Edit tour

Windows Analysis Report
sistema_2_1_1_build2.zip

Overview

General Information

Sample name:	sistema_2_1_1_build2.zip
Analysis ID:	1509263
MD5:	30305b17e5ea45e503d23f0e0a615b39
SHA1:	5e31dcfac8b74ef8c608a347be20b13ed41febb8
SHA256:	81553028bf92457d74960902e03f628f2c8719fe0e8e30706fc4ab2d522090d0
Infos:

Detection

Score:	52
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Detected unpacking (overwrites its own PE header)

Overwrites code with unconditional jumps - possibly settings hooks in foreign process

Allocates memory with a write watch (potentially for evading sandboxes)

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to dynamically determine API calls

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Drops PE files

Found dropped PE file which has not been started or loaded

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

JA3 SSL client fingerprint seen in connection with other malware

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

PE file contains executable resources (Code or Archives)

PE file contains more sections than normal

PE file contains sections with non-standard names

PE file does not import any functions

Queries the volume information (name, serial number etc) of a device

Stores files to the Windows start menu directory

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64_ra

rundll32.exe (PID: 6088 cmdline: C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding MD5: EF3179D498793BF4234F708D3BE28633)

SISTEMA_2_1_1_Build2.exe (PID: 6452 cmdline: "C:\Users\user\Desktop\sistema_2_1_1_build2\SISTEMA_2_1_1_Build2.exe" MD5: 2B4060A1BE4AC1AA9C99F0B0FEAA23FA)

SISTEMA_2_1_1_Build2.tmp (PID: 6764 cmdline: "C:\Users\user\AppData\Local\Temp\is-0GTQV.tmp\SISTEMA_2_1_1_Build2.tmp" /SL5="$203B8,29753000,779776,C:\Users\user\Desktop\sistema_2_1_1_build2\SISTEMA_2_1_1_Build2.exe" MD5: 38A0CE4967C1A254DDB91920046DDE5B)

SISTEMA_2_1_1_Build2.exe (PID: 4264 cmdline: "C:\Users\user\Desktop\sistema_2_1_1_build2\SISTEMA_2_1_1_Build2.exe" /SPAWNWND=$1044E /NOTIFYWND=$203B8 MD5: 2B4060A1BE4AC1AA9C99F0B0FEAA23FA)

SISTEMA_2_1_1_Build2.tmp (PID: 6364 cmdline: "C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp" /SL5="$20450,29753000,779776,C:\Users\user\Desktop\sistema_2_1_1_build2\SISTEMA_2_1_1_Build2.exe" /SPAWNWND=$1044E /NOTIFYWND=$203B8 MD5: 38A0CE4967C1A254DDB91920046DDE5B)

SISTEMA.exe (PID: 7132 cmdline: "C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe" MD5: 9539E734CC3C8A2A935ACFD28CC08B31)

Configurator.exe (PID: 4720 cmdline: "C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe" NOPOPUP MD5: 8571B58DF1EC066D088F17BABBC2A009)

IFA_WebRequest.exe (PID: 6724 cmdline: "C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe" -v:2.1.1 -b:2 -l:de -i -t -u -w:500 -h:500 MD5: ABF7C0D74DFCD9C378A5F27FD20B18BD)

IFA_WebRequest.exe (PID: 7084 cmdline: "C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe" -v:2.1.1 -b:2 -l:de -i -t -e -w:700 -h:500 MD5: ABF7C0D74DFCD9C378A5F27FD20B18BD)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Compliance

Detected unpacking (overwrites its own PE header)

Source: C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe

Unpacked PE file: 22.2.IFA_WebRequest.exe.930000.0.unpack

Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe

File opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dll

Jump to behavior

Source: unknown	HTTPS traffic detected: 185.103.232.54:443 -> 192.168.2.16:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.103.232.54:443 -> 192.168.2.16:49711 version: TLS 1.2

Source:	Binary string: e:\fb25_git\R2_5_6\firebird2\temp\Win32\Release\ib_util\ib_util.pdb source: SISTEMA.exe, 00000012.00000002.2430651051.0000000005BE2000.00000002.00000001.01000000.0000001C.sdmp
Source:	Binary string: e:\fb25_git\R2_5_6\firebird2\temp\Win32\Release\intl\fbintl.pdb source: SISTEMA.exe, 00000012.00000002.2432748975.0000000005D2D000.00000002.00000001.01000000.0000001D.sdmp
Source:	Binary string: e:\fb25_git\R2_5_6\firebird2\temp\Win32\Release\fbembed\fbembed.pdb source: SISTEMA.exe, 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmp

Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Code function: 18_2_05D256F0 memcpy,FindFirstFileA,		18_2_05D256F0
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Code function: 18_2_1002BC60 memcpy,FindFirstFileA,		18_2_1002BC60

Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	File opened: C:\Users\user\AppData\Local\Microsoft	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Windows	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Windows\History\desktop.ini	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	File opened: C:\Users\user\AppData\Local	Jump to behavior

Source: Joe Sandbox View

JA3 fingerprint: fd80fa9c6120cdeea8520510f3c644ac

Source: global traffic	HTTP traffic detected: GET /?v=2.1.1&b=2 HTTP/1.1Host: sistema-anfrage.ifa.dguv.deAccept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8User-Agent: Mozilla/3.0 (compatible; Indy Library)
Source: global traffic	HTTP traffic detected: GET /?v=2.1.1&b=2 HTTP/1.1Host: sistema-anfrage.ifa.dguv.deAccept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8User-Agent: Mozilla/3.0 (compatible; Indy Library)

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe

Code function: 18_2_10007320 memset,WSAGetLastError,memset,select,WSAGetLastError,select,WSAGetLastError,recv,WSAGetLastError,

18_2_10007320

Source: global traffic	HTTP traffic detected: GET /?v=2.1.1&b=2 HTTP/1.1Host: sistema-anfrage.ifa.dguv.deAccept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8User-Agent: Mozilla/3.0 (compatible; Indy Library)
Source: global traffic	HTTP traffic detected: GET /?v=2.1.1&b=2 HTTP/1.1Host: sistema-anfrage.ifa.dguv.deAccept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8User-Agent: Mozilla/3.0 (compatible; Indy Library)

Source: global traffic

DNS traffic detected: DNS query: sistema-anfrage.ifa.dguv.de

Source: SISTEMA.exe, 00000012.00000000.1714489502.0000000001AFB000.00000002.00000001.01000000.0000000B.sdmp	String found in binary or memory: http://creativecommons.org/licenses/LGPL/2.1/;
Source: SISTEMA.exe, 00000012.00000000.1714489502.0000000001AFB000.00000002.00000001.01000000.0000000B.sdmp	String found in binary or memory: http://creativecommons.org/licenses/by/2.5/
Source: SISTEMA.exe, 00000012.00000000.1714489502.0000000001AFB000.00000002.00000001.01000000.0000000B.sdmp	String found in binary or memory: http://creativecommons.org/licenses/by/3.0/
Source: SISTEMA_2_1_1_Build2.tmp, 0000000C.00000003.1401663830.00000000035C0000.00000004.00001000.00020000.00000000.sdmp, SISTEMA_2_1_1_Build2.tmp, 0000000C.00000003.1755806604.0000000002683000.00000004.00001000.00020000.00000000.sdmp, SISTEMA_2_1_1_Build2.tmp, 00000010.00000003.1738723669.0000000002633000.00000004.00001000.00020000.00000000.sdmp, SISTEMA_2_1_1_Build2.tmp, 00000010.00000003.1736210872.0000000003713000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://download.ifa.dguv.de/sendmail.aspx?
Source: SISTEMA_2_1_1_Build2.tmp, 00000010.00000003.1738723669.0000000002633000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://download.ifa.dguv.de/sendmail.aspx?9:c
Source: SISTEMA_2_1_1_Build2.tmp, 0000000C.00000003.1755806604.0000000002683000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://download.ifa.dguv.de/sendmail.aspx?9:h
Source: SISTEMA_2_1_1_Build2.tmp, 0000000C.00000003.1755806604.0000000002683000.00000004.00001000.00020000.00000000.sdmp, SISTEMA_2_1_1_Build2.tmp, 00000010.00000003.1738723669.0000000002633000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://download.ifa.dguv.de/sendmail.aspx?A
Source: SISTEMA_2_1_1_Build2.tmp, 0000000C.00000003.1755806604.0000000002683000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://download.ifa.dguv.de/sendmail.aspx?YBh
Source: SISTEMA_2_1_1_Build2.tmp, 00000010.00000003.1738723669.0000000002633000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://download.ifa.dguv.de/sendmail.aspx?i9c
Source: SISTEMA_2_1_1_Build2.tmp, 0000000C.00000003.1755806604.0000000002683000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://download.ifa.dguv.de/sendmail.aspx?i9h
Source: SISTEMA_2_1_1_Build2.tmp, 00000010.00000003.1738723669.0000000002633000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://download.ifa.dguv.de/sendmail.aspx?y=c
Source: SISTEMA_2_1_1_Build2.tmp, 0000000C.00000003.1755806604.0000000002683000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://download.ifa.dguv.de/sendmail.aspx?y=h
Source: SISTEMA.exe, 00000012.00000000.1714489502.0000000001AFB000.00000002.00000001.01000000.0000000B.sdmp	String found in binary or memory: http://everaldo.com/crystal/
Source: SISTEMA_2_1_1_Build2.tmp, 00000010.00000003.1724525078.0000000005770000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ispesl.it/
Source: SISTEMA.exe, 00000012.00000003.2024628334.0000000008677000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://opensource.org/licenses/mit-license.php
Source: SISTEMA.exe, 00000012.00000003.2063964550.00000000086B8000.00000004.00000020.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000002.2448726180.00000000086BC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://opensource.org/licenses/mit-license.php)H
Source: SISTEMA.exe, 00000012.00000002.2518055811.000000004A8A1000.00000002.00000001.01000000.0000001A.sdmp, SISTEMA.exe, 00000012.00000002.2519725664.000000004A962000.00000002.00000001.01000000.0000001E.sdmp, SISTEMA.exe, 00000012.00000002.2519825902.000000004AD00000.00000002.00000001.01000000.0000001B.sdmp	String found in binary or memory: http://oss.software.ibm.com/icu/V
Source: SISTEMA.exe, 00000012.00000000.1714012890.0000000001287000.00000008.00000001.01000000.0000000B.sdmp	String found in binary or memory: http://relaxng.org/ns/structure/1.0
Source: SISTEMA.exe, 00000012.00000000.1714012890.0000000001287000.00000008.00000001.01000000.0000000B.sdmp	String found in binary or memory: http://relaxng.org/ns/structure/1.0Memory
Source: SISTEMA.exe, 00000012.00000000.1704314306.00000000005A1000.00000020.00000001.01000000.0000000B.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
Source: SISTEMA.exe, 00000012.00000003.2024628334.0000000008677000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://sourceforge.net/projects/zeoslib/
Source: SISTEMA.exe, 00000012.00000002.2472573933.000000000ADD4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://sourceforge.net/projects/zeoslib/:gEO
Source: SISTEMA.exe, 00000012.00000002.2472573933.000000000ADD4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://sourceforge.net/projects/zeoslib/Bg=O
Source: SISTEMA.exe, 00000012.00000003.2024628334.0000000008677000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://tiopf.sourceforge.net/
Source: SISTEMA_2_1_1_Build2.tmp, 00000010.00000003.1738723669.0000000002510000.00000004.00001000.00020000.00000000.sdmp, SISTEMA_2_1_1_Build2.tmp, 00000010.00000003.1741424305.000000000097B000.00000004.00000020.00020000.00000000.sdmp, SISTEMA_2_1_1_Build2.tmp, 00000010.00000003.1736210872.0000000003713000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://tiopf.sourceforge.net/Licence_MPL1_1.shtml
Source: SISTEMA_2_1_1_Build2.tmp, 00000010.00000003.1724525078.00000000057BD000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.cetim.fr
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000019E5000.00000002.00000001.01000000.0000000B.sdmp, Configurator.exe, 00000013.00000000.1773603217.0000000001E6A000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://www.dguv.de/bgia/sistema
Source: SISTEMA_2_1_1_Build2.tmp, 00000010.00000003.1724525078.00000000057BD000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000002.2428268985.0000000005A8C000.00000004.00001000.00020000.00000000.sdmp, Configurator.exe, 00000013.00000003.1933835955.000000000729C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.dguv.de/webcode.jsp?q=d11223
Source: SISTEMA.exe, 00000012.00000002.2422766471.0000000003D40000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.dguv.de/webcode.jsp?q=d11223ode.jsp?q=d11223en
Source: SISTEMA.exe, 00000012.00000003.2024628334.0000000008677000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.dguv.de/webcode.jsp?q=d18471
Source: SISTEMA.exe, 00000012.00000002.2448726180.0000000008650000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.dguv.de/webcode.jsp?q=d184714
Source: SISTEMA_2_1_1_Build2.tmp, 00000010.00000003.1724525078.00000000057BD000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.dguv.de/webcode.jsp?q=e34183
Source: SISTEMA_2_1_1_Build2.tmp, 00000010.00000003.1724525078.00000000057BD000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.dguv.de/webcode.jsp?q=e89507
Source: SISTEMA_2_1_1_Build2.tmp, 00000010.00000003.1724525078.00000000057BD000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.dguv.de/webcode/d109240
Source: SISTEMA.exe, 00000012.00000003.2024628334.0000000008677000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.dguv.de/webcode/d11223
Source: SISTEMA_2_1_1_Build2.tmp, 00000010.00000003.1724525078.00000000057BD000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.dguv.de/webcode/d11223#http://www.dguv.de/webcode/d1057334
Source: SISTEMA.exe, 00000012.00000002.2448726180.0000000008650000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.dguv.de/webcode/d11223Ea
Source: SISTEMA.exe, 00000012.00000002.2470059520.000000000AD31000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.dguv.de/webcode/d11223k
Source: SISTEMA_2_1_1_Build2.tmp, 00000010.00000003.1738723669.0000000002624000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.dguv.de/webcode/d11223qRb
Source: SISTEMA_2_1_1_Build2.tmp, 0000000C.00000003.1755806604.0000000002674000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.dguv.de/webcode/d11223qRg
Source: SISTEMA_2_1_1_Build2.tmp, 00000010.00000003.1724525078.00000000057BD000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000003.2063964550.00000000086B8000.00000004.00000020.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000003.2062028845.000000000AD8A000.00000004.00000020.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000003.2024628334.0000000008659000.00000004.00000020.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000002.2474221486.000000000B1A3000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000003.2059431766.00000000086BD000.00000004.00000020.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000003.2024628334.0000000008677000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.dguv.de/webcode/d18471
Source: SISTEMA_2_1_1_Build2.tmp, 0000000C.00000003.1755806604.0000000002674000.00000004.00001000.00020000.00000000.sdmp, SISTEMA_2_1_1_Build2.tmp, 00000010.00000003.1738723669.0000000002624000.00000004.00001000.00020000.00000000.sdmp, SISTEMA_2_1_1_Build2.tmp, 00000010.00000003.1724525078.00000000057BD000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.dguv.de/webcode/d561582
Source: SISTEMA_2_1_1_Build2.tmp, 0000000C.00000003.1401663830.00000000035C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.dguv.de/webcode/d5615820OldVersionIsInstalledMsg
Source: SISTEMA_2_1_1_Build2.tmp, 00000010.00000003.1724525078.00000000057BD000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.dguv.de/webcode/d92599Fhttp://www.dguv.de/medien/ifa/de/pra/softwa/sistema/erste_schritte
Source: SISTEMA_2_1_1_Build2.tmp, 00000010.00000003.1724525078.00000000057BD000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.dguv.de/webcode/e109249
Source: SISTEMA_2_1_1_Build2.tmp, 00000010.00000003.1724525078.00000000057BD000.00000004.00001000.00020000.00000000.sdmp, SISTEMA_2_1_1_Build2.tmp, 00000010.00000003.1736210872.0000000003713000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.dguv.de/webcode/e34183
Source: SISTEMA_2_1_1_Build2.tmp, 00000010.00000003.1724525078.00000000057BD000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.dguv.de/webcode/e34183#http://www.dguv.de/webcode/d1057334
Source: SISTEMA_2_1_1_Build2.tmp, 00000010.00000003.1738723669.0000000002624000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.dguv.de/webcode/e34183)Tb
Source: SISTEMA_2_1_1_Build2.tmp, 0000000C.00000003.1755806604.0000000002674000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.dguv.de/webcode/e34183)Tg
Source: SISTEMA_2_1_1_Build2.tmp, 00000010.00000003.1738723669.0000000002624000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.dguv.de/webcode/e341839Vb
Source: SISTEMA_2_1_1_Build2.tmp, 0000000C.00000003.1755806604.0000000002674000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.dguv.de/webcode/e341839Vg
Source: SISTEMA_2_1_1_Build2.tmp, 00000010.00000003.1738723669.0000000002624000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.dguv.de/webcode/e34183IXb
Source: SISTEMA_2_1_1_Build2.tmp, 0000000C.00000003.1755806604.0000000002674000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.dguv.de/webcode/e34183IXg
Source: SISTEMA_2_1_1_Build2.tmp, 00000010.00000003.1738723669.0000000002624000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.dguv.de/webcode/e34183k
Source: SISTEMA_2_1_1_Build2.tmp, 00000010.00000003.1738723669.0000000002624000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.dguv.de/webcode/e34183l
Source: SISTEMA_2_1_1_Build2.tmp, 00000010.00000003.1724525078.00000000057BD000.00000004.00001000.00020000.00000000.sdmp, SISTEMA_2_1_1_Build2.tmp, 00000010.00000003.1736210872.0000000003713000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.dguv.de/webcode/e561582
Source: SISTEMA_2_1_1_Build2.tmp, 00000010.00000003.1738723669.0000000002624000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.dguv.de/webcode/e5615821Ub
Source: SISTEMA_2_1_1_Build2.tmp, 0000000C.00000003.1755806604.0000000002674000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.dguv.de/webcode/e5615821Ug
Source: SISTEMA_2_1_1_Build2.tmp, 00000010.00000003.1738723669.0000000002624000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.dguv.de/webcode/e561582QNb
Source: SISTEMA_2_1_1_Build2.tmp, 0000000C.00000003.1755806604.0000000002674000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.dguv.de/webcode/e561582QNg
Source: SISTEMA_2_1_1_Build2.tmp, 00000010.00000003.1738723669.0000000002624000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.dguv.de/webcode/e561582YZb
Source: SISTEMA_2_1_1_Build2.tmp, 0000000C.00000003.1755806604.0000000002674000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.dguv.de/webcode/e561582YZg
Source: SISTEMA_2_1_1_Build2.tmp, 00000010.00000003.1724525078.00000000057BD000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.dguv.de/webcode/e89507
Source: SISTEMA_2_1_1_Build2.tmp, 00000010.00000003.1724525078.00000000057BD000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.dguv.de/webcode/e92603Hhttp://www.dguv.de/medien/ifa/en/pra/softwa/sistema/getting_starte
Source: SISTEMA_2_1_1_Build2.tmp, 00000010.00000003.1724525078.00000000057BD000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.dguv.de/webcode/m1242008
Source: SISTEMA_2_1_1_Build2.tmp, 00000010.00000003.1724525078.00000000057BD000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.dguv.de/webcode/m1242009
Source: SISTEMA_2_1_1_Build2.tmp, 00000010.00000003.1724525078.00000000057BD000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.dguv.de/webcode/m757251
Source: SISTEMA_2_1_1_Build2.tmp, 00000010.00000003.1724525078.00000000057BD000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.dguv.de/webcode/m757980
Source: SISTEMA.exe, 00000012.00000000.1714489502.0000000001AFB000.00000002.00000001.01000000.0000000B.sdmp	String found in binary or memory: http://www.famfamfam.com/lab/icons/silk/
Source: SISTEMA.exe, 00000012.00000003.2024628334.0000000008677000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.fatcow.com/free-icons
Source: SISTEMA.exe, 00000012.00000002.2448726180.00000000086BC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.fatcow.com/free-icons$H
Source: SISTEMA.exe, 00000012.00000002.2470059520.000000000AD31000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.fatcow.com/free-iconse
Source: SISTEMA.exe, 00000012.00000002.2448726180.0000000008650000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.fatcow.com/free-iconsphp?
Source: SISTEMA.exe, 00000012.00000003.2024628334.0000000008677000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.firebirdsql.org/
Source: SISTEMA.exe, 00000012.00000002.2448726180.0000000008670000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.firebirdsql.org/O=
Source: SISTEMA_2_1_1_Build2.tmp, 00000010.00000003.1736210872.0000000003713000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.firebirdsql.org/en/licensing/
Source: SISTEMA_2_1_1_Build2.tmp, 00000010.00000003.1724525078.0000000005770000.00000004.00001000.00020000.00000000.sdmp, SISTEMA_2_1_1_Build2.tmp, 00000010.00000003.1724525078.00000000057BD000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000003.2062028845.000000000AD8A000.00000004.00000020.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000002.2448726180.0000000008670000.00000004.00000020.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000002.2417187607.000000000226E000.00000004.00000020.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000003.2065651785.0000000008675000.00000004.00000020.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000002.2474221486.000000000B1A3000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000003.2059431766.00000000086BD000.00000004.00000020.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000003.2024628334.0000000008677000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.firebirdsql.org/index.php?op=doc&id=idpl
Source: SISTEMA_2_1_1_Build2.tmp, 00000010.00000003.1724525078.0000000005770000.00000004.00001000.00020000.00000000.sdmp, SISTEMA_2_1_1_Build2.tmp, 00000010.00000003.1724525078.00000000057BD000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000003.2062028845.000000000AD8A000.00000004.00000020.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000002.2448726180.0000000008670000.00000004.00000020.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000002.2417187607.000000000226E000.00000004.00000020.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000003.2065651785.0000000008675000.00000004.00000020.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000002.2474221486.000000000B1A3000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000003.2059431766.00000000086BD000.00000004.00000020.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000003.2024628334.0000000008677000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.firebirdsql.org/index.php?op=doc&id=ipl
Source: SISTEMA.exe, 00000012.00000002.2417187607.0000000002258000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.firebirdsql.org/index.php?op=doc&id=idpl
Source: SISTEMA.exe, 00000012.00000002.2417187607.0000000002258000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.firebirdsql.org/index.php?op=doc&id=idpl8t
Source: SISTEMA.exe, 00000012.00000003.2062028845.000000000AD33000.00000004.00000020.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000003.2024628334.0000000008659000.00000004.00000020.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000003.2059431766.00000000086BD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.firebirdsql.org/index.php?op=doc&id=idpldpl
Source: SISTEMA.exe, 00000012.00000002.2417187607.0000000002258000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.firebirdsql.org/index.php?op=doc&id=idpllt
Source: SISTEMA.exe, 00000012.00000002.2417187607.0000000002258000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.firebirdsql.org/index.php?op=doc&id=ipl
Source: SISTEMA.exe, 00000012.00000003.2062028845.000000000AD33000.00000004.00000020.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000003.2024628334.0000000008659000.00000004.00000020.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000003.2059431766.00000000086BD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.firebirdsql.org/index.php?op=doc&id=iplipl
Source: SISTEMA.exe, 00000012.00000002.2417187607.00000000021A9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.firebirdsql.org/o
Source: Configurator.exe, 00000013.00000003.1795800111.00000000073B5000.00000004.00000020.00020000.00000000.sdmp, Configurator.exe, 00000013.00000003.1795960177.00000000073B5000.00000004.00000020.00020000.00000000.sdmp, Configurator.exe, 00000013.00000003.1795083560.00000000073B5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.fonts.com0ef=
Source: SISTEMA.exe, 00000012.00000003.2059431766.00000000086BD000.00000004.00000020.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000003.2024628334.0000000008677000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.gnu.org/licenses/lgpl.html
Source: SISTEMA.exe, 00000012.00000002.2448726180.0000000008650000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.gnu.org/licenses/lgpl.html&
Source: SISTEMA.exe, 00000012.00000002.2448726180.0000000008650000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.gnu.org/licenses/lgpl.htmlF
Source: SISTEMA.exe, 00000012.00000003.2059431766.00000000086BD000.00000004.00000020.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000003.2024628334.0000000008677000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.jam-software.de/virtual
Source: SISTEMA.exe, 00000012.00000003.2059431766.00000000086BD000.00000004.00000020.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000002.2470059520.000000000ACC0000.00000004.00000020.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000003.2024628334.0000000008677000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.jam-software.de/virtual-treeview/
Source: SISTEMA.exe, 00000012.00000002.2448726180.00000000086BC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.jam-software.de/virtual-treeview/AH
Source: SISTEMA.exe, 00000012.00000002.2448726180.00000000086BC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.jam-software.de/virtual-treeview/hH
Source: SISTEMA.exe, 00000012.00000002.2417187607.000000000226E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.jam-software.de/virtuale
Source: SISTEMA.exe, 00000012.00000003.2024628334.0000000008659000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.jam-software.de/virtualirtual
Source: SISTEMA.exe, 00000012.00000003.2059431766.00000000086BD000.00000004.00000020.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000003.2024628334.0000000008677000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.jrsoftware.org/files/is/license.txt
Source: SISTEMA.exe, 00000012.00000002.2448726180.00000000086BC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.jrsoftware.org/files/is/license.txtMI
Source: SISTEMA.exe, 00000012.00000003.2063964550.00000000086B8000.00000004.00000020.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000002.2448726180.00000000086BC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.jrsoftware.org/files/is/license.txtgI
Source: SISTEMA.exe, 00000012.00000003.2024628334.0000000008677000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.jrsoftware.org/isinfo.php
Source: SISTEMA_2_1_1_Build2.tmp, 00000010.00000003.1738723669.0000000002510000.00000004.00001000.00020000.00000000.sdmp, SISTEMA_2_1_1_Build2.tmp, 00000010.00000003.1741424305.000000000097B000.00000004.00000020.00020000.00000000.sdmp, SISTEMA_2_1_1_Build2.tmp, 00000010.00000003.1736210872.0000000003713000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/MPL/1.1/
Source: SISTEMA.exe, 00000012.00000003.2024628334.0000000008677000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/MPL/MPL-1.1.html
Source: SISTEMA.exe, 00000012.00000002.2448726180.0000000008650000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/MPL/MPL-1.1.htmlI
Source: SISTEMA.exe, 00000012.00000002.2448726180.0000000008650000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/MPL/MPL-1.1.htmlo
Source: SISTEMA.exe, 00000012.00000000.1704314306.00000000005A1000.00000020.00000001.01000000.0000000B.sdmp	String found in binary or memory: http://www.nevrona.com)
Source: SISTEMA.exe, 00000012.00000000.1714012890.0000000001287000.00000008.00000001.01000000.0000000B.sdmp	String found in binary or memory: http://www.oasis-open.org/committees/entity/release/1.0/catalog.dtd
Source: SISTEMA_2_1_1_Build2.tmp, 00000010.00000003.1738723669.0000000002510000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.openssl.org/
Source: SISTEMA_2_1_1_Build2.tmp, 00000010.00000003.1743090299.0000000003B3B000.00000004.00000020.00020000.00000000.sdmp, SISTEMA_2_1_1_Build2.tmp, 00000010.00000003.1724525078.0000000005770000.00000004.00001000.00020000.00000000.sdmp, SISTEMA_2_1_1_Build2.tmp, 00000010.00000003.1724525078.00000000057BD000.00000004.00001000.00020000.00000000.sdmp, SISTEMA_2_1_1_Build2.tmp, 00000010.00000003.1741424305.000000000097B000.00000004.00000020.00020000.00000000.sdmp, SISTEMA_2_1_1_Build2.tmp, 00000010.00000003.1736210872.0000000003713000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000003.2063964550.00000000086B8000.00000004.00000020.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000002.2448726180.0000000008670000.00000004.00000020.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000003.2062028845.000000000AD33000.00000004.00000020.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000003.2024628334.0000000008659000.00000004.00000020.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000002.2417187607.000000000226E000.00000004.00000020.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000003.2059431766.00000000086BD000.00000004.00000020.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000002.2470059520.000000000ACC0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.openssl.org/).
Source: SISTEMA.exe, 00000012.00000003.2062028845.000000000AD8A000.00000004.00000020.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000002.2448726180.0000000008670000.00000004.00000020.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000003.2065651785.0000000008675000.00000004.00000020.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000002.2474221486.000000000B1A3000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000003.2059431766.00000000086BD000.00000004.00000020.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000003.2024628334.0000000008677000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.openssl.org/).
Source: SISTEMA_2_1_1_Build2.tmp, 00000010.00000003.1724525078.00000000057BD000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.sundcon.fi/
Source: SISTEMA.exe, 00000012.00000000.1704314306.0000000000FA1000.00000020.00000001.01000000.0000000B.sdmp	String found in binary or memory: http://www.tmssoftware.com/site/tmsfncuipack.asp?s=faq
Source: SISTEMA.exe, 00000012.00000002.2525919482.000000006B1E1000.00000020.00000001.01000000.00000013.sdmp	String found in binary or memory: https://%s:%u/d.php
Source: SISTEMA.exe, 00000012.00000003.2024628334.0000000008677000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://creativecommons.org/licenses/by/3.0/
Source: SISTEMA.exe, 00000012.00000002.2448726180.00000000086BC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://creativecommons.org/licenses/by/3.0/RI
Source: Configurator.exe, 00000013.00000003.1802186119.000000000738F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://docs.mic
Source: Configurator.exe, 00000013.00000003.1802186119.000000000738F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://docs.microsoft.c
Source: SISTEMA.exe, 00000012.00000000.1704314306.0000000000FA1000.00000020.00000001.01000000.0000000B.sdmp	String found in binary or memory: https://download.tmssoftware.com/doc/tmsfncuipack/components/ttmsfncricheditor/S
Source: SISTEMA.exe, 00000012.00000000.1704314306.0000000000FA1000.00000020.00000001.01000000.0000000B.sdmp	String found in binary or memory: https://download.tmssoftware.com/doc/tmsfncuipack/components/ttmsfncuipack/
Source: SISTEMA_2_1_1_Build2.exe, 0000000B.00000003.1395802347.00000000026E0000.00000004.00001000.00020000.00000000.sdmp, SISTEMA_2_1_1_Build2.tmp, 0000000C.00000003.1401663830.00000000035C0000.00000004.00001000.00020000.00000000.sdmp, SISTEMA_2_1_1_Build2.exe, 0000000F.00000003.1748981306.00000000022D3000.00000004.00001000.00020000.00000000.sdmp, SISTEMA_2_1_1_Build2.tmp, 00000010.00000003.1738723669.0000000002510000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.co
Source: SISTEMA.exe, 00000012.00000003.2024628334.0000000008677000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/landrix/
Source: SISTEMA.exe, 00000012.00000003.2024628334.0000000008677000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/landrix/The-new-Drag-and-Drop-Component-Suite-for-Delphi
Source: SISTEMA.exe, 00000012.00000002.2417187607.00000000021A9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/landrix/The-new-Drag-and-Drop-Component-Suite-for-Delphi#
Source: SISTEMA.exe, 00000012.00000002.2417187607.00000000021A9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/landrix/The-new-Drag-and-Drop-Component-Suite-for-Delphi;
Source: SISTEMA.exe, 00000012.00000002.2417187607.00000000021A9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/landrix/The-new-Drag-and-Drop-Component-Suite-for-DelphiO
Source: SISTEMA.exe, 00000012.00000002.2417187607.00000000021E5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/landrix/The-new-Drag-and-Drop-Component-Suite-for-Delphil
Source: SISTEMA.exe, 00000012.00000003.2024628334.0000000008677000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://indy.fulgan.com/SSL/
Source: SISTEMA.exe, 00000012.00000002.2448726180.00000000086BC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://indy.fulgan.com/SSL/5
Source: SISTEMA_2_1_1_Build2.exe, 0000000B.00000000.1395222225.0000000000401000.00000020.00000001.01000000.00000006.sdmp	String found in binary or memory: https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
Source: SISTEMA_2_1_1_Build2.tmp, 00000010.00000003.1736943334.00000000038D0000.00000004.00001000.00020000.00000000.sdmp, SISTEMA_2_1_1_Build2.tmp, 00000010.00000003.1738723669.0000000002510000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.dguv.d
Source: SISTEMA_2_1_1_Build2.exe, 0000000B.00000003.1395802347.00000000026E0000.00000004.00001000.00020000.00000000.sdmp, SISTEMA_2_1_1_Build2.tmp, 0000000C.00000003.1401663830.00000000035C0000.00000004.00001000.00020000.00000000.sdmp, SISTEMA_2_1_1_Build2.exe, 0000000F.00000003.1748981306.00000000022D3000.00000004.00001000.00020000.00000000.sdmp, SISTEMA_2_1_1_Build2.tmp, 00000010.00000003.1738723669.0000000002510000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.dguv.de/de/wir-ueber-
Source: SISTEMA_2_1_1_Build2.tmp, 00000010.00000003.1736210872.0000000003713000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.dguv.de/de/wir-ueber-uns/impressum/datenschutz_partner/index.jsp
Source: SISTEMA.exe, 00000012.00000003.2059431766.00000000086BD000.00000004.00000020.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000003.2024628334.0000000008677000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.dguv.de/medien/ifa/de/pra/softwa/sistema/erste_schritte.pdf
Source: SISTEMA.exe, 00000012.00000002.2448726180.00000000086DD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.dguv.de/medien/ifa/de/pra/softwa/sistema/erste_schritte.pdfL2
Source: SISTEMA.exe, 00000012.00000002.2448726180.00000000086DD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.dguv.de/medien/ifa/de/pra/softwa/sistema/erste_schritte.pdfV3
Source: SISTEMA.exe, 00000012.00000003.2063536131.00000000086FC000.00000004.00000020.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000002.2448726180.00000000086DD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.dguv.de/medien/ifa/de/pra/softwa/sistema/erste_schritte.pdfb5
Source: SISTEMA_2_1_1_Build2.tmp, 00000010.00000003.1724525078.00000000057BD000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.dguv.de/medien/ifa/en/pra/softwa/sistema/getting_started.pdf
Source: SISTEMA.exe, 00000012.00000003.2024628334.0000000008677000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.dguv.de/webcode.jsp?query=d11223
Source: SISTEMA.exe, 00000012.00000003.2063964550.00000000086B8000.00000004.00000020.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000002.2448726180.00000000086BC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.dguv.de/webcode.jsp?query=d11223VH
Source: SISTEMA.exe, 00000012.00000003.2059431766.00000000086BD000.00000004.00000020.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000003.2024628334.0000000008677000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.dguv.de/webcode.jsp?query=d1182355
Source: SISTEMA_2_1_1_Build2.tmp, 00000010.00000003.1724525078.00000000057BD000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.dguv.de/webcode.jsp?query=e34183
Source: SISTEMA_2_1_1_Build2.exe, 0000000B.00000003.1397260240.0000000002820000.00000004.00001000.00020000.00000000.sdmp, SISTEMA_2_1_1_Build2.exe, 0000000B.00000003.1397889533.000000007FB50000.00000004.00001000.00020000.00000000.sdmp, SISTEMA_2_1_1_Build2.tmp, 0000000C.00000000.1399744248.0000000000401000.00000020.00000001.01000000.00000007.sdmp	String found in binary or memory: https://www.innosetup.com/
Source: SISTEMA.exe, 00000012.00000003.2024628334.0000000008677000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.openssl.org/source/license-openssl-ssleay.txt
Source: SISTEMA_2_1_1_Build2.exe, 0000000B.00000003.1397260240.0000000002820000.00000004.00001000.00020000.00000000.sdmp, SISTEMA_2_1_1_Build2.exe, 0000000B.00000003.1397889533.000000007FB50000.00000004.00001000.00020000.00000000.sdmp, SISTEMA_2_1_1_Build2.tmp, 0000000C.00000000.1399744248.0000000000401000.00000020.00000001.01000000.00000007.sdmp	String found in binary or memory: https://www.remobjects.com/ps

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443

Source: unknown	HTTPS traffic detected: 185.103.232.54:443 -> 192.168.2.16:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.103.232.54:443 -> 192.168.2.16:49711 version: TLS 1.2

Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Code function: 18_2_05D0A570	18_2_05D0A570
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Code function: 18_2_05D1E030	18_2_05D1E030
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Code function: 18_2_05D08950	18_2_05D08950
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Code function: 18_2_1001D540	18_2_1001D540
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Code function: 18_2_10051690	18_2_10051690
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Code function: 18_2_100196B0	18_2_100196B0
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Code function: 18_2_10011EB0	18_2_10011EB0
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Code function: 18_2_100509D0	18_2_100509D0

Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Code function: String function: 05D218F0 appears 46 times
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Code function: String function: 1002B330 appears 47 times
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Code function: String function: 1002B3E0 appears 33 times
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Code function: String function: 10009E20 appears 41 times
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Code function: String function: 05D26D90 appears 47 times
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Code function: String function: 10021170 appears 92 times
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Code function: String function: 10009070 appears 45 times
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Code function: String function: 1002FDC0 appears 47 times
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Code function: String function: 1003AC40 appears 35 times
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Code function: String function: 100240C0 appears 102 times
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Code function: String function: 05D02BD0 appears 34 times
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Code function: String function: 05D05190 appears 37 times

Source: SISTEMA_2_1_1_Build2.tmp.11.dr	Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: SISTEMA_2_1_1_Build2.tmp.15.dr	Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: is-CDA33.tmp.16.dr	Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows

Source: is-EUGLL.tmp.16.dr	Static PE information: Number of sections : 11 > 10
Source: is-N0KF3.tmp.16.dr	Static PE information: Number of sections : 11 > 10
Source: is-VM0G9.tmp.16.dr	Static PE information: Number of sections : 11 > 10

Source: is-0DA9P.tmp.16.dr

Static PE information: No import functions for PE file found

Source: classification engine

Classification label: mal52.evad.winZIP@15/211@1/1

Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp

File created: C:\Program Files (x86)\SISTEMA 2.1.1

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp

File created: C:\Users\user\AppData\Local\Programs

Jump to behavior

Source: C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe	Mutant created: NULL
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Mutant created: \Sessions\1\BaseNamedObjects\madExceptSettingsMtx$1bdc
Source: C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe	Mutant created: \Sessions\1\BaseNamedObjects\madExceptSettingsMtx$1a44
Source: C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe	Mutant created: \Sessions\1\BaseNamedObjects\HookTThread$1bac
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Mutant created: \Sessions\1\BaseNamedObjects\HookTThread$1bdc
Source: C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe	Mutant created: \Sessions\1\BaseNamedObjects\HookTThread$1a44
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Mutant created: \Sessions\1\BaseNamedObjects\firebird_trace_mutex
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Mutant created: \Sessions\1\BaseNamedObjects\RAVECONTROLER
Source: C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe	Mutant created: \Sessions\1\BaseNamedObjects\madExceptSettingsMtx$1bac
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Mutant created: \Sessions\1\BaseNamedObjects\madExceptSettingsMtx$1270

Source: C:\Users\user\Desktop\sistema_2_1_1_build2\SISTEMA_2_1_1_Build2.exe

File created: C:\Users\user\AppData\Local\Temp\is-0GTQV.tmp

Jump to behavior

Source: C:\Users\user\Desktop\sistema_2_1_1_build2\SISTEMA_2_1_1_Build2.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\Desktop\sistema_2_1_1_build2\SISTEMA_2_1_1_Build2.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0GTQV.tmp\SISTEMA_2_1_1_Build2.tmp	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0GTQV.tmp\SISTEMA_2_1_1_Build2.tmp	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\Desktop\sistema_2_1_1_build2\SISTEMA_2_1_1_Build2.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\Desktop\sistema_2_1_1_build2\SISTEMA_2_1_1_Build2.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-0GTQV.tmp\SISTEMA_2_1_1_Build2.tmp

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Windows\System32\rundll32.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganization

Jump to behavior

Source: unknown

Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO DC(DC, DClower, DCupper) VALUES ('dcNone', 0.0, 0.6);
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PLReqConditions(PL, PLConditionOpOID) Values ('plC', '8b82ea6f-35c7-40f6-a0d3-a8869940a200');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO GEPMTTFd(PartName, WellTriedRef, Standards, TypicalMTTFd, TypicalB10d) VALUES ('Mechanische Bauteile', 'Tabellen A.1 und A.2', '-', 150.0, null);
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.0000108, 6.8, 'cat2', 'dcLow');
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO SFTypes(Name, SFTYPEID) VALUES ('Funzione di ripristino manuale', 'SFTYPEID-002');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO CatSimplyMethodReqConditions(Cat, CatConditionOpOID) Values ('catB', '9ECCE3AF-20C0-45FF-AFC8-9E614834C1C2');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.0000133, 4.3, 'cat2', 'dcMedium');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO CatReqConditions(Cat, CatConditionOpOID) Values ('cat4', '9ECCE3AF-20C0-45FF-AFC8-9E614834C1C2');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (6.44E-09, 360.0, 'cat4', 'dcHigh');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (2.28E-09, 1000.0, 'cat4', 'dcHigh');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO CatSimplyMethodReqConditions(Cat, CatConditionOpOID) Values ('cat4', '7a31714d-6eb6-4844-ba27-278300659924');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO CatReqMTTFd(Cat, MTTFd) VALUES ('cat2', 'mttfHigh');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFHi(PFH, MTTFd, Cat, DCavg) VALUES (1.36043211886808E-06, 10.0, 'cat3', 0.9);
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFHi(PFH, MTTFd, Cat, DCavg) VALUES (6.34210945246008E-07, 30.0, 'cat3', 0.65);
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PLConditionOps(OID, PLCID, Text) VALUES ('b761d495-9877-4d01-9d84-6046ead2ed4d', 'PLReq03', 'systemaattiset vikaantumiset (katso liite G)');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000003.1957235518.0000000006414000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO DCMeasureOps(OID, DCMORDER, IsProtected, DCmax, DCmin, DC, DCMID, Dependency, Description, Document, Documentation, Heading, InsufficientPLs) VALUES ('e2e0107e-2c16-42ec-a1eb-1c4def3aaf5b', 230, 1, 0.99, 0.9, 0.9, 'DCMID-023', '', 'Verarbeitungseinheit: Kodierte Verarbeitung', '', '', 'Logik', '');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO CatSimplyMethodReqConditions(Cat, CatConditionOpOID) Values ('cat1', 'ee5112bc-0717-4e77-8a41-02e512867525');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PLSimplyMethodReqConditions(PL, PLConditionOpOID) Values ('plE', '8b82ea6f-35c7-40f6-a0d3-a8869940a200');
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO GEPMTTFd(PartName, WellTriedRef, Standards, TypicalMTTFd, TypicalB10d) VALUES ('Componenti pneumatici', 'Prospetto B1 e B2', 'ISO 4414', null, 20000000.0);
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.00000125, 91.0, 'cat1', 'dcNone');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.000000261, 91.0, 'cat2', 'dcMedium');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.00000113, 51.0, 'cat2', 'dcLow');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFHi(PFH, MTTFd, Cat, DCavg) VALUES (0.0000068416000333239, 10.0, 'cat2', 0.65);
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PLSimplyMethodReqConditions(PL, PLConditionOpOID) Values ('plA', '6653b95f-9bc1-4df3-8e82-088a025a3276');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO SILs(PFHlower, PFHupper, SIL) VALUES (0.0000001, 0.000001, 'sil2');
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO SFTypes(Name, SFTYPEID) VALUES ('Safe operating stop (SOS)', 'SFTYPEID-018');
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO GEPMTTFd(PartName, WellTriedRef, Standards, TypicalMTTFd, TypicalB10d) VALUES ('Proximity switches with nominal load', 'Tables D.1 and D.2', 'IEC 60947, ISO 14119', null, 400000.0);
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.0000317, 3.6, 'catB', 'dcNone');
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO SFTypes(Name, SFTYPEID) VALUES ('Isolations- und Energieableitungsfunktion', 'SFTYPEID-010');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.00000281, 11.0, 'cat3', 'dcLow');
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO GEPMTTFd(PartName, WellTriedRef, Standards, TypicalMTTFd, TypicalB10d) VALUES ('Pneumatic components', 'Tables B.1 and B.2', 'ISO 4414', null, 20000000.0);
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PLSimplyMethodReqConditions(PL, PLConditionOpOID) Values ('plA', '85751E80-0E2D-4060-A89D-CE4ABA89C166');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFHi(PFH, MTTFd, Cat, DCavg) VALUES (5.28072928492508E-08, 100.0, 'cat3', 0.85);
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO CatConditionOps(OID, CCID, Text, DetailTextA, DetailTextB) VALUES ('3545c118-1d1d-4525-94e8-07eb1467afce', 'CATReq03', 'Sono utilizzati principi di sicurezza ben provati', '', '');
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO SFTypes(Name, SFTYPEID) VALUES ('Funzione di arresto legata alla sicurezza avviata da una misura di protezione', 'SFTYPEID-001');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.000000443, 62.0, 'cat2', 'dcMedium');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.000000485, 20.0, 'cat3', 'dcMedium');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (3.70E-09, 620.0, 'cat4', 'dcHigh');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.00000794, 9.1, 'cat2', 'dcLow');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO CatReqMTTFd(Cat, MTTFd) VALUES ('cat1', 'mttfHigh');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.00000224, 51.0, 'cat1', 'dcNone');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.000000134, 47.0, 'cat3', 'dcMedium');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFHi(PFH, MTTFd, Cat, DCavg) VALUES (3.28007714642107E-08, 100.0, 'cat3', 0.95);
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PLSimplyMethodReqConditions(PL, PLConditionOpOID) Values ('plB', 'b761d495-9877-4d01-9d84-6046ead2ed4d');
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO CatConditionOps(OID, CCID, Text, DetailTextA, DetailTextB) VALUES ('a03d45c4-961e-4701-8756-cf50170f3ed9', 'CATReq02', 'Se utilizan componentes de eficacia probada.', '', '');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.0000265, 4.3, 'catB', 'dcNone');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFHi(PFH, MTTFd, Cat, DCavg) VALUES (6.50093530675906E-06, 10.0, 'cat2', 0.7);
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PLReqConditions(PL, PLConditionOpOID) Values ('plD', '18f92b72-8a3c-4c3e-b035-167292d5cb49');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.00000039, 68.0, 'cat2', 'dcMedium');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.000000184, 68.0, 'cat3', 'dcLow');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFHi(PFH, MTTFd, Cat, DCavg) VALUES (6.09472318287648E-06, 3.0, 'cat3', 0.9);
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO CatReqConditions(Cat, CatConditionOpOID) Values ('cat1', 'a03d45c4-961e-4701-8756-cf50170f3ed9');
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO DCMeasureOps(OID, DCMORDER, IsProtected, DCmax, DCmin, DC, DCMID, Dependency, Description, Document, Documentation, Heading, InsufficientPLs) VALUES ('9dafe6e3-cd2f-4307-98d1-13d870a09bdf', 170, 1, 0.9, 0.9, 0.9, 'DCMID-017', '', 'Memoria invariabile: sigla di una parola singola (8 bit)', '', '', 'Logica', '');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.000000594, 33.0, 'cat3', 'dcLow');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PLReqConditions(PL, PLConditionOpOID) Values ('plD', '6653b95f-9bc1-4df3-8e82-088a025a3276');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO SILs(PFHlower, PFHupper, SIL) VALUES (0.000001, 0.00001, 'sil1');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO MTTFd(MTTFd, MTTFdlower, MTTFdupper) VALUES ('mttfHigh', 30.0, 2500.0);
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.00000141, 18.0, 'cat3', 'dcLow');
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO SFTypes(Name, SFTYPEID) VALUES ('Emergency stop function', 'SFTYPEID-012');
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO DCMeasureOps(OID, DCMORDER, IsProtected, DCmax, DCmin, DC, DCMID, Dependency, Description, Document, Documentation, Heading, InsufficientPLs) VALUES ('60251a5d-2592-4e42-852e-742065d462ca', 60, 1, 0.99, 0.9, 0.9, 'DCMID-006', 'depending on the application', 'Indirect monitoring (e.g. monitoring by pressure switch, electrical position monitoring of actuators)', '', '', 'Input devices', '');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFHi(PFH, MTTFd, Cat, DCavg) VALUES (7.18225926616601E-06, 10.0, 'cat2', 0.6);
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO DCMeasureOps(OID, DCMORDER, IsProtected, DCmax, DCmin, DC, DCMID, Dependency, Description, Document, Documentation, Heading, InsufficientPLs) VALUES ('037965cf-75d6-451f-829d-d779f8ac3fd4', 320, 1, 0.99, 0.99, 0.99, 'DCMID-032', '', 'Direct monitoring (e.g. electrical position monitoring of control valves, monitoring of electromechanical devices by mechanically linked contact elements)', '', '', 'Output device', '');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO CatReqMTTFd(Cat, MTTFd) VALUES ('cat2', 'mttfMedium');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.0000000579, 82.0, 'cat3', 'dcMedium');
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO DCMeasureOps(OID, DCMORDER, IsProtected, DCmax, DCmin, DC, DCMID, Dependency, Description, Document, Documentation, Heading, InsufficientPLs) VALUES ('7b5c71bb-0600-4a38-b67d-c1517ed19c89', 120, 1, 0.6, 0.6, 0.6, 'DCMID-012', '', 'Semplice monitoraggio temporale della logica ( per esempio timer come watchdog, in cui i punti di trigger rientrano nel programma della logica)', '', '', 'Logica', '');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFHi(PFH, MTTFd, Cat, DCavg) VALUES (8.23685275586331E-07, 10.0, 'cat3', 0.95);
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO GEPMTTFd(PartName, WellTriedRef, Standards, TypicalMTTFd, TypicalB10d) VALUES ('Hydraulische Bauteile mit 250.000 Zyklen pro Jahr > Nop', 'Tabellen C.1 und C.2', 'ISO 4413', 1200.0, null);
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (9.54E-08, 30.0, 'cat4', 'dcHigh');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO RiskParams(PL, ParamF, ParamP, ParamS) VALUES ('plC', 1, 1, 0);
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFHi(PFH, MTTFd, Cat, DCavg) VALUES (0.0000199402196513683, 3.0, 'cat2', 0.9);
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFHi(PFH, MTTFd, Cat, DCavg) VALUES (1.34915105020562E-06, 30.0, 'cat2', 0.85);
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO SFTypes(Name, SFTYPEID) VALUES ('Manual reset function', 'SFTYPEID-002');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO CatReqConditions(Cat, CatConditionOpOID) Values ('cat3', '7a31714d-6eb6-4844-ba27-278300659924');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.00000987, 5.6, 'cat2', 'dcMedium');
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO GEPMTTFd(PartName, WellTriedRef, Standards, TypicalMTTFd, TypicalB10d) VALUES ('Hydraulic components with 250.000 cycles per year > Nop', 'Tables C.1 and C.2', 'ISO 4413', 1200.0, null);
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO DCMeasureOps(OID, DCMORDER, IsProtected, DCmax, DCmin, DC, DCMID, Dependency, Description, Document, Documentation, Heading, InsufficientPLs) VALUES ('6cd77662-c675-4c63-8e59-aa6f227e5248', 50, 1, 0.99, 0.99, 0.99, 'DCMID-005', '', 'Cross monitoring of input signals and intermediate results within the logic (L), and temporal and logical software monitor of the program flow and detection of static faults and short circuits (for multiple I/O)', '', '', 'Input devices', '');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.000000661, 82.0, 'cat2', 'dcLow');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.0000258, 3.0, 'cat2', 'dcLow');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.00000453, 11.0, 'cat2', 'dcMedium');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFHi(PFH, MTTFd, Cat, DCavg) VALUES (2.63862099865182E-06, 10.0, 'cat3', 0.75);
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PLSimplyMethodReqConditions(PL, PLConditionOpOID) Values ('plB', '7F2955E8-4380-4571-A90F-CDEDBD1A42F2');
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO SFTypes(Name, SFTYPEID) VALUES ('Inhibition', 'SFTYPEID-005');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.00000152, 75.0, 'cat1', 'dcNone');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.000000580, 51.0, 'cat2', 'dcMedium');
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO GEPMTTFd(PartName, WellTriedRef, Standards, TypicalMTTFd, TypicalB10d) VALUES ('Composants pneumatiques', 'Tableaux B.1 et B.2', 'ISO 4414', null, 20000000.0);
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFHi(PFH, MTTFd, Cat, DCavg) VALUES (2.4653506647293E-08, 100.0, 'cat4', 0.99);
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO DCMeasureOps(OID, DCMORDER, IsProtected, DCmax, DCmin, DC, DCMID, Dependency, Description, Document, Documentation, Heading, InsufficientPLs) VALUES ('c6389aea-c697-4e6f-857b-04b0f4def5e9', 10, 1, 0.9, 0.9, 0.9, 'DCMID-001', '', 'Cyclic test stimulus by dynamic change of the input signals', '', '', 'Input devices', '');
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO GEPMTTFd(PartName, WellTriedRef, Standards, TypicalMTTFd, TypicalB10d) VALUES ('Pneumaattiset komponentit', 'Taulukot B.1 ja B.2', 'ISO 4414', null, 20000000.0);
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFHi(PFH, MTTFd, Cat, DCavg) VALUES (4.28473111214713E-07, 100.0, 'cat2', 0.7);
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.00000102, 56.0, 'cat2', 'dcLow');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.000000588, 91.0, 'cat2', 'dcLow');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO CatReqMTTFd(Cat, MTTFd) VALUES ('cat3', 'mttfHigh');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PLs(PFHlower, PFHupper, PL) VALUES (0.000001, 0.000003, 'plC');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFHi(PFH, MTTFd, Cat, DCavg) VALUES (8.47303462918694E-09, 300.0, 'cat4', 0.96);
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO CatConditionOps(OID, CCID, Text, DetailTextA, DetailTextB) VALUES ('7a31714d-6eb6-4844-ba27-278300659924', 'CATReq04', 'Vengono attribuiti la tolleranza al guasto singolo ed il rilevamento del guasto ragionevolmente praticabile.', 'Un singolo guasto in una qualsiasi parte della SRP/CS non porta alla perdita della funzione di sicurezza. Quando ragionevolmente praticabile, il singolo guasto viene rilevato.\n', '');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PLSimplyMethodReqConditions(PL, PLConditionOpOID) Values ('plD', '18f92b72-8a3c-4c3e-b035-167292d5cb49');
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO SFTypes(Name, SFTYPEID) VALUES ('Stop seguro 2 (SS2)', 'SFTYPEID-017');
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO DCMeasureOps(OID, DCMORDER, IsProtected, DCmax, DCmin, DC, DCMID, Dependency, Description, Document, Documentation, Heading, InsufficientPLs) VALUES ('f32e434b-eaae-4453-8480-3159d1231138', 90, 1, 0.6, 0.6, 0.6, 'DCMID-009', '', 'Monitoring some characteristics of the sensor (response time, range of analogue signals, e.g. electrical resistance, capacitance)', '', '', 'Input devices', '');
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO LIBMETADATA(LASTCHANGE, NAME, INFO, AUTHOR, OID, SSMVERSION, NORMVERSION) Values (CURRENT_TIMESTAMP, 'SISTEMA default library', 'The default library cannot be removed from the list.', 'SISTEMA', '7289BA40-EE52-42C1-8855-08D03F571E5E', '2.0.0', 'ISO 13849-1:2015, ISO 13849-2:2012');
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO LIBMETADATA(LASTCHANGE, NAME, INFO, AUTHOR, OID, SSMVERSION) Values (CURRENT_TIMESTAMP, '', '', '', '', '');
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO SFTypes(Name, SFTYPEID) VALUES ('Prevention of unexpected start-up', 'SFTYPEID-008');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFHi(PFH, MTTFd, Cat, DCavg) VALUES (3.54886816428957E-07, 30.0, 'cat3', 0.85);
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.0000199, 3.0, 'cat2', 'dcMedium');
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO SFTypes(Name, SFTYPEID) VALUES ('Safe stop 1 (SS1)', 'SFTYPEID-016');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.0000195, 3.9, 'cat2', 'dcLow');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFHi(PFH, MTTFd, Cat, DCavg) VALUES (1.42128870927374E-06, 3.0, 'cat3', 0.99);
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO DCMeasureOps(OID, DCMORDER, IsProtected, DCmax, DCmin, DC, DCMID, Dependency, Description, Document, Documentation, Heading, InsufficientPLs) VALUES ('ecc45e55-4411-4110-ac1a-9863e44de195', 300, 1, 0.99, 0.9, 0.9, 'DCMID-030', 'depending on the application', 'Indirect monitoring (e.g monitoring by pressure switch, electrical position monitoring of actuators)', '', '', 'Output device', '');
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO SFTypes(Name, SFTYPEID) VALUES ('Turvasuunta (SDI)', 'SFTYPEID-021');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO SFTypes(Name, SFTYPEID) VALUES ('Verhinderung des unerwarteten Anlaufs', 'SFTYPEID-008');
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO DCMeasureOps(OID, DCMORDER, IsProtected, DCmax, DCmin, DC, DCMID, Dependency, Description, Document, Documentation, Heading, InsufficientPLs) VALUES ('a516a14e-f691-412b-b098-ac9fac1d7d28', 80, 1, 0.99, 0.0, 0.0, 'DCMID-008', 'depending on the application', 'Fault detection by the process', '', '', 'Input devices', 'plE');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO SFTypes(Name, SFTYPEID) VALUES ('Isolations- und Energieableitungsfunktion', 'SFTYPEID-011');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFHi(PFH, MTTFd, Cat, DCavg) VALUES (6.94003321415609E-07, 30.0, 'cat3', 0.6);
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PLSimplyMethodReqConditions(PL, PLConditionOpOID) Values ('plD', '85751E80-0E2D-4060-A89D-CE4ABA89C166');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.0000022, 6.8, 'cat3', 'dcMedium');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFHi(PFH, MTTFd, Cat, DCavg) VALUES (0.0000036684644795055, 3.0, 'cat3', 0.95);
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFHi(PFH, MTTFd, Cat, DCavg) VALUES (1.14956810329623E-07, 30.0, 'cat4', 0.98);
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PLConditionOps(OID, PLCID, Text) VALUES ('7F2955E8-4380-4571-A90F-CDEDBD1A42F2', 'PLReq06', 'il sottosistema consiste di componenti meccanici, idraulici o pneumatici (oppure un insieme di queste tecnologie)');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.00000584, 12.0, 'cat2', 'dcLow');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFHi(PFH, MTTFd, Cat, DCavg) VALUES (2.19910603754091E-06, 30.0, 'cat2', 0.55);
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFHi(PFH, MTTFd, Cat, DCavg) VALUES (4.41087480346296E-07, 30.0, 'cat3', 0.8);
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO GEPMTTFd(PartName, WellTriedRef, Standards, TypicalMTTFd, TypicalB10d) VALUES ('Relays and contactor relays wit small load', 'Tables D.1 and D.2', 'EN 50205, IEC 61810, IEC 60947', null, 20000000.0);
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO SFTypes(Name, SFTYPEID) VALUES ('Stop operado de forma segura (SOS)', 'SFTYPEID-018');
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO GEPMTTFd(PartName, WellTriedRef, Standards, TypicalMTTFd, TypicalB10d) VALUES ('Relays and contactor relays with nominal load', 'Tables D.1 and D.2', 'EN 50205, IEC 61810, IEC 60947', null, 400000.0);
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO SFTypes(Name, SFTYPEID) VALUES ('Prevencion de una puesta en marcha intempestiva', 'SFTYPEID-008');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFHi(PFH, MTTFd, Cat, DCavg) VALUES (9.36981394900111E-07, 10.0, 'cat4', 0.94);
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO SFTypes(Name, SFTYPEID) VALUES ('Funzione ad azione mantenuta', 'SFTYPEID-006');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFHi(PFH, MTTFd, Cat, DCavg) VALUES (0.0000126323491188155, 3.0, 'cat3', 0.6);
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO SFTypes(Name, SFTYPEID) VALUES ('Monitoraggio di parametri relativi alla sicurezza', 'SFTYPEID-013');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PLReqConditions(PL, PLConditionOpOID) Values ('plB', '6653b95f-9bc1-4df3-8e82-088a025a3276');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO MTTFd(MTTFd, MTTFdlower, MTTFdupper) VALUES ('mttfMedium', 10.0, 30.0);
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.000000265, 30.0, 'cat3', 'dcMedium');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.00000357, 9.1, 'cat3', 'dcLow');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.0000110, 5.1, 'cat2', 'dcMedium');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO RiskParams(PL, ParamF, ParamP, ParamS) VALUES ('plA', 1, 1, 1);
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.000000157, 75.0, 'cat3', 'dcLow');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (4.52E-09, 510.0, 'cat4', 'dcHigh');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.0000044, 3.9, 'cat3', 'dcMedium');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (7.04E-09, 330.0, 'cat4', 'dcHigh');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.000000453, 39.0, 'cat3', 'dcLow');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (2.03E-08, 120.0, 'cat4', 'dcHigh');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (5.26E-08, 51.0, 'cat4', 'dcHigh');
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO GEPMTTFd(PartName, WellTriedRef, Standards, TypicalMTTFd, TypicalB10d) VALUES ('Proximity switches with small load', 'Tables D.1 and D.2', 'IEC 60947, ISO 14119', null, 20000000.0);
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO SFTypes(Name, SFTYPEID) VALUES ('Fluctuations, loss and restoration of power sources', 'SFTYPEID-014');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.0000088, 6.2, 'cat2', 'dcMedium');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.00000571, 20.0, 'catB', 'dcNone');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PLs(PFHlower, PFHupper, PL) VALUES (0.000003, 0.00001, 'plB');
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO CCFMeasureOps(OID, IsProtected, CCFMOrder, ComponentOpOID, Description, Document, Documentation, Heading, Number, Score, CCFMID) VALUES ('bd69857d-bbac-4788-a770-5cf8011eb41c',1 , 50, null, 'For each part of safety related parts of control system a failure mode and effect analysis has\nbeen carried out and its results taken into account to avoid common-cause-failures in the design.', '', '', 'Assessment / analysis', '4', 5.0, 'CCFMID-005');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.000000734, 43.0, 'cat2', 'dcMedium');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.00000174, 8.2, 'cat3', 'dcMedium');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFHi(PFH, MTTFd, Cat, DCavg) VALUES (9.15909560387956E-10, 2500.0, 'cat4', 0.96);
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.0000114, 10.0, 'catB', 'dcNone');
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO DCMeasureOps(OID, DCMORDER, IsProtected, DCmax, DCmin, DC, DCMID, Dependency, Description, Document, Documentation, Heading, InsufficientPLs) VALUES ('e2e0107e-2c16-42ec-a1eb-1c4def3aaf5b', 230, 1, 0.99, 0.9, 0.9, 'DCMID-023', '', 'Processing unit: coded processing', '', '', 'Logic', '');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFHi(PFH, MTTFd, Cat, DCavg) VALUES (7.2296430670435E-08, 100.0, 'cat3', 0.75);
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO GEPMTTFd(PartName, WellTriedRef, Standards, TypicalMTTFd, TypicalB10d) VALUES ('Position switches (with separate actuator, guard-locking) - If fault exclusion for direct opening acion is possible.', 'Tables D.1 and D.2', 'IEC 60947, ISO 14119', null, 2000000.0);
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.00000346, 33.0, 'cat1', 'dcNone');
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PLConditionOps(OID, PLCID, Text) VALUES ('8b82ea6f-35c7-40f6-a0d3-a8869940a200', 'PLReq01', 'Behaviour of the safety function under fault conditions (see clause 6)');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFHi(PFH, MTTFd, Cat, DCavg) VALUES (9.22902076685316E-10, 2500.0, 'cat4', 0.94);
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO CCFMeasureOps(OID, IsProtected, CCFMOrder, ComponentOpOID, Description, Document, Documentation, Heading, Number, Score, CCFMID) VALUES ('f8101705-4781-49a6-88bd-ba0878294703',1 , 30, null, 'Protezione contro sovratensione, sovrapressione, sovracorrente, sovratemperatura, etc.', '', '', 'Progetto/ applicazione/ esperienza', '3.1', 15.0, 'CCFMID-003');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PLs(PFHlower, PFHupper, PL) VALUES (0.00001, 0.0001, 'plA');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFHi(PFH, MTTFd, Cat, DCavg) VALUES (0.0000101206208601323, 3.0, 'cat3', 0.8);
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO SFTypes(Name, SFTYPEID) VALUES ('Safely-limited position (SLP)', 'SFTYPEID-020');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO CatSimplyMethodReqConditions(Cat, CatConditionOpOID) Values ('cat1', '3545c118-1d1d-4525-94e8-07eb1467afce');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.0000139, 8.2, 'catB', 'dcNone');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.00000167, 36.0, 'cat2', 'dcLow');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFHi(PFH, MTTFd, Cat, DCavg) VALUES (2.78731646646376E-07, 100.0, 'cat2', 0.85);
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFHi(PFH, MTTFd, Cat, DCavg) VALUES (1.91579155005455E-06, 30.0, 'cat2', 0.65);
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO SFTypes(Name, SFTYPEID) VALUES ('Passivointitoiminto', 'SFTYPEID-005');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.00000301, 15.0, 'cat2', 'dcMedium');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO CatReqDCavg(Cat, DCavg) VALUES ('cat4', 'dcHigh');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PLReqConditions(PL, PLConditionOpOID) Values ('plE', 'b761d495-9877-4d01-9d84-6046ead2ed4d');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO DCMeasureOps(OID, DCMORDER, IsProtected, DCmax, DCmin, DC, DCMID, Dependency, Description, Document, Documentation, Heading, InsufficientPLs) VALUES ('d68eceff-b7e4-4f5b-a6be-55f18467d0f3', 190, 1, 0.6, 0.6, 0.6, 'DCMID-019', '', 'Varianter Speicher: RAM-Test durch Verwendung redundanter Daten, z. B. Flags, Merker, Konstanten, Timer, und Kreuzvergleich dieser Daten', '', '', 'Logik', '');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PLSimplyMethodReqConditions(PL, PLConditionOpOID) Values ('plD', 'b761d495-9877-4d01-9d84-6046ead2ed4d');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.00000498, 6.8, 'cat3', 'dcLow');
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO SFTypes(Name, SFTYPEID) VALUES ('Safely-limited speed (SLS)', 'SFTYPEID-019');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO RiskParams(PL, ParamF, ParamP, ParamS) VALUES ('plB', 0, 1, 1);
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.000000939, 36.0, 'cat2', 'dcMedium');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (5.38E-09, 430.0, 'cat4', 'dcHigh');
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO DCMeasureOps(OID, DCMORDER, IsProtected, DCmax, DCmin, DC, DCMID, Dependency, Description, Document, Documentation, Heading, InsufficientPLs) VALUES ('68aaa14a-27fd-4a46-9945-911be71959bb', 250, 1, 0.99, 0.0, 0.0, 'DCMID-025', 'depending on how often a signal change is done by the application', 'Monitoring of outputs by one channel without dynamic test', '', '', 'Output device', '');
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO CatConditionOps(OID, CCID, Text, DetailTextA, DetailTextB) VALUES ('ee5112bc-0717-4e77-8a41-02e512867525', 'CATReq01', 'Se utilizan principios fundamentales de seguridad.', '', '');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.000000201, 36.0, 'cat3', 'dcMedium');
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO GEPMTTFd(PartName, WellTriedRef, Standards, TypicalMTTFd, TypicalB10d) VALUES ('Position switches - If fault exclusion for direct opening acion is possible.', 'Tables D.1 and D.2', 'IEC 60947, ISO 14119', null, 20000000.0);
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO DCMeasureOps(OID, DCMORDER, IsProtected, DCmax, DCmin, DC, DCMID, Dependency, Description, Document, Documentation, Heading, InsufficientPLs) VALUES ('57608dd2-bad1-47cb-8bef-557ce983a2f1', 240, 1, 0.99, 0.0, 0.0, 'DCMID-024', 'sovelluksesta riippuen', 'Prosessin paljastamat viat', '', '', 'Logiikka', 'plE');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.00000153, 9.1, 'cat3', 'dcMedium');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (1.33E-08, 180.0, 'cat4', 'dcHigh');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PLSimplyMethodReqConditions(PL, PLConditionOpOID) Values ('plD', '7F2955E8-4380-4571-A90F-CDEDBD1A42F2');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFHi(PFH, MTTFd, Cat, DCavg) VALUES (4.75283535189258E-07, 10.0, 'cat4', 0.98);
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (8.57E-08, 33.0, 'cat4', 'dcHigh');
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO GEPMTTFd(PartName, WellTriedRef, Standards, TypicalMTTFd, TypicalB10d) VALUES ('Contactores con carga ligera', 'Tablas D.1 y D.2', 'IEC 60947', null, 20000000.0);
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.0000162, 3.6, 'cat2', 'dcMedium');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.00000122, 20.0, 'cat3', 'dcLow');
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO SFTypes(Name, SFTYPEID) VALUES ('Safe torque off (STO)', 'SFTYPEID-015');
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO SFTypes(Name, SFTYPEID) VALUES ('Mise en marche et remise en marche', 'SFTYPEID-003');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PLSimplyMethodReqConditions(PL, PLConditionOpOID) Values ('plC', '6653b95f-9bc1-4df3-8e82-088a025a3276');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.0000147, 5.1, 'cat2', 'dcLow');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000002.2422766471.0000000003DF7000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: INSERT INTO GEPMTTFd(PartName, WellTriedRef, Standards, TypicalMTTFd, TypicalB10d) VALUES ('Hydraulische Bauteile mit 500.000 Zyklen pro Jahr > Nop e" 250.000 Zyklen pro Jahr', 'Tabellen C.1 und C.2', 'ISO 4413', 600.0, null);
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO SFTypes(Name, SFTYPEID) VALUES ('Schwankungen, Verlust und Wiederkehr der Spannungsversorgung', 'SFTYPEID-014');
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO CatConditionOps(OID, CCID, Text, DetailTextA, DetailTextB) VALUES ('ee5112bc-0717-4e77-8a41-02e512867525', 'CATReq01', 'Sono utilizzati principi di sicurezza di base', '', '');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO SFTypes(Name, SFTYPEID) VALUES ('Gesteuertes Stillsetzen und Lageregelung (Sicherer Stopp 2, SS2)', 'SFTYPEID-017');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFHi(PFH, MTTFd, Cat, DCavg) VALUES (0.0000112902761547509, 3.0, 'cat3', 0.75);
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFHi(PFH, MTTFd, Cat, DCavg) VALUES (9.54267886488756E-08, 30.0, 'cat4', 0.99);
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO SFTypes(Name, SFTYPEID) VALUES ('Stop seguro 1 (SS1)', 'SFTYPEID-016');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (9.44E-10, 2400.0, 'cat4', 'dcHigh');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFHi(PFH, MTTFd, Cat, DCavg) VALUES (7.66788833892109E-07, 30.0, 'cat3', 0.55);
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO SFTypes(Name, SFTYPEID) VALUES ('Positionsbegrenzung (Sicher begrenzte Position, SLP)', 'SFTYPEID-020');
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO SFTypes(Name, SFTYPEID) VALUES ('Safe stop 2 (SS2)', 'SFTYPEID-017');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.00000182, 15.0, 'cat3', 'dcLow');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PLSimplyMethodReqConditions(PL, PLConditionOpOID) Values ('plC', '18f92b72-8a3c-4c3e-b035-167292d5cb49');
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO CatConditionOps(OID, CCID, Text, DetailTextA, DetailTextB) VALUES ('8DA1766F-D2E6-498A-AA53-3991586C4773', 'CATReq07', 'Well-tried or proven-in-use components are used.', '', '');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.0000000494, 91.0, 'cat3', 'dcMedium');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFHi(PFH, MTTFd, Cat, DCavg) VALUES (1.72483067974019E-07, 30.0, 'cat3', 0.95);
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PLConditionOps(OID, PLCID, Text) VALUES ('85751E80-0E2D-4060-A89D-CE4ABA89C166', 'PLReq05', 'subsystem is the output part of the SRP/CS (power control elements)');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO CatSimplyMethodReqConditions(Cat, CatConditionOpOID) Values ('cat3', 'ee5112bc-0717-4e77-8a41-02e512867525');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO CatReqConditions(Cat, CatConditionOpOID) Values ('cat3', 'ee5112bc-0717-4e77-8a41-02e512867525');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PLConditionOps(OID, PLCID, Text) VALUES ('8b82ea6f-35c7-40f6-a0d3-a8869940a200', 'PLReq01', 'Verhalten der Sicherheitsfunktion unter Fehlerbedingungen (siehe Abschnitt 6)');
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO DCMeasureOps(OID, DCMORDER, IsProtected, DCmax, DCmin, DC, DCMID, Dependency, Description, Document, Documentation, Heading, InsufficientPLs) VALUES ('23374732-9ca7-4a56-945c-70dd6ffe5217', 110, 1, 0.99, 0.99, 0.99, 'DCMID-011', '', 'Direct monitoring (e.g. electrical position monitoring of control valves, monitoring of electromechanical devices by mechanically linked contact elements)', '', '', 'Logic', '');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (3.80E-08, 68.0, 'cat4', 'dcHigh');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO CatSimplyMethodReqConditions(Cat, CatConditionOpOID) Values ('cat2', '9ECCE3AF-20C0-45FF-AFC8-9E614834C1C2');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO DCMeasureOps(OID, DCMORDER, IsProtected, DCmax, DCmin, DC, DCMID, Dependency, Description, Document, Documentation, Heading, InsufficientPLs) VALUES ('9dafe6e3-cd2f-4307-98d1-13d870a09bdf', 170, 1, 0.9, 0.9, 0.9, 'DCMID-017', '', 'Invarianter Speicher: Signatur einfacher Wortbreite (8 Bit)', '', '', 'Logik', '');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.00000402, 8.2, 'cat3', 'dcLow');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.00000533, 13.0, 'cat2', 'dcLow');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.00000887, 8.2, 'cat2', 'dcLow');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.0000000662, 75.0, 'cat3', 'dcMedium');
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO CCFMeasureOps(OID, IsProtected, CCFMOrder, ComponentOpOID, Description, Document, Documentation, Heading, Number, Score, CCFMID) VALUES ('f8101705-4781-49a6-88bd-ba0878294703',1 , 30, null, 'Protection against over-voltage, over-pressure, over-current, over-temperature, etc.', '', '', 'Design / application / experience', '3.1', 15.0, 'CCFMID-003');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.00000423, 27.0, 'catB', 'dcNone');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO CatReqConditions(Cat, CatConditionOpOID) Values ('cat2', '9ECCE3AF-20C0-45FF-AFC8-9E614834C1C2');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO GEPMTTFd(PartName, WellTriedRef, Standards, TypicalMTTFd, TypicalB10d) VALUES ('Pneumatische Bauteile', 'Tabellen B.1 und B.2', 'ISO 4414', null, 20000000.0);
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO GEPMTTFd(PartName, WellTriedRef, Standards, TypicalMTTFd, TypicalB10d) VALUES ('Composants hydrauliques avec 250.000 cycles par an > Nop', 'Tableaux C.1 et C.2', 'ISO 4413', 1200.0, null);
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO SFTypes(Name, SFTYPEID) VALUES ('Enabling device function', 'SFTYPEID-007');
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO DCMeasureOps(OID, DCMORDER, IsProtected, DCmax, DCmin, DC, DCMID, Dependency, Description, Document, Documentation, Heading, InsufficientPLs) VALUES ('e2737aad-69d0-4ca6-a518-cb0d0904c8ba', 290, 1, 0.99, 0.99, 0.99, 'DCMID-029', '', 'Redundant shut-off path with monitoring of the actuators by logic and test equipment', '', '', 'Output device', '');
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PLConditionOps(OID, PLCID, Text) VALUES ('6653b95f-9bc1-4df3-8e82-088a025a3276', 'PLReq02', 'software relativo alla sicurezza secondo il paragrafo 4.6 oppure nessun software incluso');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.00000137, 43.0, 'cat2', 'dcLow');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.00000761, 15.0, 'catB', 'dcNone');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.00000326, 20.0, 'cat2', 'dcLow');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.00000121, 30.0, 'cat2', 'dcMedium');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (4.73E-08, 56.0, 'cat4', 'dcHigh');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.00000541, 3.3, 'cat3', 'dcMedium');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFHi(PFH, MTTFd, Cat, DCavg) VALUES (0.0000238529718286753, 3.0, 'cat2', 0.7);
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO CatSimplyMethodReqConditions(Cat, CatConditionOpOID) Values ('cat3', '9ECCE3AF-20C0-45FF-AFC8-9E614834C1C2');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (1.90E-09, 1200.0, 'cat4', 'dcHigh');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (1.75E-09, 1300.0, 'cat4', 'dcHigh');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO CatReqConditions(Cat, CatConditionOpOID) Values ('cat2', 'ee5112bc-0717-4e77-8a41-02e512867525');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO DC(DC, DClower, DCupper) VALUES ('dcHigh', 0.99, 1.0);
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.00000445, 7.5, 'cat3', 'dcLow');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.000000114, 91.0, 'cat3', 'dcLow');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.00000368, 18.0, 'cat2', 'dcLow');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.00000106, 33.0, 'cat2', 'dcMedium');
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO DCMeasureOps(OID, DCMORDER, IsProtected, DCmax, DCmin, DC, DCMID, Dependency, Description, Document, Documentation, Heading, InsufficientPLs) VALUES ('cbc31d6b-f8e5-4cf2-8a12-19fe44b53f1e', 160, 1, 0.99, 0.99, 0.99, 'DCMID-016', '', 'Dynamic principle (all components of the logic are required to change the state ON-OFF-ON wehn the safety function is demanded), e.g. interlocking circuit implemented by relays', '', '', 'Logic', '');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.000000731, 75.0, 'cat2', 'dcLow');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (2.07E-09, 1100.0, 'cat4', 'dcHigh');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFHi(PFH, MTTFd, Cat, DCavg) VALUES (0.0000121849914641273, 3.0, 'cat3', 0.65);
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO CatReqConditions(Cat, CatConditionOpOID) Values ('cat2', '3545c118-1d1d-4525-94e8-07eb1467afce');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PLReqConditions(PL, PLConditionOpOID) Values ('plA', '6653b95f-9bc1-4df3-8e82-088a025a3276');
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO DCMeasureOps(OID, DCMORDER, IsProtected, DCmax, DCmin, DC, DCMID, Dependency, Description, Document, Documentation, Heading, InsufficientPLs) VALUES ('19e7d9cc-a195-454c-ab34-2754b1419bcb', 20, 1, 0.99, 0.99, 0.99, 'DCMID-002', '', 'Plausibility check, e.g. use of normally open and normally closed mechanicall linked contacts', '', '', 'Input devices', '');
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO SFTypes(Name, SFTYPEID) VALUES ('Fonction de validation', 'SFTYPEID-007');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO CatReqMTTFd(Cat, MTTFd) VALUES ('catB', 'mttfMedium');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFHi(PFH, MTTFd, Cat, DCavg) VALUES (0.0000209184766850166, 3.0, 'cat2', 0.85);
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.000000906, 62.0, 'cat2', 'dcLow');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO CatSimplyMethodReqConditions(Cat, CatConditionOpOID) Values ('cat4', 'ee5112bc-0717-4e77-8a41-02e512867525');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.00000107, 22.0, 'cat3', 'dcLow');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO CatReqConditions(Cat, CatConditionOpOID) Values ('cat1', '9ECCE3AF-20C0-45FF-AFC8-9E614834C1C2');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.0000184, 6.2, 'catB', 'dcNone');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.00000243, 47.0, 'cat1', 'dcNone');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.0000113, 3.3, 'cat3', 'dcLow');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO CatSimplyMethodReqConditions(Cat, CatConditionOpOID) Values ('cat3', '3545c118-1d1d-4525-94e8-07eb1467afce');
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO DCMeasureOps(OID, DCMORDER, IsProtected, DCmax, DCmin, DC, DCMID, Dependency, Description, Document, Documentation, Heading, InsufficientPLs) VALUES ('67c579d8-683a-4423-8e92-60fe66cee351', 210, 1, 0.99, 0.99, 0.99, 'DCMID-021', '', 'Muuttuva muisti: RAM-komponenttien valvonta muunnellulla Hamming-koodilla tai RAM-komponentin oma testi (esim. "galpat" tai "Abraham")', '', '', 'Logiikka', '');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO SFTypes(Name, SFTYPEID) VALUES ('Funktion zum Stillsetzen im Notfall', 'SFTYPEID-012');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (2.74E-08, 91.0, 'cat4', 'dcHigh');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFHi(PFH, MTTFd, Cat, DCavg) VALUES (5.78213480652984E-07, 100.0, 'cat2', 0.55);
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO SFTypes(Name, SFTYPEID) VALUES ('Hochhalten einer Last durch Lageregelung (Sicherer Betriebshalt, SOS)', 'SFTYPEID-018');
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO SFTypes(Name, SFTYPEID) VALUES ('Turvallinen jarruvalvonta (SBC)', 'SFTYPEID-022');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.000000335, 47.0, 'cat3', 'dcLow');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFHi(PFH, MTTFd, Cat, DCavg) VALUES (5.81958954677977E-06, 10.0, 'cat2', 0.8);
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PLConditionOps(OID, PLCID, Text) VALUES ('6653b95f-9bc1-4df3-8e82-088a025a3276', 'PLReq02', 'sicherheitsbezogene Software nach Abschnitt 4.6 entwickelt bzw. keine Software vorhanden');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PLSimplyMethodReqConditions(PL, PLConditionOpOID) Values ('plC', '8b82ea6f-35c7-40f6-a0d3-a8869940a200');
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO SFTypes(Name, SFTYPEID) VALUES ('Start/restart function', 'SFTYPEID-003');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO CatSimplyMethodReqConditions(Cat, CatConditionOpOID) Values ('cat4', '3545c118-1d1d-4525-94e8-07eb1467afce');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO CatSimplyMethodReqConditions(Cat, CatConditionOpOID) Values ('cat1', 'a03d45c4-961e-4701-8756-cf50170f3ed9');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.000000694, 30.0, 'cat3', 'dcLow');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFHi(PFH, MTTFd, Cat, DCavg) VALUES (3.53986360837374E-07, 10.0, 'cat4', 0.99);
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PLSimplyMethodReqConditions(PL, PLConditionOpOID) Values ('plD', '6653b95f-9bc1-4df3-8e82-088a025a3276');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO SFTypes(Name, SFTYPEID) VALUES ('Ungesteuertes Stillsetzen (Sicher abgeschaltetes Moment, STO)', 'SFTYPEID-015');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.00000293, 39.0, 'cat1', 'dcNone');
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO DCMeasureOps(OID, DCMORDER, IsProtected, DCmax, DCmin, DC, DCMID, Dependency, Description, Document, Documentation, Heading, InsufficientPLs) VALUES ('46adf28b-8419-4d4e-aa2a-843bb818e616', 310, 1, 0.99, 0.0, 0.0, 'DCMID-031', 'depending on the application', 'Fault detection by the process', '', '', 'Output device', 'plE');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PLConditionOps(OID, PLCID, Text) VALUES ('7F2955E8-4380-4571-A90F-CDEDBD1A42F2', 'PLReq06', 'Subsystem besteht aus mechanischen, hydraulischen oder pneumatischen Bauteilen (oder einer Mischung aus diesen Technologien)');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFHi(PFH, MTTFd, Cat, DCavg) VALUES (2.38570403325344E-09, 1000.0, 'cat4', 0.94);
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PLSimplyMethodReqConditions(PL, PLConditionOpOID) Values ('plA', '7F2955E8-4380-4571-A90F-CDEDBD1A42F2');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.00000139, 82.0, 'cat1', 'dcNone');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO CatSimplyMethodReqConditions(Cat, CatConditionOpOID) Values ('catB', 'ee5112bc-0717-4e77-8a41-02e512867525');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFHi(PFH, MTTFd, Cat, DCavg) VALUES (1.07301011737821E-07, 100.0, 'cat3', 0.55);
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.000000921, 13.0, 'cat3', 'dcMedium');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PLSimplyMethodReqConditions(PL, PLConditionOpOID) Values ('plB', '18f92b72-8a3c-4c3e-b035-167292d5cb49');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFHi(PFH, MTTFd, Cat, DCavg) VALUES (0.000021896687534708, 3.0, 'cat2', 0.8);
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO DCMeasureOps(OID, DCMORDER, IsProtected, DCmax, DCmin, DC, DCMID, Dependency, Description, Document, Documentation, Heading, InsufficientPLs) VALUES ('d6eb8715-ce91-4022-b976-65ca74eee05b', 200, 1, 0.6, 0.6, 0.6, 'DCMID-020', '', 'Variable memory: check for readability and write ability of used data memory cells', '', '', 'Logic', '');
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO CCFMeasureOps(OID, IsProtected, CCFMOrder, ComponentOpOID, Description, Document, Documentation, Heading, Number, Score, CCFMID) VALUES ('3bb13342-0db3-4f21-ac9c-48dc2c809440',1 , 80, null, 'Otras influencias\nConsideraciones a inmunidad ambiental, como temperatura, shock, vibraciones, humedad (p.ej. las especificaciones de las normas aplicables).', '', '', 'Medio Ambiente', '6.2', 10.0, 'CCFMID-008');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.000000516, 36.0, 'cat3', 'dcLow');
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO SFTypes(Name, SFTYPEID) VALUES ('Controllo sicuro della frenatura (SBC)', 'SFTYPEID-022');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.00000153, 39.0, 'cat2', 'dcLow');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFHi(PFH, MTTFd, Cat, DCavg) VALUES (3.20887623602193E-06, 10.0, 'cat3', 0.6);
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO LIBMETADATA(LASTCHANGE, NAME, INFO, AUTHOR, OID, SSMVERSION, NORMVERSION) Values (CURRENT_TIMESTAMP, 'SISTEMA biblioteca por defecto', 'La biblioteca por defecto no se puede borrar de la lista.', 'SISTEMA', '0D14A3BA-C7F3-4BB7-A533-4B49E6804874', '2.0.0', 'ISO 13849-1:2015, ISO 13849-2:2012');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.00000124, 47.0, 'cat2', 'dcLow');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO SFTypes(Name, SFTYPEID) VALUES ('Sonstige sicherheitsbezogene Antriebsfunktion', 'SFTYPEID-023');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFHi(PFH, MTTFd, Cat, DCavg) VALUES (3.54583729802959E-06, 10.0, 'cat3', 0.55);
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO CatSimplyMethodReqConditions(Cat, CatConditionOpOID) Values ('cat2', '129DAC72-8AC5-4385-A9D1-766DFB19162B');
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO GEPMTTFd(PartName, WellTriedRef, Standards, TypicalMTTFd, TypicalB10d) VALUES ('Kontaktorit nimelliskuormituksella', 'Taulukot D.1 ja D.2', 'IEC 60947', null, 1300000.0);
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO SFTypes(Name, SFTYPEID) VALUES ('Funzione di Avvio/Riavvio', 'SFTYPEID-003');
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO CatConditionOps(OID, CCID, Text, DetailTextA, DetailTextB) VALUES ('31460071-AE23-431F-A4A3-3EFC4E9542EF', 'CATReq09', 'Vengono applicati Principi di sicurezza ben provati (incluso nel canale di test).', '', '');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.0000179, 3.3, 'cat2', 'dcMedium');
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO DCMeasureOps(OID, DCMORDER, IsProtected, DCmax, DCmin, DC, DCMID, Dependency, Description, Document, Documentation, Heading, InsufficientPLs) VALUES ('bd3371c4-9659-4d11-b7d4-14724c91e02b', 150, 1, 0.9, 0.9, 0.9, 'DCMID-015', '', 'Checking the monitoring device reaction capability (e.g. watchdog) by the main channel at start-up or whenever the safety function is demanded or whenever an external signal demands it, through an input facility)', '', '', 'Logic', '');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.00000204, 56.0, 'cat1', 'dcNone');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.00000839, 4.3, 'cat3', 'dcLow');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFHi(PFH, MTTFd, Cat, DCavg) VALUES (5.74418569076407E-07, 30.0, 'cat3', 0.7);
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFHi(PFH, MTTFd, Cat, DCavg) VALUES (4.28577272456386E-08, 100.0, 'cat3', 0.9);
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.0000038, 30.0, 'cat1', 'dcNone');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO SFTypes(Name, SFTYPEID) VALUES ('Steuerungsfunktionen und Betriebsartenwahl', 'SFTYPEID-011');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO CatReqDCavg(Cat, DCavg) VALUES ('cat3', 'dcLow');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO Cat(Cat, CCFRelevant, ChannelCount) VALUES ('cat2', 1, 1);
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (1.61E-08, 150.0, 'cat4', 'dcHigh');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO CatConditionOps(OID, CCID, Text, DetailTextA, DetailTextB) VALUES ('ee5112bc-0717-4e77-8a41-02e512867525', 'CATReq01', 'Grundlegende Sicherheitsprinzipien werden angewendet.', '', '');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.0000125, 9.1, 'catB', 'dcNone');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PLSimplyMethodReqConditions(PL, PLConditionOpOID) Values ('plB', '8b82ea6f-35c7-40f6-a0d3-a8869940a200');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.00000644, 11.0, 'cat2', 'dcLow');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO CatReqMTTFd(Cat, MTTFd) VALUES ('catB', 'mttfLow');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.000000528, 100.0, 'cat2', 'dcLow');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PLSimplyMethodReqConditions(PL, PLConditionOpOID) Values ('plA', 'b761d495-9877-4d01-9d84-6046ead2ed4d');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.0000168, 6.8, 'catB', 'dcNone');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO CatReqConditions(Cat, CatConditionOpOID) Values ('cat4', '3545c118-1d1d-4525-94e8-07eb1467afce');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO SFTypes(Name, SFTYPEID) VALUES ('Befreiung und Rettung eingeschlossener Personen', 'SFTYPEID-009');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PLSimplyMethodReqConditions(PL, PLConditionOpOID) Values ('plA', '8b82ea6f-35c7-40f6-a0d3-a8869940a200');
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO DCMeasureOps(OID, DCMORDER, IsProtected, DCmax, DCmin, DC, DCMID, Dependency, Description, Document, Documentation, Heading, InsufficientPLs) VALUES ('23374732-9ca7-4a56-945c-70dd6ffe5217', 110, 1, 0.99, 0.99, 0.99, 'DCMID-011', '', 'Monitoraggio diretto (per esempio monitoraggio elettrico di posizione delle valvole di comando, monitoraggio dei dispositivi elettromeccanici mediante elementi di contatto collegati meccanicamenti) ', '', '', 'Logica', '');
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO SFTypes(Name, SFTYPEID) VALUES ('Isolation and energy dissipation function', 'SFTYPEID-010');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO CatReqConditions(Cat, CatConditionOpOID) Values ('cat3', '3545c118-1d1d-4525-94e8-07eb1467afce');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (1.51E-09, 1500.0, 'cat4', 'dcHigh');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFHi(PFH, MTTFd, Cat, DCavg) VALUES (0.0000139759311552075, 3.0, 'cat3', 0.55);
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO DCMeasureOps(OID, DCMORDER, IsProtected, DCmax, DCmin, DC, DCMID, Dependency, Description, Document, Documentation, Heading, InsufficientPLs) VALUES ('a5b7e011-0abd-422a-ad0e-1577af0f9a16', 100, 1, 0.99, 0.9, 0.9, 'DCMID-010', 'depending on the application', 'Indirect monitoring (e.g. monitoring by pressure switch, electrical position monitoring of actuators)', '', '', 'Logic', '');
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO DCMeasureOps(OID, DCMORDER, IsProtected, DCmax, DCmin, DC, DCMID, Dependency, Description, Document, Documentation, Heading, InsufficientPLs) VALUES ('9dafe6e3-cd2f-4307-98d1-13d870a09bdf', 170, 1, 0.9, 0.9, 0.9, 'DCMID-017', '', 'Invariable memory: signature of one word (8 bit)', '', '', 'Logic', '');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.00000609, 3.0, 'cat3', 'dcMedium');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.00000975, 7.5, 'cat2', 'dcLow');
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO GEPMTTFd(PartName, WellTriedRef, Standards, TypicalMTTFd, TypicalB10d) VALUES ('Proximity switches with nominal load', 'Tablas D.1 y D.2', 'IEC 60947, ISO 14119', null, 400000.0);
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO SFTypes(Name, SFTYPEID) VALUES ('Paikallisohjaustoiminto', 'SFTYPEID-004');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.00000104, 12.0, 'cat3', 'dcMedium');
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO GEPMTTFd(PartName, WellTriedRef, Standards, TypicalMTTFd, TypicalB10d) VALUES ('Contactors with small load', 'Tables D.1 and D.2', 'IEC 60947', null, 20000000.0);
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO Cat(Cat, CCFRelevant, ChannelCount) VALUES ('catB', 0, 1);
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFHi(PFH, MTTFd, Cat, DCavg) VALUES (1.49081260443613E-06, 30.0, 'cat2', 0.8);
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.00000404, 12.0, 'cat2', 'dcMedium');
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO GEPMTTFd(PartName, WellTriedRef, Standards, TypicalMTTFd, TypicalB10d) VALUES ('Interruptores de proximidad con carga ligera', 'Tablas D.1 y D.2', 'IEC 60947, ISO 14119', null, 20000000.0);
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.000000154, 43.0, 'cat3', 'dcMedium');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO CatReqConditions(Cat, CatConditionOpOID) Values ('cat4', 'ee5112bc-0717-4e77-8a41-02e512867525');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.0000204, 5.6, 'catB', 'dcNone');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PLs(PFHlower, PFHupper, PL) VALUES (0.0000001, 0.000001, 'plD');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO CatReqConditions(Cat, CatConditionOpOID) Values ('catB', 'ee5112bc-0717-4e77-8a41-02e512867525');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PLSimplyMethodReqConditions(PL, PLConditionOpOID) Values ('plA', '18f92b72-8a3c-4c3e-b035-167292d5cb49');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO CatReqMTTFd(Cat, MTTFd) VALUES ('cat3', 'mttfMedium');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFHi(PFH, MTTFd, Cat, DCavg) VALUES (2.4653506647293E-08, 100.0, 'cat3', 0.99);
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.00000247, 6.2, 'cat3', 'dcMedium');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.00000206, 20.0, 'cat2', 'dcMedium');
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO CatConditionOps(OID, CCID, Text, DetailTextA, DetailTextB) VALUES ('8fa9dc4e-0b87-4a39-aeeb-530add09ad46', 'CATReq05', 'Accumulation of faults does not lead to a loss of the safety function.', 'The single fault is detected at or before the next demand upon the safety function. If this detection is not possible, an accumulation of undetected faults shall not lead to the loss of the safety function.', '');
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO SFTypes(Name, SFTYPEID) VALUES ('Local control function', 'SFTYPEID-004');
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO GEPMTTFd(PartName, WellTriedRef, Standards, TypicalMTTFd, TypicalB10d) VALUES ('Mechanical components', 'Tables A.1 and A.2', '-', 150.0, null);
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO CatSimplyMethodReqConditions(Cat, CatConditionOpOID) Values ('cat3', '7a31714d-6eb6-4844-ba27-278300659924');
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO SFTypes(Name, SFTYPEID) VALUES ('Control modes and mode selection', 'SFTYPEID-011');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO Cat(Cat, CCFRelevant, ChannelCount) VALUES ('cat1', 0, 1);
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO CatSimplyMethodReqConditions(Cat, CatConditionOpOID) Values ('cat1', '9ECCE3AF-20C0-45FF-AFC8-9E614834C1C2');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO RiskParams(PL, ParamF, ParamP, ParamS) VALUES ('plE', 0, 0, 0);
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.000000649, 47.0, 'cat2', 'dcMedium');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.0000120, 4.7, 'cat2', 'dcMedium');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.00000195, 7.5, 'cat3', 'dcMedium');
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO GEPMTTFd(PartName, WellTriedRef, Standards, TypicalMTTFd, TypicalB10d) VALUES ('Emergency stop devices - If fault exclusion for direct opening acion is possible.', 'Tables D.1 and D.2', 'IEC 60947, ISO 13850', null, 100000.0);
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO RiskParams(PL, ParamF, ParamP, ParamS) VALUES ('plB', 1, 0, 1);
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO MTTFd(MTTFd, MTTFdlower, MTTFdupper) VALUES ('mttfLow', 3.0, 10.0);
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PLSimplyMethodReqConditions(PL, PLConditionOpOID) Values ('plE', '85751E80-0E2D-4060-A89D-CE4ABA89C166');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (1.03E-09, 2200.0, 'cat4', 'dcHigh');
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO SFTypes(Name, SFTYPEID) VALUES ('Hold-to-run function', 'SFTYPEID-006');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFHi(PFH, MTTFd, Cat, DCavg) VALUES (1.53506078461745E-07, 30.0, 'cat4', 0.96);
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.00000643, 8.2, 'cat2', 'dcMedium');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.00000182, 22.0, 'cat2', 'dcMedium');
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO CatConditionOps(OID, CCID, Text, DetailTextA, DetailTextB) VALUES ('9ECCE3AF-20C0-45FF-AFC8-9E614834C1C2', 'CATReq10', 'De conformidad con las normas relevantes para resistirs la influencias esperadas.', '', '');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.00000223, 13.0, 'cat3', 'dcLow');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (1.26E-09, 1800.0, 'cat4', 'dcHigh');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFHi(PFH, MTTFd, Cat, DCavg) VALUES (0.0000258090724096115, 3.0, 'cat2', 0.6);
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFHi(PFH, MTTFd, Cat, DCavg) VALUES (1.85816465474443E-06, 10.0, 'cat3', 0.85);
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (2.47E-08, 100.0, 'cat4', 'dcHigh');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFHi(PFH, MTTFd, Cat, DCavg) VALUES (2.05744928203389E-06, 30.0, 'cat2', 0.6);
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO SFTypes(Name, SFTYPEID) VALUES ('Funzione di inibizione', 'SFTYPEID-005');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFHi(PFH, MTTFd, Cat, DCavg) VALUES (9.80677858285205E-08, 100.0, 'cat3', 0.6);/* Sonderfall DCavg = 1.01E-07 */
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PLSimplyMethodReqConditions(PL, PLConditionOpOID) Values ('plE', '6653b95f-9bc1-4df3-8e82-088a025a3276');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFHi(PFH, MTTFd, Cat, DCavg) VALUES (6.16026516056146E-06, 10.0, 'cat2', 0.75);
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO GEPMTTFd(PartName, WellTriedRef, Standards, TypicalMTTFd, TypicalB10d) VALUES ('Contactores con carga nominal', 'Tablas D.1 y D.2', 'IEC 60947', null, 1300000.0);
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO DCMeasureOps(OID, DCMORDER, IsProtected, DCmax, DCmin, DC, DCMID, Dependency, Description, Document, Documentation, Heading, InsufficientPLs) VALUES ('7b50ef86-0fd9-4926-9caa-dea659ccd651', 30, 1, 0.99, 0.0, 0.0, 'DCMID-003', 'depending on how often a signal change is done by the application', 'Cross monitoring of inputs without dynamic test', '', '', 'Input devices', '');
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO SFTypes(Name, SFTYPEID) VALUES ('Funzione di arresto di emergenza', 'SFTYPEID-012');
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO DCMeasureOps(OID, DCMORDER, IsProtected, DCmax, DCmin, DC, DCMID, Dependency, Description, Document, Documentation, Heading, InsufficientPLs) VALUES ('d7a7c50b-6cbd-4812-a799-39a04cdfae95', 260, 1, 0.99, 0.0, 0.0, 'DCMID-026', 'depending on how often a siganl change is done by the application', 'Cross monitoring of outputs without dynamic test', '', '', 'Output device', '');
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: UPDATE PLs SET PFHlower=0.00000001 WHERE (PL='plE');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO Cat(Cat, CCFRelevant, ChannelCount) VALUES ('cat4', 1, 2);
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PLConditionOps(OID, PLCID, Text) VALUES ('7F2955E8-4380-4571-A90F-CDEDBD1A42F2', 'PLReq06', 'subsystem consists of mechanical, hydraulic or pneumatic components (or a mixture of these technologies)');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFHi(PFH, MTTFd, Cat, DCavg) VALUES (6.26269075074705E-08, 100.0, 'cat3', 0.8);
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFHi(PFH, MTTFd, Cat, DCavg) VALUES (5.28300153249284E-07, 100.0, 'cat2', 0.6);
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.00000713, 16.0, 'catB', 'dcNone');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO NormMetaData(OID, NormVersion, LibVersion, INFO) VALUES ('149D3DB6-67FF-4084-8893-59379ED79FF4', 'ISO 13849-1:2015, ISO 13849-2:2012', '0.0.8', 'SISTEMA Normdata Version 0.0.8');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (9.06E-10, 2500.0, 'cat4', 'dcHigh');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.000000135, 82.0, 'cat3', 'dcLow');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (7.77E-08, 36.0, 'cat4', 'dcHigh');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFHi(PFH, MTTFd, Cat, DCavg) VALUES (0.0000248310449901365, 3.0, 'cat2', 0.65);
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PLReqConditions(PL, PLConditionOpOID) Values ('plA', 'b761d495-9877-4d01-9d84-6046ead2ed4d');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (4.22E-08, 62.0, 'cat4', 'dcHigh');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.000000947, 24.0, 'cat3', 'dcLow');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.000000817, 68.0, 'cat2', 'dcLow');
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO GEPMTTFd(PartName, WellTriedRef, Standards, TypicalMTTFd, TypicalB10d) VALUES ('Componenti meccanici', 'Prospetto A.1 e A.2', '-', 150.0, null);
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO SFTypes(Name, SFTYPEID) VALUES ('Isolation and energy dissipation function', 'SFTYPEID-011');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (2.51E-09, 910.0, 'cat4', 'dcHigh');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO DCMeasureOps(OID, DCMORDER, IsProtected, DCmax, DCmin, DC, DCMID, Dependency, Description, Document, Documentation, Heading, InsufficientPLs) VALUES ('d6eb8715-ce91-4022-b976-65ca74eee05b', 200, 1, 0.6, 0.6, 0.6, 'DCMID-020', '', 'Varianter Speicher: Test der Lesbarkeit und der Beschreibbarkeit der verwendeten Speicherzellen', '', '', 'Logik', '');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.00000237, 18.0, 'cat2', 'dcMedium');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (9.81E-09, 240.0, 'cat4', 'dcHigh');
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO DCMeasureOps(OID, DCMORDER, IsProtected, DCmax, DCmin, DC, DCMID, Dependency, Description, Document, Documentation, Heading, InsufficientPLs) VALUES ('7b5c71bb-0600-4a38-b67d-c1517ed19c89', 120, 1, 0.6, 0.6, 0.6, 'DCMID-012', '', 'Simple temporal time monitoring of th logic (e.g. timer as watchdog, where trigger points are within the program of the logic)', '', '', 'Logic', '');
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO DCMeasureOps(OID, DCMORDER, IsProtected, DCmax, DCmin, DC, DCMID, Dependency, Description, Document, Documentation, Heading, InsufficientPLs) VALUES ('57608dd2-bad1-47cb-8bef-557ce983a2f1', 240, 1, 0.99, 0.0, 0.0, 'DCMID-024', 'depending on the application', 'Fault detection by the process', '', '', 'Logic', 'plE');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.0000346, 3.3, 'catB', 'dcNone');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.000000744, 15.0, 'cat3', 'dcMedium');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.0000133, 5.6, 'cat2', 'dcLow');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFHi(PFH, MTTFd, Cat, DCavg) VALUES (1.20748853371865E-06, 30.0, 'cat2', 0.9);
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (6.37E-08, 43.0, 'cat4', 'dcHigh');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PLSimplyMethodReqConditions(PL, PLConditionOpOID) Values ('plE', '18f92b72-8a3c-4c3e-b035-167292d5cb49');
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO DCMeasureOps(OID, DCMORDER, IsProtected, DCmax, DCmin, DC, DCMID, Dependency, Description, Document, Documentation, Heading, InsufficientPLs) VALUES ('7f5d7a4d-63ef-433f-b85a-c3b7ce896df9', 280, 1, 0.99, 0.99, 0.99, 'DCMID-028', '', 'Cross monitoring of output signals and intermediate results within the logic (L) and temporal and logical software monitor of the program flow and detection of static faults and short circuits (for multiple I/O)', '', '', 'Output device', '');
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO SFTypes(Name, SFTYPEID) VALUES ('Funzione di comando locale', 'SFTYPEID-004');
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO CatConditionOps(OID, CCID, Text, DetailTextA, DetailTextB) VALUES ('ee5112bc-0717-4e77-8a41-02e512867525', 'CATReq01', 'Basic safety principles are being used.', '', '');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO CatReqConditions(Cat, CatConditionOpOID) Values ('cat4', '8fa9dc4e-0b87-4a39-aeeb-530add09ad46');
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO LIBMETADATA(LASTCHANGE, NAME, INFO, AUTHOR, OID, SSMVERSION, NORMVERSION) Values (CURRENT_TIMESTAMP, 'SISTEMA Standardbibliothek', 'Die Standardbibliothek kann nicht aus der Liste entfernt werden.', 'SISTEMA', 'F9C6F889-FF20-406F-AEF4-6375B1B47AB2', '2.0.0', 'ISO 13849-1:2015, ISO 13849-2:2012');
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO SFTypes(Name, SFTYPEID) VALUES ('Funzione dispositivo di abilitazione', 'SFTYPEID-007');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.00000321, 10.0, 'cat3', 'dcLow');
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO SFTypes(Name, SFTYPEID) VALUES ('Turvallisuuteen liittyvien parametrien valvonta', 'SFTYPEID-013');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFHi(PFH, MTTFd, Cat, DCavg) VALUES (8.94745795936601E-09, 300.0, 'cat4', 0.94);
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO Const(ReqCCFScore, MinServiceLife) VALUES (65.0, 20.0);
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO CatReqMTTFd(Cat, MTTFd) VALUES ('cat3', 'mttfLow');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (9.85E-10, 2300.0, 'cat4', 'dcHigh');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.00000348, 4.7, 'cat3', 'dcMedium');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PLSimplyMethodReqConditions(PL, PLConditionOpOID) Values ('plC', 'b761d495-9877-4d01-9d84-6046ead2ed4d');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFHi(PFH, MTTFd, Cat, DCavg) VALUES (8.24759235894551E-06, 3.0, 'cat3', 0.85);
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO CatConditionOps(OID, CCID, Text, DetailTextA, DetailTextB) VALUES ('31460071-AE23-431F-A4A3-3EFC4E9542EF', 'CATReq09', 'Well-tried safety principles are applied.', '', '');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (1.42E-09, 1600.0, 'cat4', 'dcHigh');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.000000804, 27.0, 'cat3', 'dcLow');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (4.91E-09, 470.0, 'cat4', 'dcHigh');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO SFTypes(Name, SFTYPEID) VALUES ('Zustimmfunktion', 'SFTYPEID-007');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (2.23E-08, 110.0, 'cat4', 'dcHigh');
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO SFTypes(Name, SFTYPEID) VALUES ('Arresto sicuro 1 (Safe stop 1, SS1)', 'SFTYPEID-016');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFHi(PFH, MTTFd, Cat, DCavg) VALUES (5.13822196475067E-06, 10.0, 'cat2', 0.9);
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (2.79E-09, 820.0, 'cat4', 'dcHigh');
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO SFTypes(Name, SFTYPEID) VALUES ('Fuga e salvataggio di persone intrappolate', 'SFTYPEID-009');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.0000103, 3.6, 'cat3', 'dcLow');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.00000037, 24.0, 'cat3', 'dcMedium');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFHi(PFH, MTTFd, Cat, DCavg) VALUES (5.47890849084784E-06, 10.0, 'cat2', 0.85);
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO CatConditionOps(OID, CCID, Text, DetailTextA, DetailTextB) VALUES ('a03d45c4-961e-4701-8756-cf50170f3ed9', 'CATReq02', 'Well-tried components are being used.', '', '');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PLReqConditions(PL, PLConditionOpOID) Values ('plC', '18f92b72-8a3c-4c3e-b035-167292d5cb49');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.000000840, 39.0, 'cat2', 'dcMedium');
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO SFTypes(Name, SFTYPEID) VALUES ('Arresto sicuro non controllato (Safe torque off,STO)', 'SFTYPEID-015');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (3.08E-08, 82.0, 'cat4', 'dcHigh');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (3.37E-09, 680.0, 'cat4', 'dcHigh');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.00000453, 15.0, 'cat2', 'dcLow');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO DCMeasureOps(OID, DCMORDER, IsProtected, DCmax, DCmin, DC, DCMID, Dependency, Description, Document, Documentation, Heading, InsufficientPLs) VALUES ('f4097b6f-718c-48a3-a584-3398654021e2', 220, 1, 0.9, 0.6, 0.6, 'DCMID-022', '', 'Verarbeitungseinheit: Selbsttest durch Software', '', '', 'Logik', '');
Source: SISTEMA.exe, 00000012.00000002.2584006076.000000006C041000.00000020.00000001.01000000.0000000D.sdmp	Binary or memory string: select * from encodings;U
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO CatReqConditions(Cat, CatConditionOpOID) Values ('catB', '9ECCE3AF-20C0-45FF-AFC8-9E614834C1C2');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO SFTypes(Name, SFTYPEID) VALUES ('Sicherheitsbezogene Stoppfunktion, eingeleitet durch eine Schutzeinrichtung', 'SFTYPEID-001');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.00000139, 27.0, 'cat2', 'dcMedium');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFHi(PFH, MTTFd, Cat, DCavg) VALUES (2.27692535132547E-09, 1000.0, 'cat4', 0.99);
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO DCMeasureOps(OID, DCMORDER, IsProtected, DCmax, DCmin, DC, DCMID, Dependency, Description, Document, Documentation, Heading, InsufficientPLs) VALUES ('15df252f-e87e-4e58-b1d1-f48c8bd9f787', 180, 1, 0.99, 0.99, 0.99, 'DCMID-018', '', 'Invarianter Speicher: Signatur doppelter Wortbreite (16 Bit)', '', '', 'Logik', '');
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO SFTypes(Name, SFTYPEID) VALUES ('Safe direction (SDI)', 'SFTYPEID-021');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.00000265, 24.0, 'cat2', 'dcLow');
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO CatConditionOps(OID, CCID, Text, DetailTextA, DetailTextB) VALUES ('a03d45c4-961e-4701-8756-cf50170f3ed9', 'CATReq02', 'Sono usati i componenti ben provati', '', '');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.000000676, 16.0, 'cat3', 'dcMedium');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.0000148, 3.9, 'cat2', 'dcMedium');
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PLConditionOps(OID, PLCID, Text) VALUES ('b761d495-9877-4d01-9d84-6046ead2ed4d', 'PLReq03', 'guasto sistematico (vedi appendice G)');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFHi(PFH, MTTFd, Cat, DCavg) VALUES (3.01879115689856E-06, 10.0, 'cat3', 0.65);
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PLReqConditions(PL, PLConditionOpOID) Values ('plD', '8b82ea6f-35c7-40f6-a0d3-a8869940a200');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO SFTypes(Name, SFTYPEID) VALUES ('Lokale Steuerungsfunktion', 'SFTYPEID-004');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.0000152, 7.5, 'catB', 'dcNone');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: INSERT INTO GEPMTTFd(PartName, WellTriedRef, Standards, TypicalMTTFd, TypicalB10d) VALUES ('Hydraulische Bauteile mit Nop e" 1.000.000 Zyklen pro Jahr', 'Tabellen C.1 und C.2', 'ISO 4413', 150.0, null);
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFHi(PFH, MTTFd, Cat, DCavg) VALUES (3.28645587733476E-07, 100.0, 'cat2', 0.8);
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.00000718, 10.0, 'cat2', 'dcLow');
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO SFTypes(Name, SFTYPEID) VALUES ('Funzione di isolamento e dissipazione di energia', 'SFTYPEID-010');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.00000553, 6.2, 'cat3', 'dcLow');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.0000293, 3.9, 'catB', 'dcNone');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (5.76E-08, 47.0, 'cat4', 'dcHigh');
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO CatConditionOps(OID, CCID, Text, DetailTextA, DetailTextB) VALUES ('3545c118-1d1d-4525-94e8-07eb1467afce', 'CATReq03', 'Well-tried safety principles are being used.', '', '');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO SFTypes(Name, SFTYPEID) VALUES ('Hochhalten einer Last durch Bremse (Sichere Bremsenansteuerung, SBC)', 'SFTYPEID-022');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.00000634, 18.0, 'catB', 'dcNone');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.000000387, 43.0, 'cat3', 'dcLow');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFHi(PFH, MTTFd, Cat, DCavg) VALUES (7.10389156272551E-07, 10.0, 'cat4', 0.96);
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.00000023, 33.0, 'cat3', 'dcMedium');
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO SFTypes(Name, SFTYPEID) VALUES ('Posizione limitata sicura (SLP)', 'SFTYPEID-020');
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO DCMeasureOps(OID, DCMORDER, IsProtected, DCmax, DCmin, DC, DCMID, Dependency, Description, Document, Documentation, Heading, InsufficientPLs) VALUES ('f3a0b334-9754-440f-b393-672d3c92de28', 270, 1, 0.9, 0.9, 0.9, 'DCMID-027', '', 'Cross monitoring of output signals with dynamic test without detection of short circuits (for multiple I/O)', '', '', 'Output device', '');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PLSimplyMethodReqConditions(PL, PLConditionOpOID) Values ('plD', '8b82ea6f-35c7-40f6-a0d3-a8869940a200');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PLReqConditions(PL, PLConditionOpOID) Values ('plD', 'b761d495-9877-4d01-9d84-6046ead2ed4d');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO DC(DC, DClower, DCupper) VALUES ('dcLow', 0.6, 0.9);
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO CatReqConditions(Cat, CatConditionOpOID) Values ('cat1', '3545c118-1d1d-4525-94e8-07eb1467afce');
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PLConditionOps(OID, PLCID, Text) VALUES ('18f92b72-8a3c-4c3e-b035-167292d5cb49', 'PLReq04', 'Ability to perform a safety function under expected environmental conditions');
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO DCMeasureOps(OID, DCMORDER, IsProtected, DCmax, DCmin, DC, DCMID, Dependency, Description, Document, Documentation, Heading, InsufficientPLs) VALUES ('15df252f-e87e-4e58-b1d1-f48c8bd9f787', 180, 1, 0.99, 0.99, 0.99, 'DCMID-018', '', 'Memoria invariabile: sigla di una parola doppia (16 bit)', '', '', 'Logica', '');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.00000621, 5.6, 'cat3', 'dcLow');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO SFTypes(Name, SFTYPEID) VALUES ('Mutingfunktion', 'SFTYPEID-005');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO CatReqConditions(Cat, CatConditionOpOID) Values ('cat4', '7a31714d-6eb6-4844-ba27-278300659924');
Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO GEPMTTFd(PartName, WellTriedRef, Standards, TypicalMTTFd, TypicalB10d) VALUES ('Contacteurs avec charge nominale', 'Tableaux D.1 at D.2', 'IEC 60947', null, 1300000.0);
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (1.50E-08, 160.0, 'cat4', 'dcHigh');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PLSimplyMethodReqConditions(PL, PLConditionOpOID) Values ('plC', '7F2955E8-4380-4571-A90F-CDEDBD1A42F2');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO CatReqDCavg(Cat, DCavg) VALUES ('cat2', 'dcLow');
Source: SISTEMA.exe, 00000012.00000003.1957235518.0000000006468000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO PFH(PFH, MTTFd, Cat, DCavg) VALUES (0.00000519, 22.0, 'catB', 'dcNone');

