67356
                                                                                                  • Instruction Fuzzy Hash: 3D51AE71E002459FDB05DFADC9496AFBBF6FF98210F14846AD809EB344DB349905CBA1
                                                                                                  Function 06CC17A8 Relevance: .2, Instructions: 156COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2238376905.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6cc0000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 45c7bfe9a7c7dbf435c80f8ef0f03b41d650288df073ebcfe4fecb066f2b9f7a
                                                                                                  • Instruction ID: 971f54a50396ef4131afe49e0032e33ef75c2c232a179f0a7f98542e0340cc9d
                                                                                                  • Opcode Fuzzy Hash: 45c7bfe9a7c7dbf435c80f8ef0f03b41d650288df073ebcfe4fecb066f2b9f7a
                                                                                                  • Instruction Fuzzy Hash: 56519532E00505CFDF45DFA5D8409EEB7B6EF85710F0A806AE915EB262D775E906CB80
                                                                                                  Function 06CC9B10 Relevance: .1, Instructions: 142COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2238376905.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6cc0000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 728aa9aa5cb64a902b0a1d378c8f89be2f914db765c96b76d71cdf00256443d6
                                                                                                  • Instruction ID: ee271eddd3ba36ffe9d04c6b0e72ac81d58ed48e22f71312b02d3b084e755bf4
                                                                                                  • Opcode Fuzzy Hash: 728aa9aa5cb64a902b0a1d378c8f89be2f914db765c96b76d71cdf00256443d6
                                                                                                  • Instruction Fuzzy Hash: E441D2307007508FC7A9EF38C86466ABBE2BF85710B2045AED4568B3A5DF36DC0ACB51
                                                                                                  Function 06CC3B9C Relevance: .1, Instructions: 127COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2238376905.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6cc0000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: ff0336aa2108867566e2feeb866c5c4342b8b0d43938adaa6689ad1245b6e0bb
                                                                                                  • Instruction ID: 9ad42b15a5f1e9ba294fc44acdad11080227694515d195f5644f5febb8ba7814
                                                                                                  • Opcode Fuzzy Hash: ff0336aa2108867566e2feeb866c5c4342b8b0d43938adaa6689ad1245b6e0bb
                                                                                                  • Instruction Fuzzy Hash: D9419D709002098FCB44DFAAD8946AFBBF5FF89310F14C86AE818EB251D734D944CBA1
                                                                                                  Function 06CC901C Relevance: .1, Instructions: 121COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2238376905.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6cc0000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 864372fbf92f61d7d93d7f169d7d3e8fe6d3831eb462227adb00609f52e765bc
                                                                                                  • Instruction ID: 6b0454c98e74d128ef4f5ceaa3f4ac6b14f2646f83a108a93bf7dab6df553dc9
                                                                                                  • Opcode Fuzzy Hash: 864372fbf92f61d7d93d7f169d7d3e8fe6d3831eb462227adb00609f52e765bc
                                                                                                  • Instruction Fuzzy Hash: 6F4180307006009FDBA8AB69C885B6EB3A6FF84321F14466DD516CB3A0CF75EC46DB91
                                                                                                  Function 06CC0D81 Relevance: .1, Instructions: 121COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2238376905.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6cc0000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 33b47b209f0da247a63606050cc9dddc2245257d2ebe97c47b0439043a5144cd
                                                                                                  • Instruction ID: 7daad9e1b6d9e55f12793b3ba860dfbeb9764fca7833748d35cbf29b596f12a3
                                                                                                  • Opcode Fuzzy Hash: 33b47b209f0da247a63606050cc9dddc2245257d2ebe97c47b0439043a5144cd
                                                                                                  • Instruction Fuzzy Hash: 92416130F04749EEEB95DF79C4447AA7BA0AF81360F14C56DE8998B251E732E681C7D0
                                                                                                  Function 06CCB2C8 Relevance: .1, Instructions: 118COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2238376905.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6cc0000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 612b570890128fa900e3145fb92f234bfe3649cc4a1ce5fb16e1fcb99afb7c7d
                                                                                                  • Instruction ID: 5cdf5ea4f636e526cd5c5dfad87692c2f433b5c638b4213f696e33ea8c78f2bc
                                                                                                  • Opcode Fuzzy Hash: 612b570890128fa900e3145fb92f234bfe3649cc4a1ce5fb16e1fcb99afb7c7d
                                                                                                  • Instruction Fuzzy Hash: C5418C30700A00DFDBA8AF64C885B6EB3A6BF84321F14466DD5168B3A0CF75AD46DB91
                                                                                                  Function 06CC902C Relevance: .1, Instructions: 117COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2238376905.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6cc0000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 9392bd7932a310802d8c6934ed3668d8593036ca132cce99556af15f62f9a3d7
                                                                                                  • Instruction ID: 907cfa8865a2859dda0eea16bc522995c497be7f2ce847feaa89cbe8ee5bf9fb
                                                                                                  • Opcode Fuzzy Hash: 9392bd7932a310802d8c6934ed3668d8593036ca132cce99556af15f62f9a3d7
                                                                                                  • Instruction Fuzzy Hash: 8E415A387006048FD794DB79C844F6A73A6BF84725F1184ADE046CB3B1CA74EC45CB90
                                                                                                  Function 06CCDA22 Relevance: .1, Instructions: 110COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2238376905.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6cc0000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: c09e3745e3ce4910ef712c71bdcb0119f3d438098b8bb8589c90cf0a887b5947
                                                                                                  • Instruction ID: 8f84be7c99facb8126aee171781a275dc9b8be648e7488c515a51e1c7f312a23
                                                                                                  • Opcode Fuzzy Hash: c09e3745e3ce4910ef712c71bdcb0119f3d438098b8bb8589c90cf0a887b5947
                                                                                                  • Instruction Fuzzy Hash: 1E416A757006109FC799EF38D85862E7BE6EF89620B14456DE05ACB3A1DF34ED06CB81
                                                                                                  Function 01519068 Relevance: .1, Instructions: 108COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2228957910.0000000001510000.00000040.00000800.00020000.00000000.sdmp, Offset: 01510000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_1510000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 6ac545db62bfc5e1134fae7cd5186064dabe91e4b9b8266fbfa989874b27c936
                                                                                                  • Instruction ID: 943576bc5cc5e014251c63bd5c307c2fe83e4dad550aa2a7c5f7aca7df1e25a2
                                                                                                  • Opcode Fuzzy Hash: 6ac545db62bfc5e1134fae7cd5186064dabe91e4b9b8266fbfa989874b27c936
                                                                                                  • Instruction Fuzzy Hash: 3B410474D00209DFEB05DFAAD4583EEBBF2BF88315F14886AD415A6294DB385A85CF90
                                                                                                  Function 06CC9158 Relevance: .1, Instructions: 103COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2238376905.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6cc0000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 085c7a106c007fe3d6b2aaef999c39c32f3a1414fc8f67d254cb8613abc4e89e
                                                                                                  • Instruction ID: adac4cb1b60111b2e5c8924b1cf8a79df311cd2a423b1739eadbd01de48ebd00
                                                                                                  • Opcode Fuzzy Hash: 085c7a106c007fe3d6b2aaef999c39c32f3a1414fc8f67d254cb8613abc4e89e
                                                                                                  • Instruction Fuzzy Hash: 683192717002008FD7A59A78985862BB7AAFFC5720B10843EC64A8B398DF35DD46CB91
                                                                                                  Function 06CCAF3C Relevance: .1, Instructions: 101COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2238376905.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6cc0000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 5db48f0e3af6e62ac50d47e0c95946ab107e2a191146343c872519fc7577a1ab
                                                                                                  • Instruction ID: 33a34f3f9a416b99ae746e4bcb34c76e6cb2ec9fe7533e7c0d49b5bf7d583ccc
                                                                                                  • Opcode Fuzzy Hash: 5db48f0e3af6e62ac50d47e0c95946ab107e2a191146343c872519fc7577a1ab
                                                                                                  • Instruction Fuzzy Hash: 043138707006008FDB98DB6AD898F6A73EAEF84724F0594ADE55ACB371DA34ED41CB50
                                                                                                  Function 0151D3AC Relevance: .1, Instructions: 99COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2228957910.0000000001510000.00000040.00000800.00020000.00000000.sdmp, Offset: 01510000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_1510000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 6680844b431f17b33877e24e09cb7b49e161d8ed2fe9b5874990194922300339
                                                                                                  • Instruction ID: fb9ee06ca95f4fcde7d684c4e72afb4f9f8df593c3f71111ccf7914dc42772d5
                                                                                                  • Opcode Fuzzy Hash: 6680844b431f17b33877e24e09cb7b49e161d8ed2fe9b5874990194922300339
                                                                                                  • Instruction Fuzzy Hash: E841DFB1D00209CBDB24DFEAC588ADEBBF5BF48304F64842AD409AB254D7756A46CF90
                                                                                                  Function 015155D0 Relevance: .1, Instructions: 95COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2228957910.0000000001510000.00000040.00000800.00020000.00000000.sdmp, Offset: 01510000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_1510000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: a7abcc629f4f57c2b294c262ebfed8ab3e96d7239ea3742dc41bfeb92fa352a4
                                                                                                  • Instruction ID: 6a467e6614b61b70c060860898e77c925c98e4bd92fb57375c6abe405c9ed94c
                                                                                                  • Opcode Fuzzy Hash: a7abcc629f4f57c2b294c262ebfed8ab3e96d7239ea3742dc41bfeb92fa352a4
                                                                                                  • Instruction Fuzzy Hash: 5831D231300249DFDF069F58E8585AE3BA2FB99351F10482AF9069B364DF34CD51EB91
                                                                                                  Function 06CCC153 Relevance: .1, Instructions: 95COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2238376905.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6cc0000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 2c824f9bb739d9e932ce6dd805c45c5c9bb027f12d2a4be97175cef80ccf3af7
                                                                                                  • Instruction ID: f3b23039115abc83e3eeb0575c2fea97b18b88359953f9d2e22c061f41b1fd7d
                                                                                                  • Opcode Fuzzy Hash: 2c824f9bb739d9e932ce6dd805c45c5c9bb027f12d2a4be97175cef80ccf3af7
                                                                                                  • Instruction Fuzzy Hash: 103135307106008FCB94DF69D898F6A77E9AF89624F1580ADE54ACB371DA30ED41CB50
                                                                                                  Function 06CCCA40 Relevance: .1, Instructions: 84COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2238376905.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6cc0000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 3a9ed7407551016275964fb9a93490e0d16fc4af1a6b863594505435de2e1976
                                                                                                  • Instruction ID: 5f085861c4f0cd1c4a0f5920859899392ad006524da5f66fccaf739a0834fd89
                                                                                                  • Opcode Fuzzy Hash: 3a9ed7407551016275964fb9a93490e0d16fc4af1a6b863594505435de2e1976
                                                                                                  • Instruction Fuzzy Hash: 44219F30B402458FCBD5A679992863E76DBDFC6261308002EDA0ECB394DE28CD42C7E7
                                                                                                  Function 06CCD9B8 Relevance: .1, Instructions: 84COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2238376905.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6cc0000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: b3ef10537fe3b2021be811c28c5d7b64a37d1774ddb5b373a2ff45070adb0a14
                                                                                                  • Instruction ID: 67ab9084f59de2168fafa8827ab97830f827eec009fcb06361042fb3f62520ac
                                                                                                  • Opcode Fuzzy Hash: b3ef10537fe3b2021be811c28c5d7b64a37d1774ddb5b373a2ff45070adb0a14
                                                                                                  • Instruction Fuzzy Hash: 81316F306006008FC7A4DF29C888F5677A6FF81724F51C56EE56A8B2B1CF74E98ACB40
                                                                                                  Function 0151DB38 Relevance: .1, Instructions: 81COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2228957910.0000000001510000.00000040.00000800.00020000.00000000.sdmp, Offset: 01510000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_1510000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 0a9fd4f50d26b451a79ee00d2cdca6fd388d574a8f767ed9d2ed66e88699f9c9
                                                                                                  • Instruction ID: 3fb3ea7866127612f01b2c11c729d17da0e8eda0e6817d2dc7280a2f5d02f761
                                                                                                  • Opcode Fuzzy Hash: 0a9fd4f50d26b451a79ee00d2cdca6fd388d574a8f767ed9d2ed66e88699f9c9
                                                                                                  • Instruction Fuzzy Hash: EE21E1766002058FC701EF79C4496AABBF6FF94214B14896DD54ADB354EF3AD80A8B90
                                                                                                  Function 06CC9B00 Relevance: .1, Instructions: 81COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2238376905.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6cc0000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 4b2c239dfcc971d30eb3dc2315c59178f275edda6d2097e494f00d57da722835
                                                                                                  • Instruction ID: 44434c45b32183744b7fa766b239562096ded0db88f0cab1298c141fddea7b84
                                                                                                  • Opcode Fuzzy Hash: 4b2c239dfcc971d30eb3dc2315c59178f275edda6d2097e494f00d57da722835
                                                                                                  • Instruction Fuzzy Hash: AE218D70B006009FC7A8EF39D890A5AB7F6EF88714B20457DD4168B3A4DB71EC06CB61
                                                                                                  Function 06CCC705 Relevance: .1, Instructions: 79COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2238376905.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6cc0000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 26ad66d3eed8d4fa7d88a3fe62a807ec164c89de26f2c45c42dcfc8259c2e95b
                                                                                                  • Instruction ID: a7bc6900463f63538b1d69a3548f37ec0309363d5168a3db4c7fdda4a30aa2e4
                                                                                                  • Opcode Fuzzy Hash: 26ad66d3eed8d4fa7d88a3fe62a807ec164c89de26f2c45c42dcfc8259c2e95b
                                                                                                  • Instruction Fuzzy Hash: 75312F35A00204CFCB94DF64D544A9DBBF6EF88320F15406CD909AB3A0DB35DD45DBA0
                                                                                                  Function 06CC0C70 Relevance: .1, Instructions: 79COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2238376905.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6cc0000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: b87a6ffde7f8f7643c2d8bc019eda507d7628a6454725dd8484f2b142d1b29f8
                                                                                                  • Instruction ID: c5d5126dbef1f62a6adaece6b443e360319e6c159aefb88d169c764f8d1c89e5
                                                                                                  • Opcode Fuzzy Hash: b87a6ffde7f8f7643c2d8bc019eda507d7628a6454725dd8484f2b142d1b29f8
                                                                                                  • Instruction Fuzzy Hash: FA31E031910B0ADECB01AF78C854499F7B5FF95300B518A5EE9996B221FB30E695CB81
                                                                                                  Function 06CC1799 Relevance: .1, Instructions: 76COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2238376905.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6cc0000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 5316c37d8cae4ee6e7eb406d7ad58da33810cc7aba089523d08a68a294067479
                                                                                                  • Instruction ID: b30a460c04e82773c43133c5705fdbcc67d2baa8546857213b43cc4ca44acc93
                                                                                                  • Opcode Fuzzy Hash: 5316c37d8cae4ee6e7eb406d7ad58da33810cc7aba089523d08a68a294067479
                                                                                                  • Instruction Fuzzy Hash: AB21BD76A002099FCF01CF59D840AEEB7FAFF49310F04042AE910EB291DB309A15CBA0
                                                                                                  Function 0147D4F4 Relevance: .1, Instructions: 75COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2227744556.000000000147D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0147D000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_147d000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 167f5fe85e333f30ad61e0161ca7c88edae459a263d8aafec691698a633ec25c
                                                                                                  • Instruction ID: d16872579dd131d142672357b30a01c2183a32861e5c14af618b5c77d26ba666
                                                                                                  • Opcode Fuzzy Hash: 167f5fe85e333f30ad61e0161ca7c88edae459a263d8aafec691698a633ec25c
                                                                                                  • Instruction Fuzzy Hash: AB2103B1914204DFDB15DF58D9C0F67BF65FF88328F20856AE9090A366C33AD416CBA2
                                                                                                  Function 01516A60 Relevance: .1, Instructions: 74COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2228957910.0000000001510000.00000040.00000800.00020000.00000000.sdmp, Offset: 01510000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_1510000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 62e814894e5f6d9d80c5e47a9a6550e54d490069277b61c26bec6459f410a50d
                                                                                                  • Instruction ID: 5616d0f2fd7a9648e72b8e89030b4621fab1fa960bc5327013d6cd091ac180c8
                                                                                                  • Opcode Fuzzy Hash: 62e814894e5f6d9d80c5e47a9a6550e54d490069277b61c26bec6459f410a50d
                                                                                                  • Instruction Fuzzy Hash: 3321C636700611DBE7169A2AD45852EBBD6FFC4751B14856AE906DF358CFB0EC0187D0
                                                                                                  Function 06CCC2F0 Relevance: .1, Instructions: 74COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2238376905.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6cc0000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 0b911b06177da6b2e918ada31aba1f55f1ebe37a7bbb6ddf018dba87d792d09c
                                                                                                  • Instruction ID: 553315a225735c41f6dd999568a25e33147eb959d4c6eca486ed747c77574a4d
                                                                                                  • Opcode Fuzzy Hash: 0b911b06177da6b2e918ada31aba1f55f1ebe37a7bbb6ddf018dba87d792d09c
                                                                                                  • Instruction Fuzzy Hash: 2C311E302406018FC764DF28D458BA677E6FF84711F5584ADE14ECB361DF75A886CB50
                                                                                                  Function 06CCAF84 Relevance: .1, Instructions: 74COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2238376905.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6cc0000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 13355f23bc16fa75e36868acf7fd50b261edb77551fd29568db2d55144210679
                                                                                                  • Instruction ID: 42849ed69379248c1f8887c031a6cfd2ae5be4054dedcbe710545bf00248dfac
                                                                                                  • Opcode Fuzzy Hash: 13355f23bc16fa75e36868acf7fd50b261edb77551fd29568db2d55144210679
                                                                                                  • Instruction Fuzzy Hash: 993149302406008FC794DB28D888BA677E6FF84721F5485ADE15ECB361CF70A88ACB40
                                                                                                  Function 06CC0C80 Relevance: .1, Instructions: 74COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2238376905.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6cc0000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 02ae64fb0ddbbc4a978f71fd7f1961736b5b1c2bf2df8bf8a844fd657d7d29e8
                                                                                                  • Instruction ID: 720b689ae0d2007359867f56d8bf80b9a0facb6f1feef05c9ffbbb1b7057e434
                                                                                                  • Opcode Fuzzy Hash: 02ae64fb0ddbbc4a978f71fd7f1961736b5b1c2bf2df8bf8a844fd657d7d29e8
                                                                                                  • Instruction Fuzzy Hash: E531FF32D10B09DECB01EFB8C854499F7B5FF95300B118B5AE9596B221FB30E695CB80
                                                                                                  Function 0148D1E8 Relevance: .1, Instructions: 72COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2227966156.000000000148D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0148D000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_148d000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 2a7c3940f56c73afc8efb5f27586efd1ee6776fbdf1da52e67525851173d7181
                                                                                                  • Instruction ID: 554e9a31e0f6f3514bc8ee39e794e7f9212e5e49c85f5bfb7e087419a51f869e
                                                                                                  • Opcode Fuzzy Hash: 2a7c3940f56c73afc8efb5f27586efd1ee6776fbdf1da52e67525851173d7181
                                                                                                  • Instruction Fuzzy Hash: 8B212871904200DFCB05EF98D5C4B1ABB65FB44324F20C56ED9094B3A6C33AD406CA61
                                                                                                  Function 0148D030 Relevance: .1, Instructions: 72COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2227966156.000000000148D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0148D000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_148d000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 0f5cc81abf47fd01c408930dc7a6bcf12e615875dbd87302af18c8b1d475b539
                                                                                                  • Instruction ID: badf579e9f48e62956d16b62ed7d517eacbee9e124e76c152af53581db6df01f
                                                                                                  • Opcode Fuzzy Hash: 0f5cc81abf47fd01c408930dc7a6bcf12e615875dbd87302af18c8b1d475b539
                                                                                                  • Instruction Fuzzy Hash: AC21F5B1904204DFDB15EF58D980F2ABB65FB85318F24C56ED90A4B3A6C33AD447CA62
                                                                                                  Function 06CCCA30 Relevance: .1, Instructions: 72COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2238376905.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6cc0000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 573fa47192a7237fdd8970a5496afca4b4da088cf09b3e1a88c7b9d24fafd52e
                                                                                                  • Instruction ID: 5b4771bc304bdbf93161612dbcab045490f3006ff1b57d388051443ebdb8c6c7
                                                                                                  • Opcode Fuzzy Hash: 573fa47192a7237fdd8970a5496afca4b4da088cf09b3e1a88c7b9d24fafd52e
                                                                                                  • Instruction Fuzzy Hash: 1711B634B002408FDB956B69982863E77DBDFC6661708002EDA0EC7394DF34CD42CBA2
                                                                                                  Function 06CC0AD0 Relevance: .1, Instructions: 70COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2238376905.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6cc0000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 2c988d0f06eb4f72d347cbeb65b57b4bc6c8036d2519749948c805065af43db2
                                                                                                  • Instruction ID: a40dbc766ba57c0a40a29bbaf10ddc94b39fc712202093a15a3d82fea94e14b2
                                                                                                  • Opcode Fuzzy Hash: 2c988d0f06eb4f72d347cbeb65b57b4bc6c8036d2519749948c805065af43db2
                                                                                                  • Instruction Fuzzy Hash: C611DC303002108BE744AA29E810B6F76DBEFC9704F00406AE252CB799CEB5A881A7D1
                                                                                                  Function 0148D006 Relevance: .1, Instructions: 69COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2227966156.000000000148D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0148D000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_148d000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 9fd7fd623116b11d881e128417eb93c482f032848c04c4b3ed438471e87fe10a
                                                                                                  • Instruction ID: 52b617daaf7f4058d0ae82a332a31243914aba5aa1e312d70f8de4e584716b22
                                                                                                  • Opcode Fuzzy Hash: 9fd7fd623116b11d881e128417eb93c482f032848c04c4b3ed438471e87fe10a
                                                                                                  • Instruction Fuzzy Hash: D7217A714093C49FCB03DB64C990B15BF71EB46214F28C5DBD8898F2A7C23A980ACB62
                                                                                                  Function 01518707 Relevance: .1, Instructions: 69COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2228957910.0000000001510000.00000040.00000800.00020000.00000000.sdmp, Offset: 01510000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_1510000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 263198d05fefd34dd2486b893e9a7ef3a32d6d43b3327968f59d23bed9a97966