Source: unknown	Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: unknown	Process created: C:\Users\user\Desktop\sistema_2_1_1_build2\SISTEMA_2_1_1_Build2.exe "C:\Users\user\Desktop\sistema_2_1_1_build2\SISTEMA_2_1_1_Build2.exe"
Source: C:\Users\user\Desktop\sistema_2_1_1_build2\SISTEMA_2_1_1_Build2.exe	Process created: C:\Users\user\AppData\Local\Temp\is-0GTQV.tmp\SISTEMA_2_1_1_Build2.tmp "C:\Users\user\AppData\Local\Temp\is-0GTQV.tmp\SISTEMA_2_1_1_Build2.tmp" /SL5="$203B8,29753000,779776,C:\Users\user\Desktop\sistema_2_1_1_build2\SISTEMA_2_1_1_Build2.exe"
Source: C:\Users\user\AppData\Local\Temp\is-0GTQV.tmp\SISTEMA_2_1_1_Build2.tmp	Process created: C:\Users\user\Desktop\sistema_2_1_1_build2\SISTEMA_2_1_1_Build2.exe "C:\Users\user\Desktop\sistema_2_1_1_build2\SISTEMA_2_1_1_Build2.exe" /SPAWNWND=$1044E /NOTIFYWND=$203B8
Source: C:\Users\user\Desktop\sistema_2_1_1_build2\SISTEMA_2_1_1_Build2.exe	Process created: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp "C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp" /SL5="$20450,29753000,779776,C:\Users\user\Desktop\sistema_2_1_1_build2\SISTEMA_2_1_1_Build2.exe" /SPAWNWND=$1044E /NOTIFYWND=$203B8
Source: C:\Users\user\AppData\Local\Temp\is-0GTQV.tmp\SISTEMA_2_1_1_Build2.tmp	Process created: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe "C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe"
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Process created: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe "C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe" NOPOPUP
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Process created: C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe "C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe" -v:2.1.1 -b:2 -l:de -i -t -u -w:500 -h:500
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Process created: C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe "C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe" -v:2.1.1 -b:2 -l:de -i -t -e -w:700 -h:500
Source: C:\Users\user\Desktop\sistema_2_1_1_build2\SISTEMA_2_1_1_Build2.exe	Process created: C:\Users\user\AppData\Local\Temp\is-0GTQV.tmp\SISTEMA_2_1_1_Build2.tmp "C:\Users\user\AppData\Local\Temp\is-0GTQV.tmp\SISTEMA_2_1_1_Build2.tmp" /SL5="$203B8,29753000,779776,C:\Users\user\Desktop\sistema_2_1_1_build2\SISTEMA_2_1_1_Build2.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0GTQV.tmp\SISTEMA_2_1_1_Build2.tmp	Process created: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe "C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe"	Jump to behavior
Source: C:\Users\user\Desktop\sistema_2_1_1_build2\SISTEMA_2_1_1_Build2.exe	Process created: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp "C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp" /SL5="$20450,29753000,779776,C:\Users\user\Desktop\sistema_2_1_1_build2\SISTEMA_2_1_1_Build2.exe" /SPAWNWND=$1044E /NOTIFYWND=$203B8	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Process created: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe "C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe" NOPOPUP	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Process created: C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe "C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe" -v:2.1.1 -b:2 -l:de -i -t -u -w:500 -h:500	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Process created: C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe "C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe" -v:2.1.1 -b:2 -l:de -i -t -e -w:700 -h:500	Jump to behavior

Source: C:\Users\user\Desktop\sistema_2_1_1_build2\SISTEMA_2_1_1_Build2.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\sistema_2_1_1_build2\SISTEMA_2_1_1_Build2.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\sistema_2_1_1_build2\SISTEMA_2_1_1_Build2.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\sistema_2_1_1_build2\SISTEMA_2_1_1_Build2.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\sistema_2_1_1_build2\SISTEMA_2_1_1_Build2.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0GTQV.tmp\SISTEMA_2_1_1_Build2.tmp	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0GTQV.tmp\SISTEMA_2_1_1_Build2.tmp	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0GTQV.tmp\SISTEMA_2_1_1_Build2.tmp	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0GTQV.tmp\SISTEMA_2_1_1_Build2.tmp	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0GTQV.tmp\SISTEMA_2_1_1_Build2.tmp	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0GTQV.tmp\SISTEMA_2_1_1_Build2.tmp	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0GTQV.tmp\SISTEMA_2_1_1_Build2.tmp	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0GTQV.tmp\SISTEMA_2_1_1_Build2.tmp	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0GTQV.tmp\SISTEMA_2_1_1_Build2.tmp	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0GTQV.tmp\SISTEMA_2_1_1_Build2.tmp	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0GTQV.tmp\SISTEMA_2_1_1_Build2.tmp	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0GTQV.tmp\SISTEMA_2_1_1_Build2.tmp	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0GTQV.tmp\SISTEMA_2_1_1_Build2.tmp	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0GTQV.tmp\SISTEMA_2_1_1_Build2.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0GTQV.tmp\SISTEMA_2_1_1_Build2.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0GTQV.tmp\SISTEMA_2_1_1_Build2.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0GTQV.tmp\SISTEMA_2_1_1_Build2.tmp	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0GTQV.tmp\SISTEMA_2_1_1_Build2.tmp	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0GTQV.tmp\SISTEMA_2_1_1_Build2.tmp	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0GTQV.tmp\SISTEMA_2_1_1_Build2.tmp	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0GTQV.tmp\SISTEMA_2_1_1_Build2.tmp	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0GTQV.tmp\SISTEMA_2_1_1_Build2.tmp	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0GTQV.tmp\SISTEMA_2_1_1_Build2.tmp	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0GTQV.tmp\SISTEMA_2_1_1_Build2.tmp	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0GTQV.tmp\SISTEMA_2_1_1_Build2.tmp	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0GTQV.tmp\SISTEMA_2_1_1_Build2.tmp	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0GTQV.tmp\SISTEMA_2_1_1_Build2.tmp	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0GTQV.tmp\SISTEMA_2_1_1_Build2.tmp	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0GTQV.tmp\SISTEMA_2_1_1_Build2.tmp	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0GTQV.tmp\SISTEMA_2_1_1_Build2.tmp	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0GTQV.tmp\SISTEMA_2_1_1_Build2.tmp	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0GTQV.tmp\SISTEMA_2_1_1_Build2.tmp	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0GTQV.tmp\SISTEMA_2_1_1_Build2.tmp	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0GTQV.tmp\SISTEMA_2_1_1_Build2.tmp	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\sistema_2_1_1_build2\SISTEMA_2_1_1_Build2.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\sistema_2_1_1_build2\SISTEMA_2_1_1_Build2.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\sistema_2_1_1_build2\SISTEMA_2_1_1_Build2.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\sistema_2_1_1_build2\SISTEMA_2_1_1_Build2.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\sistema_2_1_1_build2\SISTEMA_2_1_1_Build2.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	Section loaded: msi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	Section loaded: msftedit.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	Section loaded: windows.globalization.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	Section loaded: bcp47mrm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	Section loaded: globinputhost.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	Section loaded: windows.ui.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	Section loaded: windowmanagementapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	Section loaded: inputhost.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	Section loaded: sfc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	Section loaded: linkinfo.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	Section loaded: ntshrui.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Section loaded: borlndmm.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Section loaded: olepro32.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Section loaded: faultrep.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Section loaded: dbgcore.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Section loaded: fbclient25.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Section loaded: icuuc30.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Section loaded: icudt30.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Section loaded: dataexchange.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Section loaded: d3d11.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Section loaded: dcomp.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Section loaded: msiso.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Section loaded: mshtml.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Section loaded: srpapi.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Section loaded: d2d1.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Section loaded: resourcepolicyclient.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Section loaded: dxcore.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Section loaded: jscript9.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Section loaded: oiddata.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Section loaded: msxml3.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Section loaded: msimtf.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Section loaded: uiautomationcore.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Section loaded: mlang.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Section loaded: olepro32.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Section loaded: faultrep.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Section loaded: dbgcore.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe	Section loaded: olepro32.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe	Section loaded: faultrep.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe	Section loaded: dbgcore.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe	Section loaded: security.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe	Section loaded: idndl.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe	Section loaded: libeay32.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe	Section loaded: ssleay32.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe	Section loaded: olepro32.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe	Section loaded: faultrep.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe	Section loaded: dbgcore.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe	Section loaded: security.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe	Section loaded: idndl.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe	Section loaded: libeay32.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe	Section loaded: ssleay32.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe	Section loaded: rasadhlp.dll	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-0GTQV.tmp\SISTEMA_2_1_1_Build2.tmp

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32

Jump to behavior

Source: SISTEMA.lnk.16.dr	LNK file: ..\..\..\..\..\..\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe
Source: SISTEMA.lnk0.16.dr	LNK file: ..\..\..\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe
Source: SISTEMA.lnk1.16.dr	LNK file: ..\..\..\..\..\..\..\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe
Source: SISTEMA-Configurator.lnk.16.dr	LNK file: ..\..\..\..\..\..\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe
Source: Remove SISTEMA 2.1.1.lnk.16.dr	LNK file: ..\..\..\..\..\..\Program Files (x86)\SISTEMA 2.1.1\unins000.exe
Source: SISTEMA Cookbooks.lnk.16.dr	LNK file: ..\..\..\..\..\..\Program Files (x86)\SISTEMA 2.1.1\SISTEMA_Cookbooks.url

Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwner

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp

Window found: window name: TSelectLanguageForm

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp

File opened: C:\Windows\SysWOW64\MSFTEDIT.DLL

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: sistema_2_1_1_build2.zip

Static file information: File size 30133937 > 1048576

Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe

File opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dll

Jump to behavior

Source:	Binary string: e:\fb25_git\R2_5_6\firebird2\temp\Win32\Release\ib_util\ib_util.pdb source: SISTEMA.exe, 00000012.00000002.2430651051.0000000005BE2000.00000002.00000001.01000000.0000001C.sdmp
Source:	Binary string: e:\fb25_git\R2_5_6\firebird2\temp\Win32\Release\intl\fbintl.pdb source: SISTEMA.exe, 00000012.00000002.2432748975.0000000005D2D000.00000002.00000001.01000000.0000001D.sdmp
Source:	Binary string: e:\fb25_git\R2_5_6\firebird2\temp\Win32\Release\fbembed\fbembed.pdb source: SISTEMA.exe, 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmp

Data Obfuscation

Detected unpacking (overwrites its own PE header)

Source: C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe

Unpacked PE file: 22.2.IFA_WebRequest.exe.930000.0.unpack

Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe

Code function: 18_2_05D275E0 EnterCriticalSection,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,MessageBoxA,LeaveCriticalSection,

18_2_05D275E0

Source: SISTEMA_2_1_1_Build2.tmp.11.dr	Static PE information: section name: .didata
Source: SISTEMA_2_1_1_Build2.tmp.15.dr	Static PE information: section name: .didata
Source: is-9JKSG.tmp.16.dr	Static PE information: section name: .didata
Source: is-HJ2IP.tmp.16.dr	Static PE information: section name: .didata
Source: is-UDML6.tmp.16.dr	Static PE information: section name: .didata
Source: is-N0KF3.tmp.16.dr	Static PE information: section name: .didata
Source: is-SRA0L.tmp.16.dr	Static PE information: section name: .didata
Source: is-EUGLL.tmp.16.dr	Static PE information: section name: .didata
Source: is-CDA33.tmp.16.dr	Static PE information: section name: .didata
Source: is-OMTFN.tmp.16.dr	Static PE information: section name: .didata
Source: is-TRGCQ.tmp.16.dr	Static PE information: section name: .didata
Source: is-B0U2U.tmp.16.dr	Static PE information: section name: .didata
Source: is-073PP.tmp.16.dr	Static PE information: section name: .didata
Source: is-M5MNL.tmp.16.dr	Static PE information: section name: .didata
Source: is-VM0G9.tmp.16.dr	Static PE information: section name: .didata
Source: is-S7GRH.tmp.16.dr	Static PE information: section name: .didata
Source: is-5J0AS.tmp.16.dr	Static PE information: section name: .didata
Source: is-9R3KU.tmp.16.dr	Static PE information: section name: .didata
Source: is-CT6C5.tmp.16.dr	Static PE information: section name: .didata
Source: is-SUNEN.tmp.16.dr	Static PE information: section name: .didata
Source: is-4GJKG.tmp.16.dr	Static PE information: section name: .didata

Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Code function: 18_2_05BE15DD push ecx; ret	18_2_05BE15F0
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Code function: 18_2_05D29B2D push ecx; ret	18_2_05D29B40
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Code function: 18_2_100012B3 push esp; ret	18_2_100012BA
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Code function: 18_2_101B3DC5 push ecx; ret	18_2_101B3DD8
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Code function: 19_2_73A97A54 push ecx; mov dword ptr [esp], eax	19_2_73A97A59

Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	File created: C:\Program Files (x86)\SISTEMA 2.1.1\ZDbc280.bpl (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	File created: C:\Program Files (x86)\SISTEMA 2.1.1\is-VN852.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	File created: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	File created: C:\Program Files (x86)\SISTEMA 2.1.1\msvcp80.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	File created: C:\Program Files (x86)\SISTEMA 2.1.1\ib_util.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	File created: C:\Program Files (x86)\SISTEMA 2.1.1\is-F9HCM.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	File created: C:\Program Files (x86)\SISTEMA 2.1.1\icuin30.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	File created: C:\Program Files (x86)\SISTEMA 2.1.1\is-TRGCQ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	File created: C:\Program Files (x86)\SISTEMA 2.1.1\is-B5NB6.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	File created: C:\Program Files (x86)\SISTEMA 2.1.1\is-1K55J.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	File created: C:\Program Files (x86)\SISTEMA 2.1.1\libeay32.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	File created: C:\Users\user\AppData\Local\Temp\is-08PUE.tmp\_isetup\_setup64.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	File created: C:\Program Files (x86)\SISTEMA 2.1.1\msvcr80.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	File created: C:\Program Files (x86)\SISTEMA 2.1.1\icudt30.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	File created: C:\Program Files (x86)\SISTEMA 2.1.1\vcl280.bpl (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	File created: C:\Program Files (x86)\SISTEMA 2.1.1\Language\is-CT6C5.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	File created: C:\Program Files (x86)\SISTEMA 2.1.1\ssleay32.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	File created: C:\Program Files (x86)\SISTEMA 2.1.1\is-HVGVG.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	File created: C:\Program Files (x86)\SISTEMA 2.1.1\is-M5MNL.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\sistema_2_1_1_build2\SISTEMA_2_1_1_Build2.exe	File created: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	File created: C:\Program Files (x86)\SISTEMA 2.1.1\is-EUGLL.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	File created: C:\Program Files (x86)\SISTEMA 2.1.1\Language\Lang_IT.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	File created: C:\Program Files (x86)\SISTEMA 2.1.1\is-SRA0L.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	File created: C:\Program Files (x86)\SISTEMA 2.1.1\dbrtl280.bpl (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	File created: C:\Program Files (x86)\SISTEMA 2.1.1\is-073PP.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	File created: C:\Program Files (x86)\SISTEMA 2.1.1\Language\is-4GJKG.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	File created: C:\Program Files (x86)\SISTEMA 2.1.1\Language\Lang_EN.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\sistema_2_1_1_build2\SISTEMA_2_1_1_Build2.exe	File created: C:\Users\user\AppData\Local\Temp\is-0GTQV.tmp\SISTEMA_2_1_1_Build2.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	File created: C:\Program Files (x86)\SISTEMA 2.1.1\is-B4K67.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	File created: C:\Program Files (x86)\SISTEMA 2.1.1\OIDDATA.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	File created: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	File created: C:\Program Files (x86)\SISTEMA 2.1.1\Language\Lang_ES.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	File created: C:\Program Files (x86)\SISTEMA 2.1.1\is-7G9TB.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	File created: C:\Program Files (x86)\SISTEMA 2.1.1\ZCore280.bpl (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	File created: C:\Program Files (x86)\SISTEMA 2.1.1\is-AKAET.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	File created: C:\Program Files (x86)\SISTEMA 2.1.1\unins000.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	File created: C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	File created: C:\Program Files (x86)\SISTEMA 2.1.1\Language\Lang_DE.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	File created: C:\Program Files (x86)\SISTEMA 2.1.1\is-0DA9P.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	File created: C:\Program Files (x86)\SISTEMA 2.1.1\fbclient25.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	File created: C:\Program Files (x86)\SISTEMA 2.1.1\is-CDA33.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	File created: C:\Program Files (x86)\SISTEMA 2.1.1\is-443TK.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	File created: C:\Program Files (x86)\SISTEMA 2.1.1\Language\is-9R3KU.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	File created: C:\Program Files (x86)\SISTEMA 2.1.1\is-3O0B2.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	File created: C:\Program Files (x86)\SISTEMA 2.1.1\is-B0U2U.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	File created: C:\Program Files (x86)\SISTEMA 2.1.1\borlndmm.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	File created: C:\Program Files (x86)\SISTEMA 2.1.1\is-VM0G9.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	File created: C:\Program Files (x86)\SISTEMA 2.1.1\ZParseSql280.bpl (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	File created: C:\Program Files (x86)\SISTEMA 2.1.1\WebRequest.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	File created: C:\Program Files (x86)\SISTEMA 2.1.1\is-3SN5S.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	File created: C:\Program Files (x86)\SISTEMA 2.1.1\Language\Lang_FR.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	File created: C:\Program Files (x86)\SISTEMA 2.1.1\Language\is-SUNEN.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	File created: C:\Program Files (x86)\SISTEMA 2.1.1\is-5J0AS.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	File created: C:\Program Files (x86)\SISTEMA 2.1.1\Language\Lang_JP.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	File created: C:\Program Files (x86)\SISTEMA 2.1.1\Language\is-UDML6.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	File created: C:\Program Files (x86)\SISTEMA 2.1.1\is-S7GRH.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	File created: C:\Program Files (x86)\SISTEMA 2.1.1\intl\is-SCNU7.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	File created: C:\Program Files (x86)\SISTEMA 2.1.1\intl\fbintl.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	File created: C:\Program Files (x86)\SISTEMA 2.1.1\ZComponent280.bpl (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	File created: C:\Program Files (x86)\SISTEMA 2.1.1\vclx280.bpl (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	File created: C:\Program Files (x86)\SISTEMA 2.1.1\rtl280.bpl (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	File created: C:\Program Files (x86)\SISTEMA 2.1.1\ConfigSrc.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	File created: C:\Program Files (x86)\SISTEMA 2.1.1\Language\Lang_FI.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	File created: C:\Program Files (x86)\SISTEMA 2.1.1\ZPlain280.bpl (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	File created: C:\Program Files (x86)\SISTEMA 2.1.1\is-LSB8O.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	File created: C:\Program Files (x86)\SISTEMA 2.1.1\Language\is-HJ2IP.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	File created: C:\Program Files (x86)\SISTEMA 2.1.1\icuuc30.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	File created: C:\Program Files (x86)\SISTEMA 2.1.1\is-5G8RE.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	File created: C:\Program Files (x86)\SISTEMA 2.1.1\is-N0KF3.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	File created: C:\Program Files (x86)\SISTEMA 2.1.1\is-O8I07.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	File created: C:\Program Files (x86)\SISTEMA 2.1.1\Language\is-9JKSG.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	File created: C:\Program Files (x86)\SISTEMA 2.1.1\is-OMTFN.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	File created: C:\Program Files (x86)\SISTEMA 2.1.1\vclactnband280.bpl (copy)	Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SISTEMA 2.1.1	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SISTEMA 2.1.1\SISTEMA.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SISTEMA 2.1.1\SISTEMA-Configurator.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SISTEMA 2.1.1\Remove SISTEMA 2.1.1.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SISTEMA 2.1.1\SISTEMA Cookbooks.lnk	Jump to behavior

Hooking and other Techniques for Hiding and Protection

Overwrites code with unconditional jumps - possibly settings hooks in foreign process

Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe

Memory written: PID: 7132 base: 6D02A0 value: E9 77 E4 B9 00

Jump to behavior

Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe

Registry key monitored for changes: HKEY_CURRENT_USER_Classes

Jump to behavior

Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\sistema_2_1_1_build2\SISTEMA_2_1_1_Build2.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0GTQV.tmp\SISTEMA_2_1_1_Build2.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0GTQV.tmp\SISTEMA_2_1_1_Build2.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0GTQV.tmp\SISTEMA_2_1_1_Build2.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0GTQV.tmp\SISTEMA_2_1_1_Build2.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0GTQV.tmp\SISTEMA_2_1_1_Build2.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0GTQV.tmp\SISTEMA_2_1_1_Build2.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\sistema_2_1_1_build2\SISTEMA_2_1_1_Build2.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Memory allocated: 9160000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Memory allocated: A280000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Memory allocated: A380000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Memory allocated: A450000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Memory allocated: 12ED0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Memory allocated: 10E30000 memory reserve \| memory write watch	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\SISTEMA 2.1.1\is-VN852.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\SISTEMA 2.1.1\msvcp80.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\SISTEMA 2.1.1\ib_util.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\SISTEMA 2.1.1\is-F9HCM.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\SISTEMA 2.1.1\icuin30.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\SISTEMA 2.1.1\is-B5NB6.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\SISTEMA 2.1.1\is-TRGCQ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\SISTEMA 2.1.1\is-1K55J.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\SISTEMA 2.1.1\msvcr80.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-08PUE.tmp\_isetup\_setup64.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\SISTEMA 2.1.1\vcl280.bpl (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\SISTEMA 2.1.1\Language\is-CT6C5.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\SISTEMA 2.1.1\is-HVGVG.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\SISTEMA 2.1.1\is-M5MNL.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\SISTEMA 2.1.1\Language\Lang_IT.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\SISTEMA 2.1.1\is-SRA0L.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\SISTEMA 2.1.1\is-073PP.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\SISTEMA 2.1.1\Language\is-4GJKG.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\SISTEMA 2.1.1\Language\Lang_EN.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\SISTEMA 2.1.1\is-B4K67.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\SISTEMA 2.1.1\Language\Lang_ES.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\SISTEMA 2.1.1\is-7G9TB.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\SISTEMA 2.1.1\is-AKAET.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\SISTEMA 2.1.1\unins000.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\SISTEMA 2.1.1\Language\Lang_DE.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\SISTEMA 2.1.1\is-0DA9P.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\SISTEMA 2.1.1\is-CDA33.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\SISTEMA 2.1.1\is-443TK.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\SISTEMA 2.1.1\Language\is-9R3KU.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\SISTEMA 2.1.1\is-3O0B2.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\SISTEMA 2.1.1\is-B0U2U.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\SISTEMA 2.1.1\WebRequest.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\SISTEMA 2.1.1\Language\Lang_FR.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\SISTEMA 2.1.1\is-3SN5S.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\SISTEMA 2.1.1\Language\is-SUNEN.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\SISTEMA 2.1.1\is-5J0AS.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\SISTEMA 2.1.1\Language\Lang_JP.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\SISTEMA 2.1.1\Language\is-UDML6.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\SISTEMA 2.1.1\is-S7GRH.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\SISTEMA 2.1.1\intl\is-SCNU7.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\SISTEMA 2.1.1\intl\fbintl.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\SISTEMA 2.1.1\vclx280.bpl (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\SISTEMA 2.1.1\ConfigSrc.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\SISTEMA 2.1.1\Language\Lang_FI.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\SISTEMA 2.1.1\is-LSB8O.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\SISTEMA 2.1.1\Language\is-HJ2IP.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\SISTEMA 2.1.1\is-5G8RE.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\SISTEMA 2.1.1\is-O8I07.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\SISTEMA 2.1.1\Language\is-9JKSG.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\SISTEMA 2.1.1\is-OMTFN.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\SISTEMA 2.1.1\vclactnband280.bpl (copy)	Jump to dropped file

Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	API coverage: 4.5 %
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	API coverage: 2.5 %

Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Code function: 18_2_05D256F0 memcpy,FindFirstFileA,		18_2_05D256F0
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Code function: 18_2_1002BC60 memcpy,FindFirstFileA,		18_2_1002BC60

Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe

Code function: 18_2_05D1BBB0 GetSystemInfo,

18_2_05D1BBB0

Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	File opened: C:\Users\user\AppData\Local\Microsoft	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Windows	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Windows\History\desktop.ini	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	File opened: C:\Users\user\AppData\Local	Jump to behavior

Source: SISTEMA.exe, 00000012.00000000.1714489502.00000000015FA000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: wbWePCgQEmUG[F8
Source: SISTEMA_2_1_1_Build2.tmp, 00000010.00000003.1741424305.0000000000940000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: SISTEMA_2_1_1_Build2.tmp, 00000010.00000003.1741424305.0000000000940000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
Source: SISTEMA_2_1_1_Build2.tmp, 0000000C.00000002.1760605134.00000000007ED000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}'(
Source: SISTEMA.exe, 00000012.00000002.2525919482.000000006B1E1000.00000020.00000001.01000000.00000013.sdmp	Binary or memory string: VirtualMachine

Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	API call chain: ExitProcess graph end node			graph_19-4160
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	API call chain: ExitProcess graph end node			graph_19-4140

Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe

Code function: 18_2_05BE16C0 IsDebuggerPresent,_crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,

18_2_05BE16C0

Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe

Code function: 18_2_05D275E0 EnterCriticalSection,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,MessageBoxA,LeaveCriticalSection,

18_2_05D275E0

Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe

Code function: 19_2_73A93FED GetProcessHeap,HeapFree,

19_2_73A93FED

Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Code function: 18_2_05BE16C0 IsDebuggerPresent,_crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,		18_2_05BE16C0
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Code function: 18_2_05D28EB4 IsDebuggerPresent,_crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,		18_2_05D28EB4

Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe

Memory allocated: page read and write | page guard

Jump to behavior

Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Process created: C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe "C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe" -v:2.1.1 -b:2 -l:de -i -t -u -w:500 -h:500			Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Process created: C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe "C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe" -v:2.1.1 -b:2 -l:de -i -t -e -w:700 -h:500			Jump to behavior

Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe

Code function: 18_2_05D13C10 GetCurrentProcessId,OpenProcess,GetSecurityInfo,CloseHandle,AllocateAndInitializeSid,SetEntriesInAclA,SetSecurityInfo,FreeSid,LocalFree,CloseHandle,LocalFree,InitializeSecurityDescriptor,SetSecurityDescriptorDacl,

18_2_05D13C10

Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe

18_2_05D13C10

Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe

Code function: 18_2_05D29C5A cpuid

18_2_05D29C5A

Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Queries volume information: C:\Users\user\AppData\Roaming\SISTEMA\db\SISTEMA_GEN200_DE.FDB VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Queries volume information: C:\Users\user\AppData\Roaming\SISTEMA\db\SISTEMA_GEN200_DE.FDB VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Queries volume information: C:\Users\user\Documents\SISTEMA\Libraries\SISTEMA_LIB200_DE.SLB VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Queries volume information: C:\Users\user\Documents\SISTEMA\Libraries\SISTEMA_LIB200_DE.SLB VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Queries volume information: C:\Users\user\AppData\Roaming\SISTEMA\db\SISTEMA_Gen200_DE.fdb VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Queries volume information: C:\Users\user\AppData\Roaming\SISTEMA\db\SISTEMA_Gen200_DE.fdb VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Queries volume information: C:\Users\user\Documents\SISTEMA\Libraries\SISTEMA_Lib200_DE.slb VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Queries volume information: C:\Users\user\Documents\SISTEMA\Libraries\SISTEMA_Lib200_DE.slb VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Queries volume information: C:\Users\user\Documents\SISTEMA\Libraries\SISTEMA_Lib200_DE.slb VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Queries volume information: C:\Users\user\Documents\SISTEMA\Libraries\SISTEMA_Lib200_DE.slb VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Queries volume information: C:\Windows\Fonts\times.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\userbrii.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\userbrili.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\userbrib.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\userbriz.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\consola.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\userFR.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\userFB.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\userST.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\userSTI.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\userSTB.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\userSTBI.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\DUBAI-REGULAR.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\DUBAI-MEDIUM.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\DUBAI-LIGHT.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\DUBAI-BOLD.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\flat_officeFontsPreview.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\OFFSYM.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\OFFSYMSL.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\OFFSYMSB.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\OFFSYMXL.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\OFFSYML.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\OFFSYMB.TTF VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation	Jump to behavior

Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe

Code function: 18_2_10019100 InterlockedIncrement,GetCurrentProcessId,CreateNamedPipeA,GetLastError,memcpy,

18_2_10019100

Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe

Code function: 18_2_05BE1614 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,

18_2_05BE1614

Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe

Code function: 18_2_05D14370 GetUserNameA,CharUpperBuffA,memcpy,

18_2_05D14370

Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe

Code function: 18_2_05D22E50 GetVersion,LoadLibraryA,GetLastError,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetCurrentProcess,GetLastError,CloseHandle,FreeLibrary,GetLastError,CloseHandle,CloseHandle,FreeLibrary,

18_2_05D22E50

Source: C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Code function: 18_2_10007CD0 memcpy,strstr,memcpy,memcpy,memcpy,memcpy,WSAGetLastError,gds__log,getservbyname,getservbyname,WSAGetLastError,getservbyname,WSAGetLastError,_stricmp,atoi,htons,WSAGetLastError,gds__log,socket,WSAGetLastError,setsockopt,gds__log,WSAGetLastError,connect,WSAGetLastError,getsockopt,setsockopt,WSAGetLastError,WSAGetLastError,bind,bind,WSAGetLastError,Sleep,bind,WSAGetLastError,WSAGetLastError,listen,WSAGetLastError,accept,WSAGetLastError,WSAGetLastError,EnterCriticalSection,CreateEventA,gds__thread_start,SetEvent,accept,WSAGetLastError,	18_2_10007CD0
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Code function: 18_2_1004A2F0 isc_dsql_describe_bind,memcpy,isc_dsql_sql_info,	18_2_1004A2F0
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Code function: 18_2_101BE5A0 isc_embed_dsql_describe_bind,isc_dsql_describe_bind,	18_2_101BE5A0
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Code function: 18_2_101BEB30 isc_describe_bind,isc_embed_dsql_describe_bind,	18_2_101BEB30
Source: C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe	Code function: 18_2_10006E50 htons,socket,WSAGetLastError,bind,WSAGetLastError,getsockname,getsockname,WSAGetLastError,listen,WSAGetLastError,getsockname,WSAGetLastError,	18_2_10006E50

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 Native API	1 Registry Run Keys / Startup Folder	12 Process Injection	2 Masquerading	1 Credential API Hooking	1 System Time Discovery	Remote Services	1 Credential API Hooking	11 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 DLL Side-Loading	1 Registry Run Keys / Startup Folder	1 Virtualization/Sandbox Evasion	LSASS Memory	1 Query Registry	Remote Desktop Protocol	1 Archive Collected Data	2 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 DLL Side-Loading	1 Disable or Modify Tools	Security Account Manager	21 Security Software Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	12 Process Injection	NTDS	1 Virtualization/Sandbox Evasion	Distributed Component Object Model	Input Capture	13 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Deobfuscate/Decode Files or Information	LSA Secrets	1 Process Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	2 Obfuscated Files or Information	Cached Domain Credentials	1 Account Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 Rundll32	DCSync	3 System Owner/User Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 Software Packing	Proc Filesystem	3 File and Directory Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	1 DLL Side-Loading	/etc/passwd and /etc/shadow	25 System Information Discovery	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
sistema_2_1_1_build2.zip	5%	ReversingLabs
sistema_2_1_1_build2.zip	0%	Virustotal		Browse

Dropped Files

Source	Detection	Scanner
C:\Program Files (x86)\SISTEMA 2.1.1\ConfigSrc.dll (copy)	3%	ReversingLabs
C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe (copy)	0%	ReversingLabs
C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe (copy)	0%	ReversingLabs
C:\Program Files (x86)\SISTEMA 2.1.1\Language\Lang_EN.dll (copy)	3%	ReversingLabs
C:\Program Files (x86)\SISTEMA 2.1.1\Language\Lang_ES.dll (copy)	3%	ReversingLabs
C:\Program Files (x86)\SISTEMA 2.1.1\Language\Lang_FI.dll (copy)	3%	ReversingLabs
C:\Program Files (x86)\SISTEMA 2.1.1\Language\Lang_IT.dll (copy)	3%	ReversingLabs
C:\Program Files (x86)\SISTEMA 2.1.1\Language\is-9JKSG.tmp	3%	ReversingLabs
C:\Program Files (x86)\SISTEMA 2.1.1\Language\is-CT6C5.tmp	3%	ReversingLabs
C:\Program Files (x86)\SISTEMA 2.1.1\Language\is-HJ2IP.tmp	3%	ReversingLabs
C:\Program Files (x86)\SISTEMA 2.1.1\Language\is-SUNEN.tmp	3%	ReversingLabs
C:\Program Files (x86)\SISTEMA 2.1.1\OIDDATA.dll (copy)	3%	ReversingLabs
C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe (copy)	0%	ReversingLabs
C:\Program Files (x86)\SISTEMA 2.1.1\WebRequest.dll (copy)	3%	ReversingLabs
C:\Program Files (x86)\SISTEMA 2.1.1\ZComponent280.bpl (copy)	0%	ReversingLabs
C:\Program Files (x86)\SISTEMA 2.1.1\ZCore280.bpl (copy)	0%	ReversingLabs
C:\Program Files (x86)\SISTEMA 2.1.1\ZDbc280.bpl (copy)	0%	ReversingLabs
C:\Program Files (x86)\SISTEMA 2.1.1\ZParseSql280.bpl (copy)	0%	ReversingLabs
C:\Program Files (x86)\SISTEMA 2.1.1\ZPlain280.bpl (copy)	0%	ReversingLabs
C:\Program Files (x86)\SISTEMA 2.1.1\borlndmm.dll (copy)	0%	ReversingLabs
C:\Program Files (x86)\SISTEMA 2.1.1\dbrtl280.bpl (copy)	0%	ReversingLabs
C:\Program Files (x86)\SISTEMA 2.1.1\fbclient25.dll (copy)	0%	ReversingLabs
C:\Program Files (x86)\SISTEMA 2.1.1\ib_util.dll (copy)	0%	ReversingLabs
C:\Program Files (x86)\SISTEMA 2.1.1\icudt30.dll (copy)	3%	ReversingLabs

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
sistema-anfrage.ifa.dguv.de	0%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label	Link
http://www.dguv.de/webcode/e561582QNg	0%	Avira URL Cloud	safe
http://www.dguv.de/webcode/e34183IXb	0%	Avira URL Cloud	safe
http://www.firebirdsql.org/index.php?op=doc&id=ipl	0%	Avira URL Cloud	safe
https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU	0%	Avira URL Cloud	safe
http://www.dguv.de/webcode/e34183IXg	0%	Avira URL Cloud	safe
http://www.tmssoftware.com/site/tmsfncuipack.asp?s=faq	0%	Avira URL Cloud	safe
https://www.dguv.de/de/wir-ueber-uns/impressum/datenschutz_partner/index.jsp	0%	Avira URL Cloud	safe
http://www.firebirdsql.org/index.php?op=doc&id=ipl	0%	Virustotal		Browse
https://github.co	0%	Avira URL Cloud	safe
https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU	0%	Virustotal		Browse
https://www.dguv.de/medien/ifa/de/pra/softwa/sistema/erste_schritte.pdfV3	0%	Avira URL Cloud	safe
http://www.dguv.de/webcode/e561582QNg	0%	Virustotal		Browse
http://www.gnu.org/licenses/lgpl.htmlF	0%	Avira URL Cloud	safe
http://www.dguv.de/webcode/e34183IXb	0%	Virustotal		Browse
https://www.dguv.de/de/wir-ueber-uns/impressum/datenschutz_partner/index.jsp	0%	Virustotal		Browse
http://www.dguv.de/webcode/e34183IXg	0%	Virustotal		Browse
https://github.co	0%	Virustotal		Browse
http://www.dguv.de/webcode.jsp?q=e89507	0%	Avira URL Cloud	safe
http://www.tmssoftware.com/site/tmsfncuipack.asp?s=faq	0%	Virustotal		Browse
http://www.jrsoftware.org/files/is/license.txtgI	0%	Avira URL Cloud	safe
http://www.dguv.de/webcode.jsp?q=d11223	0%	Avira URL Cloud	safe
http://ispesl.it/	0%	Avira URL Cloud	safe
http://www.dguv.de/webcode/d11223Ea	0%	Avira URL Cloud	safe
http://www.dguv.de/webcode.jsp?q=e89507	0%	Virustotal		Browse
http://creativecommons.org/licenses/by/3.0/	0%	Avira URL Cloud	safe
http://www.dguv.de/webcode/e92603Hhttp://www.dguv.de/medien/ifa/en/pra/softwa/sistema/getting_starte	0%	Avira URL Cloud	safe
http://www.nevrona.com)	0%	Avira URL Cloud	safe
http://ispesl.it/	0%	Virustotal		Browse
https://github.com/landrix/The-new-Drag-and-Drop-Component-Suite-for-Delphil	0%	Avira URL Cloud	safe
http://www.dguv.de/webcode/e92603Hhttp://www.dguv.de/medien/ifa/en/pra/softwa/sistema/getting_starte	0%	Virustotal		Browse
http://www.dguv.de/webcode.jsp?q=d11223ode.jsp?q=d11223en	0%	Avira URL Cloud	safe
http://www.dguv.de/webcode/e34183k	0%	Avira URL Cloud	safe
http://creativecommons.org/licenses/by/3.0/	0%	Virustotal		Browse
http://www.dguv.de/webcode/e34183l	0%	Avira URL Cloud	safe
http://www.jam-software.de/virtualirtual	0%	Avira URL Cloud	safe
http://www.dguv.de/webcode.jsp?q=d11223	0%	Virustotal		Browse
http://www.jrsoftware.org/files/is/license.txtMI	0%	Avira URL Cloud	safe
http://opensource.org/licenses/mit-license.php)H	0%	Avira URL Cloud	safe
http://download.ifa.dguv.de/sendmail.aspx?YBh	0%	Avira URL Cloud	safe
http://www.jrsoftware.org/isinfo.php	0%	Avira URL Cloud	safe
https://www.remobjects.com/ps	0%	Avira URL Cloud	safe
http://www.sundcon.fi/	0%	Avira URL Cloud	safe
http://www.openssl.org/).	0%	Avira URL Cloud	safe
https://www.innosetup.com/	0%	Avira URL Cloud	safe
http://download.ifa.dguv.de/sendmail.aspx?i9h	0%	Avira URL Cloud	safe
http://www.openssl.org/	0%	Avira URL Cloud	safe
http://www.sundcon.fi/	0%	Virustotal		Browse
http://www.famfamfam.com/lab/icons/silk/	0%	Avira URL Cloud	safe
http://www.openssl.org/	0%	Virustotal		Browse
http://www.jrsoftware.org/isinfo.php	0%	Virustotal		Browse
http://www.firebirdsql.org/o	0%	Avira URL Cloud	safe
https://www.dguv.de/de/wir-ueber-	0%	Avira URL Cloud	safe
http://relaxng.org/ns/structure/1.0Memory	0%	Avira URL Cloud	safe
http://www.famfamfam.com/lab/icons/silk/	0%	Virustotal		Browse
http://www.openssl.org/).	0%	Virustotal		Browse
http://www.dguv.de/webcode/d18471	0%	Avira URL Cloud	safe
https://www.remobjects.com/ps	0%	Virustotal		Browse
https://www.dguv.de/de/wir-ueber-	0%	Virustotal		Browse
https://www.innosetup.com/	1%	Virustotal		Browse
http://www.dguv.de/webcode.jsp?q=e34183	0%	Avira URL Cloud	safe
http://www.firebirdsql.org/O=	0%	Avira URL Cloud	safe
http://www.dguv.de/webcode/e561582QNb	0%	Avira URL Cloud	safe
http://download.ifa.dguv.de/sendmail.aspx?9:h	0%	Avira URL Cloud	safe
http://relaxng.org/ns/structure/1.0Memory	0%	Virustotal		Browse
http://www.dguv.de/webcode/d18471	0%	Virustotal		Browse
https://www.dguv.de/webcode.jsp?query=d11223	0%	Avira URL Cloud	safe
http://download.ifa.dguv.de/sendmail.aspx?9:c	0%	Avira URL Cloud	safe
http://everaldo.com/crystal/	0%	Avira URL Cloud	safe
http://sourceforge.net/projects/zeoslib/Bg=O	0%	Avira URL Cloud	safe
http://www.dguv.de/webcode/e561582	0%	Avira URL Cloud	safe
http://opensource.org/licenses/mit-license.php	0%	Avira URL Cloud	safe
http://sourceforge.net/projects/zeoslib/:gEO	0%	Avira URL Cloud	safe
http://www.dguv.de/webcode/d5615820OldVersionIsInstalledMsg	0%	Avira URL Cloud	safe
http://download.ifa.dguv.de/sendmail.aspx?i9c	0%	Avira URL Cloud	safe
https://%s:%u/d.php	0%	Avira URL Cloud	safe
http://tiopf.sourceforge.net/	0%	Avira URL Cloud	safe
http://www.firebirdsql.org/	0%	Avira URL Cloud	safe
http://www.gnu.org/licenses/lgpl.html	0%	Avira URL Cloud	safe
https://www.dguv.d	0%	Avira URL Cloud	safe
http://www.dguv.de/webcode/d11223qRg	0%	Avira URL Cloud	safe
https://github.com/landrix/	0%	Avira URL Cloud	safe
http://www.dguv.de/webcode/d11223qRb	0%	Avira URL Cloud	safe
https://github.com/landrix/The-new-Drag-and-Drop-Component-Suite-for-Delphi	0%	Avira URL Cloud	safe
https://sistema-anfrage.ifa.dguv.de/?v=2.1.1&b=2	0%	Avira URL Cloud	safe
http://www.fatcow.com/free-iconse	0%	Avira URL Cloud	safe
http://download.ifa.dguv.de/sendmail.aspx?A	0%	Avira URL Cloud	safe
http://www.dguv.de/webcode/d561582	0%	Avira URL Cloud	safe
http://www.firebirdsql.org/index.php?op=doc&id=ipl	0%	Avira URL Cloud	safe
https://download.tmssoftware.com/doc/tmsfncuipack/components/ttmsfncuipack/	0%	Avira URL Cloud	safe
http://www.dguv.de/webcode/m757251	0%	Avira URL Cloud	safe
https://www.dguv.de/medien/ifa/de/pra/softwa/sistema/erste_schritte.pdf	0%	Avira URL Cloud	safe
http://oss.software.ibm.com/icu/V	0%	Avira URL Cloud	safe
http://www.cetim.fr	0%	Avira URL Cloud	safe
http://schemas.xmlsoap.org/soap/envelope/	0%	Avira URL Cloud	safe
http://www.dguv.de/webcode/d11223	0%	Avira URL Cloud	safe
http://www.firebirdsql.org/en/licensing/	0%	Avira URL Cloud	safe
http://www.dguv.de/webcode/e89507	0%	Avira URL Cloud	safe
http://www.firebirdsql.org/index.php?op=doc&id=idpllt	0%	Avira URL Cloud	safe
http://sourceforge.net/projects/zeoslib/	0%	Avira URL Cloud	safe
http://www.dguv.de/webcode/d92599Fhttp://www.dguv.de/medien/ifa/de/pra/softwa/sistema/erste_schritte	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
sistema-anfrage.ifa.dguv.de	185.103.232.54	true	false	0%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://sistema-anfrage.ifa.dguv.de/?v=2.1.1&b=2	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://www.firebirdsql.org/index.php?op=doc&id=ipl	SISTEMA_2_1_1_Build2.tmp, 00000010.00000003.1724525078.0000000005770000.00000004.00001000.00020000.00000000.sdmp, SISTEMA_2_1_1_Build2.tmp, 00000010.00000003.1724525078.00000000057BD000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000003.2062028845.000000000AD8A000.00000004.00000020.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000002.2448726180.0000000008670000.00000004.00000020.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000002.2417187607.000000000226E000.00000004.00000020.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000003.2065651785.0000000008675000.00000004.00000020.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000002.2474221486.000000000B1A3000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000003.2059431766.00000000086BD000.00000004.00000020.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000003.2024628334.0000000008677000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.dguv.de/webcode/e34183IXb	SISTEMA_2_1_1_Build2.tmp, 00000010.00000003.1738723669.0000000002624000.00000004.00001000.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.dguv.de/webcode/e561582QNg	SISTEMA_2_1_1_Build2.tmp, 0000000C.00000003.1755806604.0000000002674000.00000004.00001000.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU	SISTEMA_2_1_1_Build2.exe, 0000000B.00000000.1395222225.0000000000401000.00000020.00000001.01000000.00000006.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.dguv.de/webcode/e34183IXg	SISTEMA_2_1_1_Build2.tmp, 0000000C.00000003.1755806604.0000000002674000.00000004.00001000.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.tmssoftware.com/site/tmsfncuipack.asp?s=faq	SISTEMA.exe, 00000012.00000000.1704314306.0000000000FA1000.00000020.00000001.01000000.0000000B.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://www.dguv.de/de/wir-ueber-uns/impressum/datenschutz_partner/index.jsp	SISTEMA_2_1_1_Build2.tmp, 00000010.00000003.1736210872.0000000003713000.00000004.00001000.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://github.co	SISTEMA_2_1_1_Build2.exe, 0000000B.00000003.1395802347.00000000026E0000.00000004.00001000.00020000.00000000.sdmp, SISTEMA_2_1_1_Build2.tmp, 0000000C.00000003.1401663830.00000000035C0000.00000004.00001000.00020000.00000000.sdmp, SISTEMA_2_1_1_Build2.exe, 0000000F.00000003.1748981306.00000000022D3000.00000004.00001000.00020000.00000000.sdmp, SISTEMA_2_1_1_Build2.tmp, 00000010.00000003.1738723669.0000000002510000.00000004.00001000.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://www.dguv.de/medien/ifa/de/pra/softwa/sistema/erste_schritte.pdfV3	SISTEMA.exe, 00000012.00000002.2448726180.00000000086DD000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.gnu.org/licenses/lgpl.htmlF	SISTEMA.exe, 00000012.00000002.2448726180.0000000008650000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.dguv.de/webcode.jsp?q=e89507	SISTEMA_2_1_1_Build2.tmp, 00000010.00000003.1724525078.00000000057BD000.00000004.00001000.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.jrsoftware.org/files/is/license.txtgI	SISTEMA.exe, 00000012.00000003.2063964550.00000000086B8000.00000004.00000020.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000002.2448726180.00000000086BC000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.dguv.de/webcode.jsp?q=d11223	SISTEMA_2_1_1_Build2.tmp, 00000010.00000003.1724525078.00000000057BD000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000002.2428268985.0000000005A8C000.00000004.00001000.00020000.00000000.sdmp, Configurator.exe, 00000013.00000003.1933835955.000000000729C000.00000004.00001000.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://ispesl.it/	SISTEMA_2_1_1_Build2.tmp, 00000010.00000003.1724525078.0000000005770000.00000004.00001000.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.dguv.de/webcode/d11223Ea	SISTEMA.exe, 00000012.00000002.2448726180.0000000008650000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://creativecommons.org/licenses/by/3.0/	SISTEMA.exe, 00000012.00000000.1714489502.0000000001AFB000.00000002.00000001.01000000.0000000B.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.dguv.de/webcode/e92603Hhttp://www.dguv.de/medien/ifa/en/pra/softwa/sistema/getting_starte	SISTEMA_2_1_1_Build2.tmp, 00000010.00000003.1724525078.00000000057BD000.00000004.00001000.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.nevrona.com)	SISTEMA.exe, 00000012.00000000.1704314306.00000000005A1000.00000020.00000001.01000000.0000000B.sdmp	false	Avira URL Cloud: safe	unknown
https://github.com/landrix/The-new-Drag-and-Drop-Component-Suite-for-Delphil	SISTEMA.exe, 00000012.00000002.2417187607.00000000021E5000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.dguv.de/webcode.jsp?q=d11223ode.jsp?q=d11223en	SISTEMA.exe, 00000012.00000002.2422766471.0000000003D40000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.dguv.de/webcode/e34183k	SISTEMA_2_1_1_Build2.tmp, 00000010.00000003.1738723669.0000000002624000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.dguv.de/webcode/e34183l	SISTEMA_2_1_1_Build2.tmp, 00000010.00000003.1738723669.0000000002624000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.jam-software.de/virtualirtual	SISTEMA.exe, 00000012.00000003.2024628334.0000000008659000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.jrsoftware.org/files/is/license.txtMI	SISTEMA.exe, 00000012.00000002.2448726180.00000000086BC000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://opensource.org/licenses/mit-license.php)H	SISTEMA.exe, 00000012.00000003.2063964550.00000000086B8000.00000004.00000020.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000002.2448726180.00000000086BC000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://download.ifa.dguv.de/sendmail.aspx?YBh	SISTEMA_2_1_1_Build2.tmp, 0000000C.00000003.1755806604.0000000002683000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.jrsoftware.org/isinfo.php	SISTEMA.exe, 00000012.00000003.2024628334.0000000008677000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://www.remobjects.com/ps	SISTEMA_2_1_1_Build2.exe, 0000000B.00000003.1397260240.0000000002820000.00000004.00001000.00020000.00000000.sdmp, SISTEMA_2_1_1_Build2.exe, 0000000B.00000003.1397889533.000000007FB50000.00000004.00001000.00020000.00000000.sdmp, SISTEMA_2_1_1_Build2.tmp, 0000000C.00000000.1399744248.0000000000401000.00000020.00000001.01000000.00000007.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.sundcon.fi/	SISTEMA_2_1_1_Build2.tmp, 00000010.00000003.1724525078.00000000057BD000.00000004.00001000.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.openssl.org/).	SISTEMA_2_1_1_Build2.tmp, 00000010.00000003.1743090299.0000000003B3B000.00000004.00000020.00020000.00000000.sdmp, SISTEMA_2_1_1_Build2.tmp, 00000010.00000003.1724525078.0000000005770000.00000004.00001000.00020000.00000000.sdmp, SISTEMA_2_1_1_Build2.tmp, 00000010.00000003.1724525078.00000000057BD000.00000004.00001000.00020000.00000000.sdmp, SISTEMA_2_1_1_Build2.tmp, 00000010.00000003.1741424305.000000000097B000.00000004.00000020.00020000.00000000.sdmp, SISTEMA_2_1_1_Build2.tmp, 00000010.00000003.1736210872.0000000003713000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000003.2063964550.00000000086B8000.00000004.00000020.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000002.2448726180.0000000008670000.00000004.00000020.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000003.2062028845.000000000AD33000.00000004.00000020.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000003.2024628334.0000000008659000.00000004.00000020.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000002.2417187607.000000000226E000.00000004.00000020.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000003.2059431766.00000000086BD000.00000004.00000020.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000002.2470059520.000000000ACC0000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://www.innosetup.com/	SISTEMA_2_1_1_Build2.exe, 0000000B.00000003.1397260240.0000000002820000.00000004.00001000.00020000.00000000.sdmp, SISTEMA_2_1_1_Build2.exe, 0000000B.00000003.1397889533.000000007FB50000.00000004.00001000.00020000.00000000.sdmp, SISTEMA_2_1_1_Build2.tmp, 0000000C.00000000.1399744248.0000000000401000.00000020.00000001.01000000.00000007.sdmp	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://download.ifa.dguv.de/sendmail.aspx?i9h	SISTEMA_2_1_1_Build2.tmp, 0000000C.00000003.1755806604.0000000002683000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.openssl.org/	SISTEMA_2_1_1_Build2.tmp, 00000010.00000003.1738723669.0000000002510000.00000004.00001000.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.famfamfam.com/lab/icons/silk/	SISTEMA.exe, 00000012.00000000.1714489502.0000000001AFB000.00000002.00000001.01000000.0000000B.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.firebirdsql.org/o	SISTEMA.exe, 00000012.00000002.2417187607.00000000021A9000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.dguv.de/de/wir-ueber-	SISTEMA_2_1_1_Build2.exe, 0000000B.00000003.1395802347.00000000026E0000.00000004.00001000.00020000.00000000.sdmp, SISTEMA_2_1_1_Build2.tmp, 0000000C.00000003.1401663830.00000000035C0000.00000004.00001000.00020000.00000000.sdmp, SISTEMA_2_1_1_Build2.exe, 0000000F.00000003.1748981306.00000000022D3000.00000004.00001000.00020000.00000000.sdmp, SISTEMA_2_1_1_Build2.tmp, 00000010.00000003.1738723669.0000000002510000.00000004.00001000.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://relaxng.org/ns/structure/1.0Memory	SISTEMA.exe, 00000012.00000000.1714012890.0000000001287000.00000008.00000001.01000000.0000000B.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.dguv.de/webcode/d18471	SISTEMA_2_1_1_Build2.tmp, 00000010.00000003.1724525078.00000000057BD000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000003.2063964550.00000000086B8000.00000004.00000020.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000003.2062028845.000000000AD8A000.00000004.00000020.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000003.2024628334.0000000008659000.00000004.00000020.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000002.2474221486.000000000B1A3000.00000004.00001000.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000003.2059431766.00000000086BD000.00000004.00000020.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000003.2024628334.0000000008677000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.dguv.de/webcode.jsp?q=e34183	SISTEMA_2_1_1_Build2.tmp, 00000010.00000003.1724525078.00000000057BD000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.firebirdsql.org/O=	SISTEMA.exe, 00000012.00000002.2448726180.0000000008670000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.dguv.de/webcode/e561582QNb	SISTEMA_2_1_1_Build2.tmp, 00000010.00000003.1738723669.0000000002624000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://download.ifa.dguv.de/sendmail.aspx?9:h	SISTEMA_2_1_1_Build2.tmp, 0000000C.00000003.1755806604.0000000002683000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.dguv.de/webcode.jsp?query=d11223	SISTEMA.exe, 00000012.00000003.2024628334.0000000008677000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://download.ifa.dguv.de/sendmail.aspx?9:c	SISTEMA_2_1_1_Build2.tmp, 00000010.00000003.1738723669.0000000002633000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://everaldo.com/crystal/	SISTEMA.exe, 00000012.00000000.1714489502.0000000001AFB000.00000002.00000001.01000000.0000000B.sdmp	false	Avira URL Cloud: safe	unknown
http://sourceforge.net/projects/zeoslib/Bg=O	SISTEMA.exe, 00000012.00000002.2472573933.000000000ADD4000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.dguv.de/webcode/e561582	SISTEMA_2_1_1_Build2.tmp, 00000010.00000003.1724525078.00000000057BD000.00000004.00001000.00020000.00000000.sdmp, SISTEMA_2_1_1_Build2.tmp, 00000010.00000003.1736210872.0000000003713000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://opensource.org/licenses/mit-license.php	SISTEMA.exe, 00000012.00000003.2024628334.0000000008677000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://sourceforge.net/projects/zeoslib/:gEO	SISTEMA.exe, 00000012.00000002.2472573933.000000000ADD4000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.dguv.de/webcode/d5615820OldVersionIsInstalledMsg	SISTEMA_2_1_1_Build2.tmp, 0000000C.00000003.1401663830.00000000035C0000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://download.ifa.dguv.de/sendmail.aspx?i9c	SISTEMA_2_1_1_Build2.tmp, 00000010.00000003.1738723669.0000000002633000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://%s:%u/d.php	SISTEMA.exe, 00000012.00000002.2525919482.000000006B1E1000.00000020.00000001.01000000.00000013.sdmp	false	Avira URL Cloud: safe	unknown
http://tiopf.sourceforge.net/	SISTEMA.exe, 00000012.00000003.2024628334.0000000008677000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.firebirdsql.org/	SISTEMA.exe, 00000012.00000003.2024628334.0000000008677000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.gnu.org/licenses/lgpl.html	SISTEMA.exe, 00000012.00000003.2059431766.00000000086BD000.00000004.00000020.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000003.2024628334.0000000008677000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.dguv.d	SISTEMA_2_1_1_Build2.tmp, 00000010.00000003.1736943334.00000000038D0000.00000004.00001000.00020000.00000000.sdmp, SISTEMA_2_1_1_Build2.tmp, 00000010.00000003.1738723669.0000000002510000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.dguv.de/webcode/d11223qRg	SISTEMA_2_1_1_Build2.tmp, 0000000C.00000003.1755806604.0000000002674000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://github.com/landrix/	SISTEMA.exe, 00000012.00000003.2024628334.0000000008677000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.dguv.de/webcode/d11223qRb	SISTEMA_2_1_1_Build2.tmp, 00000010.00000003.1738723669.0000000002624000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://github.com/landrix/The-new-Drag-and-Drop-Component-Suite-for-Delphi	SISTEMA.exe, 00000012.00000003.2024628334.0000000008677000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.fatcow.com/free-iconse	SISTEMA.exe, 00000012.00000002.2470059520.000000000AD31000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://download.ifa.dguv.de/sendmail.aspx?A	SISTEMA_2_1_1_Build2.tmp, 0000000C.00000003.1755806604.0000000002683000.00000004.00001000.00020000.00000000.sdmp, SISTEMA_2_1_1_Build2.tmp, 00000010.00000003.1738723669.0000000002633000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.dguv.de/webcode/d561582	SISTEMA_2_1_1_Build2.tmp, 0000000C.00000003.1755806604.0000000002674000.00000004.00001000.00020000.00000000.sdmp, SISTEMA_2_1_1_Build2.tmp, 00000010.00000003.1738723669.0000000002624000.00000004.00001000.00020000.00000000.sdmp, SISTEMA_2_1_1_Build2.tmp, 00000010.00000003.1724525078.00000000057BD000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.firebirdsql.org/index.php?op=doc&id=ipl	SISTEMA.exe, 00000012.00000002.2417187607.0000000002258000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://download.tmssoftware.com/doc/tmsfncuipack/components/ttmsfncuipack/	SISTEMA.exe, 00000012.00000000.1704314306.0000000000FA1000.00000020.00000001.01000000.0000000B.sdmp	false	Avira URL Cloud: safe	unknown
http://www.dguv.de/webcode/m757251	SISTEMA_2_1_1_Build2.tmp, 00000010.00000003.1724525078.00000000057BD000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.dguv.de/medien/ifa/de/pra/softwa/sistema/erste_schritte.pdf	SISTEMA.exe, 00000012.00000003.2059431766.00000000086BD000.00000004.00000020.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000003.2024628334.0000000008677000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://oss.software.ibm.com/icu/V	SISTEMA.exe, 00000012.00000002.2518055811.000000004A8A1000.00000002.00000001.01000000.0000001A.sdmp, SISTEMA.exe, 00000012.00000002.2519725664.000000004A962000.00000002.00000001.01000000.0000001E.sdmp, SISTEMA.exe, 00000012.00000002.2519825902.000000004AD00000.00000002.00000001.01000000.0000001B.sdmp	false	Avira URL Cloud: safe	unknown
http://www.cetim.fr	SISTEMA_2_1_1_Build2.tmp, 00000010.00000003.1724525078.00000000057BD000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.dguv.de/webcode/d11223	SISTEMA.exe, 00000012.00000003.2024628334.0000000008677000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/soap/envelope/	SISTEMA.exe, 00000012.00000000.1704314306.00000000005A1000.00000020.00000001.01000000.0000000B.sdmp	false	Avira URL Cloud: safe	unknown
http://www.firebirdsql.org/en/licensing/	SISTEMA_2_1_1_Build2.tmp, 00000010.00000003.1736210872.0000000003713000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.dguv.de/webcode/e89507	SISTEMA_2_1_1_Build2.tmp, 00000010.00000003.1724525078.00000000057BD000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.firebirdsql.org/index.php?op=doc&id=idpllt	SISTEMA.exe, 00000012.00000002.2417187607.0000000002258000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://sourceforge.net/projects/zeoslib/	SISTEMA.exe, 00000012.00000003.2024628334.0000000008677000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.dguv.de/webcode/d92599Fhttp://www.dguv.de/medien/ifa/de/pra/softwa/sistema/erste_schritte	SISTEMA_2_1_1_Build2.tmp, 00000010.00000003.1724525078.00000000057BD000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://download.ifa.dguv.de/sendmail.aspx?	SISTEMA_2_1_1_Build2.tmp, 0000000C.00000003.1401663830.00000000035C0000.00000004.00001000.00020000.00000000.sdmp, SISTEMA_2_1_1_Build2.tmp, 0000000C.00000003.1755806604.0000000002683000.00000004.00001000.00020000.00000000.sdmp, SISTEMA_2_1_1_Build2.tmp, 00000010.00000003.1738723669.0000000002633000.00000004.00001000.00020000.00000000.sdmp, SISTEMA_2_1_1_Build2.tmp, 00000010.00000003.1736210872.0000000003713000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.dguv.de/webcode/e34183	SISTEMA_2_1_1_Build2.tmp, 00000010.00000003.1724525078.00000000057BD000.00000004.00001000.00020000.00000000.sdmp, SISTEMA_2_1_1_Build2.tmp, 00000010.00000003.1736210872.0000000003713000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.dguv.de/medien/ifa/de/pra/softwa/sistema/erste_schritte.pdfb5	SISTEMA.exe, 00000012.00000003.2063536131.00000000086FC000.00000004.00000020.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000002.2448726180.00000000086DD000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.dguv.de/webcode/e34183)Tb	SISTEMA_2_1_1_Build2.tmp, 00000010.00000003.1738723669.0000000002624000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.fatcow.com/free-iconsphp?	SISTEMA.exe, 00000012.00000002.2448726180.0000000008650000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://github.com/landrix/The-new-Drag-and-Drop-Component-Suite-for-Delphi#	SISTEMA.exe, 00000012.00000002.2417187607.00000000021A9000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.dguv.de/webcode.jsp?q=d184714	SISTEMA.exe, 00000012.00000002.2448726180.0000000008650000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.dguv.de/webcode/e34183#http://www.dguv.de/webcode/d1057334	SISTEMA_2_1_1_Build2.tmp, 00000010.00000003.1724525078.00000000057BD000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.dguv.de/webcode/e34183)Tg	SISTEMA_2_1_1_Build2.tmp, 0000000C.00000003.1755806604.0000000002674000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.fatcow.com/free-icons	SISTEMA.exe, 00000012.00000003.2024628334.0000000008677000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.firebirdsql.org/index.php?op=doc&id=iplipl	SISTEMA.exe, 00000012.00000003.2062028845.000000000AD33000.00000004.00000020.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000003.2024628334.0000000008659000.00000004.00000020.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000003.2059431766.00000000086BD000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.jam-software.de/virtual-treeview/	SISTEMA.exe, 00000012.00000003.2059431766.00000000086BD000.00000004.00000020.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000002.2470059520.000000000ACC0000.00000004.00000020.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000003.2024628334.0000000008677000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://docs.mic	Configurator.exe, 00000013.00000003.1802186119.000000000738F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.dguv.de/webcode/e109249	SISTEMA_2_1_1_Build2.tmp, 00000010.00000003.1724525078.00000000057BD000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.dguv.de/medien/ifa/en/pra/softwa/sistema/getting_started.pdf	SISTEMA_2_1_1_Build2.tmp, 00000010.00000003.1724525078.00000000057BD000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.dguv.de/bgia/sistema	SISTEMA.exe, 00000012.00000000.1714489502.00000000019E5000.00000002.00000001.01000000.0000000B.sdmp, Configurator.exe, 00000013.00000000.1773603217.0000000001E6A000.00000002.00000001.01000000.00000014.sdmp	false	Avira URL Cloud: safe	unknown
http://www.jam-software.de/virtual-treeview/AH	SISTEMA.exe, 00000012.00000002.2448726180.00000000086BC000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://download.ifa.dguv.de/sendmail.aspx?y=c	SISTEMA_2_1_1_Build2.tmp, 00000010.00000003.1738723669.0000000002633000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.dguv.de/webcode/e561582YZb	SISTEMA_2_1_1_Build2.tmp, 00000010.00000003.1738723669.0000000002624000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://creativecommons.org/licenses/LGPL/2.1/;	SISTEMA.exe, 00000012.00000000.1714489502.0000000001AFB000.00000002.00000001.01000000.0000000B.sdmp	false	Avira URL Cloud: safe	unknown
http://download.ifa.dguv.de/sendmail.aspx?y=h	SISTEMA_2_1_1_Build2.tmp, 0000000C.00000003.1755806604.0000000002683000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.dguv.de/webcode/e561582YZg	SISTEMA_2_1_1_Build2.tmp, 0000000C.00000003.1755806604.0000000002674000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.dguv.de/webcode.jsp?query=d11223VH	SISTEMA.exe, 00000012.00000003.2063964550.00000000086B8000.00000004.00000020.00020000.00000000.sdmp, SISTEMA.exe, 00000012.00000002.2448726180.00000000086BC000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
185.103.232.54	sistema-anfrage.ifa.dguv.de	Germany		56532	DGUV-ASDE	false

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1509263
Start date and time:	2024-09-11 11:50:18 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 9m 24s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	23
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	1
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	sistema_2_1_1_build2.zip
Detection:	MAL
Classification:	mal52.evad.winZIP@15/211@1/1
EGA Information:	Successful, ratio: 66.7%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .zip

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, consent.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
Excluded domains from analysis (whitelisted): fs.microsoft.com, slscr.update.microsoft.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
05:52:19	API Interceptor	3x Sleep call for process: SISTEMA.exe modified

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
fd80fa9c6120cdeea8520510f3c644ac	SecuriteInfo.com.W32.PossibleThreat.9762.18095.exe	Get hash	malicious	Unknown	Browse	185.103.232.54
	winaudio.exe	Get hash	malicious	Unknown	Browse	185.103.232.54
	l.out.elf	Get hash	malicious	Unknown	Browse	185.103.232.54
	RT.msi	Get hash	malicious	Unknown	Browse	185.103.232.54
	Ac372JNTO6.exe	Get hash	malicious	Amadey	Browse	185.103.232.54
	6v8QbANftP.exe	Get hash	malicious	Unknown	Browse	185.103.232.54
	6v8QbANftP.exe	Get hash	malicious	Unknown	Browse	185.103.232.54
	spjYwLgrAT.exe	Get hash	malicious	Unknown	Browse	185.103.232.54
	spjYwLgrAT.exe	Get hash	malicious	Unknown	Browse	185.103.232.54

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	78336
Entropy (8bit):	5.474765970608447
Encrypted:	false
SSDEEP:	1536:u1pVuJIeQz/JwSSwypB6Noi718+EHAch2FC391V1yM86xaJ:u1psfQO2Noi718+EHAch2qt8/J
MD5:	1B1C19A94F42ED4C3DB298959F5217F6
SHA1:	B1FDF86E9F5FB42ABF238731834FF1434ED51931
SHA-256:	DFCA749D5D86F738157252E55CC07498CAD4F1843055975E71DB1DB4A55EF5C9
SHA-512:	59684C039A8D2299F399753F8462BDCCCC3A48548D0F49E3FC3389EDE3F3974B3860A31D79E9558BA1AC2BE3E53EB8E0F8010EBCD5733A0E82397F5292047E8B
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 3%
Reputation:	low
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....de...........!..............................@.......................................@.......................... ..r.......n....P.......................@..H...............................................................$....................text.............................. ..`.itext.............................. ..`.data...H...........................@....bss.....5...............................idata..n...........................@....didata.$...........................@....edata..r.... ......................@..@.rdata..E....0......................@..@.reloc..H....@......................@..B.rsrc........P......................@..@.....................2..............@..@........................................................

C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	23539712
Entropy (8bit):	6.598924019980046
Encrypted:	false
SSDEEP:	393216:XQXzlByn9XASOXB1Bk3u+GHBSAhr4GwJfwh7M1tn12f1EyxzBtOLDcVo3NOdCMlp:Sona98/G2Nwh7M1tn12qSbkqH
MD5:	8571B58DF1EC066D088F17BABBC2A009
SHA1:	5E490DEBADE3F22EB714782D079BC2C3B2ABA8DC
SHA-256:	FEEA8162475A13FEE180883DB69A227127CBAF5D2F2A5E3BDDCE78C7CBD8E90D
SHA-512:	A0999FF51B35CCCE4121C1D6868416855AC50CFE2754342272E11A5AB35399D8FCB55BAA21811F32198B61CDDEC1D386A26151B93AAD648BE99EF2FD61DF9AED
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...M..f.....................4].....h.............@...........................i.......h...@......@................... ..........Vp....$...E..................P...............................@..........................p.......J....................text... n.......p.................. ..`.itext...............t.............. ..`.data...@...........................@....bss.....................................idata..Vp.......r...~..............@....didata.J...........................@....edata....... ......................@..@.tls....\....0...........................rdata..]....@......................@..@.reloc.......P......................@..B.rsrc.....E...$...E...!.............@..@..............Z......2X.............@..@................

C:\Program Files (x86)\SISTEMA 2.1.1\Data\Projects.dat (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	Zip archive data, at least v2.0 to extract, compression method=store
Category:	dropped
Size (bytes):	110478
Entropy (8bit):	7.971115364593538
Encrypted:	false
SSDEEP:	3072:mrlbTQm3A+nYRAUQTF02YRAU8o3EYRAUTUhXjkj:m5Ql+ntUQK2tUh3EtUTUhXjw
MD5:	6AF0020CB16796BD8B5C002BA4D9F22B
SHA1:	EDBC51ECFD876F2228466BB47658383FD4B5B638
SHA-256:	F4F4E37423D65249848476B453D987AF47ECE819542DBBB82F088ECCE9C1E13A
SHA-512:	62E5645273291C3DBEFAD0639895ECAFC111A50B33C8794144B21C45AE71F0938DAE024DB5E2CE0379A87635741CFCEC2730E3A0F57671D5DB331CDD6F1808D2
Malicious:	false
Preview:	PK.........`fW................de/PK.........`fW............9...de/pld_kat3_trennende_schutzeinrichtung_mit_verriegelung/PK........%`fW............C...de/pld_kat3_trennende_schutzeinrichtung_mit_verriegelung/dokumente/PK........%`fW.?..0...H..T...de/pld_kat3_trennende_schutzeinrichtung_mit_verriegelung/dokumente/Blockdiagramm.pdf.\.XSA.....E.Q.......].HSA.....HH.B.0......h..<E.....(.........{..=..w.n...ov.......q....Z.+..cGu. .......E.. -}.DB.o....FZ".xuM....G. .X,.....v...."."...8..ZC.EOO.H..P...(..a.D/H..".Z,hH0. .K4.V.'.........HC.Q.?..?....?..Q.?.j?..4.G.:J.....Ei.LSS.yl......_.1P..r.-.......H.a...E.P....Hs.....P5v.1......1.x.#.....n.611.@..Q.F8.=...&....@.....F&......!V...a...........B..o.hbc.../....."....#M}ITb .D......O"...FAQ.n.E.i...Q....(.>..@.....8`.hn;:.\y.....S.G./.........}..Lx..Y..c.m..Z.D.O...W/..qZ..IG......r.T.r.A~(..$.>.qKzZ...O......m;....P......FP...=.`Ip'...hv../a..R..)a.(...E!p....1.H..B.Q.T.....<G....DAzx..~..D...T.\Ri^.o....}/....

C:\Program Files (x86)\SISTEMA 2.1.1\Data\Report.dat (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	data
Category:	dropped
Size (bytes):	14690386
Entropy (8bit):	1.4634484533428789
Encrypted:	false
SSDEEP:	6144:JVdDfYbIcp9PtzsRbdE+DhrRVu6/nk0cbKIarcTx6NN6ZML7WUn77LZxZx26mgVe:Wb9p9PNCb/DhNoIn1ZxZo6FVif
MD5:	12D3E4DC1CFDA9218738ACE6FC11D3C0
SHA1:	297342E9D4861499E882AC2E279E12942D357ECA
SHA-256:	E98EAFF84802891738D11AA893B3ACAD23F0421A1362757F597DF5F6B6F0864A
SHA-512:	0932C12A2F87BD62C8AB70857E82C5C581449FE57BCF06DBEE223BAB96B2105A97B54317EA5208AD122D35697562406E769965C12D6E76EDCCD2C6EC88A0A460
Malicious:	false
Preview:	RAV.`[.....SYSTEM......SYSTEM.......J.c9.@..................................................................................................................................................................................................TClass.........Value.......7..-.....!.....!=.....%.....&..........=...../...../=.....:=.....\|.....+.....+=.....<.....<-.....<<.....<=.....<>.....=.....-=.....==.....>.....->.....>=.....>>.....AND.....AS.....BOOLEAN....BYTE....CHAR....CURRENCY....DIV.....DOUBLE....EXTENDED....FALSE......INTEGER....IS.....MOD.....NOT.....NUL........?v...OR.....ORD......POINTER....SHL.....SHORTINT....SHR.....SINGLE....SMALLINT....STRING....TCLASS....TRUE......U-.....U+.....WORD....XOR......@......SysFunc......SysFunc.......J.c9.@..SYSTEM6........S1...............I1...............S1...............S1......Default...............S1...............E1...............S1......Index......Count...............S1......Index......Count...............Source......S1......Index............

C:\Program Files (x86)\SISTEMA 2.1.1\Data\is-RG9TP.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	data
Category:	dropped
Size (bytes):	14690386
Entropy (8bit):	1.4634484533428789
Encrypted:	false
SSDEEP:	6144:JVdDfYbIcp9PtzsRbdE+DhrRVu6/nk0cbKIarcTx6NN6ZML7WUn77LZxZx26mgVe:Wb9p9PNCb/DhNoIn1ZxZo6FVif
MD5:	12D3E4DC1CFDA9218738ACE6FC11D3C0
SHA1:	297342E9D4861499E882AC2E279E12942D357ECA
SHA-256:	E98EAFF84802891738D11AA893B3ACAD23F0421A1362757F597DF5F6B6F0864A
SHA-512:	0932C12A2F87BD62C8AB70857E82C5C581449FE57BCF06DBEE223BAB96B2105A97B54317EA5208AD122D35697562406E769965C12D6E76EDCCD2C6EC88A0A460
Malicious:	false
Preview:	RAV.`[.....SYSTEM......SYSTEM.......J.c9.@..................................................................................................................................................................................................TClass.........Value.......7..-.....!.....!=.....%.....&..........=...../...../=.....:=.....\|.....+.....+=.....<.....<-.....<<.....<=.....<>.....=.....-=.....==.....>.....->.....>=.....>>.....AND.....AS.....BOOLEAN....BYTE....CHAR....CURRENCY....DIV.....DOUBLE....EXTENDED....FALSE......INTEGER....IS.....MOD.....NOT.....NUL........?v...OR.....ORD......POINTER....SHL.....SHORTINT....SHR.....SINGLE....SMALLINT....STRING....TCLASS....TRUE......U-.....U+.....WORD....XOR......@......SysFunc......SysFunc.......J.c9.@..SYSTEM6........S1...............I1...............S1...............S1......Default...............S1...............E1...............S1......Index......Count...............S1......Index......Count...............Source......S1......Index............