                                                                                                  • Instruction ID: c7e668de6a92b2f2dcf47765d37da9ea05f8d01fa4e97bd65604255b90a094a5
                                                                                                  • Opcode Fuzzy Hash: 263198d05fefd34dd2486b893e9a7ef3a32d6d43b3327968f59d23bed9a97966
                                                                                                  • Instruction Fuzzy Hash: 3A21AE36A001049BEB15CE68ED85BDDBBB5FB8C320F14842AE911EB395DB319C15CBA0
                                                                                                  Function 0151D364 Relevance: .1, Instructions: 67COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2228957910.0000000001510000.00000040.00000800.00020000.00000000.sdmp, Offset: 01510000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_1510000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 100eecc9342eb07fe76c80d5f75a53b06f54ddc34724319014f8aa676a7f3d33
                                                                                                  • Instruction ID: c91877cb1fd91ed496c51a5253b637c11ebac2d6ab1834771445a3eff72129db
                                                                                                  • Opcode Fuzzy Hash: 100eecc9342eb07fe76c80d5f75a53b06f54ddc34724319014f8aa676a7f3d33
                                                                                                  • Instruction Fuzzy Hash: 3431C0B0D01218DFEB21DFD9C588B9EBFF5BB48314F24881AE408BB254C7B95845CBA5
                                                                                                  Function 015155C0 Relevance: .1, Instructions: 65COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2228957910.0000000001510000.00000040.00000800.00020000.00000000.sdmp, Offset: 01510000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_1510000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 2022e042e814a1b13014b91eaf065f7e98b377aa49a1bfb4fdef876ce5e9f064
                                                                                                  • Instruction ID: 8d30eba359d083b8aab1c1043171027b4824f78a3dea46dadbbb1d94f3a327a1
                                                                                                  • Opcode Fuzzy Hash: 2022e042e814a1b13014b91eaf065f7e98b377aa49a1bfb4fdef876ce5e9f064
                                                                                                  • Instruction Fuzzy Hash: F121F3316042499FEB069F68E85866E3BA1FB95321F14882AF8058F355DB78CC44DB91
                                                                                                  Function 06CC903C Relevance: .1, Instructions: 65COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2238376905.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6cc0000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 3a9d2bb181662e1e9dea72bbc6e828d5073c2e325ec2f39d0044ffbead3b8a89
                                                                                                  • Instruction ID: 3a02937b638606e4209fc82e976a26b973a1b65e4b5b10b48c05416ee871b803
                                                                                                  • Opcode Fuzzy Hash: 3a9d2bb181662e1e9dea72bbc6e828d5073c2e325ec2f39d0044ffbead3b8a89
                                                                                                  • Instruction Fuzzy Hash: A3119071B006048FC764EF3AD95486AB7B5FF8632171445AEE00ACB370DA31D986CB61
                                                                                                  Function 06CC0AE0 Relevance: .1, Instructions: 65COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2238376905.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6cc0000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 22b3ce5173cf1a4230de29b90f2164b16e69bae5f14113074f235c06818af9e6
                                                                                                  • Instruction ID: 75fdf1ad252e69ee5c635d7d15b2e1e215225e34d578a0f67c4b47cbc2eea3c6
                                                                                                  • Opcode Fuzzy Hash: 22b3ce5173cf1a4230de29b90f2164b16e69bae5f14113074f235c06818af9e6
                                                                                                  • Instruction Fuzzy Hash: 87118F303002104BEB48AA69D81176F76DBEFC9B04F00407AE256C7799CDB5AC51A7D5
                                                                                                  Function 01516A51 Relevance: .1, Instructions: 64COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2228957910.0000000001510000.00000040.00000800.00020000.00000000.sdmp, Offset: 01510000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_1510000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: b8f23e80704f64e75eaba460c5d63cbe47c06e181950bb4f8e873c3aeab4e7a0
                                                                                                  • Instruction ID: 54b87c43972bae1ae0b6bce74558f73d29b7664dd8cdc9324795b1dd8df7a88d
                                                                                                  • Opcode Fuzzy Hash: b8f23e80704f64e75eaba460c5d63cbe47c06e181950bb4f8e873c3aeab4e7a0
                                                                                                  • Instruction Fuzzy Hash: 64110436300611CFE7168F29D898A2D7FA1FF8525171981AAE906DF364CF70DC02C7A0
                                                                                                  Function 01518762 Relevance: .1, Instructions: 63COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2228957910.0000000001510000.00000040.00000800.00020000.00000000.sdmp, Offset: 01510000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_1510000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 5e92bc7e08555d6f71a872a7c3b80e5c3b06e4f9a0bc5bb6804e2ef436b58eee
                                                                                                  • Instruction ID: 1080bc1fd1433621373cc7fe4be4d1b63d4e331cce91edbf62cb2a54278e02d2
                                                                                                  • Opcode Fuzzy Hash: 5e92bc7e08555d6f71a872a7c3b80e5c3b06e4f9a0bc5bb6804e2ef436b58eee
                                                                                                  • Instruction Fuzzy Hash: 52114F36A00104ABDB158E69D885B9EBBF6FB8C720F144429F911A7354DB71AC11CBA0
                                                                                                  Function 06CC4A0F Relevance: .1, Instructions: 63COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2238376905.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6cc0000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 02be300c08b51a0c9bcbb0df27009821a1571d88bf7ba901ac6771766bae8a90
                                                                                                  • Instruction ID: b3963fb272fa220033fd0d8d6f35f4f42267b083a317148cef5a104207902a69
                                                                                                  • Opcode Fuzzy Hash: 02be300c08b51a0c9bcbb0df27009821a1571d88bf7ba901ac6771766bae8a90
                                                                                                  • Instruction Fuzzy Hash: E3216A35A0061A8BCF44CF69D9805BFB7F6EF84221B14C42AEC18EB255E734DA51CBA1
                                                                                                  Function 06CC5448 Relevance: .1, Instructions: 62COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2238376905.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6cc0000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 99f67995814572c51562aad1f78da9bf2f62992332276a5b4098e65d03940a6c
                                                                                                  • Instruction ID: 7726137f68302f392fc07410b4916dbefa9b00bd27c18bef36c114609e69f978
                                                                                                  • Opcode Fuzzy Hash: 99f67995814572c51562aad1f78da9bf2f62992332276a5b4098e65d03940a6c
                                                                                                  • Instruction Fuzzy Hash: CD11C131B003009FD765EE26D890BAA73DAEBC5320F54C92DE8498B294CB75F916CB80
                                                                                                  Function 01516B40 Relevance: .1, Instructions: 59COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2228957910.0000000001510000.00000040.00000800.00020000.00000000.sdmp, Offset: 01510000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_1510000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: ce10aad1e1643a54aaf9e343e4b08d5a25d314ca270a41f886769c89e2aabef3
                                                                                                  • Instruction ID: 7326727011d2c75947a131f9ae982e6504c881a8e0841c6c9a3414a976b4d306
                                                                                                  • Opcode Fuzzy Hash: ce10aad1e1643a54aaf9e343e4b08d5a25d314ca270a41f886769c89e2aabef3
                                                                                                  • Instruction Fuzzy Hash: 1E11E1B03012058FE305AF2EC094A6AB7D5FF89B8075444BDD60ACB3A4EEB1EC08C790
                                                                                                  Function 06CC5458 Relevance: .1, Instructions: 59COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2238376905.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6cc0000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 16cc1721b7e757dc8e3cc9f89d28ef3e9df885da1f0b481a6a8addf8e4ae1d02
                                                                                                  • Instruction ID: a792a70d167b31705154da05c4728f400472bfc0b02c4464a19bac2ae6e72310
                                                                                                  • Opcode Fuzzy Hash: 16cc1721b7e757dc8e3cc9f89d28ef3e9df885da1f0b481a6a8addf8e4ae1d02
                                                                                                  • Instruction Fuzzy Hash: D511C231B003009BD769EA2AD890B6B739AEBC5321F94C53DE94987298CB75F816C780
                                                                                                  Function 0147D4EF Relevance: .1, Instructions: 56COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2227744556.000000000147D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0147D000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_147d000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                                                                                  • Instruction ID: 3e9f0908e07163d7018338f606fd9234254fd31a2e0c0c7ddaf7316dfbd84b4a
                                                                                                  • Opcode Fuzzy Hash: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                                                                                  • Instruction Fuzzy Hash: 6F11DF72804280CFCB12CF44D5C4B56BF71FF88314F24C6AAD9490B666C336D45ACBA2
                                                                                                  Function 06CC1700 Relevance: .1, Instructions: 54COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2238376905.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6cc0000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 5e36531a726f139c48ad8b1e77458b15197c0fbf3310a05b0616d9d41bdabfbd
                                                                                                  • Instruction ID: 7367acf93a965aebdd031e1a8ee5e06cbad382553bf9a9761e13eeb33ad65dcf
                                                                                                  • Opcode Fuzzy Hash: 5e36531a726f139c48ad8b1e77458b15197c0fbf3310a05b0616d9d41bdabfbd
                                                                                                  • Instruction Fuzzy Hash: 50118F75A002069FCB51DF29D884AAE7BF5FF48310F04442EE914C7721E730DA11DB60
                                                                                                  Function 0148D1E3 Relevance: .1, Instructions: 53COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2227966156.000000000148D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0148D000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_148d000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                                                                                                  • Instruction ID: ca8c18613f48c047864ece613a3383100c1a09d71b8de9dae82f996c3ba44b35
                                                                                                  • Opcode Fuzzy Hash: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                                                                                                  • Instruction Fuzzy Hash: 9111D075904240DFDB02DF54D5C4B1ABF61FB44324F24C6AAD9494B3A6C33AD40ACB61
                                                                                                  Function 015110E1 Relevance: .1, Instructions: 52COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2228957910.0000000001510000.00000040.00000800.00020000.00000000.sdmp, Offset: 01510000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_1510000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: bd8e183fa04ae70d6a37bcf86657170ee457b4e73ccaf25049c39e99626adc39
                                                                                                  • Instruction ID: ba351a67855163c9ba2034075916d270175c5eafc9d1f2525b036979af78c328
                                                                                                  • Opcode Fuzzy Hash: bd8e183fa04ae70d6a37bcf86657170ee457b4e73ccaf25049c39e99626adc39
                                                                                                  • Instruction Fuzzy Hash: 29116A70D45608DFDB66CFBCE9846ACBFB4FB46324F1482EAD8049B269E7314A45CB40
                                                                                                  Function 06CC1710 Relevance: .0, Instructions: 50COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2238376905.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6cc0000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 20d8b609016dcb3af3dbd417faeb14839e13d57675336ad812f21ee997b1c8e9
                                                                                                  • Instruction ID: 5c59e6e7a2607491e9f305fd713441fae6502ab9c24fe8dc74e560b649b407c5
                                                                                                  • Opcode Fuzzy Hash: 20d8b609016dcb3af3dbd417faeb14839e13d57675336ad812f21ee997b1c8e9
                                                                                                  • Instruction Fuzzy Hash: D6118B75A002099FCF91DF6AC884AAE7BF5FF48610F04442EE928C7720DB30DA10DBA1
                                                                                                  Function 06CCC098 Relevance: .0, Instructions: 48COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2238376905.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6cc0000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: e81dc05006196c3d6afeed5a18075b2ec7a0982bd93e895c13162159ddfeb4d1
                                                                                                  • Instruction ID: 959f6c242ed9f25ac5ae4ca613d9fa7df96b28d668b2fd74f4a6c8f24adadf1d
                                                                                                  • Opcode Fuzzy Hash: e81dc05006196c3d6afeed5a18075b2ec7a0982bd93e895c13162159ddfeb4d1
                                                                                                  • Instruction Fuzzy Hash: 5401D4B2600644CFC7649F3AD844959B7F5FF86321B1404AEE04ACB360EB31D981CB21
                                                                                                  Function 0151D370 Relevance: .0, Instructions: 47COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2228957910.0000000001510000.00000040.00000800.00020000.00000000.sdmp, Offset: 01510000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_1510000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: fe578b583ed94280cb1d7a85b92bd7af1a3873fda53b3c41b79cd00b3d32b120
                                                                                                  • Instruction ID: d8d8b150defbf91532ffdaf864b3c0d1c451788f2ba56efa0a49cabb210f070e
                                                                                                  • Opcode Fuzzy Hash: fe578b583ed94280cb1d7a85b92bd7af1a3873fda53b3c41b79cd00b3d32b120
                                                                                                  • Instruction Fuzzy Hash: BE11F5B59003489FDB20DF9AD549BDEFBF8FB48310F10841AE969A7214D378A944CFA5
                                                                                                  Function 06CC8380 Relevance: .0, Instructions: 47COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2238376905.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6cc0000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 27729435e3fcc78e54bb19d2a5958a683febd94e8d33c3a6ee0422d963b6ad47
                                                                                                  • Instruction ID: 97d05aa2883bdc79c77461096d7df9531befac479700af0c4a0265e8c3c33717
                                                                                                  • Opcode Fuzzy Hash: 27729435e3fcc78e54bb19d2a5958a683febd94e8d33c3a6ee0422d963b6ad47
                                                                                                  • Instruction Fuzzy Hash: E9114F75200B018FC334DF2AE548747BBEAEF84321F108B2CD19A47694DB74A809CF91
                                                                                                  Function 0151905A Relevance: .0, Instructions: 46COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2228957910.0000000001510000.00000040.00000800.00020000.00000000.sdmp, Offset: 01510000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_1510000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 0293811822e13aed195c5ca41325d60dd288c2c93c2d837f09587090f9b6476b
                                                                                                  • Instruction ID: 0f4cc8d1eee4d7d5fa3f813caedbf6330ee5e2bffcee3a540408dda4852a5ea1
                                                                                                  • Opcode Fuzzy Hash: 0293811822e13aed195c5ca41325d60dd288c2c93c2d837f09587090f9b6476b
                                                                                                  • Instruction Fuzzy Hash: FB1129B1D0021ACFEB04CFA6C9183EEBBF2FB88315F04C929C410A6294D7784299CB90
                                                                                                  Function 06CC77AF Relevance: .0, Instructions: 46COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2238376905.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6cc0000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 6d5a8dfab0092f2f8aa312b2b0ed8570e50eae1a957b1a844f4b863c1827dcf5
                                                                                                  • Instruction ID: 0e76e2a430205b3f096e1b1b8e86781879d56d47a1dae4810f0fb87af62d02f2
                                                                                                  • Opcode Fuzzy Hash: 6d5a8dfab0092f2f8aa312b2b0ed8570e50eae1a957b1a844f4b863c1827dcf5
                                                                                                  • Instruction Fuzzy Hash: A51118B0D0420A9FDB94DFA9C946AAEBFF1FB08310F2085AAD515E7251E7748605CFD0
                                                                                                  Function 0147D7F1 Relevance: .0, Instructions: 45COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2227744556.000000000147D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0147D000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_147d000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 743cefa38476a5ceb0bf02a495b2a919b9f1234f83797ace84b1aa7798d6b34c
                                                                                                  • Instruction ID: 32718b942b33069950576955815f66671ae9925035525929ad67682caa65c6d5
                                                                                                  • Opcode Fuzzy Hash: 743cefa38476a5ceb0bf02a495b2a919b9f1234f83797ace84b1aa7798d6b34c
                                                                                                  • Instruction Fuzzy Hash: 38012B318043049EE7208F9ACD84BA7FF9CEF45320F19C42BED2D0A2A7C2399801C6B1
                                                                                                  Function 06CC3C04 Relevance: .0, Instructions: 45COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2238376905.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6cc0000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: ea8dea79ea29103f458d9d6fbfbf1c4e8a2878cf370a07f6eaa11d69610bded0
                                                                                                  • Instruction ID: f321e9110e0c73f144df47b7853012e8c8c5a8f5a751a79ecd023b948f002ee9
                                                                                                  • Opcode Fuzzy Hash: ea8dea79ea29103f458d9d6fbfbf1c4e8a2878cf370a07f6eaa11d69610bded0
                                                                                                  • Instruction Fuzzy Hash: E10184703547104BE788AA39D4147AAB6D9FF84704F00846DD25A8B791CBF6A845A3D5
                                                                                                  Function 01510C40 Relevance: .0, Instructions: 43COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2228957910.0000000001510000.00000040.00000800.00020000.00000000.sdmp, Offset: 01510000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_1510000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 99e2207f7d04710c74268d6deb01f9cf73eae8793adb5a927faec88ddea7313b
                                                                                                  • Instruction ID: eece9bc895804fe6d54a8ae9c422f54f5af9f3a38d9b3fb314aefb35afbc89be
                                                                                                  • Opcode Fuzzy Hash: 99e2207f7d04710c74268d6deb01f9cf73eae8793adb5a927faec88ddea7313b
                                                                                                  • Instruction Fuzzy Hash: 11012574D00208CFDB58CFAAD8445EDBBF2BB8E320F109169D419B72A8EB344946CF54
                                                                                                  Function 06CC9378 Relevance: .0, Instructions: 43COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2238376905.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6cc0000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 9a8b3fb9c895e4ea3e21d4d5a627fe24dde8d24b47de28d192b540bf019104cb
                                                                                                  • Instruction ID: 4b9710f5bf16a6e8312d635fed1b9fe71edd6d8281d2890cae46184d789303e7
                                                                                                  • Opcode Fuzzy Hash: 9a8b3fb9c895e4ea3e21d4d5a627fe24dde8d24b47de28d192b540bf019104cb
                                                                                                  • Instruction Fuzzy Hash: 8EF024327453902FD72615374CA0B6B7EAE8BC6760F18007EEA09CB2D1EE38C901C2E0
                                                                                                  Function 06CC4D70 Relevance: .0, Instructions: 40COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2238376905.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6cc0000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: fa00f4f3d857321478749f79b9464f91ef9c9972c1a26ed79c90b374b16d9b18
                                                                                                  • Instruction ID: 064a0fab8d97ec392259a1a59ce843372515d8475cfe3110d6d3a5e866f2d119
                                                                                                  • Opcode Fuzzy Hash: fa00f4f3d857321478749f79b9464f91ef9c9972c1a26ed79c90b374b16d9b18
                                                                                                  • Instruction Fuzzy Hash: DB01D1B03107108BE794AF38D42479AB6D5FF84B04F0084ACD2968F7D1CBF6A881A785
                                                                                                  Function 01510C50 Relevance: .0, Instructions: 39COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2228957910.0000000001510000.00000040.00000800.00020000.00000000.sdmp, Offset: 01510000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_1510000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: d93b229f2d00903a6587732f6b3bf2aeab4b4f40e7b2cb1ffe250081593b7ac1
                                                                                                  • Instruction ID: 46240d4f3f306b376e41196d418fdfd0d05af4c6dee3a5fbdcf133418298a696
                                                                                                  • Opcode Fuzzy Hash: d93b229f2d00903a6587732f6b3bf2aeab4b4f40e7b2cb1ffe250081593b7ac1
                                                                                                  • Instruction Fuzzy Hash: D8F0F674E002088BDB48DFAAD9046EDBBF6BB8D310F009029D509B7268EB3459459FA5
                                                                                                  Function 06CC53D8 Relevance: .0, Instructions: 37COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2238376905.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6cc0000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 043b864fdf47768788beafa8c673c4521e25807243abc0bcb84acac150ee0ce4
                                                                                                  • Instruction ID: b62b80f5c4fb4c0440083c034d5b0e0e0cb171b933d75da9e95209eb0fc98975
                                                                                                  • Opcode Fuzzy Hash: 043b864fdf47768788beafa8c673c4521e25807243abc0bcb84acac150ee0ce4
                                                                                                  • Instruction Fuzzy Hash: E301F636650110DFC751EB28E488AD873A8EB49365F5981FAE5499F322C736BC928B80
                                                                                                  Function 06CCC9B8 Relevance: .0, Instructions: 37COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2238376905.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6cc0000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 7d3d0617832bf8be85a6672155046060166bceddbb4a9684bc2cd3589e366669
                                                                                                  • Instruction ID: 6c0c3df0204b14770a3227e227962c2fb19765f5b49fece0e2eacee46c576ac7
                                                                                                  • Opcode Fuzzy Hash: 7d3d0617832bf8be85a6672155046060166bceddbb4a9684bc2cd3589e366669
                                                                                                  • Instruction Fuzzy Hash: 06F090307002418FCBA0DB69C908B6A77E9EFC16A0F08046DD59DD7310EF349C41D7A1
                                                                                                  Function 0147D7F0 Relevance: .0, Instructions: 36COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2227744556.000000000147D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0147D000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_147d000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 10556994e97b9481a611acf02acab2005ecf241a6d5dfe28d199338ce1c74716
                                                                                                  • Instruction ID: d1b0f29259a47c674e75e6a4de4db2441b2c2ee6b418267be8d260cacf897cbf
                                                                                                  • Opcode Fuzzy Hash: 10556994e97b9481a611acf02acab2005ecf241a6d5dfe28d199338ce1c74716
                                                                                                  • Instruction Fuzzy Hash: 62F0A971804344AEE7208A0AC884BA3FFA8EF85724F18C45AED1C4A296C2799840CAB5
                                                                                                  Function 06CCC9C8 Relevance: .0, Instructions: 35COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2238376905.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6cc0000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: c775f869075876381456b37e9e30ac1c7f94489615c1133cdb49821e53f01039
                                                                                                  • Instruction ID: 92883371eaf558d9515b252fd39fac8b89ec53b0c7510832eac6f0631f471b62
                                                                                                  • Opcode Fuzzy Hash: c775f869075876381456b37e9e30ac1c7f94489615c1133cdb49821e53f01039
                                                                                                  • Instruction Fuzzy Hash: B4F09A307402158FCAA4D6698808B7A73DAEFC1660F04007DD24ECB324EE34DC45D3A1
                                                                                                  Function 06CC1988 Relevance: .0, Instructions: 35COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2238376905.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6cc0000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 7b4f2c4919ca2d8064c6db086252d37b4ad8b86de45c216be10dc7a047b79d43
                                                                                                  • Instruction ID: 470a72143e03496398af9bc45856f72f1d26da48dad02d2e322efaa620bb6e0b
                                                                                                  • Opcode Fuzzy Hash: 7b4f2c4919ca2d8064c6db086252d37b4ad8b86de45c216be10dc7a047b79d43
                                                                                                  • Instruction Fuzzy Hash: 71F05E72A042659FDB129F5AE940780BFF9DB02361F1A489AE0D8DB592D378D882C751
                                                                                                  Function 06CCC5E9 Relevance: .0, Instructions: 33COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2238376905.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6cc0000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 935647b6df394bf5802de6e3d9222ca966b98ea4c2c18a1f85a1476503aff629
                                                                                                  • Instruction ID: 2d6f9b71d12f231b29a9951683923e058b567ca959fb4fba4a34b02155e77c43
                                                                                                  • Opcode Fuzzy Hash: 935647b6df394bf5802de6e3d9222ca966b98ea4c2c18a1f85a1476503aff629
                                                                                                  • Instruction Fuzzy Hash: 3701A475A00104CFCB54DF68D584998BBF1EF48325F2541A9E915AB3A0C731DD82CF50
                                                                                                  Function 06CCFD70 Relevance: .0, Instructions: 33COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2238376905.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6cc0000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: aaec9a4017aa39c49e8aab31da617abfbfb4c1369441f070b453a3d1ddda8048
                                                                                                  • Instruction ID: 12764da91c3e3272e3bbd834d8885a0d92aeca9308bce4361b1dc66686023f4a
                                                                                                  • Opcode Fuzzy Hash: aaec9a4017aa39c49e8aab31da617abfbfb4c1369441f070b453a3d1ddda8048
                                                                                                  • Instruction Fuzzy Hash: 4BF0A0729052586FCB50DF69EC44ADFBFB9EB45361F50402AE558D3101D6305A0887F1
                                                                                                  Function 06CC81F7 Relevance: .0, Instructions: 30COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2238376905.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6cc0000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: ef4fd5feae37918dee873e7d73bef585b65bdc27d97f489476a146cd2862df5e
                                                                                                  • Instruction ID: 81663e17701b17e4d594775c3cb36415087404cef5bc3ec70f585bc0359eb79d
                                                                                                  • Opcode Fuzzy Hash: ef4fd5feae37918dee873e7d73bef585b65bdc27d97f489476a146cd2862df5e
                                                                                                  • Instruction Fuzzy Hash: 0BF0557570A2208BD71A266A681436FBEEBDFD6322B0000AFE242C3245C96C8C0183F1
                                                                                                  Function 06CC7808 Relevance: .0, Instructions: 30COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2238376905.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6cc0000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 570c4020ea9892484ffc81460d1ddf017a74de30c86ac5936d5f1840f0452dba
                                                                                                  • Instruction ID: 8da13ff9a06025eddbfa7808268d321e22dc4c656aa0555a88e91ae637b0ecbd
                                                                                                  • Opcode Fuzzy Hash: 570c4020ea9892484ffc81460d1ddf017a74de30c86ac5936d5f1840f0452dba
                                                                                                  • Instruction Fuzzy Hash: E3F092B0D0420A9FDB54EFA9C846AAEBBF5FB48310F11486AD554E7201E7749645CFA0
                                                                                                  Function 06CC4F70 Relevance: .0, Instructions: 29COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2238376905.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6cc0000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 567f4549b67c567392b90ee5c58c4d7295b1a4ac687b2a035860f26d9434263c
                                                                                                  • Instruction ID: bb5e4388af0a28ff7be57d46400118e834313d283981b5fe134d00f184cbd681
                                                                                                  • Opcode Fuzzy Hash: 567f4549b67c567392b90ee5c58c4d7295b1a4ac687b2a035860f26d9434263c
                                                                                                  • Instruction Fuzzy Hash: 7DF037B16097C14FC7D6AF389C105453FB1AE42214B2585DED46CCF253D629C91797A1
                                                                                                  Function 06CC7818 Relevance: .0, Instructions: 29COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2238376905.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6cc0000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: b35993d602f54f3f42a08c865aeae5ad94049e075eaf51a48a487bb3093bd26c
                                                                                                  • Instruction ID: cc6eccc719acdec0a306ca1c166a1b04ba3fafce7aef59de2b7b0276180f8ec8
                                                                                                  • Opcode Fuzzy Hash: b35993d602f54f3f42a08c865aeae5ad94049e075eaf51a48a487bb3093bd26c
                                                                                                  • Instruction Fuzzy Hash: 66F0DAB0D0420A9FDB44DFA9C845AAEFBF4FB48310F1045AAD918E7201D7749604CFE0
                                                                                                  Function 06CC1940 Relevance: .0, Instructions: 27COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2238376905.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6cc0000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: c02543864720350c19edd875e38abdcdb00323f80f9b82e32eae837bdd709ca5
                                                                                                  • Instruction ID: c1fff7fc639c1f060e343068c0e58300ccf20ff4fc4e031788e16b71ba8d7fdc
                                                                                                  • Opcode Fuzzy Hash: c02543864720350c19edd875e38abdcdb00323f80f9b82e32eae837bdd709ca5
                                                                                                  • Instruction Fuzzy Hash: E6E06D3B614529C7C300DF48F4824B577A9E744665718805BF90C8AA25D622D842E3C0
                                                                                                  Function 01511130 Relevance: .0, Instructions: 25COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2228957910.0000000001510000.00000040.00000800.00020000.00000000.sdmp, Offset: 01510000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_1510000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 5319f9675dd2049340a2d573b7c01942b61e81427daeb84595c173d650aab4f2
                                                                                                  • Instruction ID: 37683d81d23d2700d22f91342bfec5436ef7411dd4536096e20b4018eee06887
                                                                                                  • Opcode Fuzzy Hash: 5319f9675dd2049340a2d573b7c01942b61e81427daeb84595c173d650aab4f2
                                                                                                  • Instruction Fuzzy Hash: 5EF0A034C096489FEB52DFB898841ACBFF0AF46314F1884EAC90493225E7310A10CB01
                                                                                                  Function 06CC3048 Relevance: .0, Instructions: 25COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2238376905.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6cc0000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 78d2d8228d9088fa98a9d66a9cdb526d8945a5d1991243628645334389948d4c
                                                                                                  • Instruction ID: 6e65328a400897a6b1c1a93b2616235deff293e7fd347ea4525e21a8f18e0ff0
                                                                                                  • Opcode Fuzzy Hash: 78d2d8228d9088fa98a9d66a9cdb526d8945a5d1991243628645334389948d4c
                                                                                                  • Instruction Fuzzy Hash: F9E0263438D3141BC31A6B296820BDB7FCECFC9342F0440ABE24A8F381C9A19C1043EA
                                                                                                  Function 06CC53D3 Relevance: .0, Instructions: 22COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2238376905.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6cc0000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: e232ef7203a74ddb2465e2461c85548254d04c9eeb176d0cd9e43ea1fadc829c
                                                                                                  • Instruction ID: aee70269e73b6ed1bd2c7842921fba271b9f84fbaaabbf63223e09c5e26c0fe2
                                                                                                  • Opcode Fuzzy Hash: e232ef7203a74ddb2465e2461c85548254d04c9eeb176d0cd9e43ea1fadc829c
                                                                                                  • Instruction Fuzzy Hash: 2CE04F31500114DFC711EB68D584BC533A9EB4A355F2941BAF9499B325C336B892CB80
                                                                                                  Function 01511140 Relevance: .0, Instructions: 21COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2228957910.0000000001510000.00000040.00000800.00020000.00000000.sdmp, Offset: 01510000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_1510000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 9872e3769ef9b4cab20091f309bbcab2b752d82229b2262cf140b101f390cbf7
                                                                                                  • Instruction ID: bf48ce0fc433f7ae84a41b0024f5b789b26dbf258fcf039f884b4ceed37b4e43
                                                                                                  • Opcode Fuzzy Hash: 9872e3769ef9b4cab20091f309bbcab2b752d82229b2262cf140b101f390cbf7
                                                                                                  • Instruction Fuzzy Hash: 5CE04678D08208EFDB50EFB8E9882ACFBF8AB49311F1484AADD0893314E7304A50DB41
                                                                                                  Function 06CC72C0 Relevance: .0, Instructions: 20COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2238376905.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6cc0000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: d91d0d32af15a26cb99eb494443053c2a4031c12bd50cdf15f81cfaebca1fea7
                                                                                                  • Instruction ID: 4cb5a4e4779a49bbb91ebf8010d6bfeb3cf3c8850b71f7a2f58ea8686b05c848
                                                                                                  • Opcode Fuzzy Hash: d91d0d32af15a26cb99eb494443053c2a4031c12bd50cdf15f81cfaebca1fea7
                                                                                                  • Instruction Fuzzy Hash: 8FD05B323501248FC700DBB9F508F9377DDDB44576B0140B6F60CC7611D6A2D80087D0
                                                                                                  Function 06CC8208 Relevance: .0, Instructions: 20COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2238376905.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6cc0000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 22372cd581b2c3d38ac634f0d0a14da0ef5a85edcb545e2224c45bbccdbe0dc3
                                                                                                  • Instruction ID: ad517a2e62c7bb7af38f169741e66b9e99f2c161d9961bec871fd142672e76a8
                                                                                                  • Opcode Fuzzy Hash: 22372cd581b2c3d38ac634f0d0a14da0ef5a85edcb545e2224c45bbccdbe0dc3
                                                                                                  • Instruction Fuzzy Hash: 9ED05B357001145B8709626E601879EF6EFDFC9672704013AE707C3354CDA94D0146E5
                                                                                                  Function 0151D6E0 Relevance: .0, Instructions: 19COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2228957910.0000000001510000.00000040.00000800.00020000.00000000.sdmp, Offset: 01510000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_1510000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: b257f2c62c32ca825f85022abc0c59cc6f891ddec702213ac34be4a63f12e3c8
                                                                                                  • Instruction ID: 55ef00e48e42ac5411f7687457dc2379d417deb49a4135e471f5165fa66115ab
                                                                                                  • Opcode Fuzzy Hash: b257f2c62c32ca825f85022abc0c59cc6f891ddec702213ac34be4a63f12e3c8
                                                                                                  • Instruction Fuzzy Hash: 46E08635A01208EFCB00EFA5FA459DCBBBDFF48200B104199D80493314DB316E49DF51
                                                                                                  Function 06CC49D7 Relevance: .0, Instructions: 19COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2238376905.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6cc0000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: e6a2865fa495ca2359aec119c42e4857083ec5bbbe6dcfbf005b40262fdab7f5
                                                                                                  • Instruction ID: 486ab6f7e34594e0b20da71070a2484794528192c9632b496b5cbc74bc1d6757
                                                                                                  • Opcode Fuzzy Hash: e6a2865fa495ca2359aec119c42e4857083ec5bbbe6dcfbf005b40262fdab7f5
                                                                                                  • Instruction Fuzzy Hash: 71D05B3B1056147F87125785EC44CC6BFDDEB0D270309C056F20D47232C652D450EBA5
                                                                                                  Function 06CC77C0 Relevance: .0, Instructions: 18COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2238376905.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6cc0000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 1abe6df98f6e7b45f2677627faef446bf2f921f3b5313b8ea191a87ae711cf09
                                                                                                  • Instruction ID: 0a1c22dd001fa8a0bf90595169bd08f200701a2fa8fd30862e684f6f9e65a9e1
                                                                                                  • Opcode Fuzzy Hash: 1abe6df98f6e7b45f2677627faef446bf2f921f3b5313b8ea191a87ae711cf09
                                                                                                  • Instruction Fuzzy Hash: 16E092B0D44209DFDB80EFBDCA45A5EBBF1FB08210F1185A9D019E7211EBB496048F91
                                                                                                  Function 06CC3058 Relevance: .0, Instructions: 18COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2238376905.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6cc0000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: b35521644e07bc08feff205c64aaa304ef8341068e71b5b5894a164d20f52242
                                                                                                  • Instruction ID: 146441ae81d0c2b23e97293891650a9a8fd734f4efbfa010cd384a6a6997ca5a
                                                                                                  • Opcode Fuzzy Hash: b35521644e07bc08feff205c64aaa304ef8341068e71b5b5894a164d20f52242
                                                                                                  • Instruction Fuzzy Hash: 16D05E717442240BC7496659A4107DA76CEDFC9751F0480BAE60A8B381C9A19C0002D9
                                                                                                  Function 06CC49D8 Relevance: .0, Instructions: 18COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2238376905.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6cc0000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 7627aa94bc5a45a070418703109c8c1560ef98ed0d7d86294997e9eb426f2770
                                                                                                  • Instruction ID: 9a0ce4bc3c7deb47cb1023378fdaa288d7a397fbd53c4a04f63d39fc537a6a75
                                                                                                  • Opcode Fuzzy Hash: 7627aa94bc5a45a070418703109c8c1560ef98ed0d7d86294997e9eb426f2770
                                                                                                  • Instruction Fuzzy Hash: D3D05E3B105618AF8B025B89EC44CC6BFEAEB0D270309C096F20D4B232C662D820EB94
                                                                                                  Function 06CCABC8 Relevance: .0, Instructions: 17COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2238376905.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6cc0000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: ffdd4fc7864d5233dd02e9bd555fa3e6e2b27be4874b19bf0c41615b9838751e
                                                                                                  • Instruction ID: 463cc66c23b8842bb340c255e191bfb12195a57f15fe514939249717c1e64333
                                                                                                  • Opcode Fuzzy Hash: ffdd4fc7864d5233dd02e9bd555fa3e6e2b27be4874b19bf0c41615b9838751e
                                                                                                  • Instruction Fuzzy Hash: C3D0A773B0D2900F83566B6C7C1496D6FE6DADEA50344009FE681C7349CD608C0583B5
                                                                                                  Function 06CE96E0 Relevance: .0, Instructions: 17COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2238467268.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6ce0000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 90407c184083124629322afb2d856e6f0f681f465a6b1a8ab28e52785909828e
                                                                                                  • Instruction ID: d4097d3fd664c625bbecbcefbd2fbbf00edc4736ba65ecbb99204201fd1be308
                                                                                                  • Opcode Fuzzy Hash: 90407c184083124629322afb2d856e6f0f681f465a6b1a8ab28e52785909828e
                                                                                                  • Instruction Fuzzy Hash: 4DE0E230221344CFD714AFB2E54E75A3B7EFB146023440028F807C2280EF35D880CAA2
                                                                                                  Function 0151DFE0 Relevance: .0, Instructions: 16COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2228957910.0000000001510000.00000040.00000800.00020000.00000000.sdmp, Offset: 01510000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_1510000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: fcc788c89ca91730e34b729ea8219a5e8389f3dd18a4f57a8284d2c23dda9339
                                                                                                  • Instruction ID: 811da156bc0833ebccfb231193c0519a0481343a1258b777d3b67ea2cebe99b4
                                                                                                  • Opcode Fuzzy Hash: fcc788c89ca91730e34b729ea8219a5e8389f3dd18a4f57a8284d2c23dda9339
                                                                                                  • Instruction Fuzzy Hash: A5D09E72D00139978B11AFE9DC094DFFF78EF05650B418126E915AB104D3755A21DBD1
                                                                                                  Function 06CC9647 Relevance: .0, Instructions: 16COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2238376905.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6cc0000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 7b84e155cd9e40ab2fc458dff550cd1a36769f48053ec132c6d8498d270db034
                                                                                                  • Instruction ID: 04835f60c819642918a762351779b76f64c03673ff954bd1a65fe9fae459e6ba
                                                                                                  • Opcode Fuzzy Hash: 7b84e155cd9e40ab2fc458dff550cd1a36769f48053ec132c6d8498d270db034
                                                                                                  • Instruction Fuzzy Hash: 82E012301453589FC701EF64E9509517FB9BF46314B6485A9D0488F173D732D806CB91
                                                                                                  Function 06CC78B8 Relevance: .0, Instructions: 14COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2238376905.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6cc0000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 395509aa5c311320f82f43b367e0e150cb4b5d08a7e63744f5f4b1ec2110be48
                                                                                                  • Instruction ID: c3d5a449e70d678bf709edf11f0b078bf20e8b60d2d7d87e9e00928a15245a3e
                                                                                                  • Opcode Fuzzy Hash: 395509aa5c311320f82f43b367e0e150cb4b5d08a7e63744f5f4b1ec2110be48
                                                                                                  • Instruction Fuzzy Hash: 27D012361101085E5BC0EF95EC41C527BDCFB54650704803BF908C7120FA21E568FBA1
                                                                                                  Function 06CC9658 Relevance: .0, Instructions: 12COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2238376905.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6cc0000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 6ed50343e9b81de9f733b63879f8fecb0265eabdb8b0d50b82a83004155f8a5e
                                                                                                  • Instruction ID: 61f70c85c037613b194fb6a6146f25cfb211861bf44c76bbe64890947add883a
                                                                                                  • Opcode Fuzzy Hash: 6ed50343e9b81de9f733b63879f8fecb0265eabdb8b0d50b82a83004155f8a5e
                                                                                                  • Instruction Fuzzy Hash: 6FD01230240204CFC704DF28EA44C117BA8EF49718718C1B8E0098F232DB32EC02CAD0
                                                                                                  Function 06CE120B Relevance: .0, Instructions: 9COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2238467268.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6ce0000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 284ffeae4849404005eda96af1c418062a9aeafc4a27e4e94bf38d5e301d7474
                                                                                                  • Instruction ID: b42be0909665d186d893b39c83809a1d99b6b23e7b6932f11c6ff2abac09a63a
                                                                                                  • Opcode Fuzzy Hash: 284ffeae4849404005eda96af1c418062a9aeafc4a27e4e94bf38d5e301d7474
                                                                                                  • Instruction Fuzzy Hash: C1B0923A7101048BC6452678A208068B792EAC417631480BAD50DCA224D93284428B00
                                                                                                  Function 06CC3AFC Relevance: .0, Instructions: 6COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2238376905.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6cc0000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: db5aa75fbfbb49f031c0e5f98928307cfc334020314677b85e3da9f9853640f2
                                                                                                  • Instruction ID: ecfeae2d644d7ab8f482c54f2fd8efc1b6d4419551a28784802b4d44e8ec9ea9
                                                                                                  • Opcode Fuzzy Hash: db5aa75fbfbb49f031c0e5f98928307cfc334020314677b85e3da9f9853640f2
                                                                                                  • Instruction Fuzzy Hash: 82A002647951914ED5CC36AD29A483E9858EE82720BC2DD5DD21A84228880C8409D46A

                                                                                                  Non-executed Functions

                                                                                                  Function 01517AE8 Relevance: 12.2, Strings: 9, Instructions: 955COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2228957910.0000000001510000.00000040.00000800.00020000.00000000.sdmp, Offset: 01510000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_1510000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: (ojq$(ojq$(ojq$(ojq$(ojq$(ojq$(ojq$,nq$,nq
                                                                                                  • API String ID: 0-2862514371
                                                                                                  • Opcode ID: dd97fbb3c62f59bd4884a35eb87367e12111f65dc340067440025f1023a9ff84
                                                                                                  • Instruction ID: dfdf270f1b11818ae08a9ab9b50dc87f816dda40b893a2fcc53f8bd5a6d09a8b
                                                                                                  • Opcode Fuzzy Hash: dd97fbb3c62f59bd4884a35eb87367e12111f65dc340067440025f1023a9ff84
                                                                                                  • Instruction Fuzzy Hash: 0E924C31A00209DFDB26CF68C984AAEBBF6FF88314F158959E5159B3A9D730ED41CB50
                                                                                                  Function 06CF6098 Relevance: 3.3, Instructions: 3301COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2238528632.0000000006CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CF0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6cf0000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 77859c5cfc192d35568a6eb5ab54e40d869da9fccef109cdb863f58e46c7c998
                                                                                                  • Instruction ID: 5e1f444e36458bb4df6a14574db5c551d0bd66b1ed5513e09e8aff2d2ce3e08b
                                                                                                  • Opcode Fuzzy Hash: 77859c5cfc192d35568a6eb5ab54e40d869da9fccef109cdb863f58e46c7c998
                                                                                                  • Instruction Fuzzy Hash: AB539E70A15218CFCB45EF78D988BADBBB6EB85300F4084E9D549A3369DE385D84CF61
                                                                                                  Function 06CFB0D0 Relevance: 2.8, Strings: 2, Instructions: 298COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2238528632.0000000006CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CF0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6cf0000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: PHjq$PHjq
                                                                                                  • API String ID: 0-3092175318
                                                                                                  • Opcode ID: 2157ac4583e759667398b2127a361efbc93cb6c347836c7800fafde8f577a909
                                                                                                  • Instruction ID: 5e15a33267208ee4eb894559b74921707a2765b13c6a3a6678e126ca59a33597
                                                                                                  • Opcode Fuzzy Hash: 2157ac4583e759667398b2127a361efbc93cb6c347836c7800fafde8f577a909
                                                                                                  • Instruction Fuzzy Hash: 7DD1C174A50209CFDB98DF69C698AA9B7F1BF4C301F2580A8E505AB371DB31AD44CF60
                                                                                                  Function 06B7B228 Relevance: 2.8, Strings: 2, Instructions: 260COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2237814218.0000000006B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B70000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6b70000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: Xnq$$jq
                                                                                                  • API String ID: 0-65531410
                                                                                                  • Opcode ID: 9d99101d18b94b0a9dca88887008ea88816fb2d6cc4e721eae9061e110ec43ef
                                                                                                  • Instruction ID: 0ed56f515c9c7872ffa261333c37d7a2f0549404644891c80273c3dceefe7adf
                                                                                                  • Opcode Fuzzy Hash: 9d99101d18b94b0a9dca88887008ea88816fb2d6cc4e721eae9061e110ec43ef
                                                                                                  • Instruction Fuzzy Hash: 7F819370B042199FEF58EF74946467EBBB7BFC8700B0485AEE416E7298CE349C019B91