C:\Program Files (x86)\SISTEMA 2.1.1\Data\is-RJJR3.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	Zip archive data, at least v2.0 to extract, compression method=store
Category:	dropped
Size (bytes):	110478
Entropy (8bit):	7.971115364593538
Encrypted:	false
SSDEEP:	3072:mrlbTQm3A+nYRAUQTF02YRAU8o3EYRAUTUhXjkj:m5Ql+ntUQK2tUh3EtUTUhXjw
MD5:	6AF0020CB16796BD8B5C002BA4D9F22B
SHA1:	EDBC51ECFD876F2228466BB47658383FD4B5B638
SHA-256:	F4F4E37423D65249848476B453D987AF47ECE819542DBBB82F088ECCE9C1E13A
SHA-512:	62E5645273291C3DBEFAD0639895ECAFC111A50B33C8794144B21C45AE71F0938DAE024DB5E2CE0379A87635741CFCEC2730E3A0F57671D5DB331CDD6F1808D2
Malicious:	false
Preview:	PK.........`fW................de/PK.........`fW............9...de/pld_kat3_trennende_schutzeinrichtung_mit_verriegelung/PK........%`fW............C...de/pld_kat3_trennende_schutzeinrichtung_mit_verriegelung/dokumente/PK........%`fW.?..0...H..T...de/pld_kat3_trennende_schutzeinrichtung_mit_verriegelung/dokumente/Blockdiagramm.pdf.\.XSA.....E.Q.......].HSA.....HH.B.0......h..<E.....(.........{..=..w.n...ov.......q....Z.+..cGu. .......E.. -}.DB.o....FZ".xuM....G. .X,.....v...."."...8..ZC.EOO.H..P...(..a.D/H..".Z,hH0. .K4.V.'.........HC.Q.?..?....?..Q.?.j?..4.G.:J.....Ei.LSS.yl......_.1P..r.-.......H.a...E.P....Hs.....P5v.1......1.x.#.....n.611.@..Q.F8.=...&....@.....F&......!V...a...........B..o.hbc.../....."....#M}ITb .D......O"...FAQ.n.E.i...Q....(.>..@.....8`.hn;:.\y.....S.G./.........}..Lx..Y..c.m..Z.D.O...W/..qZ..IG......r.T.r.A~(..$.>.qKzZ...O......m;....P......FP...=.`Ip'...hv../a..R..)a.(...E!p....1.H..B.Q.T.....<G....DAzx..~..D...T.\Ri^.o....}/....

C:\Program Files (x86)\SISTEMA 2.1.1\HelpFormat.css (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	2025
Entropy (8bit):	5.261503994925398
Encrypted:	false
SSDEEP:	48:PC5T53YICFK/9RY6i29tS8o7WjwDt1fnjRYm7rdOXOU22JEY:4t2Fobi2DnGr1fnjRYmc+UVJEY
MD5:	62DA34DA202A65070BBB839177F2A52E
SHA1:	55CDF43232E74A36D01E7E76D5AF15AF7692D51F
SHA-256:	DB0AD3BCD7855BAF24C428930F526EA23B63E26FD973FE0D967EE21B4E91A52E
SHA-512:	99C33887953E59FFED88704E80585071363D12BB33791B0CDDD26D8CA2BA08A8180221852E333E63F78DEE6AD3971059DC17B46E994B37C6EFB630780CE2C68B
Malicious:	false
Preview:	/* DATEI: selfhtml.css /..../..body { style:"background-image:url(Resources/bgialogo.jpg); background-repeat:no-repeat" }../../..body { background-image:url("../Resources/bg.jpg");.. background-attachment:fixed;.. background-repeat:no-repeat; }../../..body { background:"../Resources/bg.jpg" }..*/....h1,h2,h3,h4,p,ul,ol,li,div,td,th,address,blockquote,nobr,b,i {.. font-family:Arial,sans-serif; }....h1 { font-size:18px; color:red; margin-bottom:18px; border-bottom:solid thin black; }....h2 { font-size:14px; margin-bottom:18px; }....h2.sh2 { font-size:10px; }....h3,h3.xmp,h3.xpl,h3.inf,h3.tip,h3.akt { font-size:12px; }....h4 { font-size:12px; }....p,ul,ol,li,div,td,th,address,blockquote { font-size:12px; }....ul { margin-left:0px; padding-left:20px; list-style-image:url("../Resources/BG_Logo_s.gif"); }....li { margin-top:3px; }....table { width:100%; border:1px solid #000; border-spacing:2px border-color:#000000; background-color:#FFFFD0; }....pre { font-family:Courier N

C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	6236160
Entropy (8bit):	6.693747866734302
Encrypted:	false
SSDEEP:	98304:wZk0YUgSrG9bInsR24IuPStFWot0ziPgZ12s+PegRHlUtP+/nYN:wu+g59b8sRLYiziPgZ123EtjN
MD5:	ABF7C0D74DFCD9C378A5F27FD20B18BD
SHA1:	DB8E3706BB303D7A07F73024AA3D560D7CA9C85F
SHA-256:	0992699B3B0C7B63A23635CAA51A73C65D71397ACD78778E4EBF7B9088E1921E
SHA-512:	24749394EAC5C92BF49D6B7996D2F753151D7E612B4F81072605DF65C79CAA00CA117C50724E3B0E996E8FB5E95D9CC53BDBE5DAC5503600C817E1D85248045E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L......f..................O.. ........O...... O...@...........................`......._...@......@...................pQ.......Q..^....W..>....................Q../............................Q.....................H.Q......`Q......................text.....N.......N................. ..`.itext...`....N..`....N............. ..`.data....=... O..>....O.............@....bss....h....`P..........................idata...^....Q..`...FP.............@....didata......`Q.......P.............@....edata.......pQ.......P.............@..@.tls....\.....Q..........................rdata..].....Q.......P.............@..@.reloc.../....Q..0....P.............@..B.rsrc....>....W..@....V.............@..@..............[.......Z.............@..@................

C:\Program Files (x86)\SISTEMA 2.1.1\Language\Lang_DE.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	153088
Entropy (8bit):	4.635727331210096
Encrypted:	false
SSDEEP:	3072:Nc1psfQO6Ih/Ac0AsnLSZdRlc02YzUwP9Ab+kL3keCpLzjbMtcwYjQ0bzp:+1psfQ9Ihzj
MD5:	9669F8D6509D8C740C896B387B599644
SHA1:	F5C7FF1556BB89231562A791F01595DD3569D762
SHA-256:	9BC1D93250304918E38E1BD22A0A99C16C47558DADF8180EBAC662095D434A29
SHA-512:	DDC25DDFEDFBCB323A0AF461EA9DCD8547F10E39CE79A71610038E81E0E70DFC4F4DE1A9FECD58BD544299B5EBD20AE8ECCE692C1EEDFC22170EB623417CEC93
Malicious:	false
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....I'f...........!..............................@.......................................@.......................... ..p.......n....P.......................@..H...............................................................$....................text.............................. ..`.itext.............................. ..`.data...H...........................@....bss.....5...............................idata..n...........................@....didata.$...........................@....edata..p.... ......................@..@.rdata..E....0......................@..@.reloc..H....@......................@..B.rsrc........P......................@..@.....................V..............@..@........................................................

C:\Program Files (x86)\SISTEMA 2.1.1\Language\Lang_DE.lng (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	Generic INItialization configuration [TFormItemViewer]
Category:	dropped
Size (bytes):	42226
Entropy (8bit):	5.299257324025842
Encrypted:	false
SSDEEP:	768:T/HpQqZ2zrYf2Vs0APTqk8PZ+LlwkThSTlj4mT1CjNfka5Cc:+a2zAqs0iTz8B+Cj4mT1CRfka5t
MD5:	19240896C5D16442F283A2D52621BDA0
SHA1:	7C15493C5FD6893523C2B37F08AEA78B3A30EEC5
SHA-256:	EB0A09471B55CB56A1F1838F51EA8CF136DAD7DFD3585A5AF1F369D1566681EC
SHA-512:	AB4E168B2B75D4FBD78694EE748A2933000AC28D854760D0019DABAF223B2E1C2EF326F78FB0A4D5A81FD1E998AF0C4696CF0370C5E5B7DBA67CA94BF928A3A2
Malicious:	false
Preview:	[MetaData]..LngName=Deutsch..SSMVersion=2.0.0..LngOffset=0....[TFormItemViewer]..aAdd.Caption=Neu..aDel.Caption=L.schen..aCut.Caption=Ausschneiden..aCopy.Caption=Kopieren..aPaste.Caption=Einf.gen..aMoveHere.Caption=Hierher verschieben..aCopyHere.Caption=Hierher kopieren..aCancelPopup.Caption=Abbrechen..aExpandAll.Caption=Alle Aufklappen..aExpand.Caption=Aufklappen..aCollapseSection.Caption=Einklappen..aUp.Caption=Eins nach oben..aMoveDown.Caption=Eins nach unten verschieben..aMoveUp.Caption=Eins nach oben verschieben..aVDMAManager.Caption=Aus VDMA Bibliothek laden.....aEditVDMA.Caption=VDMA Bibliothek..aHelp.Caption=Hilfe..aViewContext.Caption=Kontext..aViewHint.Caption=Meldungen..aRefresh.Caption=Aktualisieren..aWhatsThis.Caption=Was ist das?..aShowSearch.Caption=Suchen..aShowSearch.Hint=Zeige Sucheingabe..aShowFilter.Caption=Filtern..aShowFilter.Hint=Zeige Filtereingabe..aPrintTree.Caption=Baumansicht drucken.....aSortAZ.Caption=Sortieren A-Z..aSortZA.Caption=Sortieren Z-A..aManufa

C:\Program Files (x86)\SISTEMA 2.1.1\Language\Lang_EN.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	142336
Entropy (8bit):	4.688491770433137
Encrypted:	false
SSDEEP:	1536:F1pVuJIeQz/JwSSwyp79IvX2+q+ZpbtkLu4Qldtf9mkYGlEUAVRe5gb:F1psfQOgO+VTtf0wlEUAVReqb
MD5:	C962723BF2604971328547253EF810CA
SHA1:	38D9A399F6E777D61355DE4D58FAD740967F1098
SHA-256:	47E8520B05FE99A33EF1FABED78037216D2FF108E8D9ADBC20230DBE39EACD1E
SHA-512:	F2A40606DF9C3102A086E45E58CDACE652C18FA361E03EC2BE1B3074596479EC02A63FFD297048632BC8AD545F2B0C25347F0E67ACFDB7F4C85EB5AC21268CAD
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 3%
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....I'f...........!..............................@.......................................@.......................... ..p.......n....P...z...................@..H...............................................................$....................text.............................. ..`.itext.............................. ..`.data...H...........................@....bss.....5...............................idata..n...........................@....didata.$...........................@....edata..p.... ......................@..@.rdata..E....0......................@..@.reloc..H....@......................@..B.rsrc....z...P...z..................@..@.....................,..............@..@........................................................

C:\Program Files (x86)\SISTEMA 2.1.1\Language\Lang_EN.lng (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	Generic INItialization configuration [TFormItemViewer]
Category:	dropped
Size (bytes):	39378
Entropy (8bit):	5.234820236879193
Encrypted:	false
SSDEEP:	768:tMHOOpP0owI1RJ64OS5Bn80G+HL41+9O6sXNpBSs2yDsBgb:rOZ0TyJ6bS5Bn8b+HL99O6s9pBSs2yDn
MD5:	EABD9313A2243A09E04B5F9E1AD6CEF6
SHA1:	949063514CB704F761007DD0D84157925FE1D3C3
SHA-256:	10481DE91CF532FD75866AA2E6E5A9940A11951747CABF5CD6CBBA71DDB2F4FF
SHA-512:	1E484A35145CD77C72FCDB5528AAC02A78F134C74294BCBA00552656F9EBE3FEEE87F6733F80051AAB0068780EA42DDA19BC77D6B81A9316200F1D94D6006EE5
Malicious:	false
Preview:	[MetaData]..LngName=English..SSMVersion=2.0.0..LngOffset=1000....[TFormItemViewer]..aAdd.Caption=New..aDel.Caption=Delete..aCut.Caption=Cut..aCopy.Caption=Copy..aPaste.Caption=Paste..aMoveHere.Caption=Move Here..aCopyHere.Caption=Copy Here..aCancelPopup.Caption=Cancel..aExpandAll.Caption=Expand All..aExpand.Caption=Expand..aCollapseSection.Caption=Collapse..aUp.Caption=One Up..aMoveDown.Caption=Move One Down..aMoveUp.Caption=Move One Up..aVDMAManager.Caption=Load from VDMA Library.....aEditVDMA.Caption=VDMA Library..aHelp.Caption=Help..aViewContext.Caption=Context..aViewHint.Caption=Messages..aRefresh.Caption=Refresh ..aWhatsThis.Caption=What's This?..aShowSearch.Caption=Search..aShowSearch.Hint=Show Search input..aShowFilter.Caption=Filter..aShowFilter.Hint=Show Filter input..aPrintTree.Caption=Print Tree View...aSortAZ.Caption=Sort A-Z..aSortZA.Caption=Sort Z-A..aManufacturerLibs.Caption=Manufacturer Libraries..MMFile.Caption=File..MMEdit.Caption=Edit..MMView.Caption=View..MMHelp.

C:\Program Files (x86)\SISTEMA 2.1.1\Language\Lang_ES.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	151552
Entropy (8bit):	4.609765889625688
Encrypted:	false
SSDEEP:	1536:G1pVuJIeQz/JwSSwypk9r/M7ZGTd45qdtT5F067mo37yAvi:G1psfQOKEoT7vF06ixA
MD5:	C554CA1A2D5EC361E40DAD243C13D8A7
SHA1:	79AC80564B590B73FF2A92C80D92A7FD353090E9
SHA-256:	ED1A5BFE01F121E2308080B84BE800A7E6B2D993F057D5D39B543344F6609482
SHA-512:	3682D973296CDE6E26C7FD151F8C6A977125A18B7F212E9F96DC3B4692E1C30380D120E9C0012361C71D13899FEA66BC22438CAAA4030BE569623D09F31A7988
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 3%
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....I'f...........!..............................@.......................................@.......................... ..p.......n....P.......................@..H...............................................................$....................text.............................. ..`.itext.............................. ..`.data...H...........................@....bss.....5...............................idata..n...........................@....didata.$...........................@....edata..p.... ......................@..@.rdata..E....0......................@..@.reloc..H....@......................@..B.rsrc........P......................@..@.....................P..............@..@........................................................

C:\Program Files (x86)\SISTEMA 2.1.1\Language\Lang_ES.lng (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	Generic INItialization configuration [TFormItemViewer]
Category:	dropped
Size (bytes):	42774
Entropy (8bit):	5.22048571583146
Encrypted:	false
SSDEEP:	768:7snVcEcdLPlFp9CyzihtSKVU11W7vJUuLTwu69He9I8khV:7syEGrplrv147v5LTw9+9I8khV
MD5:	7D332EC83516E02751A2AED9ABD4E6BC
SHA1:	272A513DB78DA8560CF6BA644F1DF4D80F102C06
SHA-256:	3C2B25C6D7C2654C4A183B89212132F617D5333F3C97C8FB9C52D2F545D83108
SHA-512:	7980C01C02B3FEADD6E2ECFE725E6F07B162624C5EC169DB53C805A97971D887D41EDD9B16A1682E8C3AFC5E85DE1A9A2D731364F305F8CD59CDC14C8E5B0537
Malicious:	false
Preview:	[MetaData]..LngName=Espa.ol..SSMVersion=2.0.0..LngOffset=2000....[TFormItemViewer]..aAdd.Caption=Nuevo..aDel.Caption=Borrar..aCut.Caption=Recortar..aCopy.Caption=Copiar..aPaste.Caption=Pegar..aMoveHere.Caption=Mover aqu...aCopyHere.Caption=Copiar aqu...aCancelPopup.Caption=Cancelar..aExpandAll.Caption=Expandir todo..aExpand.Caption=Expandir..aCollapseSection.Caption=Recoger..aUp.Caption=Subir uno..aMoveDown.Caption=Bajar una posici.n..aMoveUp.Caption=Subir una posici.n..aVDMAManager.Caption=Cargar de Biblioteca VDMA .....aEditVDMA.Caption=Biblioteca VDMA..aHelp.Caption=Ayuda..aViewContext.Caption=Contexto..aViewHint.Caption=Mensajes..aRefresh.Caption=Actualizar..aWhatsThis.Caption=.Que es esto?..aShowSearch.Caption=Buscar..aShowSearch.Hint=Mostrar Buscar entrada..aShowFilter.Caption=Filtro..aShowFilter.Hint=Mostrar filtro de entrada..aPrintTree.Caption=Imprimir vista de .rbol...aSortAZ.Caption=Clasificar de A-Z..aSortZA.Caption=Clasificar de Z-A..aManufacturerLibs.Caption=Libr

C:\Program Files (x86)\SISTEMA 2.1.1\Language\Lang_FI.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	144896
Entropy (8bit):	4.666433804763145
Encrypted:	false
SSDEEP:	3072:g1psfQOFr1Jw+H1hCHPPgcRJUQl0pSH4n30O/ukjGU8yuIgZOtS3mYNFsc7s:g1psfQ0YO9t8m
MD5:	91DF682C8354FFB9AC9F11B3D3E680BF
SHA1:	E864338157175632C1698DE07127CBB506D95C3C
SHA-256:	0EE5E8DE7F7FDAFA6F6F51CD1F8CC1121BCEB7047D855B394249D606A5629F5A
SHA-512:	C0D1B4E5586538508BFA380CBA4A6D2464046060DFDB8863DA9A0F03A802F6436F569A7A19FFC905CEFF81ABB388ECD0593533B3EB91C44D6BB199B192396908
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 3%
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....I'f...........!..............................@.......................................@.......................... ..p.......n....P.......................@..H...............................................................$....................text.............................. ..`.itext.............................. ..`.data...H...........................@....bss.....5...............................idata..n...........................@....didata.$...........................@....edata..p.... ......................@..@.rdata..E....0......................@..@.reloc..H....@......................@..B.rsrc........P......................@..@.....................6..............@..@........................................................

C:\Program Files (x86)\SISTEMA 2.1.1\Language\Lang_FI.lng (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	Generic INItialization configuration [TFormItemViewer]
Category:	dropped
Size (bytes):	42095
Entropy (8bit):	5.262830071090588
Encrypted:	false
SSDEEP:	768:886M2JtehLDtetWJxIouNTuFP8o5fbG492w5sJx8bzPf:tmteiO6odh5fbGW21Jx8bzn
MD5:	D0590417D08764A21677E94226ACEC7E
SHA1:	00DF51BC57A1B3B942B0B941076878D31544365D
SHA-256:	074BE78B26EB1A17AF9775CE0DD5E6820773336644FBFD02AB0AAA8C0E3FD310
SHA-512:	DB4C08B73663A3D9D536FAEFD69600C3BE29DEB3730004E8A23C824FDA9771A8D8558E157EC240F6C66F448FB3C23DED33E7F063C3CFFDA2B9E32E4663A4CE4F
Malicious:	false
Preview:	[MetaData]..LngName=Suomi..SSMVersion=2.0.0..LngOffset=3000....[TFormItemViewer]..aAdd.Caption=Uusi..aDel.Caption=Poista..aCut.Caption=Leikkaa..aCopy.Caption=Kopioi..aPaste.Caption=Liit...aMoveHere.Caption=Siirr. t.h.n..aCopyHere.Caption=Kopioi t.h.n..aCancelPopup.Caption=Peruuta..aExpandAll.Caption=Laajenna kaikki..aExpand.Caption=Laajennus..aCollapseSection.Caption=Tiivistys..aUp.Caption=Yksi yl.sp.in..aMoveDown.Caption=Siirr. yksi askel alasp.in..aMoveUp.Caption=Siirr. yksi askel yl.sp.in..aVDMAManager.Caption=Lataus VDMA kirjastosta...aEditVDMA.Caption=VDMA Kirjasto..aHelp.Caption=Ohje..aViewContext.Caption=Asiayhteys..aViewHint.Caption=Viestit..aRefresh.Caption=P.ivitys..aWhatsThis.Caption=Mik. t.m. on?..aShowSearch.Caption=Etsi..aShowSearch.Hint=N.yt. etsinn.n sy.tt.tiedot..aShowFilter.Caption=Suodatus..aShowFilter.Hint=N.yt. suodatuksen sy.tt.tiedot..aPrintTree.Caption=Puukaavion tulostus...aSortAZ.Caption=Lajittelu A-Z..aSortZA.Caption=Lajittelu Z-

C:\Program Files (x86)\SISTEMA 2.1.1\Language\Lang_FR.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	153600
Entropy (8bit):	4.612483963238543
Encrypted:	false
SSDEEP:	1536:b1pVuJIeQz/JwSSwypo1H5E820nrC1RGy3dt8B69cA:b1psfQOH820nrCay3dusuA
MD5:	9A7D10DAE12255298CBD9940164D7ED3
SHA1:	CD1061982F41803167B02A017CAC54AB34446CC3
SHA-256:	B6C447E4D950EE72AED9F895F1C19A4A38EE872B1DA2DE589A2300A8808BCB69
SHA-512:	A6ACC4BFD8878D76903B237B3D838587D3DB2F3EA1BECCE5F810FA8E5FF7562B65B010181A407291737807CB0F57BC4AB5F716453EABE60DC0332E0A263A0000
Malicious:	false
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....I'f...........!..............................@.......................................@.......................... ..p.......n....P.......................@..H...............................................................$....................text.............................. ..`.itext.............................. ..`.data...H...........................@....bss.....5...............................idata..n...........................@....didata.$...........................@....edata..p.... ......................@..@.rdata..E....0......................@..@.reloc..H....@......................@..B.rsrc........P......................@..@.....................X..............@..@........................................................

C:\Program Files (x86)\SISTEMA 2.1.1\Language\Lang_FR.lng (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	Generic INItialization configuration [TFormItemViewer]
Category:	dropped
Size (bytes):	43532
Entropy (8bit):	5.281636868669134
Encrypted:	false
SSDEEP:	768:Iryzzku7+XJJQfwouJ8YHWIfrzAU9gi334CgiL+RVossauWgFFve/OxSblu2Y+4o:IMzkw0JuwZOYHWIXaRVossauWgFFve/h
MD5:	4B2C9BC8455D4681CD38BDB2E0728421
SHA1:	0275A36B370DDB15117900249E036F181CF10F8F
SHA-256:	4C166B565ADFA991E8F1D18753D5C4D6CB4EC7FC8839C2901070920311BBA575
SHA-512:	0AB308AD6FEC5B680ADC5EA957D8C6A4A1086437A3AC43B91EE67C0E859EBD38938354E065714FEEE0FF673F533B70D8D8AF4CB2F07026AC48376EE8BA15ACEC
Malicious:	false
Preview:	[MetaData]..LngName=Francais..SSMVersion=2.0.0..LngOffset=4000....[TFormItemViewer]..aAdd.Caption=Nouveau..aDel.Caption=Effacer..aCut.Caption=Couper..aCopy.Caption=Copier..aPaste.Caption=Coller..aMoveHere.Caption=D.placer ici..aCopyHere.Caption=Copier ici..aCancelPopup.Caption=Annuler..aExpandAll.Caption=Etendre tout..aExpand.Caption=Etendre..aCollapseSection.Caption=R.duire..aUp.Caption=Vers le Haut..aMoveDown.Caption=D.placer en bas..aMoveUp.Caption=D.placer en haut..aVDMAManager.Caption=Charger depuis biblioth.que VDMA...aEditVDMA.Caption=Biblioth.que VDMA..aHelp.Caption=Aide..aViewContext.Caption=Contexte..aViewHint.Caption=Messages..aRefresh.Caption=Actualiser..aWhatsThis.Caption=C'est Quoi?..aShowSearch.Caption=Chercher..aShowSearch.Hint=Afficher recherche entr.e..aShowFilter.Caption=Filtre..aShowFilter.Hint=Afficher filtre entr.e..aPrintTree.Caption=Imprimer arborescence...aSortAZ.Caption=Trier A-Z..aSortZA.Caption=Trier Z-A..aManufacturerLibs.Caption=Biblioth.ques

C:\Program Files (x86)\SISTEMA 2.1.1\Language\Lang_IT.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	152576
Entropy (8bit):	4.586359883526194
Encrypted:	false
SSDEEP:	1536:X1pVuJIeQz/JwSSwypV1znQRZPoiOiBbbo9VOAR:X1psfQOVQRZPoE5o9VOA
MD5:	EAE7C468A43BD8FF0398153617C916D3
SHA1:	2D7BA7DCEFBA8CE68F74444F835ACC991686A61A
SHA-256:	AC1B4B86E14882EA3C733FE9ABF81C534950319BB70301C5389D7AD024A03CB2
SHA-512:	B697FFAC86FE373FC16FB185AC7B38B4C7FA94EE624ABFF698B6D8FD2F49F48E2E3FFCBD0C9476E8940B23A1A0B83011C49889FD432B90965EE98EC04C9CE744
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 3%
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....I'f...........!..............................@.......................................@.......................... ..p.......n....P.......................@..H...............................................................$....................text.............................. ..`.itext.............................. ..`.data...H...........................@....bss.....5...............................idata..n...........................@....didata.$...........................@....edata..p.... ......................@..@.rdata..E....0......................@..@.reloc..H....@......................@..B.rsrc........P......................@..@.....................T..............@..@........................................................

C:\Program Files (x86)\SISTEMA 2.1.1\Language\Lang_IT.lng (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	Generic INItialization configuration [TFormItemViewer]
Category:	dropped
Size (bytes):	42478
Entropy (8bit):	5.165501562168878
Encrypted:	false
SSDEEP:	768:vBKJ3YKeJDJWavix+vnCmPmloahETR/7EXgWvSjOTaObEOMa82B:wJ3YK64aax+vnNPmloah0R/7+gWvSjOB
MD5:	2B59E467D1C085936FF57FB3774C99AE
SHA1:	03977546DA467B1E2C23F7D89700E38E8AF63BF5
SHA-256:	577543D367CD90BD7CB0D2CAC08CA2A0FC8D4F699D1F6534D7F281D3816934FF
SHA-512:	60E709F7B3B5F847D22FC172CDEF3157EA3EF3E5DACDA7ACDC3D4B9CF8AF38CB97D57B9A4895CE3523470236B313C593D40D0B8CECBBC165DAEFA273B9CE92BE
Malicious:	false
Preview:	[MetaData]..LngName=Italiano..SSMVersion=2.0.0..LngOffset=5000....[TFormItemViewer]..aAdd.Caption=Nuovo..aDel.Caption=Cancella..aCut.Caption=Taglia..aCopy.Caption=Copia ..aPaste.Caption=Incolla..aMoveHere.Caption=Sposta Qui..aCopyHere.Caption=Copia Qui..aCancelPopup.Caption=Annulla..aExpandAll.Caption=Espandi tutto..aExpand.Caption=Espandi ..aCollapseSection.Caption=Riduci..aUp.Caption=In alto di uno..aMoveDown.Caption=Sposta Sotto di uno..aMoveUp.Caption=Sposta Sopra di uno..aVDMAManager.Caption=Carica dalla libreria VDMA.....aEditVDMA.Caption=Libreria VDMA ..aHelp.Caption=Help..aViewContext.Caption=Contesto..aViewHint.Caption=Messaggi..aRefresh.Caption=Aggiorna..aWhatsThis.Caption=Di cosa si tratta?..aShowSearch.Caption=Cercare..aShowSearch.Hint=Visualizza la ricerca..aShowFilter.Caption=Filtro..aShowFilter.Hint=Mostra filtro in ingresso..aPrintTree.Caption=Stampa la struttura ad albero..aSortAZ.Caption=Ordine A-Z..aSortZA.Caption=Ordine Z-A..aManufacturerLibs.Caption=Librerie dei co

C:\Program Files (x86)\SISTEMA 2.1.1\Language\Lang_JP.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	101376
Entropy (8bit):	5.96657169978017
Encrypted:	false
SSDEEP:	1536:Z1pVuJIeQz/JwSSwypi1Ln7+qmywlv1ShzVqJZXbD:Z1psfQO6AyivIVqJZX
MD5:	259D796747382F3ADD039022E4093484
SHA1:	AF1ABDD8C3F4509AA53F222B1C23BF7BEFAA54FD
SHA-256:	263A18E8FF9CD3EC018F073578EE5C555E1ED36A2B9378D720D2CA90D2AC158C
SHA-512:	D312989070231DA89A50BDF36539C3D624AFC702CC93EDB542419A38E1700F300C099CA3C0A7796E0DCDD22B1C3340881605922979CD2F69A1167DF517AABFF1
Malicious:	false
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....I'f...........!..............................@..........................0............@.......................... ..p.......n....P.......................@..H...............................................................$....................text.............................. ..`.itext.............................. ..`.data...H...........................@....bss.....5...............................idata..n...........................@....didata.$...........................@....edata..p.... ......................@..@.rdata..E....0......................@..@.reloc..H....@......................@..B.rsrc........P......................@..@.............0......................@..@........................................................

C:\Program Files (x86)\SISTEMA 2.1.1\Language\Lang_JP.lng (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	Generic INItialization configuration [TFormItemViewer]
Category:	dropped
Size (bytes):	43480
Entropy (8bit):	6.138673202592016
Encrypted:	false
SSDEEP:	768:/ZOF9CshMuWoJ+dSyTbk86WCZFPoGeJ1SjcouPIKvew:UF9zMuGdSYQrHFPveJ1SjcouPIKvH
MD5:	46E7ED5683ACAD39AD7BC07DC236D1C5
SHA1:	4DF7AD339302D5559815F66545819C22B5068745
SHA-256:	663EC3DBD76D5795E6713FFF09DA9426019A921822AAAA08ADCA343EC3C82145
SHA-512:	A0C7A017F6ED91BA7584B8BF437841520D46C6C30D47213DC058808ACCF8FEA89A880B31D3475527FF3E37BBC228D01B240D3EDA3B38BF9A524762E7E9062E2B
Malicious:	false
Preview:	[MetaData]..LngName=Japanese..SSMVersion=2.0.0..LngOffset=6000....[TFormItemViewer]..aAdd.Caption=......aDel.Caption=....aCut.Caption=......aCopy.Caption=.....aPaste.Caption=......aMoveHere.Caption=.......aCopyHere.Caption=........aCancelPopup.Caption=.......aExpandAll.Caption=.......aExpand.Caption=....aCollapseSection.Caption=.......aUp.Caption=1....aMoveDown.Caption=1.......aMoveUp.Caption=1.......aVDMAManager.Caption=VDMA................aEditVDMA.Caption=VDMA.......aHelp.Caption=.....aViewContext.Caption=......aViewHint.Caption=............aRefresh.Caption=.. ..aWhatsThis.Caption=........aShowSearch.Caption=....aShowSearch.Hint=...........aShowFilter.Caption=.......aShowFilter.Hint=............aPrintTree.Caption=.........

C:\Program Files (x86)\SISTEMA 2.1.1\Language\is-3QJC5.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	Generic INItialization configuration [TFormItemViewer]
Category:	dropped
Size (bytes):	42774
Entropy (8bit):	5.22048571583146
Encrypted:	false
SSDEEP:	768:7snVcEcdLPlFp9CyzihtSKVU11W7vJUuLTwu69He9I8khV:7syEGrplrv147v5LTw9+9I8khV
MD5:	7D332EC83516E02751A2AED9ABD4E6BC
SHA1:	272A513DB78DA8560CF6BA644F1DF4D80F102C06
SHA-256:	3C2B25C6D7C2654C4A183B89212132F617D5333F3C97C8FB9C52D2F545D83108
SHA-512:	7980C01C02B3FEADD6E2ECFE725E6F07B162624C5EC169DB53C805A97971D887D41EDD9B16A1682E8C3AFC5E85DE1A9A2D731364F305F8CD59CDC14C8E5B0537
Malicious:	false
Preview:	[MetaData]..LngName=Espa.ol..SSMVersion=2.0.0..LngOffset=2000....[TFormItemViewer]..aAdd.Caption=Nuevo..aDel.Caption=Borrar..aCut.Caption=Recortar..aCopy.Caption=Copiar..aPaste.Caption=Pegar..aMoveHere.Caption=Mover aqu...aCopyHere.Caption=Copiar aqu...aCancelPopup.Caption=Cancelar..aExpandAll.Caption=Expandir todo..aExpand.Caption=Expandir..aCollapseSection.Caption=Recoger..aUp.Caption=Subir uno..aMoveDown.Caption=Bajar una posici.n..aMoveUp.Caption=Subir una posici.n..aVDMAManager.Caption=Cargar de Biblioteca VDMA .....aEditVDMA.Caption=Biblioteca VDMA..aHelp.Caption=Ayuda..aViewContext.Caption=Contexto..aViewHint.Caption=Mensajes..aRefresh.Caption=Actualizar..aWhatsThis.Caption=.Que es esto?..aShowSearch.Caption=Buscar..aShowSearch.Hint=Mostrar Buscar entrada..aShowFilter.Caption=Filtro..aShowFilter.Hint=Mostrar filtro de entrada..aPrintTree.Caption=Imprimir vista de .rbol...aSortAZ.Caption=Clasificar de A-Z..aSortZA.Caption=Clasificar de Z-A..aManufacturerLibs.Caption=Libr

C:\Program Files (x86)\SISTEMA 2.1.1\Language\is-4GJKG.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	153600
Entropy (8bit):	4.612483963238543
Encrypted:	false
SSDEEP:	1536:b1pVuJIeQz/JwSSwypo1H5E820nrC1RGy3dt8B69cA:b1psfQOH820nrCay3dusuA
MD5:	9A7D10DAE12255298CBD9940164D7ED3
SHA1:	CD1061982F41803167B02A017CAC54AB34446CC3
SHA-256:	B6C447E4D950EE72AED9F895F1C19A4A38EE872B1DA2DE589A2300A8808BCB69
SHA-512:	A6ACC4BFD8878D76903B237B3D838587D3DB2F3EA1BECCE5F810FA8E5FF7562B65B010181A407291737807CB0F57BC4AB5F716453EABE60DC0332E0A263A0000
Malicious:	false
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....I'f...........!..............................@.......................................@.......................... ..p.......n....P.......................@..H...............................................................$....................text.............................. ..`.itext.............................. ..`.data...H...........................@....bss.....5...............................idata..n...........................@....didata.$...........................@....edata..p.... ......................@..@.rdata..E....0......................@..@.reloc..H....@......................@..B.rsrc........P......................@..@.....................X..............@..@........................................................

C:\Program Files (x86)\SISTEMA 2.1.1\Language\is-65HCR.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	Generic INItialization configuration [TFormItemViewer]
Category:	dropped
Size (bytes):	43480
Entropy (8bit):	6.138673202592016
Encrypted:	false
SSDEEP:	768:/ZOF9CshMuWoJ+dSyTbk86WCZFPoGeJ1SjcouPIKvew:UF9zMuGdSYQrHFPveJ1SjcouPIKvH
MD5:	46E7ED5683ACAD39AD7BC07DC236D1C5
SHA1:	4DF7AD339302D5559815F66545819C22B5068745
SHA-256:	663EC3DBD76D5795E6713FFF09DA9426019A921822AAAA08ADCA343EC3C82145
SHA-512:	A0C7A017F6ED91BA7584B8BF437841520D46C6C30D47213DC058808ACCF8FEA89A880B31D3475527FF3E37BBC228D01B240D3EDA3B38BF9A524762E7E9062E2B
Malicious:	false
Preview:	[MetaData]..LngName=Japanese..SSMVersion=2.0.0..LngOffset=6000....[TFormItemViewer]..aAdd.Caption=......aDel.Caption=....aCut.Caption=......aCopy.Caption=.....aPaste.Caption=......aMoveHere.Caption=.......aCopyHere.Caption=........aCancelPopup.Caption=.......aExpandAll.Caption=.......aExpand.Caption=....aCollapseSection.Caption=.......aUp.Caption=1....aMoveDown.Caption=1.......aMoveUp.Caption=1.......aVDMAManager.Caption=VDMA................aEditVDMA.Caption=VDMA.......aHelp.Caption=.....aViewContext.Caption=......aViewHint.Caption=............aRefresh.Caption=.. ..aWhatsThis.Caption=........aShowSearch.Caption=....aShowSearch.Hint=...........aShowFilter.Caption=.......aShowFilter.Hint=............aPrintTree.Caption=.........

C:\Program Files (x86)\SISTEMA 2.1.1\Language\is-8ABM8.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	Generic INItialization configuration [TFormItemViewer]
Category:	dropped
Size (bytes):	43532
Entropy (8bit):	5.281636868669134
Encrypted:	false
SSDEEP:	768:Iryzzku7+XJJQfwouJ8YHWIfrzAU9gi334CgiL+RVossauWgFFve/OxSblu2Y+4o:IMzkw0JuwZOYHWIXaRVossauWgFFve/h
MD5:	4B2C9BC8455D4681CD38BDB2E0728421
SHA1:	0275A36B370DDB15117900249E036F181CF10F8F
SHA-256:	4C166B565ADFA991E8F1D18753D5C4D6CB4EC7FC8839C2901070920311BBA575
SHA-512:	0AB308AD6FEC5B680ADC5EA957D8C6A4A1086437A3AC43B91EE67C0E859EBD38938354E065714FEEE0FF673F533B70D8D8AF4CB2F07026AC48376EE8BA15ACEC
Malicious:	false
Preview:	[MetaData]..LngName=Francais..SSMVersion=2.0.0..LngOffset=4000....[TFormItemViewer]..aAdd.Caption=Nouveau..aDel.Caption=Effacer..aCut.Caption=Couper..aCopy.Caption=Copier..aPaste.Caption=Coller..aMoveHere.Caption=D.placer ici..aCopyHere.Caption=Copier ici..aCancelPopup.Caption=Annuler..aExpandAll.Caption=Etendre tout..aExpand.Caption=Etendre..aCollapseSection.Caption=R.duire..aUp.Caption=Vers le Haut..aMoveDown.Caption=D.placer en bas..aMoveUp.Caption=D.placer en haut..aVDMAManager.Caption=Charger depuis biblioth.que VDMA...aEditVDMA.Caption=Biblioth.que VDMA..aHelp.Caption=Aide..aViewContext.Caption=Contexte..aViewHint.Caption=Messages..aRefresh.Caption=Actualiser..aWhatsThis.Caption=C'est Quoi?..aShowSearch.Caption=Chercher..aShowSearch.Hint=Afficher recherche entr.e..aShowFilter.Caption=Filtre..aShowFilter.Hint=Afficher filtre entr.e..aPrintTree.Caption=Imprimer arborescence...aSortAZ.Caption=Trier A-Z..aSortZA.Caption=Trier Z-A..aManufacturerLibs.Caption=Biblioth.ques

C:\Program Files (x86)\SISTEMA 2.1.1\Language\is-9JKSG.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	144896
Entropy (8bit):	4.666433804763145
Encrypted:	false
SSDEEP:	3072:g1psfQOFr1Jw+H1hCHPPgcRJUQl0pSH4n30O/ukjGU8yuIgZOtS3mYNFsc7s:g1psfQ0YO9t8m
MD5:	91DF682C8354FFB9AC9F11B3D3E680BF
SHA1:	E864338157175632C1698DE07127CBB506D95C3C
SHA-256:	0EE5E8DE7F7FDAFA6F6F51CD1F8CC1121BCEB7047D855B394249D606A5629F5A
SHA-512:	C0D1B4E5586538508BFA380CBA4A6D2464046060DFDB8863DA9A0F03A802F6436F569A7A19FFC905CEFF81ABB388ECD0593533B3EB91C44D6BB199B192396908
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 3%
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....I'f...........!..............................@.......................................@.......................... ..p.......n....P.......................@..H...............................................................$....................text.............................. ..`.itext.............................. ..`.data...H...........................@....bss.....5...............................idata..n...........................@....didata.$...........................@....edata..p.... ......................@..@.rdata..E....0......................@..@.reloc..H....@......................@..B.rsrc........P......................@..@.....................6..............@..@........................................................

C:\Program Files (x86)\SISTEMA 2.1.1\Language\is-9R3KU.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	153088
Entropy (8bit):	4.635727331210096
Encrypted:	false
SSDEEP:	3072:Nc1psfQO6Ih/Ac0AsnLSZdRlc02YzUwP9Ab+kL3keCpLzjbMtcwYjQ0bzp:+1psfQ9Ihzj
MD5:	9669F8D6509D8C740C896B387B599644
SHA1:	F5C7FF1556BB89231562A791F01595DD3569D762
SHA-256:	9BC1D93250304918E38E1BD22A0A99C16C47558DADF8180EBAC662095D434A29
SHA-512:	DDC25DDFEDFBCB323A0AF461EA9DCD8547F10E39CE79A71610038E81E0E70DFC4F4DE1A9FECD58BD544299B5EBD20AE8ECCE692C1EEDFC22170EB623417CEC93
Malicious:	false
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....I'f...........!..............................@.......................................@.......................... ..p.......n....P.......................@..H...............................................................$....................text.............................. ..`.itext.............................. ..`.data...H...........................@....bss.....5...............................idata..n...........................@....didata.$...........................@....edata..p.... ......................@..@.rdata..E....0......................@..@.reloc..H....@......................@..B.rsrc........P......................@..@.....................V..............@..@........................................................

C:\Program Files (x86)\SISTEMA 2.1.1\Language\is-CBGO1.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	Generic INItialization configuration [TFormItemViewer]
Category:	dropped
Size (bytes):	42478
Entropy (8bit):	5.165501562168878
Encrypted:	false
SSDEEP:	768:vBKJ3YKeJDJWavix+vnCmPmloahETR/7EXgWvSjOTaObEOMa82B:wJ3YK64aax+vnNPmloah0R/7+gWvSjOB
MD5:	2B59E467D1C085936FF57FB3774C99AE
SHA1:	03977546DA467B1E2C23F7D89700E38E8AF63BF5
SHA-256:	577543D367CD90BD7CB0D2CAC08CA2A0FC8D4F699D1F6534D7F281D3816934FF
SHA-512:	60E709F7B3B5F847D22FC172CDEF3157EA3EF3E5DACDA7ACDC3D4B9CF8AF38CB97D57B9A4895CE3523470236B313C593D40D0B8CECBBC165DAEFA273B9CE92BE
Malicious:	false
Preview:	[MetaData]..LngName=Italiano..SSMVersion=2.0.0..LngOffset=5000....[TFormItemViewer]..aAdd.Caption=Nuovo..aDel.Caption=Cancella..aCut.Caption=Taglia..aCopy.Caption=Copia ..aPaste.Caption=Incolla..aMoveHere.Caption=Sposta Qui..aCopyHere.Caption=Copia Qui..aCancelPopup.Caption=Annulla..aExpandAll.Caption=Espandi tutto..aExpand.Caption=Espandi ..aCollapseSection.Caption=Riduci..aUp.Caption=In alto di uno..aMoveDown.Caption=Sposta Sotto di uno..aMoveUp.Caption=Sposta Sopra di uno..aVDMAManager.Caption=Carica dalla libreria VDMA.....aEditVDMA.Caption=Libreria VDMA ..aHelp.Caption=Help..aViewContext.Caption=Contesto..aViewHint.Caption=Messaggi..aRefresh.Caption=Aggiorna..aWhatsThis.Caption=Di cosa si tratta?..aShowSearch.Caption=Cercare..aShowSearch.Hint=Visualizza la ricerca..aShowFilter.Caption=Filtro..aShowFilter.Hint=Mostra filtro in ingresso..aPrintTree.Caption=Stampa la struttura ad albero..aSortAZ.Caption=Ordine A-Z..aSortZA.Caption=Ordine Z-A..aManufacturerLibs.Caption=Librerie dei co

C:\Program Files (x86)\SISTEMA 2.1.1\Language\is-CT6C5.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	142336
Entropy (8bit):	4.688491770433137
Encrypted:	false
SSDEEP:	1536:F1pVuJIeQz/JwSSwyp79IvX2+q+ZpbtkLu4Qldtf9mkYGlEUAVRe5gb:F1psfQOgO+VTtf0wlEUAVReqb
MD5:	C962723BF2604971328547253EF810CA
SHA1:	38D9A399F6E777D61355DE4D58FAD740967F1098
SHA-256:	47E8520B05FE99A33EF1FABED78037216D2FF108E8D9ADBC20230DBE39EACD1E
SHA-512:	F2A40606DF9C3102A086E45E58CDACE652C18FA361E03EC2BE1B3074596479EC02A63FFD297048632BC8AD545F2B0C25347F0E67ACFDB7F4C85EB5AC21268CAD
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 3%
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....I'f...........!..............................@.......................................@.......................... ..p.......n....P...z...................@..H...............................................................$....................text.............................. ..`.itext.............................. ..`.data...H...........................@....bss.....5...............................idata..n...........................@....didata.$...........................@....edata..p.... ......................@..@.rdata..E....0......................@..@.reloc..H....@......................@..B.rsrc....z...P...z..................@..@.....................,..............@..@........................................................

C:\Program Files (x86)\SISTEMA 2.1.1\Language\is-HJ2IP.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	152576
Entropy (8bit):	4.586359883526194
Encrypted:	false
SSDEEP:	1536:X1pVuJIeQz/JwSSwypV1znQRZPoiOiBbbo9VOAR:X1psfQOVQRZPoE5o9VOA
MD5:	EAE7C468A43BD8FF0398153617C916D3
SHA1:	2D7BA7DCEFBA8CE68F74444F835ACC991686A61A
SHA-256:	AC1B4B86E14882EA3C733FE9ABF81C534950319BB70301C5389D7AD024A03CB2
SHA-512:	B697FFAC86FE373FC16FB185AC7B38B4C7FA94EE624ABFF698B6D8FD2F49F48E2E3FFCBD0C9476E8940B23A1A0B83011C49889FD432B90965EE98EC04C9CE744
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 3%
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....I'f...........!..............................@.......................................@.......................... ..p.......n....P.......................@..H...............................................................$....................text.............................. ..`.itext.............................. ..`.data...H...........................@....bss.....5...............................idata..n...........................@....didata.$...........................@....edata..p.... ......................@..@.rdata..E....0......................@..@.reloc..H....@......................@..B.rsrc........P......................@..@.....................T..............@..@........................................................

C:\Program Files (x86)\SISTEMA 2.1.1\Language\is-L8PF8.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	Generic INItialization configuration [TFormItemViewer]
Category:	dropped
Size (bytes):	42226
Entropy (8bit):	5.299257324025842
Encrypted:	false
SSDEEP:	768:T/HpQqZ2zrYf2Vs0APTqk8PZ+LlwkThSTlj4mT1CjNfka5Cc:+a2zAqs0iTz8B+Cj4mT1CRfka5t
MD5:	19240896C5D16442F283A2D52621BDA0
SHA1:	7C15493C5FD6893523C2B37F08AEA78B3A30EEC5
SHA-256:	EB0A09471B55CB56A1F1838F51EA8CF136DAD7DFD3585A5AF1F369D1566681EC
SHA-512:	AB4E168B2B75D4FBD78694EE748A2933000AC28D854760D0019DABAF223B2E1C2EF326F78FB0A4D5A81FD1E998AF0C4696CF0370C5E5B7DBA67CA94BF928A3A2
Malicious:	false
Preview:	[MetaData]..LngName=Deutsch..SSMVersion=2.0.0..LngOffset=0....[TFormItemViewer]..aAdd.Caption=Neu..aDel.Caption=L.schen..aCut.Caption=Ausschneiden..aCopy.Caption=Kopieren..aPaste.Caption=Einf.gen..aMoveHere.Caption=Hierher verschieben..aCopyHere.Caption=Hierher kopieren..aCancelPopup.Caption=Abbrechen..aExpandAll.Caption=Alle Aufklappen..aExpand.Caption=Aufklappen..aCollapseSection.Caption=Einklappen..aUp.Caption=Eins nach oben..aMoveDown.Caption=Eins nach unten verschieben..aMoveUp.Caption=Eins nach oben verschieben..aVDMAManager.Caption=Aus VDMA Bibliothek laden.....aEditVDMA.Caption=VDMA Bibliothek..aHelp.Caption=Hilfe..aViewContext.Caption=Kontext..aViewHint.Caption=Meldungen..aRefresh.Caption=Aktualisieren..aWhatsThis.Caption=Was ist das?..aShowSearch.Caption=Suchen..aShowSearch.Hint=Zeige Sucheingabe..aShowFilter.Caption=Filtern..aShowFilter.Hint=Zeige Filtereingabe..aPrintTree.Caption=Baumansicht drucken.....aSortAZ.Caption=Sortieren A-Z..aSortZA.Caption=Sortieren Z-A..aManufa

C:\Program Files (x86)\SISTEMA 2.1.1\Language\is-P89EG.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	Generic INItialization configuration [TFormItemViewer]
Category:	dropped
Size (bytes):	39378
Entropy (8bit):	5.234820236879193
Encrypted:	false
SSDEEP:	768:tMHOOpP0owI1RJ64OS5Bn80G+HL41+9O6sXNpBSs2yDsBgb:rOZ0TyJ6bS5Bn8b+HL99O6s9pBSs2yDn
MD5:	EABD9313A2243A09E04B5F9E1AD6CEF6
SHA1:	949063514CB704F761007DD0D84157925FE1D3C3
SHA-256:	10481DE91CF532FD75866AA2E6E5A9940A11951747CABF5CD6CBBA71DDB2F4FF
SHA-512:	1E484A35145CD77C72FCDB5528AAC02A78F134C74294BCBA00552656F9EBE3FEEE87F6733F80051AAB0068780EA42DDA19BC77D6B81A9316200F1D94D6006EE5
Malicious:	false
Preview:	[MetaData]..LngName=English..SSMVersion=2.0.0..LngOffset=1000....[TFormItemViewer]..aAdd.Caption=New..aDel.Caption=Delete..aCut.Caption=Cut..aCopy.Caption=Copy..aPaste.Caption=Paste..aMoveHere.Caption=Move Here..aCopyHere.Caption=Copy Here..aCancelPopup.Caption=Cancel..aExpandAll.Caption=Expand All..aExpand.Caption=Expand..aCollapseSection.Caption=Collapse..aUp.Caption=One Up..aMoveDown.Caption=Move One Down..aMoveUp.Caption=Move One Up..aVDMAManager.Caption=Load from VDMA Library.....aEditVDMA.Caption=VDMA Library..aHelp.Caption=Help..aViewContext.Caption=Context..aViewHint.Caption=Messages..aRefresh.Caption=Refresh ..aWhatsThis.Caption=What's This?..aShowSearch.Caption=Search..aShowSearch.Hint=Show Search input..aShowFilter.Caption=Filter..aShowFilter.Hint=Show Filter input..aPrintTree.Caption=Print Tree View...aSortAZ.Caption=Sort A-Z..aSortZA.Caption=Sort Z-A..aManufacturerLibs.Caption=Manufacturer Libraries..MMFile.Caption=File..MMEdit.Caption=Edit..MMView.Caption=View..MMHelp.