                                                                                                  Function 06CEC028 Relevance: 2.7, Strings: 1, Instructions: 1460COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2238467268.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6ce0000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: E0K4
                                                                                                  • API String ID: 0-2614948088
                                                                                                  • Opcode ID: 2bacad48c9689741c26aa49d168f6e9eadc97a1fcd0215e3b1b19ed442b062fc
                                                                                                  • Instruction ID: 0d03f998873a73826895d95d5bd8a403e9a23ce8e9f66c912fc8f15f6b297640
                                                                                                  • Opcode Fuzzy Hash: 2bacad48c9689741c26aa49d168f6e9eadc97a1fcd0215e3b1b19ed442b062fc
                                                                                                  • Instruction Fuzzy Hash: 44C29270A11214CBCB45FF79D999BADBBB6EF89300F4084A9D449A7358DE386C88CF51
                                                                                                  Function 0151F198 Relevance: 1.6, Strings: 1, Instructions: 327COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2228957910.0000000001510000.00000040.00000800.00020000.00000000.sdmp, Offset: 01510000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_1510000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: Xnq
                                                                                                  • API String ID: 0-2943373115
                                                                                                  • Opcode ID: 5c3fc3f436d2e51a05ba5aca01a67ba037be70e4636c77fb743b2dcd8ebfdfed
                                                                                                  • Instruction ID: 43e5d3c3ec2e227842639e321968de0ccac63a0c1dd0e752ca5541302258e7ec
                                                                                                  • Opcode Fuzzy Hash: 5c3fc3f436d2e51a05ba5aca01a67ba037be70e4636c77fb743b2dcd8ebfdfed
                                                                                                  • Instruction Fuzzy Hash: 4BB1B3B0704216CBFB261E39944473E7AE6BFC4641F29482BD852CE19CCF34CC598B61
                                                                                                  Function 06CCDD90 Relevance: .3, Instructions: 319COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2238376905.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6cc0000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 64b67d8f6f3b5cce8aaa397928e7ff20fbbdc00349d79c471fdf54dadf0eff9b
                                                                                                  • Instruction ID: f7f6c3013f0b263b1d2f430629c5bdd597be4e0e80d8390e6db57b7817d39eff
                                                                                                  • Opcode Fuzzy Hash: 64b67d8f6f3b5cce8aaa397928e7ff20fbbdc00349d79c471fdf54dadf0eff9b
                                                                                                  • Instruction Fuzzy Hash: 11A1B171B002555FDB98ABB9881037F7AABAFC8310F24856D940AD73E8CE38DD42C795
                                                                                                  Function 06C920D8 Relevance: .3, Instructions: 315COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2238315738.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6c90000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 4de6eeb28e464fb57095015181f8d416e9240319d262d999df501d9f1024fd63
                                                                                                  • Instruction ID: fda653e55df3e5611a402c6960ffc28ddb9828672f33d29cded634dbaf38c1a4
                                                                                                  • Opcode Fuzzy Hash: 4de6eeb28e464fb57095015181f8d416e9240319d262d999df501d9f1024fd63
                                                                                                  • Instruction Fuzzy Hash: 0D129EF84817468BF338DF65E9481953BB1F755328B504209D2A36F2E9DBB9128BCF84
                                                                                                  Function 0151E6F8 Relevance: .3, Instructions: 264COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2228957910.0000000001510000.00000040.00000800.00020000.00000000.sdmp, Offset: 01510000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_1510000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: c61b18c2c350c3abeff223ec521fdfd480bfa6dae8bd17ed8f489cee791d4008
                                                                                                  • Instruction ID: ff6ddb39c3e3a22d11f60faf290484d6c5884a75cf4537024a61a5dd270579b5
                                                                                                  • Opcode Fuzzy Hash: c61b18c2c350c3abeff223ec521fdfd480bfa6dae8bd17ed8f489cee791d4008
                                                                                                  • Instruction Fuzzy Hash: 10D1F631C2075ACACB15EFA5D994AD9B7B5FF95300F109B9AD10977224EB706AC8CF80
                                                                                                  Function 06C91438 Relevance: .3, Instructions: 260COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2238315738.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6c90000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 40c538a08c57f00d4b062953c26f1b7b9849dff621bcbab3638c6c1ff217c390
                                                                                                  • Instruction ID: 74ed361c131921135cbc00ac85d1edc452cfc0314bfe2c1166a1356b6fd89bc8
                                                                                                  • Opcode Fuzzy Hash: 40c538a08c57f00d4b062953c26f1b7b9849dff621bcbab3638c6c1ff217c390
                                                                                                  • Instruction Fuzzy Hash: 39A18F36E10216CFCF45DFB4C8449AEB7B6FFC4300B2585AAE815AB261EB31E905CB50
                                                                                                  Function 06C920D3 Relevance: .2, Instructions: 219COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.2238315738.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6c90000_Orden#46789_2024_Optoflux_mexico_sderlss.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 961a1daa20476bb1f826951cf2edd4224f3702f60b0073d8d3589695ea8c67dc
                                                                                                  • Instruction ID: 1494f589e9503b96b30384e9f33649231a041dc8e68caf442644507becb8e513
                                                                                                  • Opcode Fuzzy Hash: 961a1daa20476bb1f826951cf2edd4224f3702f60b0073d8d3589695ea8c67dc
                                                                                                  • Instruction Fuzzy Hash: 23C1F6B888174A8BF738CF65E9481997BB1FB55324B104309D1A36F2D8DBB9168BCF44

                                                                                                  Execution Graph

                                                                                                  Execution Coverage:13.5%
                                                                                                  Dynamic/Decrypted Code Coverage:100%
                                                                                                  Signature Coverage:1%
                                                                                                  Total number of Nodes:308
                                                                                                  Total number of Limit Nodes:23
                                                                                                  execution_graph 67500 e100e10 67501 e100e58 VirtualProtectEx 67500->67501 67503 e100e96 67501->67503 67633 e101d30 67634 e101ef0 67633->67634 67636 e101d56 67633->67636 67635 e101ebb 67636->67635 67639 e1023b0 67636->67639 67643 e1023b8 PostMessageW 67636->67643 67640 e1023b4 67639->67640 67641 e1023b6 PostMessageW 67639->67641 67640->67641 67642 e102424 67641->67642 67642->67636 67644 e102424 67643->67644 67644->67636 67841 8228740 67843 8228767 67841->67843 67842 82288d6 67843->67842 67845 8229190 67843->67845 67846 82291d3 67845->67846 67847 8229604 67846->67847 67849 822bf80 67846->67849 67847->67843 67851 822bfa7 67849->67851 67850 822c06b 67850->67846 67851->67850 67853 822e3a8 67851->67853 67854 822e427 CreateProcessAsUserW 67853->67854 67856 822e528 67854->67856 67645 5b5f410 DuplicateHandle 67646 5b5f4a6 67645->67646 67829 8364f70 67830 8364f75 67829->67830 67831 8363c04 3 API calls 67830->67831 67832 8364f85 67831->67832 67504 e100918 67505 e100960 WriteProcessMemory 67504->67505 67507 e1009b7 67505->67507 67508 5b5743f 67509 5b57478 67508->67509 67512 5b549e0 67509->67512 67511 5b575cd 67513 5b549eb 67512->67513 67516 5b54a10 67513->67516 67515 5b576a2 67515->67511 67517 5b54a1b 67516->67517 67520 5b54a40 67517->67520 67519 5b577b4 67519->67515 67521 5b54a4b 67520->67521 67522 5b5a3fb 67521->67522 67525 6aaea4a 67521->67525 67530 5b5ca20 67521->67530 67522->67519 67526 6aae9fb GetSystemMetrics 67525->67526 67527 6aaea53 67525->67527 67529 6aaea1b 67526->67529 67527->67522 67529->67522 67534 5b5ca58 67530->67534 67537 5b5ca47 67530->67537 67531 5b5ca36 67531->67522 67541 5b5cb3f 67534->67541 67535 5b5ca67 67535->67531 67538 5b5ca58 67537->67538 67540 5b5cb3f 2 API calls 67538->67540 67539 5b5ca67 67539->67531 67540->67539 67542 5b5cb61 67541->67542 67543 5b5cb84 67541->67543 67542->67543 67549 5b5cde8 67542->67549 67553 5b5cdda 67542->67553 67543->67535 67544 5b5cb7c 67544->67543 67545 5b5cd88 GetModuleHandleW 67544->67545 67546 5b5cdb5 67545->67546 67546->67535 67550 5b5cdfc 67549->67550 67552 5b5ce21 67550->67552 67557 5b5c0e8 67550->67557 67552->67544 67555 5b5cde8 67553->67555 67554 5b5ce21 67554->67544 67555->67554 67556 5b5c0e8 LoadLibraryExW 67555->67556 67556->67554 67558 5b5cfa8 LoadLibraryExW 67557->67558 67560 5b5d021 67558->67560 67560->67552 67647 e1005a0 67648 e1005e0 VirtualAllocEx 67647->67648 67650 e10061d 67648->67650 67857 e1015e0 67858 e101625 Wow64SetThreadContext 67857->67858 67860 e10166d 67858->67860 67651 5b55c84 67653 5b55c89 67651->67653 67652 5b5667f 67653->67652 67656 6aaf4c0 67653->67656 67667 6aaf4bf 67653->67667 67658 6aaf4d5 67656->67658 67657 6aaf55b 67659 6aaf565 67657->67659 67665 6aaf4bf GetCurrentThreadId 67657->67665 67666 6aaf4c0 GetCurrentThreadId 67657->67666 67658->67657 67660 6aaf590 67658->67660 67659->67653 67664 6aaf694 67660->67664 67678 6aada5c 67660->67678 67662 6aaf6b8 67663 6aada5c GetCurrentThreadId 67662->67663 67663->67664 67664->67653 67665->67659 67666->67659 67669 6aaf4c0 67667->67669 67668 6aaf55b 67670 6aaf565 67668->67670 67676 6aaf4bf GetCurrentThreadId 67668->67676 67677 6aaf4c0 GetCurrentThreadId 67668->67677 67669->67668 67671 6aaf590 67669->67671 67670->67653 67672 6aada5c GetCurrentThreadId 67671->67672 67675 6aaf694 67671->67675 67673 6aaf6b8 67672->67673 67674 6aada5c GetCurrentThreadId 67673->67674 67674->67675 67675->67653 67676->67670 67677->67670 67679 6aada67 67678->67679 67680 6aaf9ca 67679->67680 67681 6aaf9df GetCurrentThreadId 67679->67681 67680->67662 67681->67680 67861 5b5edc0 67862 5b5ee06 GetCurrentProcess 67861->67862 67864 5b5ee51 67862->67864 67865 5b5ee58 GetCurrentThread 67862->67865 67864->67865 67866 5b5ee95 GetCurrentProcess 67865->67866 67867 5b5ee8e 67865->67867 67868 5b5eecb GetCurrentThreadId 67866->67868 67867->67866 67870 5b5ef24 67868->67870 67682 7e6d850 67683 7e6d864 67682->67683 67689 7e6d874 67683->67689 67695 7e6dfdb 67683->67695 67684 7e6d8f1 67689->67684 67700 82255b3 67689->67700 67704 8224a6f 67689->67704 67708 822499c 67689->67708 67712 82249e0 67689->67712 67717 8225a34 67689->67717 67722 8224913 67689->67722 67726 8225302 67689->67726 67730 82251e2 67689->67730 67696 7e6dfe7 67695->67696 67734 7e6e838 67696->67734 67737 7e6e80a 67696->67737 67697 7e6e050 67740 8226eca 67700->67740 67743 8226ed0 67700->67743 67701 82255c6 67706 8226ed0 VirtualProtect 67704->67706 67707 8226eca VirtualProtect 67704->67707 67705 8224a83 67706->67705 67707->67705 67710 8226ed0 VirtualProtect 67708->67710 67711 8226eca VirtualProtect 67708->67711 67709 82249ad 67710->67709 67711->67709 67713 822499d 67712->67713 67714 82249ad 67713->67714 67715 8226ed0 VirtualProtect 67713->67715 67716 8226eca VirtualProtect 67713->67716 67715->67714 67716->67714 67718 8225a3d 67717->67718 67720 8226ed0 VirtualProtect 67718->67720 67721 8226eca VirtualProtect 67718->67721 67719 8225a4f 67720->67719 67721->67719 67724 8226ed0 VirtualProtect 67722->67724 67725 8226eca VirtualProtect 67722->67725 67723 8224877 67723->67689 67724->67723 67725->67723 67728 8226ed0 VirtualProtect 67726->67728 67729 8226eca VirtualProtect 67726->67729 67727 8225316 67728->67727 67729->67727 67732 8226ed0 VirtualProtect 67730->67732 67733 8226eca VirtualProtect 67730->67733 67731 82251f3 67732->67731 67733->67731 67735 7e6e880 VirtualProtect 67734->67735 67736 7e6e8ba 67735->67736 67736->67697 67738 7e6e880 VirtualProtect 67737->67738 67739 7e6e8ba 67738->67739 67739->67697 67741 8226f18 VirtualProtect 67740->67741 67742 8226f52 67741->67742 67742->67701 67744 8226f18 VirtualProtect 67743->67744 67745 8226f52 67744->67745 67745->67701 67833 8360ae0 67835 5b54a40 3 API calls 67833->67835 67836 5b5a138 3 API calls 67833->67836 67834 8360af3 67835->67834 67836->67834 67746 108d030 67747 108d048 67746->67747 67748 108d0a2 67747->67748 67755 6aa3b48 67747->67755 67759 6aa1cf4 67747->67759 67768 6aa4870 67747->67768 67777 6aa3b37 67747->67777 67781 6aa4898 67747->67781 67790 6aa4862 67747->67790 67756 6aa3b6e 67755->67756 67757 6aa1cf4 CallWindowProcW 67756->67757 67758 6aa3b8f 67757->67758 67758->67748 67760 6aa1cff 67759->67760 67761 6aa4909 67760->67761 67764 6aa48f9 67760->67764 67815 6aa1e1c 67761->67815 67763 6aa4907 67799 6aa4afc 67764->67799 67805 6aa4a20 67764->67805 67810 6aa4a30 67764->67810 67771 6aa487a 67768->67771 67769 6aa4909 67770 6aa1e1c CallWindowProcW 67769->67770 67773 6aa4907 67770->67773 67771->67748 67771->67769 67772 6aa48f9 67771->67772 67774 6aa4afc CallWindowProcW 67772->67774 67775 6aa4a20 CallWindowProcW 67772->67775 67776 6aa4a30 CallWindowProcW 67772->67776 67774->67773 67775->67773 67776->67773 67778 6aa3b48 67777->67778 67779 6aa1cf4 CallWindowProcW 67778->67779 67780 6aa3b8f 67779->67780 67780->67748 67784 6aa48d5 67781->67784 67782 6aa4909 67783 6aa1e1c CallWindowProcW 67782->67783 67786 6aa4907 67783->67786 67784->67782 67785 6aa48f9 67784->67785 67787 6aa4afc CallWindowProcW 67785->67787 67788 6aa4a20 CallWindowProcW 67785->67788 67789 6aa4a30 CallWindowProcW 67785->67789 67787->67786 67788->67786 67789->67786 67792 6aa486f 67790->67792 67791 6aa4909 67793 6aa1e1c CallWindowProcW 67791->67793 67792->67748 67792->67791 67794 6aa48f9 67792->67794 67795 6aa4907 67793->67795 67796 6aa4afc CallWindowProcW 67794->67796 67797 6aa4a20 CallWindowProcW 67794->67797 67798 6aa4a30 CallWindowProcW 67794->67798 67796->67795 67797->67795 67798->67795 67800 6aa4aba 67799->67800 67801 6aa4b0a 67799->67801 67819 6aa4ada 67800->67819 67823 6aa4ae8 67800->67823 67802 6aa4ad0 67802->67763 67807 6aa4a30 67805->67807 67806 6aa4ad0 67806->67763 67808 6aa4ada CallWindowProcW 67807->67808 67809 6aa4ae8 CallWindowProcW 67807->67809 67808->67806 67809->67806 67812 6aa4a44 67810->67812 67811 6aa4ad0 67811->67763 67813 6aa4ada CallWindowProcW 67812->67813 67814 6aa4ae8 CallWindowProcW 67812->67814 67813->67811 67814->67811 67816 6aa1e27 67815->67816 67817 6aa5fea CallWindowProcW 67816->67817 67818 6aa5f99 67816->67818 67817->67818 67818->67763 67820 6aa4ad9 67819->67820 67820->67819 67821 6aa4af9 67820->67821 67826 6aa5f10 67820->67826 67821->67802 67824 6aa4af9 67823->67824 67825 6aa5f10 CallWindowProcW 67823->67825 67824->67802 67825->67824 67827 6aa1e1c CallWindowProcW 67826->67827 67828 6aa5f3a 67827->67828 67828->67821 67871 e101868 67872 e1018a8 ResumeThread 67871->67872 67874 e1018d9 67872->67874 67837 822fe78 67838 822febd Wow64GetThreadContext 67837->67838 67840 822ff05 67838->67840 67875 6aab1d0 67876 5b54a40 3 API calls 67875->67876 67877 6aab1f2 67875->67877 67878 5b5a138 3 API calls 67875->67878 67876->67877 67878->67877 67561 5b5eca8 67563 5b5ecb5 67561->67563 67562 5b5ecef 67563->67562 67565 5b5d800 67563->67565 67566 5b5d80b 67565->67566 67567 5b5fa08 67566->67567 67569 5b5f004 67566->67569 67570 5b5f00f 67569->67570 67571 5b54a40 3 API calls 67570->67571 67572 5b5fa77 67571->67572 67576 6aa1908 67572->67576 67581 6aa1920 67572->67581 67573 5b5fab1 67573->67567 67578 6aa1920 67576->67578 67577 6aa195d 67577->67573 67578->67577 67587 6aa2a58 67578->67587 67591 6aa2a47 67578->67591 67583 6aa1a52 67581->67583 67584 6aa1951 67581->67584 67582 6aa195d 67582->67573 67583->67573 67584->67582 67585 6aa2a58 2 API calls 67584->67585 67586 6aa2a47 2 API calls 67584->67586 67585->67583 67586->67583 67588 6aa2a83 67587->67588 67596 6aa2f90 67588->67596 67589 6aa2b06 67592 6aa29df 67591->67592 67593 6aa2a4b 67591->67593 67592->67577 67595 6aa2f90 2 API calls 67593->67595 67594 6aa2b06 67595->67594 67597 6aa2f9d 67596->67597 67597->67589 67598 6aa2f4b 67597->67598 67601 6aa3130 67597->67601 67605 6aa312d 67597->67605 67598->67589 67602 6aa3145 67601->67602 67603 6aa3a80 CreateWindowExW 67602->67603 67604 6aa3380 67602->67604 67603->67602 67604->67598 67604->67604 67606 6aa3130 67605->67606 67607 6aa3a80 CreateWindowExW 67606->67607 67608 6aa3380 67606->67608 67607->67606 67608->67598 67608->67608 67609 8363d28 67610 8363d9b 67609->67610 67615 8363aec 67610->67615 67614 8363dfb 67616 8363af7 67615->67616 67623 8363c04 67616->67623 67619 8363afc 67620 8363b07 67619->67620 67621 8363c04 3 API calls 67620->67621 67622 8364f85 67621->67622 67622->67614 67624 8363c0f 67623->67624 67626 5b54a40 3 API calls 67624->67626 67628 5b5a138 67624->67628 67625 8363dda 67625->67619 67626->67625 67629 5b5a148 67628->67629 67630 5b5a3fb 67629->67630 67631 6aaea4a GetSystemMetrics 67629->67631 67632 5b5ca20 2 API calls 67629->67632 67630->67625 67631->67630 67632->67630

                                                                                                  Executed Functions

                                                                                                  Function 01146C40 Relevance: 5.7, Strings: 4, Instructions: 694COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 1168 1146c40-1146c41 1169 1146c42-1146c56 1168->1169 1170 1146e2d-1146e54 1168->1170 1175 1146c58-1146c5b 1169->1175 1176 1146c6b-1146c6e 1169->1176 1173 1146e76-1146e78 1170->1173 1174 1146e56-1146e62 1170->1174 1180 1146eaa 1173->1180 1181 1146e7a-1146e81 1173->1181 1194 1146e64-1146e70 1174->1194 1195 1146e72-1146e74 1174->1195 1177 1146c5d-1146c60 1175->1177 1178 1146c7a-1146c80 1175->1178 1176->1178 1179 1146c70-1146c73 1176->1179 1182 1146c66 1177->1182 1183 1146d61-1146d67 1177->1183 1188 1146c82-1146c88 1178->1188 1189 1146c98-1146cad 1178->1189 1184 1146c75 1179->1184 1185 1146cc6-1146ccc 1179->1185 1187 1146eaf-1146eb3 1180->1187 1181->1180 1190 1146e83-1146e9b 1181->1190 1191 1146d8c-1146d99 1182->1191 1198 1146d7f-1146d89 1183->1198 1199 1146d69-1146d6f 1183->1199 1184->1191 1192 1146ce4-1146cf6 1185->1192 1193 1146cce-1146cd4 1185->1193 1196 1146c8c-1146c96 1188->1196 1197 1146c8a 1188->1197 1218 1146cb2-1146cb5 1189->1218 1219 1146ea1-1146ea4 1190->1219 1220 1146e9d-1146e9f 1190->1220 1214 1146dad-1146daf 1191->1214 1215 1146d9b-1146d9f 1191->1215 1216 1146d06-1146d29 1192->1216 1217 1146cf8-1146d04 1192->1217 1200 1146cd6 1193->1200 1201 1146cd8-1146ce2 1193->1201 1194->1173 1194->1195 1195->1187 1196->1189 1197->1189 1198->1191 1202 1146d71 1199->1202 1203 1146d73-1146d7d 1199->1203 1200->1192 1201->1192 1202->1198 1203->1198 1222 1146db3-1146db6 1214->1222 1215->1214 1221 1146da1-1146da5 1215->1221 1227 1146e28 1216->1227 1240 1146d2f-1146d32 1216->1240 1233 1146d51-1146d5f 1217->1233 1224 1146cbe-1146cc1 1218->1224 1225 1146eb4-1146f06 1219->1225 1226 1146ea6-1146ea8 1219->1226 1220->1187 1221->1227 1228 1146dab 1221->1228 1222->1227 1229 1146db8-1146dbb 1222->1229 1224->1191 1241 11474d1-11474e4 1225->1241 1242 1146f0c-1146f1a 1225->1242 1226->1180 1226->1190 1227->1170 1228->1222 1231 1146dc1-1146dc7 1229->1231 1232 1146c32-1146c3e 1229->1232 1236 1146dcd-1146dd1 1231->1236 1237 1146dc9-1146dcb 1231->1237 1232->1168 1233->1191 1238 1146dd3-1146dd9 1236->1238 1239 1146e1e 1236->1239 1244 1146e20-1146e27 1237->1244 1238->1227 1245 1146ddb-1146dde 1238->1245 1239->1244 1240->1227 1246 1146d38-1146d4a 1240->1246 1251 1146f1c-1146f2d 1242->1251 1252 1146f48-1146f59 1242->1252 1245->1227 1247 1146de0-1146df5 1245->1247 1246->1233 1258 1146df7-1146dfd 1247->1258 1259 1146e19-1146e1c 1247->1259 1251->1252 1268 1146f2f-1146f3b 1251->1268 1253 1146fca-1146fde 1252->1253 1254 1146f5b-1146f5f 1252->1254 1369 1146fe1 call 11474e6 1253->1369 1370 1146fe1 call 11474e8 1253->1370 1256 1146f61-1146f6d 1254->1256 1257 1146f7a-1146f83 1254->1257 1262 1146f73-1146f75 1256->1262 1263 11472fb-1147346 1256->1263 1264 114728c 1257->1264 1265 1146f89-1146f8c 1257->1265 1266 1146e0f-1146e12 1258->1266 1267 1146dff-1146e0d 1258->1267 1259->1244 1261 1146fe7-1146fed 1271 1146ff6-1146ffd 1261->1271 1272 1146fef-1146ff1 1261->1272 1273 1147282-1147289 1262->1273 1323 114734d-11473cc 1263->1323 1269 1147291-11472f4 1264->1269 1265->1264 1274 1146f92-1146fb1 1265->1274 1266->1227 1275 1146e14-1146e17 1266->1275 1267->1227 1267->1266 1268->1269 1270 1146f41-1146f43 1268->1270 1269->1263 1270->1273 1276 1147003-1147010 1271->1276 1277 11470eb-11470fc 1271->1277 1272->1273 1274->1264 1294 1146fb7-1146fbd 1274->1294 1275->1258 1275->1259 1282 1147018-114701a 1276->1282 1288 1147126-114712c 1277->1288 1289 11470fe-114710b 1277->1289 1282->1277 1285 1147020-114702c 1282->1285 1292 11470e4-11470e6 1285->1292 1293 1147032-114709e 1285->1293 1290 1147147-114714d 1288->1290 1291 114712e-114713a 1288->1291 1289->1290 1304 114710d-1147119 1289->1304 1298 1147153-1147170 1290->1298 1299 114727f 1290->1299 1296 1147140-1147142 1291->1296 1297 11473e3-1147446 1291->1297 1292->1273 1325 11470a0-11470ca 1293->1325 1326 11470cc-11470e1 1293->1326 1294->1241 1301 1146fc3-1146fc7 1294->1301 1296->1273 1350 114744d-11474cc 1297->1350 1298->1264 1318 1147176-1147179 1298->1318 1299->1273 1301->1253 1306 11473d1-11473dc 1304->1306 1307 114711f-1147121 1304->1307 1306->1297 1307->1273 1318->1241 1322 114717f-11471a5 1318->1322 1322->1299 1332 11471ab-11471b7 1322->1332 1325->1326 1326->1292 1336 11471bd-1147235 1332->1336 1337 114727b-114727d 1332->1337 1352 1147237-1147261 1336->1352 1353 1147263-1147278 1336->1353 1337->1273 1352->1353 1353->1337 1369->1261 1370->1261
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000E.00000002.3907107349.0000000001140000.00000040.00000800.00020000.00000000.sdmp, Offset: 01140000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_14_2_1140000_vexplorerez.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: (ojq$,nq$,nq$Hnq
                                                                                                  • API String ID: 0-418146521
                                                                                                  • Opcode ID: 18d3d289ac7fef88434ed3edf3dd7aa9cbfcff7aef5c83f464dde0a43ee41f9c
                                                                                                  • Instruction ID: e3114ae2320a0a586f97e1c4f636561f3a8f87d8f8ffc9e666b823aca0f7dc68
                                                                                                  • Opcode Fuzzy Hash: 18d3d289ac7fef88434ed3edf3dd7aa9cbfcff7aef5c83f464dde0a43ee41f9c
                                                                                                  • Instruction Fuzzy Hash: EB42D170B002198FDB18DF69C854AAEBBF6BF89704F158169E545EB3A5DB30DC41CB90
                                                                                                  Function 011474E8 Relevance: 5.5, Strings: 4, Instructions: 494COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 3634 11474e8-114751e 3779 1147520 call 11474e6 3634->3779 3780 1147520 call 11474e8 3634->3780 3635 1147526-114752c 3636 114757c-1147580 3635->3636 3637 114752e-1147532 3635->3637 3640 1147597-11475ab 3636->3640 3641 1147582-1147591 3636->3641 3638 1147534-1147539 3637->3638 3639 1147541-1147548 3637->3639 3638->3639 3645 114761e-114765b 3639->3645 3646 114754e-1147555 3639->3646 3644 11475b3-11475ba 3640->3644 3776 11475ad call 131e8c2 3640->3776 3777 11475ad call 131eb28 3640->3777 3778 11475ad call 131ebd8 3640->3778 3642 1147593-1147595 3641->3642 3643 11475bd-11475c7 3641->3643 3642->3644 3647 11475d1-11475d5 3643->3647 3648 11475c9-11475cf 3643->3648 3655 1147666-1147686 3645->3655 3656 114765d-1147663 3645->3656 3646->3636 3649 1147557-114755b 3646->3649 3650 11475dd-1147617 3647->3650 3652 11475d7 3647->3652 3648->3650 3653 114755d-1147562 3649->3653 3654 114756a-1147571 3649->3654 3650->3645 3652->3650 3653->3654 3654->3645 3657 1147577-114757a 3654->3657 3662 114768d-1147694 3655->3662 3663 1147688 3655->3663 3656->3655 3657->3644 3666 1147696-11476a1 3662->3666 3665 1147a1c-1147a25 3663->3665 3667 11476a7-11476ba 3666->3667 3668 1147a2d-1147a39 3666->3668 3673 11476d0-11476eb 3667->3673 3674 11476bc-11476ca 3667->3674 3675 1147a4f-1147a6d 3668->3675 3676 1147a3b-1147a42 3668->3676 3683 11476ed-11476f3 3673->3683 3684 114770f-1147712 3673->3684 3674->3673 3680 11479a4-11479ab 3674->3680 3681 1147a73-1147a82 3675->3681 3682 1147a6f-1147a71 3675->3682 3676->3675 3680->3665 3688 11479ad-11479af 3680->3688 3704 1147a84-1147a93 3681->3704 3705 1147acc 3681->3705 3685 1147ad1-1147ad3 3682->3685 3686 11476f5 3683->3686 3687 11476fc-11476ff 3683->3687 3689 114786c-1147872 3684->3689 3690 1147718-114771b 3684->3690 3686->3687 3686->3689 3693 1147732-1147738 3686->3693 3694 114795e-1147961 3686->3694 3687->3693 3695 1147701-1147704 3687->3695 3696 11479b1-11479b6 3688->3696 3697 11479be-11479c4 3688->3697 3689->3694 3698 1147878-114787d 3689->3698 3690->3689 3691 1147721-1147727 3690->3691 3691->3689 3699 114772d 3691->3699 3700 114773e-1147740 3693->3700 3701 114773a-114773c 3693->3701 3702 1147967-114796d 3694->3702 3703 1147a28 3694->3703 3706 114779e-11477a4 3695->3706 3707 114770a 3695->3707 3696->3697 3697->3668 3708 11479c6-11479cb 3697->3708 3698->3694 3699->3694 3712 114774a-1147753 3700->3712 3701->3712 3713 1147992-1147996 3702->3713 3714 114796f-1147977 3702->3714 3703->3668 3704->3705 3726 1147a95-1147a9b 3704->3726 3705->3685 3706->3694 3711 11477aa-11477b0 3706->3711 3707->3694 3709 1147a10-1147a13 3708->3709 3710 11479cd-11479d2 3708->3710 3709->3703 3722 1147a15-1147a1a 3709->3722 3710->3703 3715 11479d4 3710->3715 3716 11477b6-11477b8 3711->3716 3717 11477b2-11477b4 3711->3717 3719 1147755-1147760 3712->3719 3720 1147766-114778e 3712->3720 3713->3680 3721 1147998-114799e 3713->3721 3714->3668 3718 114797d-114798c 3714->3718 3724 11479db-11479e0 3715->3724 3725 11477c2-11477d9 3716->3725 3717->3725 3718->3673 3718->3713 3719->3694 3719->3720 3749 1147794-1147799 3720->3749 3750 1147882-11478b8 3720->3750 3721->3666 3721->3680 3722->3665 3722->3688 3729 1147a02-1147a04 3724->3729 3730 11479e2-11479e4 3724->3730 3741 1147804-114782b 3725->3741 3742 11477db-11477f4 3725->3742 3727 1147a9d 3726->3727 3728 1147a9f-1147aab 3726->3728 3734 1147aad-1147ac6 3727->3734 3728->3734 3729->3703 3738 1147a06-1147a09 3729->3738 3735 11479e6-11479eb 3730->3735 3736 11479f3-11479f9 3730->3736 3734->3705 3753 1147ac8-1147aca 3734->3753 3735->3736 3736->3668 3740 11479fb-1147a00 3736->3740 3738->3709 3740->3729 3745 11479d6-11479d9 3740->3745 3741->3703 3756 1147831-1147834 3741->3756 3742->3750 3757 11477fa-11477ff 3742->3757 3745->3703 3745->3724 3749->3750 3758 11478c5-11478cd 3750->3758 3759 11478ba-11478be 3750->3759 3753->3685 3756->3703 3760 114783a-1147863 3756->3760 3757->3750 3758->3703 3763 11478d3-11478d8 3758->3763 3761 11478c0-11478c3 3759->3761 3762 11478dd-11478e1 3759->3762 3760->3750 3775 1147865-114786a 3760->3775 3761->3758 3761->3762 3764 1147900-1147904 3762->3764 3765 11478e3-11478e9 3762->3765 3763->3694 3768 1147906-114790c 3764->3768 3769 114790e-114792d call 1147dad 3764->3769 3765->3764 3767 11478eb-11478f3 3765->3767 3767->3703 3770 11478f9-11478fe 3767->3770 3768->3769 3772 1147933-1147937 3768->3772 3769->3772 3770->3694 3772->3694 3773 1147939-1147955 3772->3773 3773->3694 3775->3750 3776->3644 3777->3644 3778->3644 3779->3635 3780->3635
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000E.00000002.3907107349.0000000001140000.00000040.00000800.00020000.00000000.sdmp, Offset: 01140000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_14_2_1140000_vexplorerez.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: (ojq$(ojq$,nq$,nq
                                                                                                  • API String ID: 0-2501548412
                                                                                                  • Opcode ID: 5731b39ffeffbbbb0b13babc14459fc640710fd6e5744b6490670eaa2cc2e7b4
                                                                                                  • Instruction ID: f8bcc3188ce67184467a98886a4b2d5df3574596597737418c5a6dd5c9d0d5e7
                                                                                                  • Opcode Fuzzy Hash: 5731b39ffeffbbbb0b13babc14459fc640710fd6e5744b6490670eaa2cc2e7b4
                                                                                                  • Instruction Fuzzy Hash: 5C127C30A00219DFDB19CFA8C884AADBBF6FF48710F298469E505AB2A1D730DD41CB91
                                                                                                  Function 01312E78 Relevance: .8, Instructions: 775COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000E.00000002.3908005050.0000000001310000.00000040.00000800.00020000.00000000.sdmp, Offset: 01310000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_14_2_1310000_vexplorerez.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 3f577f74dcff113be0128939c72d6a6b64c9793715e6ad185420fb620b1e3468
                                                                                                  • Instruction ID: fb271413565e93f4022593d278ce9852209262952a7fceda9350b6309948b34e
                                                                                                  • Opcode Fuzzy Hash: 3f577f74dcff113be0128939c72d6a6b64c9793715e6ad185420fb620b1e3468
                                                                                                  • Instruction Fuzzy Hash: FF42F230A042058FCB0AEFB8D99496EBFF6BF89210F51896AD045EB369DF349C44CB51
                                                                                                  Function 01312E6A Relevance: .6, Instructions: 550COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000E.00000002.3908005050.0000000001310000.00000040.00000800.00020000.00000000.sdmp, Offset: 01310000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_14_2_1310000_vexplorerez.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 2f4f1e0498a9582f4f8a6bc3d665b22bb9b428f683449e4102f8c24ce335af32
                                                                                                  • Instruction ID: 56971c3affc3d77570fa7f4b66952add43cbeec2875e90a2c61859146f65b91e
                                                                                                  • Opcode Fuzzy Hash: 2f4f1e0498a9582f4f8a6bc3d665b22bb9b428f683449e4102f8c24ce335af32
                                                                                                  • Instruction Fuzzy Hash: CB12A170E102199FCB09EFB9D99496EBBF6BF88310F51892AD405A7368DF349C45CB90
                                                                                                  Function 01312E45 Relevance: .5, Instructions: 548COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000E.00000002.3908005050.0000000001310000.00000040.00000800.00020000.00000000.sdmp, Offset: 01310000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_14_2_1310000_vexplorerez.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 6af14e13b94330d27caf52e6f8d41bcb5e32dfafb29fdea7c6da267ac341ac2a
                                                                                                  • Instruction ID: 68d46d69ada5dd54cd8c34e1820b8d3a469cb14994934097fb956b0a60944fc8
                                                                                                  • Opcode Fuzzy Hash: 6af14e13b94330d27caf52e6f8d41bcb5e32dfafb29fdea7c6da267ac341ac2a
                                                                                                  • Instruction Fuzzy Hash: AF12B270E102199FCB09EFB9D99496EBBF6FF88310B51892AD405A7368DF349C45CB90
                                                                                                  Function 05B5EDC0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 128threadCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 764 5b5edc0-5b5ee4f GetCurrentProcess 768 5b5ee51-5b5ee57 764->768 769 5b5ee58-5b5ee8c GetCurrentThread 764->769 768->769 770 5b5ee95-5b5eec9 GetCurrentProcess 769->770 771 5b5ee8e-5b5ee94 769->771 773 5b5eed2-5b5eeea 770->773 774 5b5eecb-5b5eed1 770->774 771->770 777 5b5eef3-5b5ef22 GetCurrentThreadId 773->777 774->773 778 5b5ef24-5b5ef2a 777->778 779 5b5ef2b-5b5ef8d 777->779 778->779
                                                                                                  APIs
                                                                                                  • GetCurrentProcess.KERNEL32 ref: 05B5EE3E
                                                                                                  • GetCurrentThread.KERNEL32 ref: 05B5EE7B
                                                                                                  • GetCurrentProcess.KERNEL32 ref: 05B5EEB8
                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 05B5EF11
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000E.00000002.3929074513.0000000005B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B50000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_14_2_5b50000_vexplorerez.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Current$ProcessThread
                                                                                                  • String ID: .(G
                                                                                                  • API String ID: 2063062207-254094207
                                                                                                  • Opcode ID: 6a72ad38763a24fb57e7633e6d8768a00547d635b1a47241df27e97cc9614408
                                                                                                  • Instruction ID: 01e30542eec961a447aeaa97e31c722293b851c12c1844f3b856394c619c7e75
                                                                                                  • Opcode Fuzzy Hash: 6a72ad38763a24fb57e7633e6d8768a00547d635b1a47241df27e97cc9614408
                                                                                                  • Instruction Fuzzy Hash: 2C5168B09003498FDB58DFAAD948B9EBBF5FF48314F208099E409A7364D778A944CF65
                                                                                                  Function 06AA3984 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 119COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 894 6aa3984-6aa39f6 895 6aa39f8-6aa39fe 894->895 896 6aa3a01-6aa3a08 894->896 895->896 897 6aa3a0a-6aa3a10 896->897 898 6aa3a13-6aa3a4b 896->898 897->898 899 6aa3a53-6aa3aab CreateWindowExW 898->899 900 6aa3ab2 899->900 901 6aa3abb-6aa3aca 900->901 902 6aa3ab4-6aa3aba 900->902 906 6aa3a7c-6aa3a7e 901->906 907 6aa3acc-6aa3af3 901->907 902->901 909 6aa3ab0 906->909 910 6aa3a80-6aa3aab CreateWindowExW 906->910 911 6aa3b00 907->911 912 6aa3af5-6aa3af8 907->912 909->900 910->909 913 6aa3b01 911->913 912->911 913->913
                                                                                                  APIs
                                                                                                  • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 06AA3AA2
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000E.00000002.3931261184.0000000006AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AA0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_14_2_6aa0000_vexplorerez.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CreateWindow
                                                                                                  • String ID: .(G$.(G$0
                                                                                                  • API String ID: 716092398-688954923
                                                                                                  • Opcode ID: b05c082596e88989109b53fbb5eb6fd3ef303dfa9665239f85feba092a15228c
                                                                                                  • Instruction ID: 5d9a899cc6471e6a049955871f2500dc2cbd426eef2bf1131b4458f4737cc054
                                                                                                  • Opcode Fuzzy Hash: b05c082596e88989109b53fbb5eb6fd3ef303dfa9665239f85feba092a15228c
                                                                                                  • Instruction Fuzzy Hash: 3351D3B5D003599FDF14DF99C984ADEBBB6FF48310F24812AE419AB210D775A845CF90
                                                                                                  Function 06AA3990 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 113COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 914 6aa3990-6aa39f6 915 6aa39f8-6aa39fe 914->915 916 6aa3a01-6aa3a08 914->916 915->916 917 6aa3a0a-6aa3a10 916->917 918 6aa3a13-6aa3a4b 916->918 917->918 919 6aa3a53-6aa3aab CreateWindowExW 918->919 920 6aa3ab2 919->920 921 6aa3abb-6aa3aca 920->921 922 6aa3ab4-6aa3aba 920->922 926 6aa3a7c-6aa3a7e 921->926 927 6aa3acc-6aa3af3 921->927 922->921 929 6aa3ab0 926->929 930 6aa3a80-6aa3aab CreateWindowExW 926->930 931 6aa3b00 927->931 932 6aa3af5-6aa3af8 927->932 929->920 930->929 933 6aa3b01 931->933 932->931 933->933
                                                                                                  APIs
                                                                                                  • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 06AA3AA2
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000E.00000002.3931261184.0000000006AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AA0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_14_2_6aa0000_vexplorerez.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CreateWindow
                                                                                                  • String ID: .(G$.(G$0
                                                                                                  • API String ID: 716092398-688954923
                                                                                                  • Opcode ID: f60828c591446e883b9243ef1378a73b679f846c833469d0f43f6acae1f16d64
                                                                                                  • Instruction ID: 9dd046bdae76f2deffbebb4a86918de347a006c4eac7b19d953f16350a6f6c52
                                                                                                  • Opcode Fuzzy Hash: f60828c591446e883b9243ef1378a73b679f846c833469d0f43f6acae1f16d64
                                                                                                  • Instruction Fuzzy Hash: EE41B0B5D003599FDF14DF99C984ADEBBB6BF48310F24812AE819AB210D775A845CF90
                                                                                                  Function 01147DAD Relevance: 6.6, Strings: 5, Instructions: 365COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000E.00000002.3907107349.0000000001140000.00000040.00000800.00020000.00000000.sdmp, Offset: 01140000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_14_2_1140000_vexplorerez.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: (ojq$(ojq$(ojq$,nq$,nq
                                                                                                  • API String ID: 0-954490635
                                                                                                  • Opcode ID: 9d9587c008c20c4963228073845212cdfda90374fc70524e79b9228524342cfc
                                                                                                  • Instruction ID: 75ffdce4bed3e950a6f9bd3c4efa28d5dc46d18b5ea86af9714cfd5f7b0442c9
                                                                                                  • Opcode Fuzzy Hash: 9d9587c008c20c4963228073845212cdfda90374fc70524e79b9228524342cfc
                                                                                                  • Instruction Fuzzy Hash: A9E1AF30A00209CFCB29CFA8D994AAEBBF6FF88714F148559E9159B2A5D730ED41CF51
                                                                                                  Function 06AA3130 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 271COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 3546 6aa3130-6aa3156 3549 6aa3158-6aa3180 3546->3549 3550 6aa3186-6aa318e 3546->3550 3549->3550 3558 6aa338c-6aa33b2 3549->3558 3551 6aa3190-6aa3195 call 6aa1c4c 3550->3551 3552 6aa31d4-6aa320e call 6aa1c58 3550->3552 3556 6aa319a-6aa31cf 3551->3556 3569 6aa33b9-6aa33eb 3552->3569 3570 6aa3214-6aa325f 3552->3570 3565 6aa3262-6aa32c4 call 6aa1c64 3556->3565 3558->3569 3593 6aa32ca-6aa32d7 3565->3593 3594 6aa3380-6aa338b 3565->3594 3585 6aa33f2-6aa3431 3569->3585 3570->3565 3597 6aa3aca 3585->3597 3600 6aa337c-6aa337e 3593->3600 3601 6aa32dd-6aa330a call 6aa1c58 3593->3601 3598 6aa3a7c-6aa3a7e 3597->3598 3599 6aa3acc-6aa3af3 3597->3599 3603 6aa3ab0-6aa3ab2 3598->3603 3604 6aa3a80-6aa3aab CreateWindowExW 3598->3604 3605 6aa3b00 3599->3605 3606 6aa3af5-6aa3af8 3599->3606 3600->3585 3600->3594 3601->3600 3618 6aa330c-6aa3319 3601->3618 3609 6aa3abb-6aa3ac9 3603->3609 3610 6aa3ab4-6aa3aba 3603->3610 3604->3603 3611 6aa3b01 3605->3611 3606->3605 3609->3597 3610->3609 3611->3611 3618->3600 3619 6aa331b-6aa3332 call 6aa1c70 3618->3619 3623 6aa333f-6aa336e call 6aa1c64 3619->3623 3624 6aa3334-6aa333d call 6aa1c64 3619->3624 3623->3600 3632 6aa3370-6aa337a 3623->3632 3624->3600 3632->3600 3632->3623
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000E.00000002.3931261184.0000000006AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AA0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_14_2_6aa0000_vexplorerez.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: 0$
                                                                                                  • API String ID: 0-1074706181
                                                                                                  • Opcode ID: 8245224fe0a0adab3f8bbc3866fa8f5390cfcc145fac0f7d792d9935ca8306b0
                                                                                                  • Instruction ID: 86f9291a1f8eaa7655bdd18e5defdee5100ced5bcf086a37a43f032464110723
                                                                                                  • Opcode Fuzzy Hash: 8245224fe0a0adab3f8bbc3866fa8f5390cfcc145fac0f7d792d9935ca8306b0
                                                                                                  • Instruction Fuzzy Hash: CCA15A70A007059FCF98EF79D594A6EBBF6BF88200B10852AD806DB755EB74E845CB90
                                                                                                  Function 05B5CB3F Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 211COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • GetModuleHandleW.KERNEL32(00000000), ref: 05B5CDA6
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000E.00000002.3929074513.0000000005B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B50000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_14_2_5b50000_vexplorerez.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: HandleModule
                                                                                                  • String ID: .(G
                                                                                                  • API String ID: 4139908857-254094207
                                                                                                  • Opcode ID: ca8acf16a9eb51cbb93da1aaf1df7906151f0c0826491a82343402e8c7cbb3f3
                                                                                                  • Instruction ID: 204c5c7daafc5a2df0cf739cab0335fc1dc0c77a459ffead725da6b9b4048860
                                                                                                  • Opcode Fuzzy Hash: ca8acf16a9eb51cbb93da1aaf1df7906151f0c0826491a82343402e8c7cbb3f3
                                                                                                  • Instruction Fuzzy Hash: 9A815770A00B059FD728DF29D4447AABBF6FF88214F008969D88AD7A50D735F845CB95
                                                                                                  Function 06AA1E1C Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 97COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • CallWindowProcW.USER32(?,?,?,?,?), ref: 06AA6011
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000E.00000002.3931261184.0000000006AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AA0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_14_2_6aa0000_vexplorerez.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CallProcWindow
                                                                                                  • String ID: .(G
                                                                                                  • API String ID: 2714655100-254094207
                                                                                                  • Opcode ID: cce2a318a362b53728e87808e4f0a36583da3a696c0631dca696d3821961effe
                                                                                                  • Instruction ID: e783114fcd0ce2c6f7a08561db8aaef85d54a20821e85f109c0f457ea5290108
                                                                                                  • Opcode Fuzzy Hash: cce2a318a362b53728e87808e4f0a36583da3a696c0631dca696d3821961effe
                                                                                                  • Instruction Fuzzy Hash: 4D413AB4900345CFDB54DF99C888AAABBF5FF88314F24C45AE519AB321D375A841CFA0
                                                                                                  Function 0E100912 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 71injectionCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 0E1009A8
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000E.00000002.3935039674.000000000E100000.00000040.00000800.00020000.00000000.sdmp, Offset: 0E100000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_14_2_e100000_vexplorerez.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: MemoryProcessWrite
                                                                                                  • String ID: .(G
                                                                                                  • API String ID: 3559483778-254094207
                                                                                                  • Opcode ID: 2cb7c1ba5ec55be641b5c7b772b559f4be20c456b38a94cffc0cbfa488d907c9
                                                                                                  • Instruction ID: 2098f2618bca61ceed6ad89615b995b796634fbc57e672313a6d8236f517b1f3
                                                                                                  • Opcode Fuzzy Hash: 2cb7c1ba5ec55be641b5c7b772b559f4be20c456b38a94cffc0cbfa488d907c9
                                                                                                  • Instruction Fuzzy Hash: 86215AB59003099FDF10DFA9C984BEEBBF5FF48310F108429E959A7250C778A980CBA5
                                                                                                  Function 0E100918 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 69injectionCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 0E1009A8
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000E.00000002.3935039674.000000000E100000.00000040.00000800.00020000.00000000.sdmp, Offset: 0E100000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_14_2_e100000_vexplorerez.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: MemoryProcessWrite
                                                                                                  • String ID: .(G
                                                                                                  • API String ID: 3559483778-254094207
                                                                                                  • Opcode ID: 1c8e4331b9307827ff017979285ec76fb9fd95513823191fa42788b7baba60fd
                                                                                                  • Instruction ID: 6716acc4d53105f7c62ae8778fbb55c31176c8277ada6fa13655939ef16bbe54
                                                                                                  • Opcode Fuzzy Hash: 1c8e4331b9307827ff017979285ec76fb9fd95513823191fa42788b7baba60fd
                                                                                                  • Instruction Fuzzy Hash: 5E213B759003499FDB10DFA9C945BDEBBF5FF48310F108429E959A7250C7789944CBA1
                                                                                                  Function 0E1015D8 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 65threadCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0E10165E
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000E.00000002.3935039674.000000000E100000.00000040.00000800.00020000.00000000.sdmp, Offset: 0E100000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_14_2_e100000_vexplorerez.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ContextThreadWow64
                                                                                                  • String ID: .(G
                                                                                                  • API String ID: 983334009-254094207
                                                                                                  • Opcode ID: 09e51ae3d22a6c82641f386f37105132c39feb85fba380732b45e716cedcbbe4
                                                                                                  • Instruction ID: 9f1777f07094b2fb3ce6986e08e973b0744cfca1fa9d00b0fe14af5aa395f356
                                                                                                  • Opcode Fuzzy Hash: 09e51ae3d22a6c82641f386f37105132c39feb85fba380732b45e716cedcbbe4
                                                                                                  • Instruction Fuzzy Hash: D3216AB5D002088FCB10DFAAC5857EEBBF4EF48314F14842AD459A7281CBB89985CFA0
                                                                                                  Function 05B5CFA0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 64libraryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • LoadLibraryExW.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,05B5CE21,00000800,00000000,00000000), ref: 05B5D012
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000E.00000002.3929074513.0000000005B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B50000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_14_2_5b50000_vexplorerez.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: LibraryLoad
                                                                                                  • String ID: .(G
                                                                                                  • API String ID: 1029625771-254094207
                                                                                                  • Opcode ID: 00d381531abd32704777bd61911877de721f7042efa05ff11f4823b99bfb6c8c
                                                                                                  • Instruction ID: 6a3169f8ffa627b1fb65824daa4adceb127f4bcbff02f4797879bf40bbade618
                                                                                                  • Opcode Fuzzy Hash: 00d381531abd32704777bd61911877de721f7042efa05ff11f4823b99bfb6c8c
                                                                                                  • Instruction Fuzzy Hash: 702168B5C043499FCB24CF9AC844ADEFFF4EB49320F14845AE919AB251C379A549CFA1
                                                                                                  Function 0E100E08 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 63COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • VirtualProtectEx.KERNEL32(?,?,?,?,?), ref: 0E100E87
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000E.00000002.3935039674.000000000E100000.00000040.00000800.00020000.00000000.sdmp, Offset: 0E100000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_14_2_e100000_vexplorerez.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ProtectVirtual
                                                                                                  • String ID: .(G
                                                                                                  • API String ID: 544645111-254094207
                                                                                                  • Opcode ID: 818f68eeb02845fb241900c9567bcc3af76fc5284fe43867b5e0d09596156eef
                                                                                                  • Instruction ID: 326091a19310428aeb692642cafefd3b84132b096cf3656ddc633e31350126b2
                                                                                                  • Opcode Fuzzy Hash: 818f68eeb02845fb241900c9567bcc3af76fc5284fe43867b5e0d09596156eef
                                                                                                  • Instruction Fuzzy Hash: B12137B1C002098FCB10DFAAC545BEEBBF5EF48320F14882AD559A7251C7789944CFA1
                                                                                                  Function 0E1015E0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 63threadCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0E10165E
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000E.00000002.3935039674.000000000E100000.00000040.00000800.00020000.00000000.sdmp, Offset: 0E100000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_14_2_e100000_vexplorerez.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ContextThreadWow64
                                                                                                  • String ID: .(G
                                                                                                  • API String ID: 983334009-254094207
                                                                                                  • Opcode ID: 9ac37d8e720bcb7e5691ef47bd6aceb5862e65cf27172f3becdaec05b9fb7a32
                                                                                                  • Instruction ID: 2e752db90163b62c94dff4155c5ab2d0c28a0a3d6198050af5d3e70415ada747
                                                                                                  • Opcode Fuzzy Hash: 9ac37d8e720bcb7e5691ef47bd6aceb5862e65cf27172f3becdaec05b9fb7a32
                                                                                                  • Instruction Fuzzy Hash: 7C214C71D003099FDB10DFAAC9857EEBBF4EF48314F148429D519A7241CB78A984CFA4
                                                                                                  Function 05B5F410 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 62COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 05B5F497
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000E.00000002.3929074513.0000000005B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B50000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_14_2_5b50000_vexplorerez.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: DuplicateHandle
                                                                                                  • String ID: .(G
                                                                                                  • API String ID: 3793708945-254094207
                                                                                                  • Opcode ID: 5a96f50bffef7d2b509297566bd801d8c989ee7ea399a66848566fc406b53ed9
                                                                                                  • Instruction ID: a3467199784b43e3a6b763df688bb884ac172b60726480fba9b83c57a7701891
                                                                                                  • Opcode Fuzzy Hash: 5a96f50bffef7d2b509297566bd801d8c989ee7ea399a66848566fc406b53ed9
                                                                                                  • Instruction Fuzzy Hash: 4221C6B59002489FDB10CF9AD584ADEFBF5FB48320F14845AE918A7350D379A944CFA5
                                                                                                  Function 0E100E10 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 60COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • VirtualProtectEx.KERNEL32(?,?,?,?,?), ref: 0E100E87
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000E.00000002.3935039674.000000000E100000.00000040.00000800.00020000.00000000.sdmp, Offset: 0E100000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_14_2_e100000_vexplorerez.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ProtectVirtual
                                                                                                  • String ID: .(G
                                                                                                  • API String ID: 544645111-254094207
                                                                                                  • Opcode ID: 3717cf503cfee428d98e733d0f34a5ebffebeda946fcbf2dd0bd84bded72f808
                                                                                                  • Instruction ID: 3ef3b04b4f0af72e8104c6d2f548b70d2220a9f105bafd9cd747d899142c82d1
                                                                                                  • Opcode Fuzzy Hash: 3717cf503cfee428d98e733d0f34a5ebffebeda946fcbf2dd0bd84bded72f808
                                                                                                  • Instruction Fuzzy Hash: 4021E5B1C002499FDB10DFAAC945BEEBBF5EF48320F14842AD519A7250CB79A944DFA1
                                                                                                  Function 05B5C0E8 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 55libraryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • LoadLibraryExW.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,05B5CE21,00000800,00000000,00000000), ref: 05B5D012
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000E.00000002.3929074513.0000000005B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B50000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_14_2_5b50000_vexplorerez.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: LibraryLoad
                                                                                                  • String ID: .(G
                                                                                                  • API String ID: 1029625771-254094207
                                                                                                  • Opcode ID: 241ab6f5856cfd5ffd1ce46c2a20d622e86c9669311d4a2b966ad41e332f9b8f
                                                                                                  • Instruction ID: d030fcb40337efce17e656c158a3ffa41750ab925a109f217cadbacb7a2e8946