C:\Program Files (x86)\SISTEMA 2.1.1\Language\is-RNGBQ.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	Generic INItialization configuration [TFormItemViewer]
Category:	dropped
Size (bytes):	42095
Entropy (8bit):	5.262830071090588
Encrypted:	false
SSDEEP:	768:886M2JtehLDtetWJxIouNTuFP8o5fbG492w5sJx8bzPf:tmteiO6odh5fbGW21Jx8bzn
MD5:	D0590417D08764A21677E94226ACEC7E
SHA1:	00DF51BC57A1B3B942B0B941076878D31544365D
SHA-256:	074BE78B26EB1A17AF9775CE0DD5E6820773336644FBFD02AB0AAA8C0E3FD310
SHA-512:	DB4C08B73663A3D9D536FAEFD69600C3BE29DEB3730004E8A23C824FDA9771A8D8558E157EC240F6C66F448FB3C23DED33E7F063C3CFFDA2B9E32E4663A4CE4F
Malicious:	false
Preview:	[MetaData]..LngName=Suomi..SSMVersion=2.0.0..LngOffset=3000....[TFormItemViewer]..aAdd.Caption=Uusi..aDel.Caption=Poista..aCut.Caption=Leikkaa..aCopy.Caption=Kopioi..aPaste.Caption=Liit...aMoveHere.Caption=Siirr. t.h.n..aCopyHere.Caption=Kopioi t.h.n..aCancelPopup.Caption=Peruuta..aExpandAll.Caption=Laajenna kaikki..aExpand.Caption=Laajennus..aCollapseSection.Caption=Tiivistys..aUp.Caption=Yksi yl.sp.in..aMoveDown.Caption=Siirr. yksi askel alasp.in..aMoveUp.Caption=Siirr. yksi askel yl.sp.in..aVDMAManager.Caption=Lataus VDMA kirjastosta...aEditVDMA.Caption=VDMA Kirjasto..aHelp.Caption=Ohje..aViewContext.Caption=Asiayhteys..aViewHint.Caption=Viestit..aRefresh.Caption=P.ivitys..aWhatsThis.Caption=Mik. t.m. on?..aShowSearch.Caption=Etsi..aShowSearch.Hint=N.yt. etsinn.n sy.tt.tiedot..aShowFilter.Caption=Suodatus..aShowFilter.Hint=N.yt. suodatuksen sy.tt.tiedot..aPrintTree.Caption=Puukaavion tulostus...aSortAZ.Caption=Lajittelu A-Z..aSortZA.Caption=Lajittelu Z-

C:\Program Files (x86)\SISTEMA 2.1.1\Language\is-SUNEN.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	151552
Entropy (8bit):	4.609765889625688
Encrypted:	false
SSDEEP:	1536:G1pVuJIeQz/JwSSwypk9r/M7ZGTd45qdtT5F067mo37yAvi:G1psfQOKEoT7vF06ixA
MD5:	C554CA1A2D5EC361E40DAD243C13D8A7
SHA1:	79AC80564B590B73FF2A92C80D92A7FD353090E9
SHA-256:	ED1A5BFE01F121E2308080B84BE800A7E6B2D993F057D5D39B543344F6609482
SHA-512:	3682D973296CDE6E26C7FD151F8C6A977125A18B7F212E9F96DC3B4692E1C30380D120E9C0012361C71D13899FEA66BC22438CAAA4030BE569623D09F31A7988
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 3%
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....I'f...........!..............................@.......................................@.......................... ..p.......n....P.......................@..H...............................................................$....................text.............................. ..`.itext.............................. ..`.data...H...........................@....bss.....5...............................idata..n...........................@....didata.$...........................@....edata..p.... ......................@..@.rdata..E....0......................@..@.reloc..H....@......................@..B.rsrc........P......................@..@.....................P..............@..@........................................................

C:\Program Files (x86)\SISTEMA 2.1.1\Language\is-UDML6.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	101376
Entropy (8bit):	5.96657169978017
Encrypted:	false
SSDEEP:	1536:Z1pVuJIeQz/JwSSwypi1Ln7+qmywlv1ShzVqJZXbD:Z1psfQO6AyivIVqJZX
MD5:	259D796747382F3ADD039022E4093484
SHA1:	AF1ABDD8C3F4509AA53F222B1C23BF7BEFAA54FD
SHA-256:	263A18E8FF9CD3EC018F073578EE5C555E1ED36A2B9378D720D2CA90D2AC158C
SHA-512:	D312989070231DA89A50BDF36539C3D624AFC702CC93EDB542419A38E1700F300C099CA3C0A7796E0DCDD22B1C3340881605922979CD2F69A1167DF517AABFF1
Malicious:	false
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....I'f...........!..............................@..........................0............@.......................... ..p.......n....P.......................@..H...............................................................$....................text.............................. ..`.itext.............................. ..`.data...H...........................@....bss.....5...............................idata..n...........................@....didata.$...........................@....edata..p.... ......................@..@.rdata..E....0......................@..@.reloc..H....@......................@..B.rsrc........P......................@..@.............0......................@..@........................................................

C:\Program Files (x86)\SISTEMA 2.1.1\Licences\GNU_LESSER_GENERAL_PUBLIC_LICENSE.html (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	HTML document, ASCII text, with very long lines (27869), with CRLF line terminators
Category:	dropped
Size (bytes):	28715
Entropy (8bit):	4.757297122616662
Encrypted:	false
SSDEEP:	384:EF3BOpyZJ4NRqth2364Hqd7bH5gyalgpoC5k/uBz5IiJ99mMGDvAlZBu5n:EFxOkDr227bggpVFTMNKZBu5n
MD5:	B3DF24E573142FB71365D9041224F280
SHA1:	793AE4DD29793521AB369DE28979C65936C079B8
SHA-256:	ED5B3C310C1467C4334116FAB5219462A1CD3D564D7B9E082A6A1C4C344C0120
SHA-512:	D6063354B1DFF6B38C2745CD4B79EA6D67A097F3AE5BD3981F1B3CA9246DE2E24B2CBDC80D35E90DD6D8D52938B720F8408D94DEBE9EAC59E121B4F1E1650FFF
Malicious:	false
Preview:	..<!DOCTYPE html.. PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xmlns="http://www.w3.org/1999/xhtml"><head>.. <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">.. <title>GNU LESSER GENERAL PUBLIC LICENSE</title><link rel="stylesheet" href="ede.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.66.0"></head><body><div xmlns="" id="customheader">..This document was created using the >e-novative> DocBook Environment (<a href="http://www.e-novative.de/products/ede" style="color: #fff; font-weight: bold;">eDE</a>)..</div><div class="article" lang="en"><div class="titlepage"><div><div><h1 class="title"><a id="d4e1"></a>GNU LESSER GENERAL PUBLIC LICENSE</h1></div></div><hr></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="#d4e6">1. Preamble</a></span></dt><dt><span class="sect1"><a href="#d4e23">2. GNU LESSER GENERAL PUB

C:\Program Files (x86)\SISTEMA 2.1.1\Licences\INTERBASE PUBLIC LICENSE.txt (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	ASCII text, with very long lines (1359), with CRLF line terminators
Category:	dropped
Size (bytes):	24548
Entropy (8bit):	4.816575416663721
Encrypted:	false
SSDEEP:	384:PuehlLv3IshelffC7AvHK2dJIEPHxFdzRPh/At8eFV6LaAQ5HJHI1DTx:xhlL/cSqJIIjZ/E8hLaAQ5H+1nx
MD5:	3B74603078D2C7A9439363CD52B3D1B4
SHA1:	DEA09140A72D664D45751C858D6CE0629467529B
SHA-256:	10E9AA97094205F39C2121F5E5106B7687A8216DDB454D0C9E0874EC37166311
SHA-512:	193B7243391A981F8C0AA019079789233B09D6CC16C147F2DC98437F12533BB4D27217311C1FDF1625D1557FE8B9123C99D0A190356E4762CEE908AF2A26180F
Malicious:	false
Preview:	INTERBASE PUBLIC LICENSE ..Version 1.0 ....1. Definitions.....1.0.1. "Commercial Use" means distribution or otherwise making the Covered Code available to a third party. ....1.1. ''Contributor'' means each entity that creates or contributes to the creation of Modifications. ....1.2. ''Contributor Version'' means the combination of the Original Code, prior Modifications used by a Contributor, and the Modifications made by that particular Contributor. ....1.3. ''Covered Code'' means the Original Code or Modifications or the combination of the Original Code and Modifications, in each case including portions thereof. ....1.4. ''Electronic Distribution Mechanism'' means a mechanism generally accepted in the software development community for the electronic transfer of data. ....1.5. ''Executable'' means Covered Code in any form other than Source Code. ....1.6. ''Initial Developer'' means the individual or entity identified as the Initial Developer in the Source Code notice required by Exhib

C:\Program Files (x86)\SISTEMA 2.1.1\Licences\Initial Developer's PUBLIC LICENSE.txt (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	ASCII text, with very long lines (1400), with CRLF line terminators
Category:	dropped
Size (bytes):	23794
Entropy (8bit):	4.830422377247789
Encrypted:	false
SSDEEP:	384:juehlLv4cAhelDf87AvHK61JIA7HxFdzRzz/f7+t8eFV6RIAG5TJfzxcfL:lhlLgKSsJIATv/f7i8hRIAG5TpxWL
MD5:	46BAB5884E0EBCD4AC02D8F708946D2C
SHA1:	A30ECB37CE426CCD3DEAEC7271F0F379064EFD37
SHA-256:	6612F5584FAD555D178D212B2F1E3720FCD968E360774A919B68C6856A77AEB9
SHA-512:	15C596147870046CE45E7FFA29C52D48CD315481A1967F50307D9076F55D9A02A60F17AC20EBC1B357B7FAE31FDED89CD2EF2465080F73E6D6A930569E8DDA72
Malicious:	false
Preview:	Initial Developer's PUBLIC LICENSE Version 1.0 ..1. Definitions ....1.0 "Commercial Use" means distribution or otherwise making the Covered Code available to a third party. ....1.1 ''Contributor'' means each entity that creates or contributes to the creation of Modifications. ....1.2 ''Contributor Version'' means the combination of the Original Code, prior Modifications used by a Contributor, and the Modifications made by that particular Contributor. ....1.3. ''Covered Code'' means the Original Code or Modifications or the combination of the Original Code and Modifications, in each case including portions thereof. ....1.4. ''Electronic Distribution Mechanism'' means a mechanism generally accepted in the software development community for the electronic transfer of data. ....1.5. ''Executable'' means Covered Code in any form other than Source Code. ....1.6. ''Initial Developer'' means the individual or entity identified as the Initial Developer in the Source Code notice required by Exhi

C:\Program Files (x86)\SISTEMA 2.1.1\Licences\Inno license.txt (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1538
Entropy (8bit):	4.651927752914337
Encrypted:	false
SSDEEP:	48:1kUlAwOWccqyKv8eAfvHcgo62Tp4bEwu1:2UlAtWNHf3Ewu1
MD5:	5EE99D50F5C03D46DE5D6C0EAAE839B1
SHA1:	A1AB7B2F2DA599B27974AABA49B961AC880A5AA0
SHA-256:	39F3696CA87F9758D5095C68B27F5A70532AAB581A5FA63586F80C6B9DD32BB3
SHA-512:	9456D5BF6F93B3EC6717AEC0CC8F852DFC20F629F2FB44E41BDC174A3DA18E8B04A884FF5DAC6DAC1DBEC45184C82AB7D00F32BCCF746851E73AB43AC647B7D8
Malicious:	false
Preview:	Inno Setup License..==================....Except where otherwise noted, all of the documentation and software included..in the Inno Setup package is copyrighted by Jordan Russell.....Copyright (C) 1997-2013 Jordan Russell. All rights reserved...Portions Copyright (C) 2000-2013 Martijn Laan. All rights reserved.....This software is provided "as-is," without any express or implied warranty...In no event shall the author be held liable for any damages arising from the..use of this software.....Permission is granted to anyone to use this software for any purpose,..including commercial applications, and to alter and redistribute it,..provided that the following conditions are met:....1. All redistributions of source code files must retain all copyright.. notices that are currently in place, and this list of conditions without.. modification.....2. All redistributions in binary form must retain all occurrences of the.. above copyright notice and web site addresses that are currently in

C:\Program Files (x86)\SISTEMA 2.1.1\Licences\Mozilla Public License version 1_1.htm (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	29347
Entropy (8bit):	4.95443299666531
Encrypted:	false
SSDEEP:	384:BM+1VliUGgIMIfuGNIfbND0NK33TrEhoxXG6jXDto7AZ1MOqt2nW+n1d3/9iLNW:BM2liUGgH+qnnTpDTtIjAxnv/9iLc
MD5:	74EE47DEAEE4226D385D6EAB27BAF8A8
SHA1:	A386772BE16F8FFCD9868ED0B38BB50D4BD617FC
SHA-256:	550E328477D7D55C67AD5607BB0B522CCD20DB180F94E4738812D0B5C4D2964D
SHA-512:	05B1DC532FBEBFEA8B39AE2BBB3B0D5B36EDEDE1FF61EC0A20EE0CED10AD7C1D257D6A91D6E98C66DB516B7666B507969DD4661BCBF89360468F702569B1A98E
Malicious:	false
Preview:	<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd">.. saved from url=(0039)http://www.mozilla.org/MPL/MPL-1.1.html -->..<HTML lang=en><HEAD><TITLE>Mozilla Public License version 1.1</TITLE>..<META http-equiv=Content-Type content="text/html; charset=windows-1252">..<STYLE type=text/css>.very-strong {...TEXT-TRANSFORM: uppercase..}..DT {...FONT-WEIGHT: bold..}..DD P {...MARGIN: 0px..}..</STYLE>....<META content="MSHTML 6.00.2800.1528" name=GENERATOR></HEAD>..<BODY>..<H1>Mozilla Public License Version 1.1</H1>..<H2 id=section-1>1. Definitions.</H2>..<DL>.. <DT id=section-1.0.1>1.0.1. "Commercial Use" .. <DD>means distribution or otherwise making the Covered Code available to a .. third party. .. <DT id=section-1.1>1.1. "Contributor" .. <DD>means each entity that creates or contributes to the creation of .. Modifications. .. <DT id=section-1.2>1.2. "Contributor Version" .. <DD>means the combination of the O

C:\Program Files (x86)\SISTEMA 2.1.1\Licences\OpenSSL License.txt (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	6404
Entropy (8bit):	5.160173434061521
Encrypted:	false
SSDEEP:	192:DieNxrsXrsy/QZ93OWZ762ROrsMrsSe13C3didCJ:DiorsXrsyilHo5rsMrsxdsdyCJ
MD5:	FA6B7C7E21C288CE1B51F7CFFB3A678C
SHA1:	126BAD7744B039680436AA5A871C4FAB49380D07
SHA-256:	DAEDEB9A41EFC93244423B39146512C2B62BDFFA519989FBF4504B4D460C007B
SHA-512:	F05145433A0FD3FC7B8E077223CDFFFC9E79849B290D4AF3AA399E233AE7A8FC148FA795AA685255CBD37EE0A7F3C730C0CCDBC41D4D80041B746F61D0C4B4E7
Malicious:	false
Preview:	.. LICENSE ISSUES.. ==============.... The OpenSSL toolkit stays under a dual license, i.e. both the conditions of.. the OpenSSL License and the original SSLeay license apply to the toolkit... See below for the actual license texts. Actually both licenses are BSD-style.. Open Source licenses. In case of any license issues related to OpenSSL.. please contact openssl-core@openssl.org..... OpenSSL License.. ---------------..../* ====================================================================.. * Copyright (c) 1998-2016 The OpenSSL Project. All rights reserved... .. Redistribution and use in source and binary forms, with or without.. * modification, are permitted provided that the following conditions.. * are met:.. .. 1. Redistributions of source code must retain the above copyright.. * notice, this list of conditions and the following disclaimer. .. .. 2. Redistributions in binary form must reproduce the above copyright.. * notice, this list of conditions an

C:\Program Files (x86)\SISTEMA 2.1.1\Licences\The MIT License (MIT).txt (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1094
Entropy (8bit):	5.141573003881401
Encrypted:	false
SSDEEP:	24:SrDJHcH0ynYgt9qJq1hBE9QHbsUv4ek4/+daoxqmFG:S3J0lYEzBGQHbs5RTLxjFG
MD5:	0F96858D93D7C70B315D973B7F37B16D
SHA1:	F113A062DAC1E8A537CB342AF13C8F63EE9B789C
SHA-256:	263B169BFFAAE6EC9AC2892B54F6E98AE7128A9ED5CB935F03A48190B26622CD
SHA-512:	5C0424BB9738D6BAB52E8EA2E8D62518D3543DC80AD809658B69F16003931A07AD23E4206B930E02F7D1841FE952069BB4AE687CD12458967C7BAAED82BFF406
Malicious:	false
Preview:	The MIT License (MIT)....Copyright (c) 2013 landrix....Permission is hereby granted, free of charge, to any person obtaining a copy of..this software and associated documentation files (the "Software"), to deal in..the Software without restriction, including without limitation the rights to..use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of..the Software, and to permit persons to whom the Software is furnished to do so,..subject to the following conditions:....The above copyright notice and this permission notice shall be included in all..copies or substantial portions of the Software.....THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR..IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS..FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR..COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER..IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FR

C:\Program Files (x86)\SISTEMA 2.1.1\Licences\is-0MVMB.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	HTML document, ASCII text, with very long lines (27869), with CRLF line terminators
Category:	dropped
Size (bytes):	28715
Entropy (8bit):	4.757297122616662
Encrypted:	false
SSDEEP:	384:EF3BOpyZJ4NRqth2364Hqd7bH5gyalgpoC5k/uBz5IiJ99mMGDvAlZBu5n:EFxOkDr227bggpVFTMNKZBu5n
MD5:	B3DF24E573142FB71365D9041224F280
SHA1:	793AE4DD29793521AB369DE28979C65936C079B8
SHA-256:	ED5B3C310C1467C4334116FAB5219462A1CD3D564D7B9E082A6A1C4C344C0120
SHA-512:	D6063354B1DFF6B38C2745CD4B79EA6D67A097F3AE5BD3981F1B3CA9246DE2E24B2CBDC80D35E90DD6D8D52938B720F8408D94DEBE9EAC59E121B4F1E1650FFF
Malicious:	false
Preview:	..<!DOCTYPE html.. PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xmlns="http://www.w3.org/1999/xhtml"><head>.. <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">.. <title>GNU LESSER GENERAL PUBLIC LICENSE</title><link rel="stylesheet" href="ede.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.66.0"></head><body><div xmlns="" id="customheader">..This document was created using the >e-novative> DocBook Environment (<a href="http://www.e-novative.de/products/ede" style="color: #fff; font-weight: bold;">eDE</a>)..</div><div class="article" lang="en"><div class="titlepage"><div><div><h1 class="title"><a id="d4e1"></a>GNU LESSER GENERAL PUBLIC LICENSE</h1></div></div><hr></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="#d4e6">1. Preamble</a></span></dt><dt><span class="sect1"><a href="#d4e23">2. GNU LESSER GENERAL PUB

C:\Program Files (x86)\SISTEMA 2.1.1\Licences\is-0S9H8.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	ASCII text, with very long lines (1359), with CRLF line terminators
Category:	dropped
Size (bytes):	24548
Entropy (8bit):	4.816575416663721
Encrypted:	false
SSDEEP:	384:PuehlLv3IshelffC7AvHK2dJIEPHxFdzRPh/At8eFV6LaAQ5HJHI1DTx:xhlL/cSqJIIjZ/E8hLaAQ5H+1nx
MD5:	3B74603078D2C7A9439363CD52B3D1B4
SHA1:	DEA09140A72D664D45751C858D6CE0629467529B
SHA-256:	10E9AA97094205F39C2121F5E5106B7687A8216DDB454D0C9E0874EC37166311
SHA-512:	193B7243391A981F8C0AA019079789233B09D6CC16C147F2DC98437F12533BB4D27217311C1FDF1625D1557FE8B9123C99D0A190356E4762CEE908AF2A26180F
Malicious:	false
Preview:	INTERBASE PUBLIC LICENSE ..Version 1.0 ....1. Definitions.....1.0.1. "Commercial Use" means distribution or otherwise making the Covered Code available to a third party. ....1.1. ''Contributor'' means each entity that creates or contributes to the creation of Modifications. ....1.2. ''Contributor Version'' means the combination of the Original Code, prior Modifications used by a Contributor, and the Modifications made by that particular Contributor. ....1.3. ''Covered Code'' means the Original Code or Modifications or the combination of the Original Code and Modifications, in each case including portions thereof. ....1.4. ''Electronic Distribution Mechanism'' means a mechanism generally accepted in the software development community for the electronic transfer of data. ....1.5. ''Executable'' means Covered Code in any form other than Source Code. ....1.6. ''Initial Developer'' means the individual or entity identified as the Initial Developer in the Source Code notice required by Exhib

C:\Program Files (x86)\SISTEMA 2.1.1\Licences\is-760CR.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	6404
Entropy (8bit):	5.160173434061521
Encrypted:	false
SSDEEP:	192:DieNxrsXrsy/QZ93OWZ762ROrsMrsSe13C3didCJ:DiorsXrsyilHo5rsMrsxdsdyCJ
MD5:	FA6B7C7E21C288CE1B51F7CFFB3A678C
SHA1:	126BAD7744B039680436AA5A871C4FAB49380D07
SHA-256:	DAEDEB9A41EFC93244423B39146512C2B62BDFFA519989FBF4504B4D460C007B
SHA-512:	F05145433A0FD3FC7B8E077223CDFFFC9E79849B290D4AF3AA399E233AE7A8FC148FA795AA685255CBD37EE0A7F3C730C0CCDBC41D4D80041B746F61D0C4B4E7
Malicious:	false
Preview:	.. LICENSE ISSUES.. ==============.... The OpenSSL toolkit stays under a dual license, i.e. both the conditions of.. the OpenSSL License and the original SSLeay license apply to the toolkit... See below for the actual license texts. Actually both licenses are BSD-style.. Open Source licenses. In case of any license issues related to OpenSSL.. please contact openssl-core@openssl.org..... OpenSSL License.. ---------------..../* ====================================================================.. * Copyright (c) 1998-2016 The OpenSSL Project. All rights reserved... .. Redistribution and use in source and binary forms, with or without.. * modification, are permitted provided that the following conditions.. * are met:.. .. 1. Redistributions of source code must retain the above copyright.. * notice, this list of conditions and the following disclaimer. .. .. 2. Redistributions in binary form must reproduce the above copyright.. * notice, this list of conditions an

C:\Program Files (x86)\SISTEMA 2.1.1\Licences\is-E003D.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	ASCII text, with very long lines (1400), with CRLF line terminators
Category:	dropped
Size (bytes):	23794
Entropy (8bit):	4.830422377247789
Encrypted:	false
SSDEEP:	384:juehlLv4cAhelDf87AvHK61JIA7HxFdzRzz/f7+t8eFV6RIAG5TJfzxcfL:lhlLgKSsJIATv/f7i8hRIAG5TpxWL
MD5:	46BAB5884E0EBCD4AC02D8F708946D2C
SHA1:	A30ECB37CE426CCD3DEAEC7271F0F379064EFD37
SHA-256:	6612F5584FAD555D178D212B2F1E3720FCD968E360774A919B68C6856A77AEB9
SHA-512:	15C596147870046CE45E7FFA29C52D48CD315481A1967F50307D9076F55D9A02A60F17AC20EBC1B357B7FAE31FDED89CD2EF2465080F73E6D6A930569E8DDA72
Malicious:	false
Preview:	Initial Developer's PUBLIC LICENSE Version 1.0 ..1. Definitions ....1.0 "Commercial Use" means distribution or otherwise making the Covered Code available to a third party. ....1.1 ''Contributor'' means each entity that creates or contributes to the creation of Modifications. ....1.2 ''Contributor Version'' means the combination of the Original Code, prior Modifications used by a Contributor, and the Modifications made by that particular Contributor. ....1.3. ''Covered Code'' means the Original Code or Modifications or the combination of the Original Code and Modifications, in each case including portions thereof. ....1.4. ''Electronic Distribution Mechanism'' means a mechanism generally accepted in the software development community for the electronic transfer of data. ....1.5. ''Executable'' means Covered Code in any form other than Source Code. ....1.6. ''Initial Developer'' means the individual or entity identified as the Initial Developer in the Source Code notice required by Exhi

C:\Program Files (x86)\SISTEMA 2.1.1\Licences\is-P38VN.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1538
Entropy (8bit):	4.651927752914337
Encrypted:	false
SSDEEP:	48:1kUlAwOWccqyKv8eAfvHcgo62Tp4bEwu1:2UlAtWNHf3Ewu1
MD5:	5EE99D50F5C03D46DE5D6C0EAAE839B1
SHA1:	A1AB7B2F2DA599B27974AABA49B961AC880A5AA0
SHA-256:	39F3696CA87F9758D5095C68B27F5A70532AAB581A5FA63586F80C6B9DD32BB3
SHA-512:	9456D5BF6F93B3EC6717AEC0CC8F852DFC20F629F2FB44E41BDC174A3DA18E8B04A884FF5DAC6DAC1DBEC45184C82AB7D00F32BCCF746851E73AB43AC647B7D8
Malicious:	false
Preview:	Inno Setup License..==================....Except where otherwise noted, all of the documentation and software included..in the Inno Setup package is copyrighted by Jordan Russell.....Copyright (C) 1997-2013 Jordan Russell. All rights reserved...Portions Copyright (C) 2000-2013 Martijn Laan. All rights reserved.....This software is provided "as-is," without any express or implied warranty...In no event shall the author be held liable for any damages arising from the..use of this software.....Permission is granted to anyone to use this software for any purpose,..including commercial applications, and to alter and redistribute it,..provided that the following conditions are met:....1. All redistributions of source code files must retain all copyright.. notices that are currently in place, and this list of conditions without.. modification.....2. All redistributions in binary form must retain all occurrences of the.. above copyright notice and web site addresses that are currently in

C:\Program Files (x86)\SISTEMA 2.1.1\Licences\is-R3OEN.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1094
Entropy (8bit):	5.141573003881401
Encrypted:	false
SSDEEP:	24:SrDJHcH0ynYgt9qJq1hBE9QHbsUv4ek4/+daoxqmFG:S3J0lYEzBGQHbs5RTLxjFG
MD5:	0F96858D93D7C70B315D973B7F37B16D
SHA1:	F113A062DAC1E8A537CB342AF13C8F63EE9B789C
SHA-256:	263B169BFFAAE6EC9AC2892B54F6E98AE7128A9ED5CB935F03A48190B26622CD
SHA-512:	5C0424BB9738D6BAB52E8EA2E8D62518D3543DC80AD809658B69F16003931A07AD23E4206B930E02F7D1841FE952069BB4AE687CD12458967C7BAAED82BFF406
Malicious:	false
Preview:	The MIT License (MIT)....Copyright (c) 2013 landrix....Permission is hereby granted, free of charge, to any person obtaining a copy of..this software and associated documentation files (the "Software"), to deal in..the Software without restriction, including without limitation the rights to..use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of..the Software, and to permit persons to whom the Software is furnished to do so,..subject to the following conditions:....The above copyright notice and this permission notice shall be included in all..copies or substantial portions of the Software.....THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR..IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS..FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR..COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER..IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FR

C:\Program Files (x86)\SISTEMA 2.1.1\Licences\is-VDT8M.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	29347
Entropy (8bit):	4.95443299666531
Encrypted:	false
SSDEEP:	384:BM+1VliUGgIMIfuGNIfbND0NK33TrEhoxXG6jXDto7AZ1MOqt2nW+n1d3/9iLNW:BM2liUGgH+qnnTpDTtIjAxnv/9iLc
MD5:	74EE47DEAEE4226D385D6EAB27BAF8A8
SHA1:	A386772BE16F8FFCD9868ED0B38BB50D4BD617FC
SHA-256:	550E328477D7D55C67AD5607BB0B522CCD20DB180F94E4738812D0B5C4D2964D
SHA-512:	05B1DC532FBEBFEA8B39AE2BBB3B0D5B36EDEDE1FF61EC0A20EE0CED10AD7C1D257D6A91D6E98C66DB516B7666B507969DD4661BCBF89360468F702569B1A98E
Malicious:	false
Preview:	<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd">.. saved from url=(0039)http://www.mozilla.org/MPL/MPL-1.1.html -->..<HTML lang=en><HEAD><TITLE>Mozilla Public License version 1.1</TITLE>..<META http-equiv=Content-Type content="text/html; charset=windows-1252">..<STYLE type=text/css>.very-strong {...TEXT-TRANSFORM: uppercase..}..DT {...FONT-WEIGHT: bold..}..DD P {...MARGIN: 0px..}..</STYLE>....<META content="MSHTML 6.00.2800.1528" name=GENERATOR></HEAD>..<BODY>..<H1>Mozilla Public License Version 1.1</H1>..<H2 id=section-1>1. Definitions.</H2>..<DL>.. <DT id=section-1.0.1>1.0.1. "Commercial Use" .. <DD>means distribution or otherwise making the Covered Code available to a .. third party. .. <DT id=section-1.1>1.1. "Contributor" .. <DD>means each entity that creates or contributes to the creation of .. Modifications. .. <DT id=section-1.2>1.2. "Contributor Version" .. <DD>means the combination of the O

C:\Program Files (x86)\SISTEMA 2.1.1\OIDDATA.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	158720
Entropy (8bit):	4.809747268460845
Encrypted:	false
SSDEEP:	3072:01psfQOxJgpKwIuF6TYtXCJGSdCxbULRpHd42hC5CjN:01psfQaoUTYtXdE9
MD5:	28EB4651FA622436693187188EFD0C87
SHA1:	544A9A0D8C7DA6CE0DAA9B77B658A0972DC2E88D
SHA-256:	6897F47A67ADC1BDCA1A292B9BD1E788D587A37D5F6B6434A65B7C904C1AF073
SHA-512:	6F5367BEC4C22AC2889428027E55112DC4C7527C805C3F54B22142DE27E30055E6993C0C2CE503254706CCA603097A794147FC00D6064067618AAE5926E38062
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 3%
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....:.f...........!..............................@.......................................@.......................... ..p.......n....P.......................@..H...............................................................$....................text.............................. ..`.itext.............................. ..`.data...H...........................@....bss.....5...............................idata..n...........................@....didata.$...........................@....edata..p.... ......................@..@.rdata..E....0......................@..@.reloc..H....@......................@..B.rsrc........P......................@..@.....................l..............@..@........................................................

C:\Program Files (x86)\SISTEMA 2.1.1\ReadMe_DE.html (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	HTML document, ASCII text, with very long lines (986), with CRLF line terminators
Category:	dropped
Size (bytes):	116387
Entropy (8bit):	4.989683661194532
Encrypted:	false
SSDEEP:	1536:0Mg9eeeaew56hnTsIYAcpaT6o5ZjHgNbk5C/T2dRv2wXFt:G5WnTs2cpaT6o5ZjHsbRThqf
MD5:	E7842F3390A4B7EDAF33E8A18CB07857
SHA1:	D30816DCB2174048E81FDE9E8932D9AF0BA3A8D9
SHA-256:	28421BBE07BE5EB527C805490A72DE666A73E778E4587D8C58FEB099DFAD2F36
SHA-512:	9BDC4F319FD440FC736A324641844A2F51531892545F3B9E7D80446832DF298FAE202ED16613F286493A5587DA93FA0D7AAB5E4F801006D33499BE2CDD35574A
Malicious:	false
Preview:	<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">..<html>..<head>.... ...... .. <title>SISTEMA 2.1.1.2 - ReadMe</title>.. <link href="HelpFormat.css" type="text/css" rel="stylesheet">..</head>......<body style="background-image: url(bg.gif); background-repeat: no-repeat;">......<h2>SISTEMA</h2>......<p>..<b>Sicherheit von Steuerungen an Maschinen</b><br>......<a target="_blank" href="http://www.dguv.de/webcode/d11223">Institut..für Arbeitsschutz..der Deutschen Gesetzlichen Unfallversicherung (IFA)</a>, 2024..</p>......<p align="left"><img src="logo.gif"></p>......<p>Version der Software: <b>2.1.1 Build 2<span style="color: rgb(255, 0, 0);"></span></b><br>......Version der Norm: <b>ISO 13849-1:2015, ISO 13849-2:2012<br>......</b>Version der VDMA Datenbasis: <span style="font-weight: bold;">VDMA 66413 1.0.0<br>......</span></p>......<p><span style="font-weight: bold;"></span><a href="http://www.dguv.de/webcode.jsp?q=d18471" target="_blank">Informationen..zur Norm</

C:\Program Files (x86)\SISTEMA 2.1.1\ReadMe_EN.html (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	HTML document, ASCII text, with very long lines (988), with CRLF line terminators
Category:	dropped
Size (bytes):	85360
Entropy (8bit):	4.932987975686221
Encrypted:	false
SSDEEP:	1536:YVAe2eHelelUfYy/vhQ+7cGzkK+Ba4MnhkjWjrlCkW4fl2B:+UfYy/vq0pzkKA2MWjrMkW4t2B
MD5:	EDE5516A1C94BA601934028BDADB84DC
SHA1:	1B7489592306A25DFFC2DF2143582BAEABCB09B1
SHA-256:	A201EF34FBF0A10E58D3CA9B8FD3082F2F4349F13D9C651F9E60A2540939BAEF
SHA-512:	5D315D214A87B70AEC0601A6E6F0AEE92D2992E49129D00158A2FD7A047BFA36AB129DAD1FF2E1ED0353992A5DFF7989EA8A5C9D6F99976C2CBFFBB428CF85D6
Malicious:	false
Preview:	<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">..<html>..<head>.. <title>SISTEMA 2.1.1.2 - ReadMe</title>...... <link rel="stylesheet" type="text/css" href="HelpFormat.css">....</head>......<body style="background-image: url(bg.gif); background-repeat: no-repeat;">....<h2>SISTEMA</h2>....<p>..Safety Integrity Software Tool for the Evaluation of Machine..Applications<br>....<a href="http://www.dguv.de/webcode/e34183" target="_blank">Institute..for Occupational Safety and Health..of the German Social..Accident Insurance (IFA)</a>, 2024</p>....<p align="left"><img src="logo.gif"></p>....<p>..Version of software: <b>2.1.1 Build 2</b><br>....Version of standard: <b>ISO 13849-1:2015, ISO..13849-2:2012</b><br>....Version of VDMA database: <span style="font-weight: bold;">VDMA..66413 1.0.0</span></p>....<p><a href="http://www.dguv.de/webcode.jsp?q=e89507" target="_blank">Information..about the standard</a>..</p>....<h4>About SISTEMA</h4>....<p>..The <b>SISTEMA</b> softwa

C:\Program Files (x86)\SISTEMA 2.1.1\ReadMe_ES.html (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	HTML document, ASCII text, with very long lines (1093), with CRLF line terminators
Category:	dropped
Size (bytes):	85590
Entropy (8bit):	4.954198555856996
Encrypted:	false
SSDEEP:	1536:ajieQeoeMeHelejPUfYy/vhQ+7cGzkK+Ba4MnhkjWjrlCkW4fl/H:O7UfYy/vq0pzkKA2MWjrMkW4t/H
MD5:	D80C2F65A8170D0438050ECDF428E590
SHA1:	071BE8171FFC1A4B5FADBB42A8A3CE22CE330EF9
SHA-256:	9B6811BF0350E9B62AC7E607E4A91F89CB04E6B30AAF82A04A849D096F70CC7B
SHA-512:	23666BE9220DB3A89B2F6D7C24ABDC21D061248F3EFD80C25FECF0912DE23C764D86EA060C119289DCF585BE499D6A893C79D6093FC5883E8E033A4C0D4A9FA9
Malicious:	false
Preview:	<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">..<html>..<head>.. <title>SISTEMA 2.1.1.2 - ReadMe</title>...... <link rel="stylesheet" type="text/css" href="HelpFormat.css">....</head>......<body style="background-image: url(bg.gif); background-repeat: no-repeat;">....<h2>SISTEMA</h2>....<p>..Seguridad para mandos de maquinaría <br>....<a href="http://www.dguv.de/webcode/e34183" target="_blank">Instituto..para la seguridad y la sanidad..laboral (IFA)</a>, 2024</p>....<p align="left"><img src="logo.gif"></p>....<p>..Versión del soorte lógico (Software): <b>2.1.1..Build 2</b><b><span style="color: rgb(255, 0, 0);"></span></b><br>....Versión de la Norma : <b>ISO 13849-1:2015, ISO..13849-2:2012<br>....</b>..Version of VDMA database: <span style="font-weight: bold;">VDMA..66413 1.0.0</span></p>....<p><span style="font-weight: bold;"></span><a href="http://www.dguv.de/webcode.jsp?q=e89507" target="_blank">Information..about the standard

C:\Program Files (x86)\SISTEMA 2.1.1\ReadMe_FI.html (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	HTML document, ASCII text, with very long lines (988), with CRLF line terminators
Category:	dropped
Size (bytes):	86302
Entropy (8bit):	4.952605230933474
Encrypted:	false
SSDEEP:	1536:mOFjeYleHelezUfYy/vhQ+7cGzkK+Ba4MnhkjWjrlCkW4fl/H:mAMUfYy/vq0pzkKA2MWjrMkW4t/H
MD5:	101439185425F718DD5CB0EBA7858C5B
SHA1:	B7EC418B04B2C409C73E8A72BFBF678262D708D5
SHA-256:	96C16858A0596173D5FCD3D69B8152F0F4B5873E61C156968EE6F5A89A15D3CE
SHA-512:	1D24A2D61EBA672DEF196C1C1604635A4637722142D3A0BBAFC39A7CA7B34B982A22D6485441AE101C7CDE91DF042ACFE6FA4BDDB37D48752651750A67926997
Malicious:	false
Preview:	<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">..<html>..<head>.. <title>SISTEMA 2.1.1.2 - ReadMe</title>...... <link rel="stylesheet" type="text/css" href="HelpFormat.css">....</head>......<body style="background-image: url(bg.gif); background-repeat: no-repeat;">....<h2>SISTEMA</h2>....<p>Ohjelmistotyökalu turvallisuuden eheyden arviointiin..konesovelluksissa<br>....<a href="http://www.dguv.de/webcode/e34183" target="_blank">IFA..on..Saksan sosiaalisen..tapaturmavakuutuksen työterveyden..ja työturvallisuuden laitos</a>, 2024</p>....<p align="left"><img src="logo.gif"></p>....<p>Ohjelmistoversio: <b>2.1.1 Build 2</b><b><span style="color: rgb(255, 0, 0);"></span></b><br>....Standardiversio: <b>ISO 13849-1:2015, ISO..13849-2:2012<br>....</b>Version of VDMA database: <span style="font-weight: bold;">VDMA..66413 1.0.0</span></p>....<p><span style="font-weight: bold;"></span><a href="http://www.dguv.de/webcode.jsp?q=e89507" target="_blank">T

C:\Program Files (x86)\SISTEMA 2.1.1\ReadMe_FR.html (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	HTML document, ASCII text, with very long lines (988), with CRLF line terminators
Category:	dropped
Size (bytes):	87116
Entropy (8bit):	4.942556734561936
Encrypted:	false
SSDEEP:	1536:IBn8eieHeleCUfYy/vhQ+7cGzkK+Ba4MnhkjWjrlCkW4fl/H:aKUfYy/vq0pzkKA2MWjrMkW4t/H
MD5:	B33E32E9B698B5F00D19BFB1CBA6B72B
SHA1:	4B043E4C5AAEF41F0DC7D039BC891FE6ECD1D5D3
SHA-256:	E6046C162730405D1A8FDDDC07F8C17AEC4F70C6A1664BFD8FC5102DD4B86E31
SHA-512:	68FDAF5DAB524010D26A01DCCE7EA98332416FA1C7903911492B5E3620C418D30EE885A94ABE6DAE57D99080C2ADFD81EE933F3E964B14692BEB915D6C46B843
Malicious:	false
Preview:	<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">..<html>..<head>.. <title>SISTEMA 2.1.1.2 - ReadMe</title>...... <link rel="stylesheet" href="HelpFormat.css" type="text/css">....</head>......<body style="background-image: url(bg.gif); background-repeat: no-repeat;">....<h2> SISTEMA</h2>....<p> Safety Integrity Software Tool for the Evaluation of Machine..Applications<br>....<a href="http://www.dguv.de/webcode/e34183" target="_blank">Institute..for Occupational Safety and Health..of the German Social Accident Insurance (IFA)</a>, 2024..</p>....<p style="text-align: left;" align="left"> <img src="logo.gif" border="0" hspace="0" vspace="0"></p>....<p> Version du logiciel: <b>2.1.1 Build 2</b><b><span style="color: rgb(255, 0, 0);"></span></b><br>....Version de la norme: <b>ISO 13849-1:2015, ISO..13849-2:2012<br>....</b>Version of VDMA database: <span style="font-weight: bold;">VDMA..66413 1.0.0</span></p>....<p><span style="font-weight: bold;"></span><a hre

C:\Program Files (x86)\SISTEMA 2.1.1\ReadMe_IT.html (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	HTML document, ASCII text, with very long lines (988), with CRLF line terminators
Category:	dropped
Size (bytes):	86545
Entropy (8bit):	4.939112137899523
Encrypted:	false
SSDEEP:	1536:k/veHeHelelUfYy/vhQ+7cGzkK+Ba4MnhkjWjrlCkW4fl/H:kNUfYy/vq0pzkKA2MWjrMkW4t/H
MD5:	496C204D3C09E09A9B61A00B4DBC5BD2
SHA1:	7D51C34795555BA86B5C60BF06A3AE02FB25ED89
SHA-256:	C3960CB7F146981957D2496269DA7734CA9B10FCA903D59285F67BF616AED4F9
SHA-512:	B6A8CFD84F6B646EF68993E4EE3A96D973EB52875CE5B1B7F596FE58A9DA1AF48A54C6E1B56DA3B5B0CC7B27E68B77A08BEC21507FC09352608921C38441A8F4
Malicious:	false
Preview:	<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">..<html>..<head>.. <title>SISTEMA 2.1.1.2 - ReadMe</title>...... <link rel="stylesheet" type="text/css" href="HelpFormat.css">....</head>......<body style="background-image: url(bg.gif); background-repeat: no-repeat;">....<h2>SISTEMA</h2>....<p>Software relativo all'Integrità della Sicurezza per..la Valutazione di Applicazioni sulle Macchine<br>....<a href="http://www.dguv.de/webcode/e34183" target="_blank">Istituto..per la Salute e la Sicurezza sul..Lavoro dell'Assicurazione per gli Incidenti sul Lavoro in Germania (IFA)</a>,..2024</p>....<p align="left"><img src="logo.gif"></p>....<p>Versione del software: <b>2.1.1 Build 2</b><b><span style="color: rgb(255, 0, 0);"></span></b><br>....Versione della norma: <b>ISO 13849-1:2015, ISO..13849-2:2012<br>....</b>Version of VDMA database: <span style="font-weight: bold;">VDMA..66413 1.0.0<br>....</span></p>....<p><span style="font-weight: bold;"></span><a href="

C:\Program Files (x86)\SISTEMA 2.1.1\ReadMe_JP.html (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	HTML document, ASCII text, with very long lines (988), with CRLF line terminators
Category:	dropped
Size (bytes):	85392
Entropy (8bit):	4.933474446024505
Encrypted:	false
SSDEEP:	1536:sVAe2eHeleDUfYy/vhQ+7cGzkK+Ba4MnhkjWjrlCkW4fl/H:6UfYy/vq0pzkKA2MWjrMkW4t/H
MD5:	C430492C134FB935CAC5BE65E4FBBA87
SHA1:	EFC7E9B99D1283A08FFF7BCA2ED1FF0F512B97CF
SHA-256:	F5ED6D9E065610A7D7B04DB5F625A211D40C4D541011CD760B85BE9486C0517E
SHA-512:	79363B6BA6C31851119B6FFEA4ED296B12D7CD6B46B076DE43B33D45C931B2F92D85DBB5B714BAC42E94DE66A47CD2AA21F45C08935E26E778743C78244B9C2C
Malicious:	false
Preview:	<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">..<html>..<head>.. <title>SISTEMA 2.1.1.2 - ReadMe</title>...... <link rel="stylesheet" type="text/css" href="HelpFormat.css">....</head>......<body style="background-image: url(bg.gif); background-repeat: no-repeat;">....<h2>SISTEMA</h2>....<p>..Safety Integrity Software Tool for the Evaluation of Machine..Applications<br>....<a href="http://www.dguv.de/webcode/e34183" target="_blank">Institute..for Occupational Safety and Health..of the German Social..Accident Insurance (IFA)</a>, 2024</p>....<p align="left"><img src="logo.gif"></p>....<p>..Version of software: <b>2.1.1 Build 2</b><b><span style="color: rgb(255, 0, 0);"></span></b><br>....Version of standard: <b>ISO 13849-1:2015, ISO..13849-2:2012</b><br>....Version of VDMA database: <span style="font-weight: bold;">VDMA..66413 1.0.0</span></p>....<p><a href="http://www.dguv.de/webcode.jsp?q=e89507" target="_blank">Information..about the standard</a>..</p>....<h4>A

C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	22726656
Entropy (8bit):	6.342895048986617
Encrypted:	false
SSDEEP:	393216:D2I/jv+43IjeivpUiTunNM/oIPQEEWFMu:qmYXAC
MD5:	9539E734CC3C8A2A935ACFD28CC08B31
SHA1:	2CF3FD9F3CFF784CF7C97B7B58531253ED460632
SHA-256:	09F388DB7E634A3430B660F60A2BFE38CFEE979836C84FDC0FFC3C6FD9D2F801
SHA-512:	7D7F55C6D9078F5292766FB71DF02B2AC4FC79CC1330889880F0CF0DBB8FDE0394D1F1DD96214A2B0496D498D5A5606A4AE9489619108605678D108C333F5BF3
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....N'f.................J...z.......[.......p....@...........................].......[...@......@...........................`.......p...nw..................0...7........................... ...........................3...........................text............................... ..`.itext...v.......x.................. ..`.data....<...p...>...N..............@....bss....`................................idata.......`......................@....didata.............................@....edata..............................@..@.tls....8................................rdata..].... ......................@..@.reloc...7...0...8... ..............@..B.rsrc....nw..p...pw..X..............@..@..............P.......M.............@..@................