                                                                                                  • Opcode Fuzzy Hash: 241ab6f5856cfd5ffd1ce46c2a20d622e86c9669311d4a2b966ad41e332f9b8f
                                                                                                  • Instruction Fuzzy Hash: ED1117B68047488FCB24CF9AD844BDEFBF5FB48320F14845AE919A7210C379A945CFA5
                                                                                                  Function 0E101860 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 55threadCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000E.00000002.3935039674.000000000E100000.00000040.00000800.00020000.00000000.sdmp, Offset: 0E100000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_14_2_e100000_vexplorerez.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ResumeThread
                                                                                                  • String ID: .(G
                                                                                                  • API String ID: 947044025-254094207
                                                                                                  • Opcode ID: 64f564c8de78fc5668dcbe1cd31c498fc6ad0e6f0364d5684d1bc44965d48c37
                                                                                                  • Instruction ID: 33732e330c4dd5b8c7da32281be51bfef576a5a481639152b4d102470d115764
                                                                                                  • Opcode Fuzzy Hash: 64f564c8de78fc5668dcbe1cd31c498fc6ad0e6f0364d5684d1bc44965d48c37
                                                                                                  • Instruction Fuzzy Hash: CF1160B5D002488BCB14DFAAC5457EEFBF5EF48310F24885AC519B7250CB79A985CB94
                                                                                                  Function 0E100598 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 55memoryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • VirtualAllocEx.KERNEL32(?,?,?,?,?), ref: 0E10060E
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000E.00000002.3935039674.000000000E100000.00000040.00000800.00020000.00000000.sdmp, Offset: 0E100000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_14_2_e100000_vexplorerez.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: AllocVirtual
                                                                                                  • String ID: .(G
                                                                                                  • API String ID: 4275171209-254094207
                                                                                                  • Opcode ID: c40564b92800b6eea284f3d76bb881f4c9dd91518e837d6a633e6bf2c36fbd24
                                                                                                  • Instruction ID: a4943fdc49076f0a8750b6263c37d597ae72467a10497dc6fad51e27d060a381
                                                                                                  • Opcode Fuzzy Hash: c40564b92800b6eea284f3d76bb881f4c9dd91518e837d6a633e6bf2c36fbd24
                                                                                                  • Instruction Fuzzy Hash: FE113A758002499FCF14DFA9C944BEEBBF5EF48310F14881AD519A7250C779A584DFA0
                                                                                                  Function 0E1005A0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 53memoryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • VirtualAllocEx.KERNEL32(?,?,?,?,?), ref: 0E10060E
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000E.00000002.3935039674.000000000E100000.00000040.00000800.00020000.00000000.sdmp, Offset: 0E100000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_14_2_e100000_vexplorerez.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: AllocVirtual
                                                                                                  • String ID: .(G
                                                                                                  • API String ID: 4275171209-254094207
                                                                                                  • Opcode ID: 8cff5885a9e5c9b91b04e4cf3bee48caf28ee81a696d1e1f89e6e2c19a222b95
                                                                                                  • Instruction ID: c901a9b049b56ccdcc7fdf6c7d2d16cecfb16a0db9a422523e18d104cd5a454a
                                                                                                  • Opcode Fuzzy Hash: 8cff5885a9e5c9b91b04e4cf3bee48caf28ee81a696d1e1f89e6e2c19a222b95
                                                                                                  • Instruction Fuzzy Hash: C71149758002499FCB10DFAAC944BEFBFF5EF88320F148819E519A7250CB79A940CFA0
                                                                                                  Function 0E101868 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 49threadCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000E.00000002.3935039674.000000000E100000.00000040.00000800.00020000.00000000.sdmp, Offset: 0E100000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_14_2_e100000_vexplorerez.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ResumeThread
                                                                                                  • String ID: .(G
                                                                                                  • API String ID: 947044025-254094207
                                                                                                  • Opcode ID: dd298be4ec89854f338aa0865b4904e0ebf673f89505a4430302e412130fd746
                                                                                                  • Instruction ID: 593d80a136db9510c6e774cf0d7cb18ffacce650ddb5174123862261639f585c
                                                                                                  • Opcode Fuzzy Hash: dd298be4ec89854f338aa0865b4904e0ebf673f89505a4430302e412130fd746
                                                                                                  • Instruction Fuzzy Hash: 74113DB5D002498FCB10DFAAC5457DFFBF5EF48310F10841AD519A7240C779A944CB94
                                                                                                  Function 05B5CD40 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • GetModuleHandleW.KERNEL32(00000000), ref: 05B5CDA6
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000E.00000002.3929074513.0000000005B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B50000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_14_2_5b50000_vexplorerez.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: HandleModule
                                                                                                  • String ID: .(G
                                                                                                  • API String ID: 4139908857-254094207
                                                                                                  • Opcode ID: 27f7296561403291015f0a0d600b203aa1dfcc253a29167f72e962110ada7c81
                                                                                                  • Instruction ID: cd68755f1e57f3a017a67b1077babb8432de4dfbd943cfef0b4adba4e30f050e
                                                                                                  • Opcode Fuzzy Hash: 27f7296561403291015f0a0d600b203aa1dfcc253a29167f72e962110ada7c81
                                                                                                  • Instruction Fuzzy Hash: 7011FDB6C003498ACB14DF9AC845ADEFBF5EF88220F10845AD819A7250C379A945CFA5
                                                                                                  Function 0E1023B0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47windowCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • PostMessageW.USER32(?,?,?,?), ref: 0E102415
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000E.00000002.3935039674.000000000E100000.00000040.00000800.00020000.00000000.sdmp, Offset: 0E100000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_14_2_e100000_vexplorerez.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: MessagePost
                                                                                                  • String ID: .(G
                                                                                                  • API String ID: 410705778-254094207
                                                                                                  • Opcode ID: c7134a62cb19e394291f6c288e10096bdbcf7253e67b56a2ec2961dcbb75798c
                                                                                                  • Instruction ID: a7acb332cdeb09d89f42b9ed695a1a9e8bab47b97dfd25476bd18d00f74242f1
                                                                                                  • Opcode Fuzzy Hash: c7134a62cb19e394291f6c288e10096bdbcf7253e67b56a2ec2961dcbb75798c
                                                                                                  • Instruction Fuzzy Hash: 921128B5800349DFDB10CF99C548BDEBBF8EB48320F20841AD559B7651C379A984CFA1
                                                                                                  Function 0E1023B8 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 44windowCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • PostMessageW.USER32(?,?,?,?), ref: 0E102415
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000E.00000002.3935039674.000000000E100000.00000040.00000800.00020000.00000000.sdmp, Offset: 0E100000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_14_2_e100000_vexplorerez.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: MessagePost
                                                                                                  • String ID: .(G
                                                                                                  • API String ID: 410705778-254094207
                                                                                                  • Opcode ID: f46da08c8cfbf43ffcaadd7f890892db24c0fe987c0c9005a0a57eeeb51f058a
                                                                                                  • Instruction ID: 3979cf8c03816b6e0852eec53d0dbb0e4a99c4cb3d8eb37fe2b3cad4beffdd8d
                                                                                                  • Opcode Fuzzy Hash: f46da08c8cfbf43ffcaadd7f890892db24c0fe987c0c9005a0a57eeeb51f058a
                                                                                                  • Instruction Fuzzy Hash: 8411D3B5800349DFDB10DF9AD949BDEFBF8EB48324F20841AD518A7250C379A984CFA5
                                                                                                  Function 0131DB78 Relevance: 2.8, Strings: 2, Instructions: 346COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000E.00000002.3908005050.0000000001310000.00000040.00000800.00020000.00000000.sdmp, Offset: 01310000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_14_2_1310000_vexplorerez.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: 4'jq$4'jq
                                                                                                  • API String ID: 0-1204115232
                                                                                                  • Opcode ID: 945cebb4260b0251f422cdd7418ce68e6626a4316ae3a4b7ac72f2c5f451b26c
                                                                                                  • Instruction ID: c6147cf8b39424fd0dcf41349bb23cb9d12a20e936a13e31d0bce8924b630ff2
                                                                                                  • Opcode Fuzzy Hash: 945cebb4260b0251f422cdd7418ce68e6626a4316ae3a4b7ac72f2c5f451b26c
                                                                                                  • Instruction Fuzzy Hash: DAB194303145168FEB2D5AADC95C73D3BAAEF86708F554066E106CF7B9EA28CC42C751
                                                                                                  Function 011464F8 Relevance: 2.8, Strings: 2, Instructions: 295COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000E.00000002.3907107349.0000000001140000.00000040.00000800.00020000.00000000.sdmp, Offset: 01140000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_14_2_1140000_vexplorerez.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: Hnq$Hnq
                                                                                                  • API String ID: 0-3075287205
                                                                                                  • Opcode ID: 8d4e49f61cf913a7d6d213e08b3864b9e0bd1e7020fa3d7c6b04cf1adc70e1d3
                                                                                                  • Instruction ID: 0cd785bd20adeeb46992f910df0b3258d9b526bb7d65b5486df62edadeb8c2f7
                                                                                                  • Opcode Fuzzy Hash: 8d4e49f61cf913a7d6d213e08b3864b9e0bd1e7020fa3d7c6b04cf1adc70e1d3
                                                                                                  • Instruction Fuzzy Hash: 0BA1F131B002159FDB19EF68DC58BAE7BA6FB89B15F148429E502CB298DF70DC41CB91
                                                                                                  Function 01140D90 Relevance: 2.7, Strings: 2, Instructions: 234COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000E.00000002.3907107349.0000000001140000.00000040.00000800.00020000.00000000.sdmp, Offset: 01140000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_14_2_1140000_vexplorerez.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: 8nq$8nq
                                                                                                  • API String ID: 0-110844384
                                                                                                  • Opcode ID: 6f25033594a138bc8687e24a5650208af0db50766b80a971bd322babc947154e
                                                                                                  • Instruction ID: 29774c3e4ecb28eac8d2d016a58b3e5c15817da642ff32cbb3eb46531ac887d1
                                                                                                  • Opcode Fuzzy Hash: 6f25033594a138bc8687e24a5650208af0db50766b80a971bd322babc947154e
                                                                                                  • Instruction Fuzzy Hash: A3B1F474E04228CFDB24CFA9C944BDDBBB2BF89300F2081AAE549BB255DB355985CF41
                                                                                                  Function 01149668 Relevance: 2.7, Strings: 2, Instructions: 176COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000E.00000002.3907107349.0000000001140000.00000040.00000800.00020000.00000000.sdmp, Offset: 01140000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_14_2_1140000_vexplorerez.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: Hnq$Tejq
                                                                                                  • API String ID: 0-2250170401
                                                                                                  • Opcode ID: f61197cfebcf6160f0df06f001159889e7ca7357fa55d11defd5ee9f27e52fe1
                                                                                                  • Instruction ID: 672efe91e4d1ac19dc8e6bebaea7d3210d4f24bb98abd33fb0e04b5c19c60326
                                                                                                  • Opcode Fuzzy Hash: f61197cfebcf6160f0df06f001159889e7ca7357fa55d11defd5ee9f27e52fe1
                                                                                                  • Instruction Fuzzy Hash: DF51E130B002168FCB09ABB998545AFBBEBFFC9610B158569E019CB395DE349C068790
                                                                                                  Function 0131D9E8 Relevance: 2.6, Strings: 2, Instructions: 110COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000E.00000002.3908005050.0000000001310000.00000040.00000800.00020000.00000000.sdmp, Offset: 01310000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_14_2_1310000_vexplorerez.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: $jq$$jq
                                                                                                  • API String ID: 0-3720491408
                                                                                                  • Opcode ID: 915141f05d9a083b42d2aadac0e6c4fc96ec657c90cd904431b72b6e186d0fa5
                                                                                                  • Instruction ID: 34316dddbd2d142be080b562052f601a7e834f997b2a9496fd06b243bdd8b9bd
                                                                                                  • Opcode Fuzzy Hash: 915141f05d9a083b42d2aadac0e6c4fc96ec657c90cd904431b72b6e186d0fa5
                                                                                                  • Instruction Fuzzy Hash: 3831D67174C1058FE72ECBACDC9853E7B79EF87314719486AD016CB69ADA28CC40C791
                                                                                                  Function 0131EB28 Relevance: 1.8, Strings: 1, Instructions: 508COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000E.00000002.3908005050.0000000001310000.00000040.00000800.00020000.00000000.sdmp, Offset: 01310000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_14_2_1310000_vexplorerez.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: 4'jq
                                                                                                  • API String ID: 0-3676250632
                                                                                                  • Opcode ID: c01d9fa5924bc2960bd6b8bca3afa5d3faf9ea9dfe39603f44ef3932ff088be8
                                                                                                  • Instruction ID: 7af58bb2ee9544ab5a1a62f4b1352a21ddf4d40bb2c52da408855e0f20b40306
                                                                                                  • Opcode Fuzzy Hash: c01d9fa5924bc2960bd6b8bca3afa5d3faf9ea9dfe39603f44ef3932ff088be8
                                                                                                  • Instruction Fuzzy Hash: E822E430A04249CFCB1ACF68C8849ADBFF5FF49314F1585AAE905DB266D732E855CB90
                                                                                                  Function 01148118 Relevance: 1.7, Strings: 1, Instructions: 436COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000E.00000002.3907107349.0000000001140000.00000040.00000800.00020000.00000000.sdmp, Offset: 01140000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_14_2_1140000_vexplorerez.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: (ojq
                                                                                                  • API String ID: 0-3210286679
                                                                                                  • Opcode ID: ad33e7c55534764117629e4f9048004a56270428dc55368396b38f1e1fa8c68d
                                                                                                  • Instruction ID: 1a19a48fa14aa3189b73c9d6150fd496f7477733b6505f06393cfba1154049ac
                                                                                                  • Opcode Fuzzy Hash: ad33e7c55534764117629e4f9048004a56270428dc55368396b38f1e1fa8c68d
                                                                                                  • Instruction Fuzzy Hash: AF024C70A00519DFCB59CFA8C984AAEBBF2FF89704F158555E4059B3A6C730E981CFA1
                                                                                                  Function 013164E3 Relevance: 1.7, Strings: 1, Instructions: 425COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000E.00000002.3908005050.0000000001310000.00000040.00000800.00020000.00000000.sdmp, Offset: 01310000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_14_2_1310000_vexplorerez.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: (nq
                                                                                                  • API String ID: 0-2756854522
                                                                                                  • Opcode ID: 6535ca8bc7a375e1977607488d25e551102617fa446462c87192008bf4e5673c
                                                                                                  • Instruction ID: 6727a2fc766c00a5adebdb19fcd83b0c85f8878afa301e8decd2fbf8db3ae3b2
                                                                                                  • Opcode Fuzzy Hash: 6535ca8bc7a375e1977607488d25e551102617fa446462c87192008bf4e5673c
                                                                                                  • Instruction Fuzzy Hash: EDE1E5707142048FC709BBBDD99962EBBE5AF88310F41886ED485D73ADDE789C09C751
                                                                                                  Function 06AAEA4A Relevance: 1.6, APIs: 1, Instructions: 104COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • GetSystemMetrics.USER32(00000006), ref: 06AAEA08
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000E.00000002.3931261184.0000000006AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AA0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_14_2_6aa0000_vexplorerez.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: MetricsSystem
                                                                                                  • String ID:
                                                                                                  • API String ID: 4116985748-0
                                                                                                  • Opcode ID: 98a7b45e054e68fcff9f7533a3d69cab1af09257a987f9816ccf26c2ebef91ae
                                                                                                  • Instruction ID: c3fc1a17e331099eb7528cb0e7aefbfea728d72433b009180aee4aff934fcfdb
                                                                                                  • Opcode Fuzzy Hash: 98a7b45e054e68fcff9f7533a3d69cab1af09257a987f9816ccf26c2ebef91ae
                                                                                                  • Instruction Fuzzy Hash: BD415771A007008FD7B5EF68D54A7AAB7F2FF45210F148E2AD0AACBA41C734E845CB91
                                                                                                  Function 05B5D048 Relevance: 1.5, APIs: 1, Instructions: 47libraryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • LoadLibraryExW.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,05B5CE21,00000800,00000000,00000000), ref: 05B5D012
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000E.00000002.3929074513.0000000005B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B50000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_14_2_5b50000_vexplorerez.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: LibraryLoad
                                                                                                  • String ID:
                                                                                                  • API String ID: 1029625771-0
                                                                                                  • Opcode ID: d90c3968fd1ec9186c066c9cb4f9b018caf337453937968ccd867511e8d40e30
                                                                                                  • Instruction ID: 1c24924e19c8c1a574439da05cb9ec38730da53a46c414cc6fb3d4fb723b4027
                                                                                                  • Opcode Fuzzy Hash: d90c3968fd1ec9186c066c9cb4f9b018caf337453937968ccd867511e8d40e30
                                                                                                  • Instruction Fuzzy Hash: 6201F7729053449FDB258B99DC047DABFF4EB45334F04815AE508D3150C37AA545CBE1
                                                                                                  Function 01148DE0 Relevance: 1.5, Strings: 1, Instructions: 201COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000E.00000002.3907107349.0000000001140000.00000040.00000800.00020000.00000000.sdmp, Offset: 01140000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_14_2_1140000_vexplorerez.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: 4'jq
                                                                                                  • API String ID: 0-3676250632
                                                                                                  • Opcode ID: c122d32c9f85693c36955c8c6b9526743a1b8ac0f19cc229d5233141b1bdac3c
                                                                                                  • Instruction ID: 14d42c950bfe54ee0446cd55d0a751b9d1b19b810cb8a72f663e26c77cbf65f9
                                                                                                  • Opcode Fuzzy Hash: c122d32c9f85693c36955c8c6b9526743a1b8ac0f19cc229d5233141b1bdac3c
                                                                                                  • Instruction Fuzzy Hash: 2481B330A04219DFCB19DFA8C584A6EBBF6FF44700F0680A9E9159B3A2D730ED44CB91
                                                                                                  Function 01149678 Relevance: 1.4, Strings: 1, Instructions: 178COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000E.00000002.3907107349.0000000001140000.00000040.00000800.00020000.00000000.sdmp, Offset: 01140000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_14_2_1140000_vexplorerez.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: .(G
                                                                                                  • API String ID: 0-254094207
                                                                                                  • Opcode ID: 249925b50689daff86bbffc003fd72061223b35cc13ff9fbd3af6b79be7ced66
                                                                                                  • Instruction ID: 396309bae53aed8bd84a8d4a60ab718e2053acb9f60d5f059289755a9e435a67
                                                                                                  • Opcode Fuzzy Hash: 249925b50689daff86bbffc003fd72061223b35cc13ff9fbd3af6b79be7ced66
                                                                                                  • Instruction Fuzzy Hash: 7C51B071A002559FCF18DFADC9446AFBBF6FF99610F14846AE805E7340DB389905CBA1
                                                                                                  Function 013146C0 Relevance: 1.4, Instructions: 1411COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000E.00000002.3908005050.0000000001310000.00000040.00000800.00020000.00000000.sdmp, Offset: 01310000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_14_2_1310000_vexplorerez.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: eee5e58ebda75ed5440f35683971be0397903a18da18841bee4b3ef23fdc5b56
                                                                                                  • Instruction ID: 4a351c6f8948b84154867c6442479e07c5d2719d8c1838ac9d3cf2dc5d6caa76
                                                                                                  • Opcode Fuzzy Hash: eee5e58ebda75ed5440f35683971be0397903a18da18841bee4b3ef23fdc5b56
                                                                                                  • Instruction Fuzzy Hash: B6B21630A15354CFC706FB78D994B5DBFB5AF86200F4188EBC489E726ADA385C49CB61
                                                                                                  Function 011499D8 Relevance: 1.4, Strings: 1, Instructions: 109COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000E.00000002.3907107349.0000000001140000.00000040.00000800.00020000.00000000.sdmp, Offset: 01140000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_14_2_1140000_vexplorerez.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: Tejq
                                                                                                  • API String ID: 0-2468842661
                                                                                                  • Opcode ID: cb31899b9a6743f4a53f7273f8e4fc71cdcf39627cb1dd0f71cd213c1e41818a
                                                                                                  • Instruction ID: 11b85432e17d3d5f55780aaae6b5b689d1338e2b906300aada1be51cac4b23d5
                                                                                                  • Opcode Fuzzy Hash: cb31899b9a6743f4a53f7273f8e4fc71cdcf39627cb1dd0f71cd213c1e41818a
                                                                                                  • Instruction Fuzzy Hash: 9A412674D00219CFDF29DFA5C845A9EBBB2FF89304F208069D949BB265EB715946CF40
                                                                                                  Function 011499E8 Relevance: 1.4, Strings: 1, Instructions: 103COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000E.00000002.3907107349.0000000001140000.00000040.00000800.00020000.00000000.sdmp, Offset: 01140000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_14_2_1140000_vexplorerez.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: Tejq
                                                                                                  • API String ID: 0-2468842661
                                                                                                  • Opcode ID: f7e42c44d281ea898ff26f45b661d525025b600a7053c9ca328f33df046de121
                                                                                                  • Instruction ID: 0b00b057cafd6759a90c9b452f33185e2bc25b759fc51bb6db28c043385628b6
                                                                                                  • Opcode Fuzzy Hash: f7e42c44d281ea898ff26f45b661d525025b600a7053c9ca328f33df046de121
                                                                                                  • Instruction Fuzzy Hash: 20411574D00219CFDF29DFA9C944A9EBBB2FF89304F208169E909BB265DB715945CF40
                                                                                                  Function 0114DC40 Relevance: 1.3, Strings: 1, Instructions: 96COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000E.00000002.3907107349.0000000001140000.00000040.00000800.00020000.00000000.sdmp, Offset: 01140000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_14_2_1140000_vexplorerez.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: .(G
                                                                                                  • API String ID: 0-254094207
                                                                                                  • Opcode ID: b4e3b37dedb165c679f120ee7c7748677f3e4ce8e99b79e9c54d78193d907545
                                                                                                  • Instruction ID: f0f16843c8bce79956f7f48229dbeda28c055d3de26d69099f3c2c76711e9335
                                                                                                  • Opcode Fuzzy Hash: b4e3b37dedb165c679f120ee7c7748677f3e4ce8e99b79e9c54d78193d907545
                                                                                                  • Instruction Fuzzy Hash: 6D41C0B1D00209CBDF24DFE9C584ACEBBB5BF59704F24802AD409BB254D7796A45CF91
                                                                                                  Function 011452C7 Relevance: 1.3, Strings: 1, Instructions: 89COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000E.00000002.3907107349.0000000001140000.00000040.00000800.00020000.00000000.sdmp, Offset: 01140000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_14_2_1140000_vexplorerez.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: 8nq
                                                                                                  • API String ID: 0-2810462305
                                                                                                  • Opcode ID: e0555d3b88347f1c5ca8d2f22bd971dd9dc6401f26cf0cf2f4e85c4c47c82d55
                                                                                                  • Instruction ID: 3cbeb219f33246147c8fd3adafe4323303b0be839dae6262699a18832fc930f7
                                                                                                  • Opcode Fuzzy Hash: e0555d3b88347f1c5ca8d2f22bd971dd9dc6401f26cf0cf2f4e85c4c47c82d55
                                                                                                  • Instruction Fuzzy Hash: BF31E174E04208DFDB58DFE9C954AEDBBB2BF89700F20902AD419BB254DB305901CF55
                                                                                                  Function 01148707 Relevance: 1.3, Strings: 1, Instructions: 82COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000E.00000002.3907107349.0000000001140000.00000040.00000800.00020000.00000000.sdmp, Offset: 01140000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_14_2_1140000_vexplorerez.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: ,nq
                                                                                                  • API String ID: 0-1069744364
                                                                                                  • Opcode ID: 58581a050710c35c8fc5d6484525949824238d3a3076ffb863ff139fe1fb5192
                                                                                                  • Instruction ID: 3d31c0ebb8c04642d008e852711319211c78ce776dd31913ef9829416945e85e
                                                                                                  • Opcode Fuzzy Hash: 58581a050710c35c8fc5d6484525949824238d3a3076ffb863ff139fe1fb5192
                                                                                                  • Instruction Fuzzy Hash: D5215136A006049FDB18DFA9DC98A99BBF6FF88711F148069E505A7355DB31EC11CBA0
                                                                                                  Function 0114D364 Relevance: 1.3, Strings: 1, Instructions: 67COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000E.00000002.3907107349.0000000001140000.00000040.00000800.00020000.00000000.sdmp, Offset: 01140000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_14_2_1140000_vexplorerez.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: .(G
                                                                                                  • API String ID: 0-254094207
                                                                                                  • Opcode ID: 87ce899dbf3b2ea403debbdfa52f60151866dffac009df974420e1a94e27b359
                                                                                                  • Instruction ID: 6a302b84515c279ce4ffa5e723ca38fd702b50a5120d2091edcb53f9efb2f066
                                                                                                  • Opcode Fuzzy Hash: 87ce899dbf3b2ea403debbdfa52f60151866dffac009df974420e1a94e27b359
                                                                                                  • Instruction Fuzzy Hash: C331C0B0D01218DBDF24DF9AD988B9EBFF5AB09714F24805AE408BB250C7B95845CFA5
                                                                                                  Function 01145411 Relevance: 1.3, Strings: 1, Instructions: 59COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000E.00000002.3907107349.0000000001140000.00000040.00000800.00020000.00000000.sdmp, Offset: 01140000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_14_2_1140000_vexplorerez.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: foq
                                                                                                  • API String ID: 0-139194738
                                                                                                  • Opcode ID: 8db23e91e240bed9786c24650f1d30faa2aab571a19f6bc15b85940149721b39
                                                                                                  • Instruction ID: 124a6bc213576ca5acf04b918a9fc0e16ffe251355cfd0e02f5d24c7fed0fc9b
                                                                                                  • Opcode Fuzzy Hash: 8db23e91e240bed9786c24650f1d30faa2aab571a19f6bc15b85940149721b39
                                                                                                  • Instruction Fuzzy Hash: 53216A30A09349DFCB46DFB8D500AADBFF5AF06304F6081AAD004AB262D7759E05DB95
                                                                                                  Function 0114D370 Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000E.00000002.3907107349.0000000001140000.00000040.00000800.00020000.00000000.sdmp, Offset: 01140000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_14_2_1140000_vexplorerez.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: .(G
                                                                                                  • API String ID: 0-254094207
                                                                                                  • Opcode ID: c4725a1195e36b7ebebbe0150cff74971d566ffb75244df630eec2feaa1af8dd
                                                                                                  • Instruction ID: 086880dab361176ebddbfb38322e759565bbc579718544d273f247a4a6ee168e
                                                                                                  • Opcode Fuzzy Hash: c4725a1195e36b7ebebbe0150cff74971d566ffb75244df630eec2feaa1af8dd
                                                                                                  • Instruction Fuzzy Hash: 0411F2B59003488FDB24DF9AD548BDEBBF4FB48320F10841AE919A7200C379A944CFA5
                                                                                                  Function 0131469D Relevance: 1.1, Instructions: 1061COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000E.00000002.3908005050.0000000001310000.00000040.00000800.00020000.00000000.sdmp, Offset: 01310000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_14_2_1310000_vexplorerez.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: b7ed54501d5f112b7c8d5bc66292efd4bd42a36ebca0f42d4e586caa0322787d
                                                                                                  • Instruction ID: 16f97348457dd440b0548c7fca3569bc07bf41c773ef01b7696caad9f7839b1a
                                                                                                  • Opcode Fuzzy Hash: b7ed54501d5f112b7c8d5bc66292efd4bd42a36ebca0f42d4e586caa0322787d
                                                                                                  • Instruction Fuzzy Hash: C4829630A10219CBD715FFB9D998B6DBBFAEB85300F4188AAD449A335CDE345C49CB51
                                                                                                  Function 0131B4C8 Relevance: 1.0, Instructions: 986COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000E.00000002.3908005050.0000000001310000.00000040.00000800.00020000.00000000.sdmp, Offset: 01310000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_14_2_1310000_vexplorerez.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: f61402c28f78bb6f7ceb41438b0a5784e8942fae0fc6b6919fba29c1878c7416
                                                                                                  • Instruction ID: 64c62e14484895403297345e232c10f513ee5b565c5f387e0a11598a0c8c1e2f
                                                                                                  • Opcode Fuzzy Hash: f61402c28f78bb6f7ceb41438b0a5784e8942fae0fc6b6919fba29c1878c7416
                                                                                                  • Instruction Fuzzy Hash: 51828270A10218CBCB55FFB9DA94B6DB7B6BB84300F4189AAD449E735CDE389C44CB51
                                                                                                  Function 0131B4D8 Relevance: 1.0, Instructions: 983COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000E.00000002.3908005050.0000000001310000.00000040.00000800.00020000.00000000.sdmp, Offset: 01310000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_14_2_1310000_vexplorerez.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: f1ed13cee931d6f3c446e9b459106232a6c361ae71e543fc6dd4d59436289025
                                                                                                  • Instruction ID: c09c4780978bda68bb8ef9a9e410151d36653bc70627742adbc708bff942b159
                                                                                                  • Opcode Fuzzy Hash: f1ed13cee931d6f3c446e9b459106232a6c361ae71e543fc6dd4d59436289025
                                                                                                  • Instruction Fuzzy Hash: 10828270A10218CBCB55FFB9DA94B6EB7B6BB84300F4189AAD449E735CDE389C44CB51
                                                                                                  Function 01313908 Relevance: .7, Instructions: 689COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000E.00000002.3908005050.0000000001310000.00000040.00000800.00020000.00000000.sdmp, Offset: 01310000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_14_2_1310000_vexplorerez.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 5e51158f5ff82f859e79371769b73968644aab809e570b38f478ae3216036b78
                                                                                                  • Instruction ID: 3193c8ac52637bc7115ba678cf045a462c4345a607b3b8bf03e40d916aea4987
                                                                                                  • Opcode Fuzzy Hash: 5e51158f5ff82f859e79371769b73968644aab809e570b38f478ae3216036b78
                                                                                                  • Instruction Fuzzy Hash: E9227E30A102059FCB05FFBCD698A6DBBB6FF84310F86886AE445A7269DB34EC45C751
                                                                                                  Function 01313985 Relevance: .4, Instructions: 446COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000E.00000002.3908005050.0000000001310000.00000040.00000800.00020000.00000000.sdmp, Offset: 01310000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_14_2_1310000_vexplorerez.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: db079df3950eb60128b1780bc7f9c97db2b943c8d9c384721ee5b25cf565ebe1
                                                                                                  • Instruction ID: 39c663b784282dd5fc03a15ef7cfba02e391e3c577c71cf0b1337d2450570e82
                                                                                                  • Opcode Fuzzy Hash: db079df3950eb60128b1780bc7f9c97db2b943c8d9c384721ee5b25cf565ebe1
                                                                                                  • Instruction Fuzzy Hash: 46F16F31A10214DFCB05FFB8D688A6DBBB6FF84310F868469E445AB269DB34EC45CB51
                                                                                                  Function 013166C0 Relevance: .4, Instructions: 355COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000E.00000002.3908005050.0000000001310000.00000040.00000800.00020000.00000000.sdmp, Offset: 01310000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_14_2_1310000_vexplorerez.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 5227cee26f244c0a7423f6070a5ed9c5417592591c1f22633f1f50c25f7c64fc
                                                                                                  • Instruction ID: abddb27c882859e585e01689c3aa5f76c75fa861b098ae9269ec656f3f4b8ba1
                                                                                                  • Opcode Fuzzy Hash: 5227cee26f244c0a7423f6070a5ed9c5417592591c1f22633f1f50c25f7c64fc
                                                                                                  • Instruction Fuzzy Hash: D3C1C2707142048FC709BBBDD69962EB7E9AB88310F41896EE485C736DDE38DC19C791
                                                                                                  Function 013166BA Relevance: .3, Instructions: 292COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000E.00000002.3908005050.0000000001310000.00000040.00000800.00020000.00000000.sdmp, Offset: 01310000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_14_2_1310000_vexplorerez.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 6de5520b4f0bc83b269fd07ca8d020224f78e3c8e801ba04de93fb55023630b9
                                                                                                  • Instruction ID: 7dba042d6810104d74268cfe13bb7ffff0b69241d937aabce2a0c68daa39212f
                                                                                                  • Opcode Fuzzy Hash: 6de5520b4f0bc83b269fd07ca8d020224f78e3c8e801ba04de93fb55023630b9
                                                                                                  • Instruction Fuzzy Hash: 11A1B270714204CFC708BBBDD69962EBBE9EB88310F41896EE4858736DDE389C19C781
                                                                                                  Function 01146800 Relevance: .2, Instructions: 207COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000E.00000002.3907107349.0000000001140000.00000040.00000800.00020000.00000000.sdmp, Offset: 01140000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_14_2_1140000_vexplorerez.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 00a05117bb5841409223b706437faeda2dde4794e27e198d9f71a152179eb3fe
                                                                                                  • Instruction ID: 27ea3102b5fc3da1413ae227f9877bb5007b6d05453ebb5df1222f1adde046bf
                                                                                                  • Opcode Fuzzy Hash: 00a05117bb5841409223b706437faeda2dde4794e27e198d9f71a152179eb3fe
                                                                                                  • Instruction Fuzzy Hash: A261DE707042158FE72D9B79D864B3A7BA6AF86618F24843AD402CB396DF74CC42C791
                                                                                                  Function 0131CBC8 Relevance: .2, Instructions: 201COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000E.00000002.3908005050.0000000001310000.00000040.00000800.00020000.00000000.sdmp, Offset: 01310000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_14_2_1310000_vexplorerez.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: d774dcd809063c8ac012c3dfd59d40fda6dd62126243214f236c1534429c2059
                                                                                                  • Instruction ID: 6bcbaf14bdf0d83f3cd964ec29d82b5b36610d16e180a092f1504ea5aded6fc2
                                                                                                  • Opcode Fuzzy Hash: d774dcd809063c8ac012c3dfd59d40fda6dd62126243214f236c1534429c2059
                                                                                                  • Instruction Fuzzy Hash: DC7138347406058FDB29DF2CC894AAE7FE6AF49748B5950A9E902CB3B9DB70DC41CB50
                                                                                                  Function 0131FB68 Relevance: .2, Instructions: 195COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000E.00000002.3908005050.0000000001310000.00000040.00000800.00020000.00000000.sdmp, Offset: 01310000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_14_2_1310000_vexplorerez.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: e9072a6fc1b87a8044e99fb46ac1adff262dfe4af2cf59e9cf5c44207610517b
                                                                                                  • Instruction ID: 788cb3662aa73f069fe1b4f19897bffc8d04ab3296f3711175ee0044fce70f18
                                                                                                  • Opcode Fuzzy Hash: e9072a6fc1b87a8044e99fb46ac1adff262dfe4af2cf59e9cf5c44207610517b
                                                                                                  • Instruction Fuzzy Hash: E2518D7160E3D55FCB079B7C98604EA7FB9AF47228B0940E7D8D0CF167C628490AD7A2
                                                                                                  Function 01148770 Relevance: .2, Instructions: 184COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000E.00000002.3907107349.0000000001140000.00000040.00000800.00020000.00000000.sdmp, Offset: 01140000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_14_2_1140000_vexplorerez.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 13293784db56d1867a9d75891ab8e434d301c515af836493f3a00e78f6d69a41
                                                                                                  • Instruction ID: 1764eb7b26e8d1d666081ee4fff73b9076799cf0840c98308487dfb2041977c3
                                                                                                  • Opcode Fuzzy Hash: 13293784db56d1867a9d75891ab8e434d301c515af836493f3a00e78f6d69a41
                                                                                                  • Instruction Fuzzy Hash: 1861C571B006058FCB19DF68D858AAEBBF6FF89710F248169E505DB3A5CB319C06CB90
                                                                                                  Function 01316246 Relevance: .1, Instructions: 142COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000E.00000002.3908005050.0000000001310000.00000040.00000800.00020000.00000000.sdmp, Offset: 01310000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_14_2_1310000_vexplorerez.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: bf26b97f290d4d8b8d648117e4a84763ee5eb1f304764f7f5e7b39f3ae9632c4
                                                                                                  • Instruction ID: a71463b9a6042d1aeb5f21222c8ef7b2a36c87fc56538ff5e099e2fee682845a
                                                                                                  • Opcode Fuzzy Hash: bf26b97f290d4d8b8d648117e4a84763ee5eb1f304764f7f5e7b39f3ae9632c4
                                                                                                  • Instruction Fuzzy Hash: 6341B671A0D3805FC707ABB8996556DBFB5AF87200F4A44EBD085D72ABC63C5C09C762
                                                                                                  Function 01149064 Relevance: .1, Instructions: 110COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000E.00000002.3907107349.0000000001140000.00000040.00000800.00020000.00000000.sdmp, Offset: 01140000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_14_2_1140000_vexplorerez.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: b5603c923cffac887eca81c71eb77459c777071ec9d349f4be8117edc497b349
                                                                                                  • Instruction ID: 332233d71dceafae50bb51f145452ccb96d4def40cf68e988713df4bab88bc60
                                                                                                  • Opcode Fuzzy Hash: b5603c923cffac887eca81c71eb77459c777071ec9d349f4be8117edc497b349
                                                                                                  • Instruction Fuzzy Hash: D5411174D04209DFDB18DFAAD8487EEBBB2BF89319F14846AD401A3290D7394A85CF50
                                                                                                  Function 013164B5 Relevance: .1, Instructions: 104COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000E.00000002.3908005050.0000000001310000.00000040.00000800.00020000.00000000.sdmp, Offset: 01310000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_14_2_1310000_vexplorerez.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: ff1f99ee3d8f7419cb857484e1421a3194fc602bea44402757fcd76e8fedd8a1
                                                                                                  • Instruction ID: 2d44adce0d95a3ce8384aa8f508a5a175045b9f198dc1d75b5c2ad5e8e4f0a12
                                                                                                  • Opcode Fuzzy Hash: ff1f99ee3d8f7419cb857484e1421a3194fc602bea44402757fcd76e8fedd8a1
                                                                                                  • Instruction Fuzzy Hash: D831B470B143058BCB0AEBF8D994A7EB7B6ABC5204F55482AC049D725EDE789C05C762
                                                                                                  Function 0131FEA0 Relevance: .1, Instructions: 99COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000E.00000002.3908005050.0000000001310000.00000040.00000800.00020000.00000000.sdmp, Offset: 01310000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_14_2_1310000_vexplorerez.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: f83b8a86193e4d99eb7da6543b31e7598d2b7a96a23bbc8c8e9eb36066a7cf3d
                                                                                                  • Instruction ID: b36189adeb7caa8694bc4787a2e742a3ea4c0457897fa2c9fddb0db42bed224c
                                                                                                  • Opcode Fuzzy Hash: f83b8a86193e4d99eb7da6543b31e7598d2b7a96a23bbc8c8e9eb36066a7cf3d
                                                                                                  • Instruction Fuzzy Hash: 33318270E056099FCB08CFA9C540A9EBFF9AF85314F14C5AAD518E7359D3309A09CF91
                                                                                                  Function 011455D0 Relevance: .1, Instructions: 95COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000E.00000002.3907107349.0000000001140000.00000040.00000800.00020000.00000000.sdmp, Offset: 01140000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_14_2_1140000_vexplorerez.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: b6d4d8888c9e9b1809b352a90a54a1004600694bdafc8cc66e48ea4cc0e2da72
                                                                                                  • Instruction ID: bb5fe64743e29a52505f86ee05b2d93a333170872efc0273717c3f60a7c6ff99
                                                                                                  • Opcode Fuzzy Hash: b6d4d8888c9e9b1809b352a90a54a1004600694bdafc8cc66e48ea4cc0e2da72
                                                                                                  • Instruction Fuzzy Hash: 5A31B0357002099FDB59AF98EC54AAE3B63FB88710F108429F9469B358CB74DC61DB91
                                                                                                  Function 013163A0 Relevance: .1, Instructions: 92COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000E.00000002.3908005050.0000000001310000.00000040.00000800.00020000.00000000.sdmp, Offset: 01310000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_14_2_1310000_vexplorerez.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 526593f03654ca6cf949f315d4fe48043f24a13d7082ca8594b32d79ceb74933
                                                                                                  • Instruction ID: 7155e848829118df44711e729d08ceb8b3927fe005bf2ff913e515334ab9a344
                                                                                                  • Opcode Fuzzy Hash: 526593f03654ca6cf949f315d4fe48043f24a13d7082ca8594b32d79ceb74933
                                                                                                  • Instruction Fuzzy Hash: 9431F7706093449FC706B7B8D9A966DBFBAEF82204F46449BD084D72AADE345C0DC362
                                                                                                  Function 01148920 Relevance: .1, Instructions: 89COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000E.00000002.3907107349.0000000001140000.00000040.00000800.00020000.00000000.sdmp, Offset: 01140000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_14_2_1140000_vexplorerez.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 0b10efe98ac52075a79f9929961e424f5dee93fb39289d14b90f928189c26934
                                                                                                  • Instruction ID: e712d213934d8336d8e6816e8242035d8bac5b417ed344c15d6ee61bd5f4e93f
                                                                                                  • Opcode Fuzzy Hash: 0b10efe98ac52075a79f9929961e424f5dee93fb39289d14b90f928189c26934
                                                                                                  • Instruction Fuzzy Hash: 7131A770E006058FCB18DFACC8849AEBBF6FF85750B298159E515EB3A5C7349C16CB90
                                                                                                  Function 011488C0 Relevance: .1, Instructions: 89COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000E.00000002.3907107349.0000000001140000.00000040.00000800.00020000.00000000.sdmp, Offset: 01140000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_14_2_1140000_vexplorerez.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 25471fa8fc8e9f673cece57f295a996de1aa71ad27f16cc26da8ff76bd15a9f5
                                                                                                  • Instruction ID: 810b9419fd2918fca5513e217b7db17f78a6e7587c3ab1dbd7d0e1832c653376
                                                                                                  • Opcode Fuzzy Hash: 25471fa8fc8e9f673cece57f295a996de1aa71ad27f16cc26da8ff76bd15a9f5
                                                                                                  • Instruction Fuzzy Hash: 79319470E006058FCB08DFACC88499EBBF6BF85760B248559D515DB3A5C7749C16CB90
                                                                                                  Function 0131CE70 Relevance: .1, Instructions: 87COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000E.00000002.3908005050.0000000001310000.00000040.00000800.00020000.00000000.sdmp, Offset: 01310000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_14_2_1310000_vexplorerez.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: d45bf2a56ae2054d33f55f8d1bc7382b9187a2c2b74349c768c57fd33d94c462
                                                                                                  • Instruction ID: 1ea2fe3365f98e8c5c9a20dd1d113ff15fb7c3160fef7821e7d0a18d253b6531
                                                                                                  • Opcode Fuzzy Hash: d45bf2a56ae2054d33f55f8d1bc7382b9187a2c2b74349c768c57fd33d94c462
                                                                                                  • Instruction Fuzzy Hash: 2D2104303842114BEB291A2D8954B7E368BAFC8B1DF14503AE506CBB9DEE79CC46D391
                                                                                                  Function 01146A51 Relevance: .1, Instructions: 81COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000E.00000002.3907107349.0000000001140000.00000040.00000800.00020000.00000000.sdmp, Offset: 01140000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_14_2_1140000_vexplorerez.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 5c637ba4f7866c4aefd4b5c8c171c8e1c45319b45f4bdc541539610e60698f9e
                                                                                                  • Instruction ID: bbb99c007b9992ccb3bd42be2b14653db35c10e1221c30a71689888b85259269
                                                                                                  • Opcode Fuzzy Hash: 5c637ba4f7866c4aefd4b5c8c171c8e1c45319b45f4bdc541539610e60698f9e
                                                                                                  • Instruction Fuzzy Hash: AB210635704A118FD7299F69D89852ABBA2FFC6B14B148169E906CB358CF31EC01CBD1