C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA_Cookbooks.url (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	MS Windows 95 Internet shortcut text (URL=<http://www.dguv.de/webcode/e109249>), ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	269
Entropy (8bit):	5.4006883807253425
Encrypted:	false
SSDEEP:	6:HRYFVm/r4vvXCRcOKbAmKLA0iEz2Yu4oTZiAs8lvsh4r54vVG/4xB:HRYFVmYXOKb5KL9i/404A0h4uVW4xB
MD5:	A2E82B12F1000F17AF168B170A70050F
SHA1:	508633BF009C2287B173B962A837DB91766FEEA7
SHA-256:	6215D9EE5E6B67B85ED1A56A9C20401974706D2846AB3A771140FC387767BD61
SHA-512:	B28E61C935DC77C1654FDCB3214231F70767EA27425D1DABE2FD520296E32489348E9A5934971E8A7CDB91AE1DB388FC646671B568C8259A7FA202566340F083
Malicious:	false
Preview:	[InternetShortcut]..URL=http://www.dguv.de/webcode/e109249..IconFile=C:\Dokumente und Einstellungen\Lungfiel.Andy\Eigene Dateien\Borland Studio Projects\1_1_3_v2\bin\SISTEMA_WEB.ICO..HotKey=0..IconIndex=0..IDList=..[{000214A0-0000-0000-C000-000000000046}]..Prop3=19,2..

C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA_Help_DE.chm (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	MS Windows HtmlHelp Data
Category:	dropped
Size (bytes):	1206431
Entropy (8bit):	7.992728155621692
Encrypted:	true
SSDEEP:	24576:q9kyrFFrWlOqYCVmyYM1HyGYPZagpMqzMzrvHjtkF8W3GxGkJb:q/DrWs+mC6agpMq+rvjtkFN3gzb
MD5:	3A1B011C353980727C2E76B37C408C81
SHA1:	2A61B8847985D132E4DD60772ADC43A53E7AF0EE
SHA-256:	6610EAEAAAD55B497EB9C9CD66AE747D505C113AA5644369C82A5C4E77B81CD9
SHA-512:	1216F31EF9021B2423E34858DCCDA7DC21BE9202EE88D0AC9B9A767D0F8796EE462E04407BD5A1F8103875AE096A228C95DDD45C1AC3F17F3E58DEF1597CBCE4
Malicious:	false
Preview:	ITSF....`.........b1.......\|.{.......".....\|.{......."..`...............x.......T0.......0...............h..............ITSP....T...........................................j..].!......."..T...............PMGLT................/..../#IDXHDR..].../#ITBITS..../#IVB...D.\./#STRINGS....\|./#SYSTEM..~.I./#TOPICS..].0./#URLSTR.....o./#URLTBL......./#WINDOWS...4.../$FIftiMain...{..b./$OBJINST..`.../$WWAssociativeLinks/..../$WWAssociativeLinks/Property..\../$WWKeywordLinks/..../$WWKeywordLinks/BTree... .L./$WWKeywordLinks/Data..l.>./$WWKeywordLinks/Map..*../$WWKeywordLinks/Property..< ./FHFlyoverPopups.js...c.F./FHFlyoverPopupStyle.css...).+./FHUtilities.js...$.../IDH_ActionNewBL.html..u.Z./IDH_ActionNewCP.html..O.^./IDH_ActionNewEL.html...-.\./IDH_ActionNewPR.html.....\./IDH_ActionNewSF.html...e.g./IDH_BL.html....../IDH_Cat.html.. ././IDH_CCF.html..y.'./IDH_CH.html...$.../IDH_CP.html..W.M./IDH_DC.html.../.J./IDH_DesArch.html...O.B./IDH_EditBL.html....../IDH_EditCH.html...4.E./IDH_

C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA_Help_EN.chm (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	MS Windows HtmlHelp Data
Category:	dropped
Size (bytes):	669414
Entropy (8bit):	7.9816571155157545
Encrypted:	false
SSDEEP:	12288:42egjCuRU5GzYt3XfkjUV4R5tUd43mnN//puPT5ONNqzW3SjDIDH7f:42HjPUcklXMQuC43mnxpuK33Sv2
MD5:	27CDACC0D62C28E326F52CF8716F37F7
SHA1:	5CA5661F3A930668272799DC5E5D342768BD0FCA
SHA-256:	AFC42BB0EF450C0DB49498A12FDC3CC129CE589F4E91C09B37A01C499D54DE61
SHA-512:	DBA72179B2C29EF69FE0D8F8A2459EDDF3029AE113DF976ADCDE79F8D51C9A24B27A2B6CDF8F17FD671B9A84DAD2B3B267A20C17F128339D0D1ACD2ACE6673B4
Malicious:	false
Preview:	ITSF....`........$.~.......\|.{.......".....\|.{......."..`...............x.......T0.......0...............6..............ITSP....T...........................................j..].!......."..T...............PMGLG................/..../#IDXHDR....../#ITBITS..../#IVB...$.\./#STRINGS..'.../#SYSTEM..^.H./#TOPICS.....0./#URLSTR...8.o./#URLTBL...4.../#WINDOWS......./$FIftiMain..[..)./$OBJINST..@.../$WWAssociativeLinks/..../$WWAssociativeLinks/Property..<../$WWKeywordLinks/..../$WWKeywordLinks/BTree.....L./$WWKeywordLinks/Data..L.>./$WWKeywordLinks/Map...../$WWKeywordLinks/Property... ./FHFlyoverPopups.js...>.F./FHFlyoverPopupStyle.css.....+./FHUtilities.js......./IDH_ActionNewBL.html..._.M./IDH_ActionNewCP.html...,.P./IDH_ActionNewEL.html...\|.N./IDH_ActionNewPR.html...J.@./IDH_ActionNewSF.html.....<./IDH_BL.html.....h./IDH_Cat.html...:.w./IDH_CCF.html...2.../IDH_CH.html...m.9./IDH_CP.html...I.$./IDH_DC.html...\|.6./IDH_DesArch.html...1.,./IDH_EditBL.html...M.../IDH_EditCH.html.....m./IDH_

C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA_Help_ES.chm (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	MS Windows HtmlHelp Data
Category:	dropped
Size (bytes):	1136058
Entropy (8bit):	7.992082252004994
Encrypted:	true
SSDEEP:	24576:aJrXbjbTgNXAxj7Oj+A2jBVo7foyq1l3hr9d+dsy9D+E3:k3gWoi1jBVRyq1BrLqD+E3
MD5:	5086964C3A5D03937C02B80383A80253
SHA1:	C6D0F2E240562411FA608FE0184E84CE87D6CB8C
SHA-256:	3F99316538130EB7A52668F1064CDA680F5E41C7BCDD4D9DD5222731DE7C5B04
SHA-512:	CF1D3F5F1895F11C6ABCF0317951701112E83281D920EA77602E9C9C075B3317F49B1087AA2B895815BE3601ED6DC6BA2BCCF12E1D08A40D16884C6D9A7AD333
Malicious:	false
Preview:	ITSF....`.......p..........\|.{.......".....\|.{......."..`...............x.......T0.......0...............U..............ITSP....T...........................................j..].!......."..T...............PMGLZ................/..../#IDXHDR...A.../#ITBITS..../#IVB..k.../#STRINGS..".../#SYSTEM..6.\./#TOPICS..A.0./#URLSTR..u.-./#URLTBL..q.../$FIftiMain...*..../$OBJINST....../$WWAssociativeLinks/..../$WWAssociativeLinks/Property...../$WWKeywordLinks/..../$WWKeywordLinks/Property...../Basics/..../Basics/BL.htm...a.x./Basics/Cat.htm...Y.s./Basics/CCF.htm...L.e./Basics/CH.htm...1.[./Basics/CP.htm.....x./Basics/DC.htm.....y./Basics/DesArch.htm...}.9./Basics/EL.htm...6.v./Basics/Elements.htm...,.../Basics/MissionTime.htm.....=./Basics/MTTFd.htm...k.{./Basics/PL.htm...f.T./Basics/PLr.htm...:.(./Basics/PR.htm...b.k./Basics/SF.htm...M.U./Basics/State.htm...".o./Basics/TE.htm.....m./CSS/..../CSS/HelpFormat.css.....i./GUI/..../GUI/ActionNewBL.htm...~.Q./GUI/ActionNewCP.htm...O.W./GUI/ActionNe

C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA_Help_FI.chm (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	MS Windows HtmlHelp Data
Category:	dropped
Size (bytes):	527904
Entropy (8bit):	7.97297568828217
Encrypted:	false
SSDEEP:	12288:nCCxVyuKsC79GuU2XSdNSA3knS9Kf6H6nmyhiTJkDk:z7yuKxUT2CH10S9MmQOJIk
MD5:	5F0BEFED5EE0D5504ECC639DE701D862
SHA1:	9AE058D1E0ED8908DB2DDBF2209DF5ACBDEE6C2D
SHA-256:	E7E5822E65C42F6587643938DDD1DA7A6766621CBBB4AC1ADE57D3E0DA942785
SHA-512:	C6B037B942A9E46FC4FBBB900AD585B32D98AFEE4D2C16916DB4E6CB7B6E4E7A2769591445E17697F635A13D7D42B3E3661A0666816B20FA13AAC5125F74EC89
Malicious:	false
Preview:	ITSF....`.......8.........\|.{.......".....\|.{......."..`...............x.......T0.......0.............. ...............ITSP....T...........................................j..].!......."..T...............PMGLN................/..../#IDXHDR...=.../#ITBITS..../#IVB......./#STRINGS.....G./#SYSTEM....V./#TOPICS...=.0./#URLSTR...q.-./#URLTBL...m.../$FIftiMain...8..../$OBJINST......./$WWAssociativeLinks/..../$WWAssociativeLinks/Property....../$WWKeywordLinks/..../$WWKeywordLinks/BTree.....L./$WWKeywordLinks/Data...j.}./$WWKeywordLinks/Map...g../$WWKeywordLinks/Property...y ./Basics/..../Basics/bg.gif...&.j./Basics/BL.htm...A. ./Basics/Cat.htm...a.P./Basics/CCF.htm...W.\|./Basics/CH.htm...1.../Basics/CP.htm...P.Z./Basics/DC.htm...L.i./Basics/DesArch.htm...*.../Basics/EL.htm...:.%./Basics/Elements.htm..._.T./Basics/green_new.ico.....~./Basics/HelpFormat.css...!.i./Basics/MissionTime.htm...F.../Basics/MTTFd.htm...M.../Basics/PL.htm...S.y./Basics/PLr.htm...5.N./Basics/PR.htm...3.h./Basics/red_new.

C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA_Help_FR.chm (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	MS Windows HtmlHelp Data
Category:	dropped
Size (bytes):	1137636
Entropy (8bit):	7.992115815327648
Encrypted:	true
SSDEEP:	24576:uL7IyEuhSWMtz+/FmyybqeU2sWK0zp2ylP6+kpPPP+q5m4Vjy:4IyEMjMtz+Nxyb580zxBCGq5m7
MD5:	E671E26E890DD7186CDA976B76E0E461
SHA1:	61E8BC959B5ED0699A2C66B54C8763A8A587807B
SHA-256:	7333A209FDF949BD3ECDA6228B61419A4D5DEEDF33B0C94784F3693166EBB90D
SHA-512:	A6D567B918CA629F019B0B479678DDDCF4ADE887FF97EF2FD625DEAABEF61B180CFBD66D7A47BB249E77106ABADAC945A416AFCC3FA9EC4FDCDBDB0CC8044B01
Malicious:	false
Preview:	ITSF....`........]*}.......\|.{.......".....\|.{......."..`...............x.......T0.......0...............[..............ITSP....T...........................................j..].!......."..T...............PMGLN................/..../#IDXHDR...1.../#ITBITS..../#IVB..n.../#STRINGS......./#SYSTEM..>.b./#TOPICS..1.0./#URLSTR..e.-./#URLTBL..a.../$FIftiMain...$..../$OBJINST......./$WWAssociativeLinks/..../$WWAssociativeLinks/Property....../$WWKeywordLinks/..../$WWKeywordLinks/BTree....L./$WWKeywordLinks/Data...V.}./$WWKeywordLinks/Map...S../$WWKeywordLinks/Property...e ./Basics/..../Basics/BL.htm.....x./Basics/Cat.htm.....s./Basics/CCF.htm...\|.e./Basics/CH.htm...a.[./Basics/CP.htm...<.x./Basics/DC.htm...4.y./Basics/DesArch.htm...-.9./Basics/EL.htm...f.v./Basics/Elements.htm...\.../Basics/MissionTime.htm...^.=./Basics/MTTFd.htm.....{./Basics/PL.htm.....T./Basics/PLr.htm...j.(./Basics/PR.htm.....k./Basics/SF.htm...}.U./Basics/State.htm...R.o./Basics/TE.htm...A.../CSS/..../CSS/HelpFormat.css

C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA_Help_IT.chm (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	MS Windows HtmlHelp Data
Category:	dropped
Size (bytes):	1697950
Entropy (8bit):	7.994307840828763
Encrypted:	true
SSDEEP:	24576:NpnMhdMZKiuh7OlpCXG1xGSUV/EbxyNH5pnMhdMZKiuh7OlpCXG1xGSUV/EbxyNv:XnMhd9HOzR109nMhd9HOzR1022
MD5:	D428BEB9509C0C593EB8937A2618EBA8
SHA1:	7E63B74E86190AD28F41E49026930458008457B6
SHA-256:	05573CCA78FAC4978AC69690C754AC5A8BB7B94EBC80820DE48563EC13728E96
SHA-512:	AFC6A0EB5FE5E85BC9BCB6A917D1B14048AD132149CDC8AC118522878C0A6641B153DA24A0FE31876168B35C40369FCC57D4BF600DCDE67CAAD3215D88F93C35
Malicious:	false
Preview:	ITSF....`.......i..........\|.{.......".....\|.{......."..R1......H.......x.......T0.......0..............P...............ITSP....T...........................................j..].!......."..T...............PMGLO................/..../#IDXHDR...'.../#ITBITS..../#IVB....../#STRINGS...b.../#SYSTEM...t.^./#TOPICS..2.0./#URLSTR...[.-./#URLTBL...W.../$FIftiMain...F..a./$OBJINST...+.../$WWAssociativeLinks/..../$WWAssociativeLinks/Property...'../$WWKeywordLinks/..../$WWKeywordLinks/BTree..,.L./$WWKeywordLinks/Data...x.}./$WWKeywordLinks/Map...u../$WWKeywordLinks/Property.... ./Basics/..../Basics/BL.htm....#./Basics/Cat.htm...u.../Basics/CCF.htm...2.Q./Basics/CH.htm.....8./Basics/CP.htm..z.>./Basics/DC.htm..../Basics/DesArch.htm..N.9./Basics/EL.htm..7././Basics/Elements.htm..k.n./Basics/MissionTime.htm..r.8./Basics/MTTFd.htm...X.<./Basics/PL.htm..K././Basics/PLr.htm...O.../Basics/PR.htm...7.c./Basics/SF.htm....`./Basics/State.htm..f.../Basics/TE.htm...N.h./CSS/..../CSS/HelpFormat.cs

C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA_Help_JP.chm (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	MS Windows HtmlHelp Data
Category:	dropped
Size (bytes):	1137636
Entropy (8bit):	7.992115815327648
Encrypted:	true
SSDEEP:	24576:uL7IyEuhSWMtz+/FmyybqeU2sWK0zp2ylP6+kpPPP+q5m4Vjy:4IyEMjMtz+Nxyb580zxBCGq5m7
MD5:	E671E26E890DD7186CDA976B76E0E461
SHA1:	61E8BC959B5ED0699A2C66B54C8763A8A587807B
SHA-256:	7333A209FDF949BD3ECDA6228B61419A4D5DEEDF33B0C94784F3693166EBB90D
SHA-512:	A6D567B918CA629F019B0B479678DDDCF4ADE887FF97EF2FD625DEAABEF61B180CFBD66D7A47BB249E77106ABADAC945A416AFCC3FA9EC4FDCDBDB0CC8044B01
Malicious:	false
Preview:	ITSF....`........]*}.......\|.{.......".....\|.{......."..`...............x.......T0.......0...............[..............ITSP....T...........................................j..].!......."..T...............PMGLN................/..../#IDXHDR...1.../#ITBITS..../#IVB..n.../#STRINGS......./#SYSTEM..>.b./#TOPICS..1.0./#URLSTR..e.-./#URLTBL..a.../$FIftiMain...$..../$OBJINST......./$WWAssociativeLinks/..../$WWAssociativeLinks/Property....../$WWKeywordLinks/..../$WWKeywordLinks/BTree....L./$WWKeywordLinks/Data...V.}./$WWKeywordLinks/Map...S../$WWKeywordLinks/Property...e ./Basics/..../Basics/BL.htm.....x./Basics/Cat.htm.....s./Basics/CCF.htm...\|.e./Basics/CH.htm...a.[./Basics/CP.htm...<.x./Basics/DC.htm...4.y./Basics/DesArch.htm...-.9./Basics/EL.htm...f.v./Basics/Elements.htm...\.../Basics/MissionTime.htm...^.=./Basics/MTTFd.htm.....{./Basics/PL.htm.....T./Basics/PLr.htm...j.(./Basics/PR.htm.....k./Basics/SF.htm...}.U./Basics/State.htm...R.o./Basics/TE.htm...A.../CSS/..../CSS/HelpFormat.css

C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA_LIB.ico (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	MS Windows icon resource - 2 icons, 32x32, 16x16
Category:	dropped
Size (bytes):	4150
Entropy (8bit):	4.5969098600269
Encrypted:	false
SSDEEP:	96:aHRfPyPcwvqihBHS7flPfP04AZR3W4XXT:aHRnc/5Rmi
MD5:	5D6CCCBEADE9834C711C7961E0AD6DF3
SHA1:	E6ED37E62A62513BA4CCAB61A3ACDFC0B300E876
SHA-256:	36906E68EB60316AAB3FB8CB05812E50C891EC4C6C14B4C86DFE86E6E484C27A
SHA-512:	E3D07007D185CA4A4CA8F0CC08DBA8E0F9A8151B067EB0606C21ADEC80919333902CAB9D663D926581AC75003E313E696766483098D701B456571FA4385E23E8
Malicious:	false
Preview:	...... ..........&...........h.......(... ...@..............................................................................................................................................................................................................................................0..0..0..0......................................................d..d..d..d..d..d..........0..0........x..x..0..0................................................d.g.gg.gD.DD.D.d.......c..............s.......x..0...............................................~.~~.~~.~g.g.........c..............p........J............................................e.h.................c..............x........F.....................d..d..d..d..d..d.......w.y........>.Q......c.................x..x....M.....................d.g.gg.gD.DD.D.d.......w.y........>.Q......c.........................N...d..d..d..d........s.~.~~.~g.gg.g..........D..X..G.T.T.D.......c.....................C..g.gD.DD.D.d...........

C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA_PR.ico (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	MS Windows icon resource - 2 icons, 32x32, 16x16
Category:	dropped
Size (bytes):	4150
Entropy (8bit):	4.576991219107238
Encrypted:	false
SSDEEP:	48:fO4DeB5NPPZPP0wvqihBN1S9ZflPfPs12HkGUW4XXR:7WNPxPcwvqihBHS7flPfP+GUW4XXR
MD5:	12116FD1B66CD34DD3A77EA413CF874C
SHA1:	335A3236FD2FA7042409F869411955CB339BB6B3
SHA-256:	FEEAC0E7D4074882AD2CB18AEBD6781C29979F2846D72F65508768C42A23B091
SHA-512:	41032EF16166E5E505EBF1862685D95801EBF481F2E4F2004BCF46AFB3415AB1635010A76C4DE51BCD5945CA2090C232C021375703467FCCAD96EBADDD0CB855
Malicious:	false
Preview:	...... ..........&...........h.......(... ...@..............................................................................................................................................................................................................................................................................................................d..d..d..d..d..d.......................................................................d.g.gg.gD.DD.D.d................................................................................~.~~.~~.~g.g...............................................................................e.h................................................................d..d..d..d..d..d.......w.y........>.Q.....................................................d.g.gg.gD.DD.D.d.......w.y........>.Q...................................d..d..d..d........s.~.~~.~g.gg.g..........D..X..G.T.T.D...................................g.gD.DD.D.d...........

C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA_WEB.ICO (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	MS Windows icon resource - 2 icons, 32x32, 16x16
Category:	dropped
Size (bytes):	4150
Entropy (8bit):	5.170530408358049
Encrypted:	false
SSDEEP:	96:AYdtX9RBmPyPcwvqihBHS7flPfP57QxOW4XXl:jdtX9RB4cUKQ
MD5:	6A3174A6772B2D87F96E83B118F62649
SHA1:	4FFB5FC7366891944952A74E2F182EAAD286D8D1
SHA-256:	E67977E855840296F9181A38F82EAD834FA44EDECA2BC6972C649B027039E957
SHA-512:	E960E6F6FA37E11E8B7E9DBD3985F0341975B7E455842BEA8797712316628B8FD079C753C5A65F050EF23FD6916FE6D14F9EF96FC27C02C253CAB35A32F44CE5
Malicious:	false
Preview:	...... ..........&...........h.......(... ...@.............................................bio>@W.[l,kc({k=..z........................................................................riNLU.Pl.f./s.5..5..D..R.qV..................................................................SBeF.Oj.Y.$`.-`.-g.1..F..5.oC.r_........................................d..d..d..d..d..d.....mS.B.a-\..I..[.b..z.?..N.q#.l.jL..x.....................................d.g.gg.gD.DD.D.d...pA%.A...Ag.-i.>y.K..\..R.w...I.[.~.kM.......................................~.~~.~~.~g.g....lV\|I).J".d ..M..J..e..X.z7.f/.l5.t@.g7.f<..}.................................e.h............^F.V2.^/.f%.l..s..u#.z4.u9.{>.l#..9v.<fj/.mJ..........d..d..d..d..d..d.......w.y........>.QzW=.`3.p2..:.O.Q.^.T.X..8{.-..Zg.JQt4qeC..........d.g.gg.gD.DD.D.d.......w.y........>.Q.iMw\#rp.w{...8..\..~.o.T..Cx.2...w.qM.Iw}^.d........s.~.~~.~g.gg.g..........D..X..G.T.T.D...orq4u.7..W.......r.u.^.P..E..z..L.O....d...........

C:\Program Files (x86)\SISTEMA 2.1.1\SSM_Network-Library-List_Examplefile.txt (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1035
Entropy (8bit):	5.096840469859322
Encrypted:	false
SSDEEP:	24:yPa7DSKH5uk5uF5uuCuuIzugWjupjcwx2EALZEgL8u+f:TDSCV0jfr/ACuZ8f
MD5:	0DA7A5B800B27ECF7FEF8FCED4D4566B
SHA1:	221E7FBA25CB0F5EF97CCA03DC70DDF4BE0981E7
SHA-256:	92A7A64EFA5CC7A8A4D2C73E67BA590DFB367C3866C33C59820C4A82F3DDFB80
SHA-512:	CC71A1B51C3F49D0901DBB4F0E26A3EB9270FEB64D6C83BF4A600F705492160E3322461418B9060A36FE3AEF6F1C99315A30F6ABBF8ACD003D86ED0372AE5F0E
Malicious:	false
Preview:	#Example of a list of SISTEMA databases, which are located on a (or several) firebird database server(s)...########################################################################################################....#Hostname (as IP adresse):DBName (as an fully qualified filename of a SISTEMA database)....192.168.1.10:C:\SSM-Databases\ManufacturerXYa-SSM-DB.slb..192.168.1.10:C:\SSM-Databases\ManufacturerXYb-SSM-DB.slb..192.168.1.10:C:\SSM-Databases\ManufacturerXYc-SSM-DB.slb..192.168.1.11:C:\SSM-Databases\ManufacturerXYd-SSM-DB.slb..192.168.1.12:C:\SSM-Databases\ManufacturerXYe-SSM-DB.slb..192.168.1.13:C:\SSM-Databases\ManufacturerXYf-SSM-DB.slb......#Hostname:DBName (DB name as an ALIAS, is configured in 'Firebird_1_5\aliases.conf')..# - Examples of an ALIAS in 'aliases.conf':..# ManufacturerXYa = C:\SSM-Databases\ManufacturerXYa-SSM-DB.slb ....DBServerXY1:ManufacturerXYa..DBServerXY1:ManufacturerXYb..DBServerXY1:ManufacturerXYc..DBServerXY2:ManufacturerXYd..DBServerXY3:ManufacturerX

C:\Program Files (x86)\SISTEMA 2.1.1\SSM_Netzwerk-Bibliotheken-Liste_Beispieldatei.txt (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1111
Entropy (8bit):	5.036611545720303
Encrypted:	false
SSDEEP:	24:DJ94z11KPRDdh0A5u4Ntn5u4NtC5u4NtY6Cu4NtjIzu4Nt7Wju4Nt4jYTuAL9LOq:DE7KPRDEAU4NFU4NkU4NTX4Naq4Nxd4j
MD5:	2FB5A1F0EFE94FC7E894F36C9C02A239
SHA1:	B94DD7EE47F557E4762C6C566F4865FD642DA0EC
SHA-256:	6DAEF83067D812B6B5E306D22D461C604960E70187E2E79772C4F44F977D405C
SHA-512:	CD9587001C85F028B9751E1FBDB2735071F38ED5FCA7EBF5E6AEF7EAAA017AA8E96FD39A2D59ACECFC1460665A68CC863BB3E15B5B5C2D89161458D5E904775D
Malicious:	false
Preview:	#Beispiel einer Liste von SISTEMA-Datenbanken, die sich auf einem (oder mehreren) Firbird Datenbank Server(n) befinden...######################################################################################################################....#Hostname (als IP-Adresse):DBName (als vollqualifizierter Dateiname einer SISTEMA Datenbank)....192.168.1.10:C:\SSM-Datenbanken\HerstellerXYa-SSM-DB.slb..192.168.1.10:C:\SSM-Datenbanken\HerstellerXYb-SSM-DB.slb..192.168.1.10:C:\SSM-Datenbanken\HerstellerXYc-SSM-DB.slb..192.168.1.11:C:\SSM-Datenbanken\HerstellerXYd-SSM-DB.slb..192.168.1.12:C:\SSM-Datenbanken\HerstellerXYe-SSM-DB.slb..192.168.1.13:C:\SSM-Datenbanken\HerstellerXYf-SSM-DB.slb......#Hostname:DBName (DB Name als ALIAS angegeben, wird konfiguriert in 'Firebird_1_5\aliases.conf')..# - Beispiel eines ALIAS in 'aliases.conf'..# HerstellerXYa-SSM-DB = C:\SSM-Datenbanken\HerstellerXYa-SSM-DB.slb....DBServerXY1:HerstellerXYa-SSM-DB..DBServerXY1:HerstellerXYb-SSM-DB..DBServerXY1:HerstellerXYc

C:\Program Files (x86)\SISTEMA 2.1.1\Standards\ZeosLib\ZEOSDBO-7.2.10-stable.zip (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	Zip archive data, at least v1.0 to extract, compression method=store
Category:	dropped
Size (bytes):	2697074
Entropy (8bit):	7.968244851456679
Encrypted:	false
SSDEEP:	49152:+qk/JmxwOmVm4urND5oilPz/iAxaZIPk6k6sX+0WI+MMWTdAA:+b4xwO4urNDzvakkD6sWIXTdd
MD5:	D21853687C71F27900BD317A5F102350
SHA1:	B5C286A732F2D75B1D86A9D934EC78C0F0797C1B
SHA-256:	F82DFDE158896662EB0D669A92924808C07BF7988620D24200CA4EF3E2590A0D
SHA-512:	912FB87C238C239A0B678ACE8691A1E4FD2F4BB51D2882872FD095D5E09AF5887BDD25E4EF450D6BC70DFDF2269536FEB20BE3F4ACB65547EFC23053F443F196
Malicious:	false
Preview:	PK.........,R................examples/PK.........,R................examples/blobs/PK.........,R................examples/controls/PK.........,R................examples/dbc/PK.........,R................examples/design/PK.........,R................examples/embedded/PK.........,R................examples/embedded/data/PK.........,R................examples/embedded/data/mysql/PK.........,R................examples/embedded/data/zeoslib/PK.........,R................examples/embedded/share/PK.........,R............!...examples/embedded/share/charsets/PK.........,R............ ...examples/embedded/share/english/PK.........,R................examples/simple/PK..........,R................packages/PK..........,R................packages/CBuilder2006/PK..........,R................packages/CBuilder2006/Bpl/PK..........,R................packages/CBuilder2006/Include/PK..........,R................packages/CBuilder2006/Lib/PK..........,R................packages/CBuilder2006/Tmp/PK..........,R

C:\Program Files (x86)\SISTEMA 2.1.1\Standards\ZeosLib\is-09COK.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	Zip archive data, at least v1.0 to extract, compression method=store
Category:	dropped
Size (bytes):	2697074
Entropy (8bit):	7.968244851456679
Encrypted:	false
SSDEEP:	49152:+qk/JmxwOmVm4urND5oilPz/iAxaZIPk6k6sX+0WI+MMWTdAA:+b4xwO4urNDzvakkD6sWIXTdd
MD5:	D21853687C71F27900BD317A5F102350
SHA1:	B5C286A732F2D75B1D86A9D934EC78C0F0797C1B
SHA-256:	F82DFDE158896662EB0D669A92924808C07BF7988620D24200CA4EF3E2590A0D
SHA-512:	912FB87C238C239A0B678ACE8691A1E4FD2F4BB51D2882872FD095D5E09AF5887BDD25E4EF450D6BC70DFDF2269536FEB20BE3F4ACB65547EFC23053F443F196
Malicious:	false
Preview:	PK.........,R................examples/PK.........,R................examples/blobs/PK.........,R................examples/controls/PK.........,R................examples/dbc/PK.........,R................examples/design/PK.........,R................examples/embedded/PK.........,R................examples/embedded/data/PK.........,R................examples/embedded/data/mysql/PK.........,R................examples/embedded/data/zeoslib/PK.........,R................examples/embedded/share/PK.........,R............!...examples/embedded/share/charsets/PK.........,R............ ...examples/embedded/share/english/PK.........,R................examples/simple/PK..........,R................packages/PK..........,R................packages/CBuilder2006/PK..........,R................packages/CBuilder2006/Bpl/PK..........,R................packages/CBuilder2006/Include/PK..........,R................packages/CBuilder2006/Lib/PK..........,R................packages/CBuilder2006/Tmp/PK..........,R

C:\Program Files (x86)\SISTEMA 2.1.1\Uninstall.ico (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	MS Windows icon resource - 1 icon, 32x32, 24 bits/pixel
Category:	dropped
Size (bytes):	3262
Entropy (8bit):	2.801513065540594
Encrypted:	false
SSDEEP:	24:sb2RdpHuDmMTqqiXqqMKhqqqqqXqqqEqqqq61Xqqqd2qqqq3qqqnqqqqCXqqqGmJ:w0uUn0P/kUmVPWrvbwoqI
MD5:	2F900F6D0FFD855F23DE3D0036D715F5
SHA1:	D79D40CDC45F676597BCF7C36949F397AEDD2AA8
SHA-256:	9C57F64DDBA49EDEE138AF7CA0CE936F91B251152125AED4DD7E9091C6776412
SHA-512:	DCD393B35FA79AC18C481447B4F4391AA3B05CD54E60326DDE30131D809D689CAB4C7DA857095067D0EA166630785163A8F274A0D55C704BFB201296BAAF0327
Malicious:	false
Preview:	...... ..............(... ...@...............H...H...........................................................................................................................5.........................................................b.. 6...................................,...................................................b... .........................................,.............................................b... ...............................................,.......................................b... .............................6.......................,.................................b... ......................'M...........-.......................,...........................b... .......................9.................-.......................,.....................b... .......................8.......................-.......................,...............b... .......................9.............................-.......................,.........b... ..................

C:\Program Files (x86)\SISTEMA 2.1.1\VDMAData.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	data
Category:	dropped
Size (bytes):	105016
Entropy (8bit):	6.7491575054641855
Encrypted:	false
SSDEEP:	1536:/6B9WLcXKdoGs6ydgdviVfTKQZMIGYX0Gnwe:/6BI4dr683W6
MD5:	7F6B5D892BEFB98A4CDADB19C7B25AE4
SHA1:	32A12D3C6AAC3864F5DD9F370BF8C6C621997E9D
SHA-256:	85700E8AFBDDD5B793D3F3171DF0CD561F2BFFDF41AD58AFAC443D429E9595ED
SHA-512:	064A2336534194F84E127EEAB30CB59055248C8D169867D52A7F9F2471DB56BE3F3A94F2BA9E540E34717BAA4912C7086AB2F2C884B5815906280F3F53CA81E2
Malicious:	false
Preview:	.....9 .=...N.8.^..G.Mg..!>(........'.k6.[lsQ.o.ld...0.^:Tp......cJ...V.E..S....+..S....+..S....+..S....+..S....+..S....+..S....+..S....+..S....+...p......z.H...S..L.B7%.Mr_.H...S....+.3...^5A...\|.....~...h...S....+..S....+.l<,..G...S....+ea.-.......f.Y.m..5d...0....}..0....}..,EX...?AoN..uz....S....+..S....+.*.(.u....S....+..S....+..S....+"W.>...)..S....+..S....+..S....+..S....+..S....+..S....+..S....+..S....+..S....+..S....+..S....+..S....+..S....+..S....+..S....+..S....+..S....+..S....+..S....+0.Up.D..&..x....S....+..S....+..S....+..S....+..S....+..S....+..S....+..S....+..S....+..S....+..S....+..S....+..S....+..S....+..S....+..S....+..S....+..S....+..S....+..S....+..S....+..S....+..S....+..S....+..S....+..S....+..S....+..S....+...p....4....R....N...nD.1,.>\u....e.CkR.w#.{N\.N.......[........3St5.x..C.M.VZ.....L...v.E.t%...Tb....L]+d6....G.. .J4..$...$...J...u..N.@.#.9..h6.i...{^;g..(9M..w.Y._.5.h.NqY[...>..vg.....<M\w......GW.T...&....9.....N.)./t.&.[.\V.E.....

C:\Program Files (x86)\SISTEMA 2.1.1\WebRequest.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80384
Entropy (8bit):	5.416518258673608
Encrypted:	false
SSDEEP:	768:mwy+4TSOdrG7sPkIlYJQz/J0/SG9wypq6qbRrFfGhnMfJZysBQfP/H8wM0:G1pVuJIeQz/JwSSwyp+lGhnMfHQP/p
MD5:	9D9386C54C306425FA3DF8A1DB338632
SHA1:	E54F6C8F73BE0BACD060D2EA0FFA1BF18B1FC21E
SHA-256:	2CABF8D00F5630DA130E2F9DFBF54F12D840D78EF685C5026C1BE9B3DB9A96EF
SHA-512:	A649D16F536D6C54C2E8EAEB2D7420A5C0594AE7099E5643DAA8C8DD1CBE5199B21800515AE1C4E4B31D5D849CA4B27657AB5B4B980343173DB0C0F1C68B7CAF
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 3%
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....PCe...........!..............................@.......................................@.......................... ..s.......n....P.......................@..H...............................................................$....................text.............................. ..`.itext.............................. ..`.data...H...........................@....bss.....5...............................idata..n...........................@....didata.$...........................@....edata..s.... ......................@..@.rdata..E....0......................@..@.reloc..H....@......................@..B.rsrc........P......................@..@.....................:..............@..@........................................................

C:\Program Files (x86)\SISTEMA 2.1.1\ZComponent280.bpl (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	338944
Entropy (8bit):	6.448112058421481
Encrypted:	false
SSDEEP:	3072:t3S+2KCPNUzembFq1yFikXiBg4CI9ye9LzSCWqhz2EiMwiLw5AB9+4PEYhGGvRJo:t3kUzr4sopY3QDBwh9x5Ve0CmLr
MD5:	5D66EE03DEBB86E43534B001D6EB9F56
SHA1:	D47BE45312FECDD940F9E4C20DB20D9D74F358F8
SHA-256:	62F5149A73759BFCC7EDE51533FF5D6B79CF08903D76A28B3ACE320060F103EC
SHA-512:	AB5D4B89813B8508DB2B13D09BC8DC0A55335B19B3C2BECC34A6A57F715257DB175EB99FF1AF5E040BAEAFFE9CA5DF337ACBE444707ABDC79B3C6C7E2AA74DE3
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L.....He...........!.........Z....................@.......................................@..................................................................0...P........... ......................................."...............................text...$........................... ..`.itext.. ........................... ..`.data...`...........................@....bss.....................................idata..............................@....edata..............................@..@.rdata..^.... ......................@..@.reloc...P...0...R..................@..B.rsrc................$..............@..@.....................,..............@..@................................................................................................

C:\Program Files (x86)\SISTEMA 2.1.1\ZCore280.bpl (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	483840
Entropy (8bit):	6.534524038874047
Encrypted:	false
SSDEEP:	6144:0vMeUzUz7duGussgIRIdf14SbuS10SmjqjPLV0bQv/:QMPMMKmGuS1zmjqDOb
MD5:	B97E003551138687541C355F7B4FD1C6
SHA1:	4699715660B0E2827BF0CC06EDA54CA23F25BBE0
SHA-256:	2044267127B8A8269BED86272F9A01DC92526A0303B18C3AC40B22400BF521E3
SHA-512:	52E5FE2178BBA957252A4D6CD6A4826D92B1423DBF25A7C72F69FAB3749FD7852D226C971D36186953F6CECB7BDC81DC211375C8E0821D948E75C9A10731BC10
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L.....He...........!.....T...........c.......p....@.......................................@..............................{... ...b.......0................... ...[..............!...................................p'..4............................text....N.......P.................. ..`.itext.......`.......T.............. ..`.data.......p.......X..............@....bss.....................................idata...b... ...d..................@....edata...{.......\|...X..............@..@.rdata..f...........................@..@.reloc...[... ...\..................@..B.rsrc....0.......0...2..............@..@.....................b..............@..@................................................................................................

C:\Program Files (x86)\SISTEMA 2.1.1\ZDbc280.bpl (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1649664
Entropy (8bit):	6.501336495988769
Encrypted:	false
SSDEEP:	24576:2ID+iU+iAyeHOP/xkUIO39dL1pynRP4e:/yuOLFH1YP4e
MD5:	FF446448BBC3B3E82AB1BF8CB9BBF6A9
SHA1:	F0737840AD0507E52CA0F9BE86F6AA281ED86506
SHA-256:	8C05A26A4BD1D8CE8176C3EE0923DABC40E2EBEBA54CDEE63A96F89EB3FA182C
SHA-512:	6037B5CF98306445CB08B475B0F6717977D5DFD03BB1B462AA2C6C23FC7AA665687A84D515DD2BE5BA5C8CE228BA4DE81EBAB225661B1477A7827B4D5425B11B
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L.....He...........!.........4......4.............@.......................................@.............................J....@.......p...........................k...................................................O...............................text.............................. ..`.itext..<N.......P.................. ..`.data...d...........................@....bss.........0...........................idata.......@......................@....edata..J...........................@..@.rdata..a...........................@..@.reloc...k.......l..................@..B.rsrc........p......."..............@..@.....................,..............@..@................................................................................................

C:\Program Files (x86)\SISTEMA 2.1.1\ZParseSql280.bpl (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	89088
Entropy (8bit):	6.126393289846133
Encrypted:	false
SSDEEP:	1536:ri+VG79eImiSwdcwV+HNo+cnLEB8G8NH+gyYCGy+yWiVJKD4hDMfFdYTdTh7sclm:bG79eImxwdcw8HNo+cLEB8G8NH+gyY3P
MD5:	E903F5354F9D651461FAD233C44DAAC1
SHA1:	3F2CA4CB10485CF5E107C3EEBA1A4D60FCAB1E34
SHA-256:	DB75888CED9201613DF446893DD0B53874F4182F63687CDDE91550EBEFE29096
SHA-512:	848FEA4E153DBC55DCA7BF2FAEBCCF83220869471A51BF8ED499FCC359A3A2E215EAF6A607BBD42BC0873F09A0AF95AD941E9D804E8062194BF9B520949BD152
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L.....He...........!..............................@.......................................@..........................@...<......f,..............................l...............(.......................................`............................text...<........................... ..`.itext.............................. ..`.data...............................@....bss....x................................idata..f,..........................@....edata...<...@...>..................@..@.rdata..m............>..............@..@.reloc..l............@..............@..B.rsrc................T..............@..@.....................\..............@..@................................................................................................

C:\Program Files (x86)\SISTEMA 2.1.1\ZPlain280.bpl (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	463360
Entropy (8bit):	6.262127827462571
Encrypted:	false
SSDEEP:	6144:g7C6uH5wE7N4VydyeLR/Z8YMHFunJQNV8aAbRGlYKcKdv8K:g7C6uHT7MGyeLCouAbRGn8K
MD5:	0D6E8829E2FD659AAE7E0501F9A77DC3
SHA1:	95292A66B5C414D60E9AFE3FB6F6646ECA99BC88
SHA-256:	E017FECA93503439801D51D57CB4270E45EBE9C549F1D2206195BF2517C59928
SHA-512:	AC7475595F9C118358636594D48D7C43649634E759321CFA6952EE4935553A2FC0FF04ACCD2ECC900DCBB22DFF1DDCC2192B72C017D9740965CC43B94B391678
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L.....He...........!.....R..........(b.......p....@..........................`............@.....................................H...P..........................p{...................................................................................text....N.......N.................. ..`.itext..0....`.......R.............. ..`.data........p.......V..............@....bss.....................................idata..H.......,...b..............@....edata..............................@..@.rdata..]...........................@..@.reloc..p{.......\|..................@..B.rsrc........P......................@..@.............`......................@..@................................................................................................

C:\Program Files (x86)\SISTEMA 2.1.1\aliases.conf (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	133
Entropy (8bit):	4.049387095845199
Encrypted:	false
SSDEEP:	3:SVFiC8lK2FoeCecBJGjviBljJ5A6/vSvn:SVFiC8llFotTBUvGyiqvn
MD5:	DB0423CFE1D6FEB73B7F4817C0F9B211
SHA1:	1B9F5713F67ADA39955EDA4AB69BF5B171C010F6
SHA-256:	4A3E18693809DCDE89724CF9164392010D5DB935D701B8137FCFCABC2EDFBCD8
SHA-512:	B80327CACCB47F88C2052C210259D994BC128567CA6CBD76B99ED3865207DBA3E92979D7F1FE29732CC141D739374F5463B03235F8A6AD94BC93BC2A1E0B92EB
Malicious:	false
Preview:	# ..# List of known database aliases ..# ------------------------------ ..# ..# Examples: ..# ..# dummy = c:\data\dummy.fdb ..# ..

C:\Program Files (x86)\SISTEMA 2.1.1\bg.gif (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	GIF image data, version 89a, 1000 x 1200
Category:	dropped
Size (bytes):	10824
Entropy (8bit):	7.947583323826377
Encrypted:	false
SSDEEP:	192:MUnV7o8Noj+l/MUuha49ncC5J8jSgvTRLWTtDLuq4KnHgSKPoqEHqTi8ZDfgAs6x:MUnluj+luAiyjSOTRLW8qlHgQMN5fgqx
MD5:	DCB422179969FCCAEB341D7230B54CAD
SHA1:	FD23CDE24CFAEC037FDDC938939CB87551482275
SHA-256:	8B15C1AB00BA810BF29EE94391A20A5694440AE3777943EA959B06F8292F2D7E
SHA-512:	E625C15B0E2C3F1F33259E58153A6A28729E5B416321D390547971679F9DF334CD7A9FB58258F54B585A56725C4F90B2C778D350A3E20385F859C065D7AC3737
Malicious:	false
Preview:	GIF89a.......................................................................................................,........@...)..H......\....#J.H....3j.... C..I...(S.\...0c.I...8s.....@...J...H.]...P.J.J...X.j....`..K...h.]......K...x...K.............+^l....#K.L.......8 ..... L.M.....@?. ......\.=....s.vJ..... .p.....+_^\.....H......k.~..\.... `N......N...e.....z............`.u..g...&..l.(@...F(..9...z)...vh.c..G.$.hbr....]....0......p.8....H.W.@.).n.....H&.d.....PF).Z.....Xf.e...P.`.).U{..@.[.......\c.).C.%..l...)...t..0.e$..&.(.N...r.W..<....g..v....u..6fj.K...{...jM...+_#.u(...c. ...........DW.....#...G.Vk......sA{^.!.e.x.k.z..I-]...r....u.nr...@...... 0..u......K....pq.8....<lq..L..^..x...0,rC..LZ...%R....2..H@..-......sB%...u"....D..rF{E`i.&0..P..3..X........9..@.......r....G...D..2.!....f.._.."........2.-8.lo...!aM../......@.C7n.`..u.fC.dc ....'..z.U@.K.~i..j>8.v{.&..a..&G.vE...5.z....K.zo?..../_...._

C:\Program Files (x86)\SISTEMA 2.1.1\borlndmm.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	74144
Entropy (8bit):	6.448361767847363
Encrypted:	false
SSDEEP:	1536:+fwcvI/xIUg95JGuawdWgCSePkktdb3hiZ:+fwcvIqUg0ujCSePk+dIZ
MD5:	8D484B632DCCE62ACE30D9FC5CCCCEDB
SHA1:	BD90CD67EB3A59D067C0621164F9B1C7C6FBEF9A
SHA-256:	CBD5DCE7B363B6E288BD30C1211925E844EC445C3805ECDC9900882060A7724D
SHA-512:	41E2F42436981334FA4B4210AEC41F91839A7E1D74AFE8C439B078908985AB17507B67A3C2BC2B85A420C17AF0509FD7543B502EC9095C5A1A9D7149D1EF2C57
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...g.$d...........!.........>......(..............P................................$.....@.............................e....`.......................................................................................a.......p..$....................text...d........................... ..`.itext..P........................... ..`.data...t...........................@....bss.....W...............................idata.......`......................@....didata.$....p......................@....edata..e...........................@..@.rdata..E...........................@..@.reloc..............................@..B.rsrc...............................@..@....................................@..@........................................................

C:\Program Files (x86)\SISTEMA 2.1.1\dbrtl280.bpl (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	711584
Entropy (8bit):	6.660142685509443
Encrypted:	false
SSDEEP:	6144:tCiUQoxnZHzLK9/LptdMkrqQdYzP6LW/P3ZSmzne+RloE6SQvgaowXpdky4GcCY3:tCDG/Lp/rr+Kqe+RlYoTDh0owP1W
MD5:	4D928625A8DC47C19FC80D1CF6D9FB9B
SHA1:	BB5D07F7ACDA4B1E7A5C2720A6BF177504B7C99D
SHA-256:	7EC40FBB678BD6223E105672A85FE3FAFFEAC86099C4A5709A1AD8E5355AC62C
SHA-512:	305DBE45715C767BCD52AA8E62022BFC42EF992B857A2E5AAD2CBF79C13EFE987DAE3AFB434080FD67BCEEA7ED218C5AEE001440E2CD1F07142397A7685BD693
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...h.$d...........!.....0..........DB.......P....AQ......................... .......{....@.......................... .......p..B........$...................P..`............@..%....................................{...............................text... *.......,.................. ..`.itext..L....@.......0.............. ..`.data...L....P.......4..............@....bss....t....`...........................idata..B....p.......<..............@....edata....... ... ..................@..@.rdata..j....@......................@..@.reloc..`....P......................@..B.rsrc....$.......$..................@..@............. ......................@..@................................................................................................