                                                                                                  Function 0107D318 Relevance: .1, Instructions: 76COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000E.00000002.3906529597.000000000107D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0107D000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_14_2_107d000_vexplorerez.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 2267ee2ee12037d98b1fc61b57f3a0336f8cd1537832658514cc7d8f7a1fdb92
                                                                                                  • Instruction ID: b8b4d48e9f4c3c1912d7d82e5efa5d254d23ec85da77effe2fbde61a02464cac
                                                                                                  • Opcode Fuzzy Hash: 2267ee2ee12037d98b1fc61b57f3a0336f8cd1537832658514cc7d8f7a1fdb92
                                                                                                  • Instruction Fuzzy Hash: 6C21C171A04244DFDB05DF98D9C0B2ABFA5FF88314F24C5A9E9894A256C33AD416CBA1
                                                                                                  Function 01315785 Relevance: .1, Instructions: 75COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000E.00000002.3908005050.0000000001310000.00000040.00000800.00020000.00000000.sdmp, Offset: 01310000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_14_2_1310000_vexplorerez.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 743e5ee834f2f71a01f24ebde95808f6005b12f697a3b0a6929993c7317624ef
                                                                                                  • Instruction ID: 371f75d5736ace9bd844c740d339e99ccd270c01673096799e5e29b5dbc73827
                                                                                                  • Opcode Fuzzy Hash: 743e5ee834f2f71a01f24ebde95808f6005b12f697a3b0a6929993c7317624ef
                                                                                                  • Instruction Fuzzy Hash: C0218771B20215CBDB56E7B9D9D4F5EB3A9ABC4210FC08566D40AE3359DE38EC41C760
                                                                                                  Function 011455C0 Relevance: .1, Instructions: 66COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000E.00000002.3907107349.0000000001140000.00000040.00000800.00020000.00000000.sdmp, Offset: 01140000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_14_2_1140000_vexplorerez.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 3cc03dd31a7b19f6262eeac5082e16b4fa70bf5ce20cd9fac8f66a26376a3978
                                                                                                  • Instruction ID: d8b89aa5c00cbe5d35a9d2ddb5b0503ee21d9e7708ff8d71bbdbc947f2cd5c91
                                                                                                  • Opcode Fuzzy Hash: 3cc03dd31a7b19f6262eeac5082e16b4fa70bf5ce20cd9fac8f66a26376a3978
                                                                                                  • Instruction Fuzzy Hash: 452124317042499FDB1AAF68EC58BAA3BA2FB85710F048029F8468F345CF74DC51DBA1
                                                                                                  Function 01148764 Relevance: .1, Instructions: 64COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000E.00000002.3907107349.0000000001140000.00000040.00000800.00020000.00000000.sdmp, Offset: 01140000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_14_2_1140000_vexplorerez.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 2e75fa81f7bed0eddd0a2c42dd11c6550cd61eecb16814b6fba99e08201481a3
                                                                                                  • Instruction ID: a1651a17d74953d3d62101e7c8e02550cbddbbd7d82d5edfdff89f7022eb803d
                                                                                                  • Opcode Fuzzy Hash: 2e75fa81f7bed0eddd0a2c42dd11c6550cd61eecb16814b6fba99e08201481a3
                                                                                                  • Instruction Fuzzy Hash: F0215176A002049FDB24CF69DC48A9EBBB5FF8C711F145069E911E7254DB31AC10CBA0
                                                                                                  Function 01146B30 Relevance: .1, Instructions: 64COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000E.00000002.3907107349.0000000001140000.00000040.00000800.00020000.00000000.sdmp, Offset: 01140000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_14_2_1140000_vexplorerez.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: cd55d2121a9751d2a5fad15b4d4449413151e6b5dfdc18d47c179f5efb5dd551
                                                                                                  • Instruction ID: 9f612a608e285f6eafa4c286e0eb63ee51e726f134e986691e82dd180c38a8e8
                                                                                                  • Opcode Fuzzy Hash: cd55d2121a9751d2a5fad15b4d4449413151e6b5dfdc18d47c179f5efb5dd551
                                                                                                  • Instruction Fuzzy Hash: D411E2303042058FD7199F39C4A465ABBE1BF8A75875441AEE50ACB3A2EF71DC09C7A0
                                                                                                  Function 013163D8 Relevance: .1, Instructions: 64COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000E.00000002.3908005050.0000000001310000.00000040.00000800.00020000.00000000.sdmp, Offset: 01310000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_14_2_1310000_vexplorerez.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: ea67ea7927013fb7230cc5894248b03cf3ef0438975fa766b6efa62eb645485c
                                                                                                  • Instruction ID: 026864027f10d872cd3c11f62b22b7bef0b77ba6e5c54bcd329461c894d82061
                                                                                                  • Opcode Fuzzy Hash: ea67ea7927013fb7230cc5894248b03cf3ef0438975fa766b6efa62eb645485c
                                                                                                  • Instruction Fuzzy Hash: 8E11B270A142089FC705BBBDE69996DBBBAEB85300F41846EE0499325DDF399809C762
                                                                                                  Function 011496A8 Relevance: .1, Instructions: 61COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000E.00000002.3907107349.0000000001140000.00000040.00000800.00020000.00000000.sdmp, Offset: 01140000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_14_2_1140000_vexplorerez.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 07f308597153cd84ad08267aade4c38d45059a78c63c86414a4bbb332c8a8e63
                                                                                                  • Instruction ID: 76b02a80025f060e18b3ba1ce232fa549f65ee810c717377c6c35e98adb5daae
                                                                                                  • Opcode Fuzzy Hash: 07f308597153cd84ad08267aade4c38d45059a78c63c86414a4bbb332c8a8e63
                                                                                                  • Instruction Fuzzy Hash: 5301D272B046264B5F1DAAADAC608BFB6AAEFD59547198839D118C7305DF309C0183E4
                                                                                                  Function 0131EED6 Relevance: .1, Instructions: 60COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000E.00000002.3908005050.0000000001310000.00000040.00000800.00020000.00000000.sdmp, Offset: 01310000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_14_2_1310000_vexplorerez.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 95f39a92645e2cb60fb3ef5187682f771ab754fc33e45b4af976d1dbebc2ecaa
                                                                                                  • Instruction ID: 42f3b83d896781c70897bb712e50053b939348c30ad190b714382fda25102519
                                                                                                  • Opcode Fuzzy Hash: 95f39a92645e2cb60fb3ef5187682f771ab754fc33e45b4af976d1dbebc2ecaa
                                                                                                  • Instruction Fuzzy Hash: 3811B432600245DFDB1ACF68C884B5EBFA6EF85318F068565ED149B29AD372E814C7A4
                                                                                                  Function 0131B450 Relevance: .1, Instructions: 59COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000E.00000002.3908005050.0000000001310000.00000040.00000800.00020000.00000000.sdmp, Offset: 01310000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_14_2_1310000_vexplorerez.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 09db1ee98f3625167393d2cc05d5d686e81d5a1f038ed7d1d114027442ce86cf
                                                                                                  • Instruction ID: c1c46b6672043859c4912dd5743d95637e2763fc90712323161cfcc463565ba7
                                                                                                  • Opcode Fuzzy Hash: 09db1ee98f3625167393d2cc05d5d686e81d5a1f038ed7d1d114027442ce86cf
                                                                                                  • Instruction Fuzzy Hash: 3F0104317442045FCB19DA6EE95095AB7FAEFD2224754C17AD509CB26DCE31EC06C7A0
                                                                                                  Function 011474E6 Relevance: .1, Instructions: 58COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000E.00000002.3907107349.0000000001140000.00000040.00000800.00020000.00000000.sdmp, Offset: 01140000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_14_2_1140000_vexplorerez.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: cbdc4015e264487662b64a9244c0860ff60b765ea1b7a76d6afcb52faa5528ea
                                                                                                  • Instruction ID: 0ace7a10da3cae0de628767c986b5f78ff975337a5fdd6c5ac658f54badf3814
                                                                                                  • Opcode Fuzzy Hash: cbdc4015e264487662b64a9244c0860ff60b765ea1b7a76d6afcb52faa5528ea
                                                                                                  • Instruction Fuzzy Hash: 6B11AC31900248DFDB28CF58C848BAABBFAEB48310F04842EE4199F251D771E954CFA0
                                                                                                  Function 0107D313 Relevance: .1, Instructions: 57COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000E.00000002.3906529597.000000000107D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0107D000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_14_2_107d000_vexplorerez.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: d06fae078f3ccc2112caf8552f6b645ede566e603d6c7b0d9faf10800b04cc1c
                                                                                                  • Instruction ID: 72fe1b241b6fd00070ea2362eb1875d3a7dbbdfa06d9d3894d2f15adbce3d04b
                                                                                                  • Opcode Fuzzy Hash: d06fae078f3ccc2112caf8552f6b645ede566e603d6c7b0d9faf10800b04cc1c
                                                                                                  • Instruction Fuzzy Hash: F821C076904240CFCB06CF44D9C4B1ABFB2FB84310F24C5A9D9494A656C336D416CBA1
                                                                                                  Function 0131ADC3 Relevance: .1, Instructions: 51COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000E.00000002.3908005050.0000000001310000.00000040.00000800.00020000.00000000.sdmp, Offset: 01310000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_14_2_1310000_vexplorerez.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 16547fb3eb66077a04183e2ee80e0a1d8a9572d4db4c2df8c68bc6076de99209
                                                                                                  • Instruction ID: f60714cf87d98fffaa62d7480d3be8d98e26584efb8f1a79748e9c8fde6f99e0
                                                                                                  • Opcode Fuzzy Hash: 16547fb3eb66077a04183e2ee80e0a1d8a9572d4db4c2df8c68bc6076de99209
                                                                                                  • Instruction Fuzzy Hash: 47018C34B011259FCB48EB6CE844A9CBFF5EF89605B0481AAE809DB365D730D9428B90
                                                                                                  Function 01140C40 Relevance: .0, Instructions: 46COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000E.00000002.3907107349.0000000001140000.00000040.00000800.00020000.00000000.sdmp, Offset: 01140000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_14_2_1140000_vexplorerez.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 657e423a3e8c55abd64b0c4ca04b41d5fe91fbb7619eaee15ce21615ee51fab6
                                                                                                  • Instruction ID: 7ed47a447ff2f97b65809736d13734f1b6e7692a4ef0ce657bdc58c8aa12e155
                                                                                                  • Opcode Fuzzy Hash: 657e423a3e8c55abd64b0c4ca04b41d5fe91fbb7619eaee15ce21615ee51fab6
                                                                                                  • Instruction Fuzzy Hash: AF012570E04208CFCB58CFAAD4446EDBBF2AF8E320F109169D549B7258DB395906DF65
                                                                                                  Function 0107D7F1 Relevance: .0, Instructions: 45COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000E.00000002.3906529597.000000000107D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0107D000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_14_2_107d000_vexplorerez.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 9996d50e0b18a427fc88da15e2f9bb99527272945369d553363450e61d88ed11
                                                                                                  • Instruction ID: f374a6644a232491bcc5103a21d4e80d1872f2e53cc7bc7978cfcad8d2b3b2ed
                                                                                                  • Opcode Fuzzy Hash: 9996d50e0b18a427fc88da15e2f9bb99527272945369d553363450e61d88ed11
                                                                                                  • Instruction Fuzzy Hash: 1801DB318043449AE7A18E99CD84B67BFDCEF45720F18C46AED9D1A287C279D840C7B9
                                                                                                  Function 0131B041 Relevance: .0, Instructions: 45COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000E.00000002.3908005050.0000000001310000.00000040.00000800.00020000.00000000.sdmp, Offset: 01310000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_14_2_1310000_vexplorerez.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 19e071aba48f657df2456c62949e9c86a07b85a302f21f20b428fd71a4cae9f3
                                                                                                  • Instruction ID: 297c86291fc9657c1834f8aaa90a949c4990ea8231722439ce4e35987a4c1a88
                                                                                                  • Opcode Fuzzy Hash: 19e071aba48f657df2456c62949e9c86a07b85a302f21f20b428fd71a4cae9f3
                                                                                                  • Instruction Fuzzy Hash: E00186757001119FD704E764C899B7EF776EF99610F05829AD908DB392D674AC0587A0
                                                                                                  Function 01315C0C Relevance: .0, Instructions: 44COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000E.00000002.3908005050.0000000001310000.00000040.00000800.00020000.00000000.sdmp, Offset: 01310000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_14_2_1310000_vexplorerez.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 327fb0b304dbc798b5ba77ec63f3aa68a7e421267aa48e6bc1244a86edae096f
                                                                                                  • Instruction ID: a85d1d203bb23a86d038732cc677621dc1233386cef2d17337ae3a65e63c9e43
                                                                                                  • Opcode Fuzzy Hash: 327fb0b304dbc798b5ba77ec63f3aa68a7e421267aa48e6bc1244a86edae096f
                                                                                                  • Instruction Fuzzy Hash: 4DF0A4747001155BD718E759C898F7FF76EEBC9710F0085A9EA099B385DA70AC0587E0
                                                                                                  Function 0131AA90 Relevance: .0, Instructions: 43COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000E.00000002.3908005050.0000000001310000.00000040.00000800.00020000.00000000.sdmp, Offset: 01310000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_14_2_1310000_vexplorerez.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 3ef10c4a14fcee1577cc3def459cd1fc2ab0c39264d9d0cb7620ff70f0d27349
                                                                                                  • Instruction ID: 7b4370bb15228a508144a8224a12203fcd08f7fe47a67e0ef2de98483839d12e
                                                                                                  • Opcode Fuzzy Hash: 3ef10c4a14fcee1577cc3def459cd1fc2ab0c39264d9d0cb7620ff70f0d27349
                                                                                                  • Instruction Fuzzy Hash: 19F0A4747001169FD708EB64C899B7EF36AEB88714F0482A9E9199B386DA70AC0587E0
                                                                                                  Function 01140C50 Relevance: .0, Instructions: 39COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000E.00000002.3907107349.0000000001140000.00000040.00000800.00020000.00000000.sdmp, Offset: 01140000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_14_2_1140000_vexplorerez.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 8730c39e3bb2af475a688649c1e571967e83d42166bb587b8a7ce8a5a584567f
                                                                                                  • Instruction ID: 9276ce2fbc8de3db74592abbf604b6bfb1ae73263a73ee5a8b0b27531eb8f0d9
                                                                                                  • Opcode Fuzzy Hash: 8730c39e3bb2af475a688649c1e571967e83d42166bb587b8a7ce8a5a584567f
                                                                                                  • Instruction Fuzzy Hash: AEF0F674E042088BDB08DFAAD9046EEBBF6AB8D310F409029D545B3254EB3959058FA9
                                                                                                  Function 0131AD52 Relevance: .0, Instructions: 37COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000E.00000002.3908005050.0000000001310000.00000040.00000800.00020000.00000000.sdmp, Offset: 01310000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_14_2_1310000_vexplorerez.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: a6b731b48a0e4db6b4a4d492934c059887078d09d48ff108f8200106f4c52b72
                                                                                                  • Instruction ID: 26bd1afed2847bb1024321f079ffd32105ff5b1a1773a7e33f6dcaa042e82a2f
                                                                                                  • Opcode Fuzzy Hash: a6b731b48a0e4db6b4a4d492934c059887078d09d48ff108f8200106f4c52b72
                                                                                                  • Instruction Fuzzy Hash: FDF09036305201CFCB06EF68F410899BBF5FFA662435581AFE0098B72AD730A942CB80
                                                                                                  Function 0131B348 Relevance: .0, Instructions: 37COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000E.00000002.3908005050.0000000001310000.00000040.00000800.00020000.00000000.sdmp, Offset: 01310000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_14_2_1310000_vexplorerez.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: dacec452979a245bde3a48b0dfef270b5e8bac972787b1ec547565632b261dbd
                                                                                                  • Instruction ID: f81bfa46a96ddbde33dc2d720b06f48c9b157b822086b007a430c4ede0e34654
                                                                                                  • Opcode Fuzzy Hash: dacec452979a245bde3a48b0dfef270b5e8bac972787b1ec547565632b261dbd
                                                                                                  • Instruction Fuzzy Hash: 3EF0E2313082625FDF28366CAC045AF6B564BDB2707284366E076C76DACD204D068391
                                                                                                  Function 0107D7F0 Relevance: .0, Instructions: 36COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000E.00000002.3906529597.000000000107D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0107D000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_14_2_107d000_vexplorerez.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 3a198569fa2c02085e6c2ac632ea79e1875083f4c7673a94673293afb4eee682
                                                                                                  • Instruction ID: b018b83dbcffbadf6bb20faf5f067c400ed7b903f075df3932a82eb9dae50f6c
                                                                                                  • Opcode Fuzzy Hash: 3a198569fa2c02085e6c2ac632ea79e1875083f4c7673a94673293afb4eee682
                                                                                                  • Instruction Fuzzy Hash: 60F0C2718043449EE7518E0AC984B62FFD8EF45734F18C45AED4C0F283C279A840CBB4
                                                                                                  Function 0131ADD0 Relevance: .0, Instructions: 36COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000E.00000002.3908005050.0000000001310000.00000040.00000800.00020000.00000000.sdmp, Offset: 01310000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_14_2_1310000_vexplorerez.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 16809ae5758b4efe892db1709dadd3dc2a1d46b7710479f54c5d3e60b5400fda
                                                                                                  • Instruction ID: ce8ba6895cba3b5489928897f59358e6892912e232f3c26b76c2c80dd00e9060
                                                                                                  • Opcode Fuzzy Hash: 16809ae5758b4efe892db1709dadd3dc2a1d46b7710479f54c5d3e60b5400fda
                                                                                                  • Instruction Fuzzy Hash: 06F06D30B101559FCF08EB7CD44499CBBF5EF89609B0481AAD908CB369EB30DA018F90
                                                                                                  Function 0131B3A7 Relevance: .0, Instructions: 36COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000E.00000002.3908005050.0000000001310000.00000040.00000800.00020000.00000000.sdmp, Offset: 01310000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_14_2_1310000_vexplorerez.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 2f349ad3d206adae4f0358cd90e8903dc8b4feffc1f0ff42a93cf5d9deb9ede7
                                                                                                  • Instruction ID: e7de553c5b011682b8e03d53918cb7773b81e370125e27d6eca223eee8e4b79c
                                                                                                  • Opcode Fuzzy Hash: 2f349ad3d206adae4f0358cd90e8903dc8b4feffc1f0ff42a93cf5d9deb9ede7
                                                                                                  • Instruction Fuzzy Hash: 8CE02B3275B2798FC63905BD18000D6F778CE965D9B5A186BCF05C760ED141883043D2
                                                                                                  Function 01146B40 Relevance: .0, Instructions: 32COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000E.00000002.3907107349.0000000001140000.00000040.00000800.00020000.00000000.sdmp, Offset: 01140000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_14_2_1140000_vexplorerez.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 439d130928255a537b7ae74d4e35b88b4e2a070c7f90663eaf36d8e7ca1ec84b
                                                                                                  • Instruction ID: e3619761d6b72ad4ee1a1ccc11ac1f747b8319a984da5101e541d7c642c5bd11
                                                                                                  • Opcode Fuzzy Hash: 439d130928255a537b7ae74d4e35b88b4e2a070c7f90663eaf36d8e7ca1ec84b
                                                                                                  • Instruction Fuzzy Hash: 0EF0A0713002045BD2089A5AD494A5AB7D9FF86B64754416DE609CB350DE72EC09C3A4
                                                                                                  Function 01141130 Relevance: .0, Instructions: 31COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000E.00000002.3907107349.0000000001140000.00000040.00000800.00020000.00000000.sdmp, Offset: 01140000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_14_2_1140000_vexplorerez.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 681c941b9c595afe4f479513d81eeacff825d993a1815b4b6468a4300b2d1438
                                                                                                  • Instruction ID: c53928ff24cb0de6cb87a0db8e68cad4b626a72d84dc467442fe7b7928f9e90f
                                                                                                  • Opcode Fuzzy Hash: 681c941b9c595afe4f479513d81eeacff825d993a1815b4b6468a4300b2d1438
                                                                                                  • Instruction Fuzzy Hash: 43F0903890D388AFCB65DB7CA9081EC7FF0AF46724F2881EAD9849B252D3360945DB41
                                                                                                  Function 0131B358 Relevance: .0, Instructions: 30COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000E.00000002.3908005050.0000000001310000.00000040.00000800.00020000.00000000.sdmp, Offset: 01310000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_14_2_1310000_vexplorerez.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 16ce72c6217d6931d14e978ddb72235c2b79a672e1ae8f6e78f0ab630b2e56e5
                                                                                                  • Instruction ID: 62eda8b99a5d24f3dcdfb6208c624c1aa3397d4f3ef67a598003041e11ef78e9
                                                                                                  • Opcode Fuzzy Hash: 16ce72c6217d6931d14e978ddb72235c2b79a672e1ae8f6e78f0ab630b2e56e5
                                                                                                  • Instruction Fuzzy Hash: 0DE0922030423563CE1836ADAC04A6F658B8BCA630B304326B43AC37D9CE509C024391
                                                                                                  Function 01141140 Relevance: .0, Instructions: 21COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000E.00000002.3907107349.0000000001140000.00000040.00000800.00020000.00000000.sdmp, Offset: 01140000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_14_2_1140000_vexplorerez.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 02ffdef96c7b2409cbbef577693f6e21f8e8f8f75d1e43ecd39e222bedd7cb1e
                                                                                                  • Instruction ID: 388688c798941cdbcec3d717ad699b8be716237823a33a525b39064e87293ef7
                                                                                                  • Opcode Fuzzy Hash: 02ffdef96c7b2409cbbef577693f6e21f8e8f8f75d1e43ecd39e222bedd7cb1e
                                                                                                  • Instruction Fuzzy Hash: DEE04678D08208EFCB54EFB8A9482ACBBF8AB48711F5484A69848D3300EB315A94DB41
                                                                                                  Function 0114D6E0 Relevance: .0, Instructions: 19COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000E.00000002.3907107349.0000000001140000.00000040.00000800.00020000.00000000.sdmp, Offset: 01140000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_14_2_1140000_vexplorerez.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 7494e3083912db238febede45624e9beb430125ad7e683fdd447e4780816dac2
                                                                                                  • Instruction ID: a1d756d3e011b57a0618605debeb9632b65fd67372fed5c22079ac7c428d6c29
                                                                                                  • Opcode Fuzzy Hash: 7494e3083912db238febede45624e9beb430125ad7e683fdd447e4780816dac2
                                                                                                  • Instruction Fuzzy Hash: 9FE04F3090010CFFCB00EFA4EA50D9DBBB9EB4820471045A6D80497319DB326E05DB92
                                                                                                  Function 0114DFE0 Relevance: .0, Instructions: 16COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000E.00000002.3907107349.0000000001140000.00000040.00000800.00020000.00000000.sdmp, Offset: 01140000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_14_2_1140000_vexplorerez.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: fcc788c89ca91730e34b729ea8219a5e8389f3dd18a4f57a8284d2c23dda9339
                                                                                                  • Instruction ID: 8ecf3f7f43532037563b387938f0891e7eb607bf35d9344e56c861eb76cc0682
                                                                                                  • Opcode Fuzzy Hash: fcc788c89ca91730e34b729ea8219a5e8389f3dd18a4f57a8284d2c23dda9339
                                                                                                  • Instruction Fuzzy Hash: 1CD09E72D00139978B10AFE9DC094DFFF78EF05A50B418126E915A7100D3755A21DBD1