C:\Program Files (x86)\SISTEMA 2.1.1\fbclient25.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3842048
Entropy (8bit):	6.075164190667764
Encrypted:	false
SSDEEP:	24576:XK+TOgFoc2XEN7DC3A/TtAiBS7bD9mNe0Hd1VChOr+3SRuUawbapAodXi1bDsxqL:a+TSADa5UfEOcZq15eiCI8knerj9GUS
MD5:	672D54CAD3E8B7EDCFF5B642387D1B94
SHA1:	47F6CC73A5999E3A1FFA8F2D352CC0DC077C7353
SHA-256:	2353FAEB13EC55655E039C70ECDA8E0FCC347C82A438710303846786CD00081B
SHA-512:	DB1AEBCB21E4E5418EB17149CB997B9A49AA3A6E13A9EDF25D840229E115A6F1C51F1072A58793C2D2015A07D7FB64C5FB51FEB27C7DEA9AEC6B17324AE84481
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........F7..'YM.'YM.'YMj.'M.'YM..4M.'YM..$M.'YM.."M.'YM>(.M.'YM.'XM.&YM..7M7'YM..#M.'YM..%M.'YM..!M.'YMRich.'YM........PE..L...X.uW...........!.....0%..`.......6.......@%...............................;......,;..............................g-......P-......p9.......................9.....pH%...............................*.@............@%..............................text....&%......0%................. ..`.rdata...E...@%..P...@%.............@..@.data.........-..p....-.............@....rsrc........p9.......9.............@..@.reloc........9.......9.............@..B........................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\SISTEMA 2.1.1\firebird.conf (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	27652
Entropy (8bit):	4.980561054087754
Encrypted:	false
SSDEEP:	768:/GK2GVA/z8csC986yC97cWhcOJlfdqILMXUIOXJC2SRa9sp6ux7kqULo:ecgb9397cWhB/L7XmRaCp6uxgq1
MD5:	4161288FFDAEBF35DFBC6E10655CF2B9
SHA1:	00F43122DE14D5843D332467356D65BCBC594401
SHA-256:	E079F63019A9F97C79B870A1063A4351DA7FC82C3AA3BD755125FED850A8EA49
SHA-512:	60D87D51B264305106EDC3F4E74CF39D3D6F8D58B957485C7CC22C16BC967DC94E8916D39B83766F993EB50E79C17543AB3E3C502CAEF82E4000F6FB415BE1AA
Malicious:	false
Preview:	#######################################..#..# Firebird configuration file..#..# Comments..# --------..# The # character is used for comments and can be placed anywhere on a..# line. Anything following the # character on a line is considered a..# comment...#..# Examples:..#..# # This is a comment..# DefaultDbCachePages = 2048 # This is an end-of-line comment..#..# Entries..# -------..# The default value for each entry is listed to the right of the "="...# To activate an entry, remove the leading "#"s and supply the desired..# value...#..# Please note, a number of the values are specified in Bytes (Not KB)...# Accordingly, we have provided some simple conversion tables at the bottom..# of this file...#..# There are three types of configuration values: integer, boolean and string...#..# Integer..# --------..# Integers is what they sound like, an integral value. Examples:..# 1..# 42..# 4711..#..# Boolean..# -------..# Boolean is expressed as integer values with 0 (zero)

C:\Program Files (x86)\SISTEMA 2.1.1\firebird.msg (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	PDP-11 UNIX/RT ldp
Category:	dropped
Size (bytes):	149440
Entropy (8bit):	5.188635950592461
Encrypted:	false
SSDEEP:	3072:/m5Nfii9ViWJXRAkPsRCUnXQyZgoZHiwKY3MesfOslB:mfF9VtH7slNi6s7
MD5:	1D3A7E861EFE7C5F3C5FD420EB2E9B5A
SHA1:	88CB91C87C5A7C496FB5C8C5F2ED561051783D68
SHA-256:	4167C7C94A8663A3786A6A774B6BB234568D0DF60A38C0C53333C8F476E998CE
SHA-512:	690BA1C65FE1A87CC7F67794C9A86A8A3627F41061E117CB510825300D63EA81BD7C08AE9E523C8EDA3DEC62FF6811823F0FEB98D9EF37FDE16DD06A4F6F286D
Malicious:	false
Preview:	.....G.../1.................<...arithmetic exception, numeric overflow, or string truncation........invalid database key........file @1 is not a valid database.........invalid database handle (no active connection)......+...bad parameters on attach or create database.....%...unrecognized database parameter block...........invalid request handle..........invalid BLOB handle.........invalid BLOB ID.....0...invalid parameter in transaction parameter block........invalid format for transaction parameter block......A...invalid transaction handle (expecting explicit transaction start).......(...internal Firebird consistency check (@1)....!...conversion error from string "@1"......."...database file appears corrupt (@1)..........deadlock....*...attempt to start more than @1 transactions......#...no match for first value expression.....3...information type inappropriate for object specified.....:...no information of this type available for object specified..........unknown information item....

C:\Program Files (x86)\SISTEMA 2.1.1\ib_util.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	7680
Entropy (8bit):	4.557381237807728
Encrypted:	false
SSDEEP:	192:cRSm+hxXgUdU1faA2XvN3XN6MbrkSTXRB:cRr89U2p96MX
MD5:	316809D9C282ED6F69631BC6B107247A
SHA1:	8123AB6E6781A1A10DA09625A131F679453F1766
SHA-256:	0898D09FB6F2E667C4D513CCFF1FC8C9845F453BB44B4DFB3E3E9560936C53B9
SHA-512:	750968BBA57FFD816F2EE9F82AB525DD001420AAD810F7D80CC73F58B42EF3FBDF1492C026AE85599B8CD3AB5E3E5756036D04228DBC23DB53A82CEF14916C97
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............M..M..M. .M..M. .M..M. .M..M!..M..M..M..M. .M..M. .M..M. .M..M. .M..MRich..M................PE..L...(.uW...........!................1........ ...............................`......................................`%..d...."..<....@..p....................P..P.... ............................... ..@............ ...............................text...4........................... ..`.rdata....... ......................@..@.data...d....0......................@....rsrc...p....@......................@..@.reloc..\....P......................@..B........................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\SISTEMA 2.1.1\icudt30.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1568768
Entropy (8bit):	6.180673463673691
Encrypted:	false
SSDEEP:	24576:mqaX8Bv2axcToy/oH0C/iwESlzJ5uM8H2ZIuNjMSpnhmW8c238uoL/:Y8BvPy/i0CKwFEvnckB
MD5:	F3C63D2AE2CE716BDBF1438E98E98D51
SHA1:	56F01FD8D2E8578A93215ADDCB0C28961B90852A
SHA-256:	3AC2CA630334C083013DA66E8D13156F076599A3B82C8CCDF8A13FC809C0D1C4
SHA-512:	92FF7C4204D9803FA69DCBF0DD771ACCF7B13447B78ACC595AEF6110048BA73E215E6C28EEDF5F21A5F9461DA0D830F2DCA105E1D92E3F30929221D4D7F34325
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 3%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......O.A.../.../.../.../.../.,.U.../.,.S.../.,.W.../.Rich../.........................PE..L...w.uW...........!...............................J....................................................................J............................................................................................................................rdata..:...........................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\SISTEMA 2.1.1\icuin30.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	417792
Entropy (8bit):	6.543829116571883
Encrypted:	false
SSDEEP:	12288:u8D9DwpzrEUkzU9nteJsbkrE9l0nDYcZ/m4:w2NKybE9l0nR/
MD5:	BAC379AAD30D0B35D4821F8F586E1C23
SHA1:	8639C5984C4A9729AAE0C265F5887E0BA685DD50
SHA-256:	709FD2F622CC87A2CFC28002650C87E9AD27EE5E61F3985A9C412BCBD3261735
SHA-512:	EE9AB6E261CB395BDE55A07D4ADFFD0AFDDDAD4ABCF0FCA5255EB388819BC9322EC2F2BBCBF2AD87942C98D97FAB7BF7720FD67F8250257F7821C8CF16A41D95
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........\aR@=..@=..@=..g.r.Y=..g.t.C=...2R.B=..@=...<..g.b.4=..g.a.>=..g.u.A=..g.s.A=..g.w.A=..Rich@=..........PE..L...b.uW...........!.....P...........Z.......`.....J.................................................................2..........<.... .. ....................0...9......................................@............`...............................text....@.......P.................. ..`.rdata..Ft...`.......`..............@..@.data....9....... ..................@....rsrc... .... ......................@..@.reloc...G...0...P..................@..B................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\SISTEMA 2.1.1\icuuc30.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	675840
Entropy (8bit):	6.734758519357615
Encrypted:	false
SSDEEP:	12288:UGS0YPmKEK9uxS4TCNfbg4ibCcoInBliDxlPLkQGSWDhap:QmKEKEsnJbg4iFoIBlibLkvph
MD5:	42E885D15C760783ED8BC6EBBC3EE834
SHA1:	3447E69BA79DC55F27FB2D7A4F0DBEE7E5515D6B
SHA-256:	733308D8F7967C72E56A44A678412EBF364CB505E1F84045B1D65E5A75A8D307
SHA-512:	B53CBBC5D52B41BD73CF5DD2AEB13B0DA49C8C5998B53ACD3F8A1CF8996CB21CE44F6CD76DE3700F7E62AFC59646B22B48AC67D00E633F242DD8CEC2112BE9A6
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......./..k..k..k..L,..B..L,..i.....n..k.....L,..5..L,....L,..j..L,..j..L,..j..Richk..........PE..L...U.uW...........!.........@......D..............J................................2...............................@.......d...P.......$.................... ..dN...................................P..@...............`............................text...C........................... ..`.rdata..!...........................@..@.data....D....... ..................@....rsrc...$...........................@..@.reloc..Z[... ...`..................@..B................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\SISTEMA 2.1.1\intl\fbintl.conf (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	6758
Entropy (8bit):	5.160426027402855
Encrypted:	false
SSDEEP:	96:Og0UiSFoKmuiTS5VWUr7FCHEjZUDND3YuQu5mFK:OgTmuiTKb/tU9
MD5:	FADB2FC3C12E0700D073D02420C1D00D
SHA1:	82C6D8CB5E04D2475447F0F9D35B23A79B5D51AB
SHA-256:	0192EB2179DCE11444784EB51F2213169E305E84C33D8B79302838175E5A1F40
SHA-512:	054CC9BC773EB4ECF43F0AA132EA7A26E105515A4D88BD5ACE0C7A78B477F3AD315D84887E5839252AB336D332DFD39CE0771E8B12AF22B4AB47939E63725C29
Malicious:	false
Preview:	<intl_module builtin>...icu_versions.default..</intl_module>....<intl_module fbintl>...filename..$(this)/fbintl...icu_versions.default..</intl_module>....<charset SJIS_0208>...intl_module.fbintl...collation.SJIS_0208...collation.SJIS_0208_UNICODE..</charset>....<charset EUCJ_0208>...intl_module.fbintl...collation.EUCJ_0208...collation.EUCJ_0208_UNICODE..</charset>....<charset DOS437>...intl_module.fbintl...collation.DOS437...collation.DOS437_UNICODE...collation.DB_DEU437...collation.DB_ESP437...collation.DB_FIN437...collation.DB_FRA437...collation.DB_ITA437...collation.DB_NLD437...collation.DB_SVE437...collation.DB_UK437...collation.DB_US437...collation.PDOX_ASCII...collation.PDOX_INTL...collation.PDOX_SWEDFIN..</charset>....<charset DOS850>...intl_module.fbintl...collation.DOS850...collation.DOS850_UNICODE...collation.DB_DEU850...collation.DB_ESP850...collation.DB_FRA850...collation.DB_FRC850...collation.DB_ITA850...collation.DB_NLD850...collation.DB_PTB850...collation.DB_SVE850...col

C:\Program Files (x86)\SISTEMA 2.1.1\intl\fbintl.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	925696
Entropy (8bit):	5.877362581153063
Encrypted:	false
SSDEEP:	12288:jHatqJTGT3XPDQXO4f5B7nPd3VXzyC11mbXx5FwBW5q:bacJTG7f4L7XNEbX9wBW5q
MD5:	29FDDEAACE9F2442399E0C08CCEF24E1
SHA1:	5EA423ABC48648B4B25F4779B88B0C581D8515AF
SHA-256:	062DA9DF815C6AEFC4E385D3A962D110C73F19721D0308BB9BD52EB01542A3DD
SHA-512:	64E3E0D20F59C80A5C7C0C1906A7DB3029B4AE3CF8E593FCE4F83BFF0FDBF8701F8FFE408FEB8AF9062F50E6E162E4A48738F1517FA9C73BD3951BC7F663F97C
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........v..........Nxf.....zu.....ze......E.....zc.......o....zv.....zb.....zd.....z`....Rich...................PE..L...v.uW...........!.........`...............................................0......................................0...................p........................9..`............................... f..@............................................text...E........................... ..`.rdata..............................@..@.data...............................@....rsrc...p...........................@..@.reloc..R@.......P..................@..B................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\SISTEMA 2.1.1\intl\is-3NRP0.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	6758
Entropy (8bit):	5.160426027402855
Encrypted:	false
SSDEEP:	96:Og0UiSFoKmuiTS5VWUr7FCHEjZUDND3YuQu5mFK:OgTmuiTKb/tU9
MD5:	FADB2FC3C12E0700D073D02420C1D00D
SHA1:	82C6D8CB5E04D2475447F0F9D35B23A79B5D51AB
SHA-256:	0192EB2179DCE11444784EB51F2213169E305E84C33D8B79302838175E5A1F40
SHA-512:	054CC9BC773EB4ECF43F0AA132EA7A26E105515A4D88BD5ACE0C7A78B477F3AD315D84887E5839252AB336D332DFD39CE0771E8B12AF22B4AB47939E63725C29
Malicious:	false
Preview:	<intl_module builtin>...icu_versions.default..</intl_module>....<intl_module fbintl>...filename..$(this)/fbintl...icu_versions.default..</intl_module>....<charset SJIS_0208>...intl_module.fbintl...collation.SJIS_0208...collation.SJIS_0208_UNICODE..</charset>....<charset EUCJ_0208>...intl_module.fbintl...collation.EUCJ_0208...collation.EUCJ_0208_UNICODE..</charset>....<charset DOS437>...intl_module.fbintl...collation.DOS437...collation.DOS437_UNICODE...collation.DB_DEU437...collation.DB_ESP437...collation.DB_FIN437...collation.DB_FRA437...collation.DB_ITA437...collation.DB_NLD437...collation.DB_SVE437...collation.DB_UK437...collation.DB_US437...collation.PDOX_ASCII...collation.PDOX_INTL...collation.PDOX_SWEDFIN..</charset>....<charset DOS850>...intl_module.fbintl...collation.DOS850...collation.DOS850_UNICODE...collation.DB_DEU850...collation.DB_ESP850...collation.DB_FRA850...collation.DB_FRC850...collation.DB_ITA850...collation.DB_NLD850...collation.DB_PTB850...collation.DB_SVE850...col

C:\Program Files (x86)\SISTEMA 2.1.1\intl\is-SCNU7.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	925696
Entropy (8bit):	5.877362581153063
Encrypted:	false
SSDEEP:	12288:jHatqJTGT3XPDQXO4f5B7nPd3VXzyC11mbXx5FwBW5q:bacJTG7f4L7XNEbX9wBW5q
MD5:	29FDDEAACE9F2442399E0C08CCEF24E1
SHA1:	5EA423ABC48648B4B25F4779B88B0C581D8515AF
SHA-256:	062DA9DF815C6AEFC4E385D3A962D110C73F19721D0308BB9BD52EB01542A3DD
SHA-512:	64E3E0D20F59C80A5C7C0C1906A7DB3029B4AE3CF8E593FCE4F83BFF0FDBF8701F8FFE408FEB8AF9062F50E6E162E4A48738F1517FA9C73BD3951BC7F663F97C
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........v..........Nxf.....zu.....ze......E.....zc.......o....zv.....zb.....zd.....z`....Rich...................PE..L...v.uW...........!.........`...............................................0......................................0...................p........................9..`............................... f..@............................................text...E........................... ..`.rdata..............................@..@.data...............................@....rsrc...p...........................@..@.reloc..R@.......P..................@..B................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\SISTEMA 2.1.1\is-073PP.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	472992
Entropy (8bit):	6.641095043570184
Encrypted:	false
SSDEEP:	6144:/3zu+UyTMQhuCupVZ1aTxlEfMxH1ojfEVLyZWyGbks43Y7QD3G:/3zu+UUuCGYT4MsZWyD2
MD5:	C35D7043D870F0D762CC217EB6809C1A
SHA1:	0D8EAE12502E1459394A5F06B9D8B8DFF5B6939E
SHA-256:	B21F64EB2B27BA5121A9FA499730D86E4D60858EB674012ED4F9CA8D33F0E968
SHA-512:	5F0B13C43BB7CB361E641086C17ACBAB803018ADAE71E21663F44877EDEEBB8EAE38A9EC99C44CC711456A6337762EC57F038A42CA8A2B53DB0B7D8B1F5DA17A
Malicious:	false
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...g.$d...........!................\........ .....!......................................@..........................p..<h...@.......p...$.......................q..............#....................................T.......`.......................text............................... ..`.itext..d........................... ..`.data...4.... ......................@....bss.........0...........................idata.......@......................@....didata......`......................@....edata..<h...p...j..................@..@.rdata..h...........................@..@.reloc...q.......r..................@..B.rsrc....$...p...$..................@..@....................................@..@........................................................

C:\Program Files (x86)\SISTEMA 2.1.1\is-0DA9P.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1568768
Entropy (8bit):	6.180673463673691
Encrypted:	false
SSDEEP:	24576:mqaX8Bv2axcToy/oH0C/iwESlzJ5uM8H2ZIuNjMSpnhmW8c238uoL/:Y8BvPy/i0CKwFEvnckB
MD5:	F3C63D2AE2CE716BDBF1438E98E98D51
SHA1:	56F01FD8D2E8578A93215ADDCB0C28961B90852A
SHA-256:	3AC2CA630334C083013DA66E8D13156F076599A3B82C8CCDF8A13FC809C0D1C4
SHA-512:	92FF7C4204D9803FA69DCBF0DD771ACCF7B13447B78ACC595AEF6110048BA73E215E6C28EEDF5F21A5F9461DA0D830F2DCA105E1D92E3F30929221D4D7F34325
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......O.A.../.../.../.../.../.,.U.../.,.S.../.,.W.../.Rich../.........................PE..L...w.uW...........!...............................J....................................................................J............................................................................................................................rdata..:...........................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\SISTEMA 2.1.1\is-1GFNP.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	HTML document, ASCII text, with very long lines (1093), with CRLF line terminators
Category:	dropped
Size (bytes):	85590
Entropy (8bit):	4.954198555856996
Encrypted:	false
SSDEEP:	1536:ajieQeoeMeHelejPUfYy/vhQ+7cGzkK+Ba4MnhkjWjrlCkW4fl/H:O7UfYy/vq0pzkKA2MWjrMkW4t/H
MD5:	D80C2F65A8170D0438050ECDF428E590
SHA1:	071BE8171FFC1A4B5FADBB42A8A3CE22CE330EF9
SHA-256:	9B6811BF0350E9B62AC7E607E4A91F89CB04E6B30AAF82A04A849D096F70CC7B
SHA-512:	23666BE9220DB3A89B2F6D7C24ABDC21D061248F3EFD80C25FECF0912DE23C764D86EA060C119289DCF585BE499D6A893C79D6093FC5883E8E033A4C0D4A9FA9
Malicious:	false
Preview:	<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">..<html>..<head>.. <title>SISTEMA 2.1.1.2 - ReadMe</title>...... <link rel="stylesheet" type="text/css" href="HelpFormat.css">....</head>......<body style="background-image: url(bg.gif); background-repeat: no-repeat;">....<h2>SISTEMA</h2>....<p>..Seguridad para mandos de maquinaría <br>....<a href="http://www.dguv.de/webcode/e34183" target="_blank">Instituto..para la seguridad y la sanidad..laboral (IFA)</a>, 2024</p>....<p align="left"><img src="logo.gif"></p>....<p>..Versión del soorte lógico (Software): <b>2.1.1..Build 2</b><b><span style="color: rgb(255, 0, 0);"></span></b><br>....Versión de la Norma : <b>ISO 13849-1:2015, ISO..13849-2:2012<br>....</b>..Version of VDMA database: <span style="font-weight: bold;">VDMA..66413 1.0.0</span></p>....<p><span style="font-weight: bold;"></span><a href="http://www.dguv.de/webcode.jsp?q=e89507" target="_blank">Information..about the standard

C:\Program Files (x86)\SISTEMA 2.1.1\is-1K55J.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	483840
Entropy (8bit):	6.534524038874047
Encrypted:	false
SSDEEP:	6144:0vMeUzUz7duGussgIRIdf14SbuS10SmjqjPLV0bQv/:QMPMMKmGuS1zmjqDOb
MD5:	B97E003551138687541C355F7B4FD1C6
SHA1:	4699715660B0E2827BF0CC06EDA54CA23F25BBE0
SHA-256:	2044267127B8A8269BED86272F9A01DC92526A0303B18C3AC40B22400BF521E3
SHA-512:	52E5FE2178BBA957252A4D6CD6A4826D92B1423DBF25A7C72F69FAB3749FD7852D226C971D36186953F6CECB7BDC81DC211375C8E0821D948E75C9A10731BC10
Malicious:	false
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L.....He...........!.....T...........c.......p....@.......................................@..............................{... ...b.......0................... ...[..............!...................................p'..4............................text....N.......P.................. ..`.itext.......`.......T.............. ..`.data.......p.......X..............@....bss.....................................idata...b... ...d..................@....edata...{.......\|...X..............@..@.rdata..f...........................@..@.reloc...[... ...\..................@..B.rsrc....0.......0...2..............@..@.....................b..............@..@................................................................................................

C:\Program Files (x86)\SISTEMA 2.1.1\is-39SU7.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	MS Windows HtmlHelp Data
Category:	dropped
Size (bytes):	1137636
Entropy (8bit):	7.992115815327648
Encrypted:	true
SSDEEP:	24576:uL7IyEuhSWMtz+/FmyybqeU2sWK0zp2ylP6+kpPPP+q5m4Vjy:4IyEMjMtz+Nxyb580zxBCGq5m7
MD5:	E671E26E890DD7186CDA976B76E0E461
SHA1:	61E8BC959B5ED0699A2C66B54C8763A8A587807B
SHA-256:	7333A209FDF949BD3ECDA6228B61419A4D5DEEDF33B0C94784F3693166EBB90D
SHA-512:	A6D567B918CA629F019B0B479678DDDCF4ADE887FF97EF2FD625DEAABEF61B180CFBD66D7A47BB249E77106ABADAC945A416AFCC3FA9EC4FDCDBDB0CC8044B01
Malicious:	false
Preview:	ITSF....`........]*}.......\|.{.......".....\|.{......."..`...............x.......T0.......0...............[..............ITSP....T...........................................j..].!......."..T...............PMGLN................/..../#IDXHDR...1.../#ITBITS..../#IVB..n.../#STRINGS......./#SYSTEM..>.b./#TOPICS..1.0./#URLSTR..e.-./#URLTBL..a.../$FIftiMain...$..../$OBJINST......./$WWAssociativeLinks/..../$WWAssociativeLinks/Property....../$WWKeywordLinks/..../$WWKeywordLinks/BTree....L./$WWKeywordLinks/Data...V.}./$WWKeywordLinks/Map...S../$WWKeywordLinks/Property...e ./Basics/..../Basics/BL.htm.....x./Basics/Cat.htm.....s./Basics/CCF.htm...\|.e./Basics/CH.htm...a.[./Basics/CP.htm...<.x./Basics/DC.htm...4.y./Basics/DesArch.htm...-.9./Basics/EL.htm...f.v./Basics/Elements.htm...\.../Basics/MissionTime.htm...^.=./Basics/MTTFd.htm.....{./Basics/PL.htm.....T./Basics/PLr.htm...j.(./Basics/PR.htm.....k./Basics/SF.htm...}.U./Basics/State.htm...R.o./Basics/TE.htm...A.../CSS/..../CSS/HelpFormat.css

C:\Program Files (x86)\SISTEMA 2.1.1\is-3NOIM.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	MS Windows HtmlHelp Data
Category:	dropped
Size (bytes):	1136058
Entropy (8bit):	7.992082252004994
Encrypted:	true
SSDEEP:	24576:aJrXbjbTgNXAxj7Oj+A2jBVo7foyq1l3hr9d+dsy9D+E3:k3gWoi1jBVRyq1BrLqD+E3
MD5:	5086964C3A5D03937C02B80383A80253
SHA1:	C6D0F2E240562411FA608FE0184E84CE87D6CB8C
SHA-256:	3F99316538130EB7A52668F1064CDA680F5E41C7BCDD4D9DD5222731DE7C5B04
SHA-512:	CF1D3F5F1895F11C6ABCF0317951701112E83281D920EA77602E9C9C075B3317F49B1087AA2B895815BE3601ED6DC6BA2BCCF12E1D08A40D16884C6D9A7AD333
Malicious:	false
Preview:	ITSF....`.......p..........\|.{.......".....\|.{......."..`...............x.......T0.......0...............U..............ITSP....T...........................................j..].!......."..T...............PMGLZ................/..../#IDXHDR...A.../#ITBITS..../#IVB..k.../#STRINGS..".../#SYSTEM..6.\./#TOPICS..A.0./#URLSTR..u.-./#URLTBL..q.../$FIftiMain...*..../$OBJINST....../$WWAssociativeLinks/..../$WWAssociativeLinks/Property...../$WWKeywordLinks/..../$WWKeywordLinks/Property...../Basics/..../Basics/BL.htm...a.x./Basics/Cat.htm...Y.s./Basics/CCF.htm...L.e./Basics/CH.htm...1.[./Basics/CP.htm.....x./Basics/DC.htm.....y./Basics/DesArch.htm...}.9./Basics/EL.htm...6.v./Basics/Elements.htm...,.../Basics/MissionTime.htm.....=./Basics/MTTFd.htm...k.{./Basics/PL.htm...f.T./Basics/PLr.htm...:.(./Basics/PR.htm...b.k./Basics/SF.htm...M.U./Basics/State.htm...".o./Basics/TE.htm.....m./CSS/..../CSS/HelpFormat.css.....i./GUI/..../GUI/ActionNewBL.htm...~.Q./GUI/ActionNewCP.htm...O.W./GUI/ActionNe

C:\Program Files (x86)\SISTEMA 2.1.1\is-3O0B2.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1380864
Entropy (8bit):	6.849124491618664
Encrypted:	false
SSDEEP:	24576:RNaU+KpPikndiNfzN4jH3PlMQzMjYpOtJqTp/kqg1:PlUfzN4jH3PlyjYpOLqd/kP1
MD5:	FA5DEF992198121D4BB5FF3BDE39FDC9
SHA1:	F684152C245CC708FBAF4D1C0472D783B26C5B18
SHA-256:	5264A4A478383F501961F2BD9BEB1F77A43A487B76090561BBA2CBFE951E5305
SHA-512:	4589382A71CD3A577B83BAB4A0209E72E02F603E7DA6EF3175B6A74BD958E70A891091DBDFF4BE0725BACA2D665470594B03F074983B3ED3242E5CD04783FDBA
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......lU.(4.y(4.y(4.y!L<y.4.y!L-y34.y(4.y.4.y...y#4.y(4.y=4.y!L;y.6.y!Ly)4.y!L,y)4.y!L)y)4.yRich(4.y................PE..L...#..]...........!.................................................................................................A.......6..x.......0...........................p...................................@...............(............................text............................... ..`.rdata..XY.......Z..................@..@.data............t..................@....rsrc...0............Z..............@..@.reloc..,............`..............@..B........................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\SISTEMA 2.1.1\is-3SN5S.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	711584
Entropy (8bit):	6.660142685509443
Encrypted:	false
SSDEEP:	6144:tCiUQoxnZHzLK9/LptdMkrqQdYzP6LW/P3ZSmzne+RloE6SQvgaowXpdky4GcCY3:tCDG/Lp/rr+Kqe+RlYoTDh0owP1W
MD5:	4D928625A8DC47C19FC80D1CF6D9FB9B
SHA1:	BB5D07F7ACDA4B1E7A5C2720A6BF177504B7C99D
SHA-256:	7EC40FBB678BD6223E105672A85FE3FAFFEAC86099C4A5709A1AD8E5355AC62C
SHA-512:	305DBE45715C767BCD52AA8E62022BFC42EF992B857A2E5AAD2CBF79C13EFE987DAE3AFB434080FD67BCEEA7ED218C5AEE001440E2CD1F07142397A7685BD693
Malicious:	false
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...h.$d...........!.....0..........DB.......P....AQ......................... .......{....@.......................... .......p..B........$...................P..`............@..%....................................{...............................text... *.......,.................. ..`.itext..L....@.......0.............. ..`.data...L....P.......4..............@....bss....t....`...........................idata..B....p.......<..............@....edata....... ... ..................@..@.rdata..j....@......................@..@.reloc..`....P......................@..B.rsrc....$.......$..................@..@............. ......................@..@................................................................................................

C:\Program Files (x86)\SISTEMA 2.1.1\is-42R47.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	MS Windows icon resource - 2 icons, 32x32, 16x16
Category:	dropped
Size (bytes):	4150
Entropy (8bit):	5.170530408358049
Encrypted:	false
SSDEEP:	96:AYdtX9RBmPyPcwvqihBHS7flPfP57QxOW4XXl:jdtX9RB4cUKQ
MD5:	6A3174A6772B2D87F96E83B118F62649
SHA1:	4FFB5FC7366891944952A74E2F182EAAD286D8D1
SHA-256:	E67977E855840296F9181A38F82EAD834FA44EDECA2BC6972C649B027039E957
SHA-512:	E960E6F6FA37E11E8B7E9DBD3985F0341975B7E455842BEA8797712316628B8FD079C753C5A65F050EF23FD6916FE6D14F9EF96FC27C02C253CAB35A32F44CE5
Malicious:	false
Preview:	...... ..........&...........h.......(... ...@.............................................bio>@W.[l,kc({k=..z........................................................................riNLU.Pl.f./s.5..5..D..R.qV..................................................................SBeF.Oj.Y.$`.-`.-g.1..F..5.oC.r_........................................d..d..d..d..d..d.....mS.B.a-\..I..[.b..z.?..N.q#.l.jL..x.....................................d.g.gg.gD.DD.D.d...pA%.A...Ag.-i.>y.K..\..R.w...I.[.~.kM.......................................~.~~.~~.~g.g....lV\|I).J".d ..M..J..e..X.z7.f/.l5.t@.g7.f<..}.................................e.h............^F.V2.^/.f%.l..s..u#.z4.u9.{>.l#..9v.<fj/.mJ..........d..d..d..d..d..d.......w.y........>.QzW=.`3.p2..:.O.Q.^.T.X..8{.-..Zg.JQt4qeC..........d.g.gg.gD.DD.D.d.......w.y........>.Q.iMw\#rp.w{...8..\..~.o.T..Cx.2...w.qM.Iw}^.d........s.~.~~.~g.gg.g..........D..X..G.T.T.D...orq4u.7..W.......r.u.^.P..E..z..L.O....d...........

C:\Program Files (x86)\SISTEMA 2.1.1\is-443TK.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	626688
Entropy (8bit):	6.831644690760087
Encrypted:	false
SSDEEP:	6144:c4b7/ooikc5yxKK/euYpsZ4Q64ma9tiGVKkfhkQ6slProtGMSq4AOZ1ORCAOutSC:c4Rc5VE31XqaJusxGhr46CYtQ9mGyc
MD5:	16D7DDF3B659F7CF1CB9F4DCFF4219F0
SHA1:	A61454131940799F01C26943F1594EE6E7409D11
SHA-256:	120CD25F5D6002FFD9069CF9550BC16C682BCD3323053B95146E7CD3BA2215AC
SHA-512:	979907E2B13557C99CF90B76BCD57DAF0A1A699EA5D00C23E5D5AEBFAA36DB3443C99D9BA5D524BA2156ED3A8904AFE8DB1D076FFFB9A8CC3235C33484D470F7
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........L.........@................!......;.............d.......................Rich...................PE..L...U.3C...........!.....0...p.......#.......@.....x.................................................................q..O}..Pc..<....`.......................p..L3...B...............................F..@............@...............................text...j".......0.................. ..`.rdata.......@.......@..............@..@.data...Li.......P..................@....rsrc........`.......@..............@..@.reloc...7...p...@...P..............@..B........................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\SISTEMA 2.1.1\is-4UO1H.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	MS Windows HtmlHelp Data
Category:	dropped
Size (bytes):	1697950
Entropy (8bit):	7.994307840828763
Encrypted:	true
SSDEEP:	24576:NpnMhdMZKiuh7OlpCXG1xGSUV/EbxyNH5pnMhdMZKiuh7OlpCXG1xGSUV/EbxyNv:XnMhd9HOzR109nMhd9HOzR1022
MD5:	D428BEB9509C0C593EB8937A2618EBA8
SHA1:	7E63B74E86190AD28F41E49026930458008457B6
SHA-256:	05573CCA78FAC4978AC69690C754AC5A8BB7B94EBC80820DE48563EC13728E96
SHA-512:	AFC6A0EB5FE5E85BC9BCB6A917D1B14048AD132149CDC8AC118522878C0A6641B153DA24A0FE31876168B35C40369FCC57D4BF600DCDE67CAAD3215D88F93C35
Malicious:	false
Preview:	ITSF....`.......i..........\|.{.......".....\|.{......."..R1......H.......x.......T0.......0..............P...............ITSP....T...........................................j..].!......."..T...............PMGLO................/..../#IDXHDR...'.../#ITBITS..../#IVB....../#STRINGS...b.../#SYSTEM...t.^./#TOPICS..2.0./#URLSTR...[.-./#URLTBL...W.../$FIftiMain...F..a./$OBJINST...+.../$WWAssociativeLinks/..../$WWAssociativeLinks/Property...'../$WWKeywordLinks/..../$WWKeywordLinks/BTree..,.L./$WWKeywordLinks/Data...x.}./$WWKeywordLinks/Map...u../$WWKeywordLinks/Property.... ./Basics/..../Basics/BL.htm....#./Basics/Cat.htm...u.../Basics/CCF.htm...2.Q./Basics/CH.htm.....8./Basics/CP.htm..z.>./Basics/DC.htm..../Basics/DesArch.htm..N.9./Basics/EL.htm..7././Basics/Elements.htm..k.n./Basics/MissionTime.htm..r.8./Basics/MTTFd.htm...X.<./Basics/PL.htm..K././Basics/PLr.htm...O.../Basics/PR.htm...7.c./Basics/SF.htm....`./Basics/State.htm..f.../Basics/TE.htm...N.h./CSS/..../CSS/HelpFormat.cs

C:\Program Files (x86)\SISTEMA 2.1.1\is-52POI.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	MS Windows icon resource - 1 icon, 32x32, 24 bits/pixel
Category:	dropped
Size (bytes):	3262
Entropy (8bit):	2.801513065540594
Encrypted:	false
SSDEEP:	24:sb2RdpHuDmMTqqiXqqMKhqqqqqXqqqEqqqq61Xqqqd2qqqq3qqqnqqqqCXqqqGmJ:w0uUn0P/kUmVPWrvbwoqI
MD5:	2F900F6D0FFD855F23DE3D0036D715F5
SHA1:	D79D40CDC45F676597BCF7C36949F397AEDD2AA8
SHA-256:	9C57F64DDBA49EDEE138AF7CA0CE936F91B251152125AED4DD7E9091C6776412
SHA-512:	DCD393B35FA79AC18C481447B4F4391AA3B05CD54E60326DDE30131D809D689CAB4C7DA857095067D0EA166630785163A8F274A0D55C704BFB201296BAAF0327
Malicious:	false
Preview:	...... ..............(... ...@...............H...H...........................................................................................................................5.........................................................b.. 6...................................,...................................................b... .........................................,.............................................b... ...............................................,.......................................b... .............................6.......................,.................................b... ......................'M...........-.......................,...........................b... .......................9.................-.......................,.....................b... .......................8.......................-.......................,...............b... .......................9.............................-.......................,.........b... ..................

C:\Program Files (x86)\SISTEMA 2.1.1\is-5G8RE.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	89088
Entropy (8bit):	6.126393289846133
Encrypted:	false
SSDEEP:	1536:ri+VG79eImiSwdcwV+HNo+cnLEB8G8NH+gyYCGy+yWiVJKD4hDMfFdYTdTh7sclm:bG79eImxwdcw8HNo+cLEB8G8NH+gyY3P
MD5:	E903F5354F9D651461FAD233C44DAAC1
SHA1:	3F2CA4CB10485CF5E107C3EEBA1A4D60FCAB1E34
SHA-256:	DB75888CED9201613DF446893DD0B53874F4182F63687CDDE91550EBEFE29096
SHA-512:	848FEA4E153DBC55DCA7BF2FAEBCCF83220869471A51BF8ED499FCC359A3A2E215EAF6A607BBD42BC0873F09A0AF95AD941E9D804E8062194BF9B520949BD152
Malicious:	false
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L.....He...........!..............................@.......................................@..........................@...<......f,..............................l...............(.......................................`............................text...<........................... ..`.itext.............................. ..`.data...............................@....bss....x................................idata..f,..........................@....edata...<...@...>..................@..@.rdata..m............>..............@..@.reloc..l............@..............@..B.rsrc................T..............@..@.....................\..............@..@................................................................................................

C:\Program Files (x86)\SISTEMA 2.1.1\is-5J0AS.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	158720
Entropy (8bit):	4.809747268460845
Encrypted:	false
SSDEEP:	3072:01psfQOxJgpKwIuF6TYtXCJGSdCxbULRpHd42hC5CjN:01psfQaoUTYtXdE9
MD5:	28EB4651FA622436693187188EFD0C87
SHA1:	544A9A0D8C7DA6CE0DAA9B77B658A0972DC2E88D
SHA-256:	6897F47A67ADC1BDCA1A292B9BD1E788D587A37D5F6B6434A65B7C904C1AF073
SHA-512:	6F5367BEC4C22AC2889428027E55112DC4C7527C805C3F54B22142DE27E30055E6993C0C2CE503254706CCA603097A794147FC00D6064067618AAE5926E38062
Malicious:	false
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....:.f...........!..............................@.......................................@.......................... ..p.......n....P.......................@..H...............................................................$....................text.............................. ..`.itext.............................. ..`.data...H...........................@....bss.....5...............................idata..n...........................@....didata.$...........................@....edata..p.... ......................@..@.rdata..E....0......................@..@.reloc..H....@......................@..B.rsrc........P......................@..@.....................l..............@..@........................................................

C:\Program Files (x86)\SISTEMA 2.1.1\is-6NFRD.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	MS Windows HtmlHelp Data
Category:	dropped
Size (bytes):	669414
Entropy (8bit):	7.9816571155157545
Encrypted:	false
SSDEEP:	12288:42egjCuRU5GzYt3XfkjUV4R5tUd43mnN//puPT5ONNqzW3SjDIDH7f:42HjPUcklXMQuC43mnxpuK33Sv2
MD5:	27CDACC0D62C28E326F52CF8716F37F7
SHA1:	5CA5661F3A930668272799DC5E5D342768BD0FCA
SHA-256:	AFC42BB0EF450C0DB49498A12FDC3CC129CE589F4E91C09B37A01C499D54DE61
SHA-512:	DBA72179B2C29EF69FE0D8F8A2459EDDF3029AE113DF976ADCDE79F8D51C9A24B27A2B6CDF8F17FD671B9A84DAD2B3B267A20C17F128339D0D1ACD2ACE6673B4
Malicious:	false
Preview:	ITSF....`........$.~.......\|.{.......".....\|.{......."..`...............x.......T0.......0...............6..............ITSP....T...........................................j..].!......."..T...............PMGLG................/..../#IDXHDR....../#ITBITS..../#IVB...$.\./#STRINGS..'.../#SYSTEM..^.H./#TOPICS.....0./#URLSTR...8.o./#URLTBL...4.../#WINDOWS......./$FIftiMain..[..)./$OBJINST..@.../$WWAssociativeLinks/..../$WWAssociativeLinks/Property..<../$WWKeywordLinks/..../$WWKeywordLinks/BTree.....L./$WWKeywordLinks/Data..L.>./$WWKeywordLinks/Map...../$WWKeywordLinks/Property... ./FHFlyoverPopups.js...>.F./FHFlyoverPopupStyle.css.....+./FHUtilities.js......./IDH_ActionNewBL.html..._.M./IDH_ActionNewCP.html...,.P./IDH_ActionNewEL.html...\|.N./IDH_ActionNewPR.html...J.@./IDH_ActionNewSF.html.....<./IDH_BL.html.....h./IDH_Cat.html...:.w./IDH_CCF.html...2.../IDH_CH.html...m.9./IDH_CP.html...I.$./IDH_DC.html...\|.6./IDH_DesArch.html...1.,./IDH_EditBL.html...M.../IDH_EditCH.html.....m./IDH_

C:\Program Files (x86)\SISTEMA 2.1.1\is-7G9TB.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	463360
Entropy (8bit):	6.262127827462571
Encrypted:	false
SSDEEP:	6144:g7C6uH5wE7N4VydyeLR/Z8YMHFunJQNV8aAbRGlYKcKdv8K:g7C6uHT7MGyeLCouAbRGn8K
MD5:	0D6E8829E2FD659AAE7E0501F9A77DC3
SHA1:	95292A66B5C414D60E9AFE3FB6F6646ECA99BC88
SHA-256:	E017FECA93503439801D51D57CB4270E45EBE9C549F1D2206195BF2517C59928
SHA-512:	AC7475595F9C118358636594D48D7C43649634E759321CFA6952EE4935553A2FC0FF04ACCD2ECC900DCBB22DFF1DDCC2192B72C017D9740965CC43B94B391678
Malicious:	false
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L.....He...........!.....R..........(b.......p....@..........................`............@.....................................H...P..........................p{...................................................................................text....N.......N.................. ..`.itext..0....`.......R.............. ..`.data........p.......V..............@....bss.....................................idata..H.......,...b..............@....edata..............................@..@.rdata..]...........................@..@.reloc..p{.......\|..................@..B.rsrc........P......................@..@.............`......................@..@................................................................................................

C:\Program Files (x86)\SISTEMA 2.1.1\is-7VTM7.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1111
Entropy (8bit):	5.036611545720303
Encrypted:	false
SSDEEP:	24:DJ94z11KPRDdh0A5u4Ntn5u4NtC5u4NtY6Cu4NtjIzu4Nt7Wju4Nt4jYTuAL9LOq:DE7KPRDEAU4NFU4NkU4NTX4Naq4Nxd4j
MD5:	2FB5A1F0EFE94FC7E894F36C9C02A239
SHA1:	B94DD7EE47F557E4762C6C566F4865FD642DA0EC
SHA-256:	6DAEF83067D812B6B5E306D22D461C604960E70187E2E79772C4F44F977D405C
SHA-512:	CD9587001C85F028B9751E1FBDB2735071F38ED5FCA7EBF5E6AEF7EAAA017AA8E96FD39A2D59ACECFC1460665A68CC863BB3E15B5B5C2D89161458D5E904775D
Malicious:	false
Preview:	#Beispiel einer Liste von SISTEMA-Datenbanken, die sich auf einem (oder mehreren) Firbird Datenbank Server(n) befinden...######################################################################################################################....#Hostname (als IP-Adresse):DBName (als vollqualifizierter Dateiname einer SISTEMA Datenbank)....192.168.1.10:C:\SSM-Datenbanken\HerstellerXYa-SSM-DB.slb..192.168.1.10:C:\SSM-Datenbanken\HerstellerXYb-SSM-DB.slb..192.168.1.10:C:\SSM-Datenbanken\HerstellerXYc-SSM-DB.slb..192.168.1.11:C:\SSM-Datenbanken\HerstellerXYd-SSM-DB.slb..192.168.1.12:C:\SSM-Datenbanken\HerstellerXYe-SSM-DB.slb..192.168.1.13:C:\SSM-Datenbanken\HerstellerXYf-SSM-DB.slb......#Hostname:DBName (DB Name als ALIAS angegeben, wird konfiguriert in 'Firebird_1_5\aliases.conf')..# - Beispiel eines ALIAS in 'aliases.conf'..# HerstellerXYa-SSM-DB = C:\SSM-Datenbanken\HerstellerXYa-SSM-DB.slb....DBServerXY1:HerstellerXYa-SSM-DB..DBServerXY1:HerstellerXYb-SSM-DB..DBServerXY1:HerstellerXYc

C:\Program Files (x86)\SISTEMA 2.1.1\is-86262.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	GIF image data, version 89a, 408 x 84
Category:	dropped
Size (bytes):	6125
Entropy (8bit):	7.732853398247981
Encrypted:	false
SSDEEP:	96:0jm85EfjRYG5V1FwJOJ5+Ud1dApFmzoeA25UBk5caCfSs5AP/SoQU:y5Ef9YGT1FcYPCEirBk6fS0AXSoT
MD5:	EAE6B50166DC48A41EB645E4515A8796
SHA1:	08B104FD1456D322F09578A6A3874A8117DCC975
SHA-256:	CA0FDF244D36631D319C3729ADE2B70CD57EBBA966A987422B30C42785451174
SHA-512:	DA59A072DD9E8B0586B863EE53149A707E77E180763379601FB6114B7301FA0D1A9228B9C766AAA0AA94B3CA1D8DAC0C241E5FC680905B31190CA186CB6793A7
Malicious:	false
Preview:	GIF89a..T...TVT...tvt....J.Dv.$^.......d...V.\............l...F.4j....t......N..........T~..R.T..dfd...Dv.,f....,f.............F..Z.........l..<r.\|..$^........R.,j.......N....\.....\^\Tz....L.....d..lnlTz.....J....l.....<n....\|~\|...Dz....d........N....\|...........$Z.\.....Dz...............\|..\|..,b.....V.4n..N.\..\Z\...\|z\|....J.,b....d..$V...........l...J....\|......N........V.\..ljl...4f....dbdtrt..................F.t.....,^.4j..N.......T.........J.Lz.......Lz..........V....................................................................................................................................................................................................................................................................................................!.......,......T........H..A.Q ..eC.)..J.H....3j.... C..I..I..@.YicHK.Ar..I...8s....#..+.......H.]...f..%uh....j....6... u.U.C E....p..4...C^......'.]y./QN..+^..i.5..R5+....3k.48h..k.h.M.4.".>K6..D..

C:\Program Files (x86)\SISTEMA 2.1.1\is-8ABU7.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	HTML document, ASCII text, with very long lines (988), with CRLF line terminators
Category:	dropped
Size (bytes):	86545
Entropy (8bit):	4.939112137899523
Encrypted:	false
SSDEEP:	1536:k/veHeHelelUfYy/vhQ+7cGzkK+Ba4MnhkjWjrlCkW4fl/H:kNUfYy/vq0pzkKA2MWjrMkW4t/H
MD5:	496C204D3C09E09A9B61A00B4DBC5BD2
SHA1:	7D51C34795555BA86B5C60BF06A3AE02FB25ED89
SHA-256:	C3960CB7F146981957D2496269DA7734CA9B10FCA903D59285F67BF616AED4F9
SHA-512:	B6A8CFD84F6B646EF68993E4EE3A96D973EB52875CE5B1B7F596FE58A9DA1AF48A54C6E1B56DA3B5B0CC7B27E68B77A08BEC21507FC09352608921C38441A8F4
Malicious:	false
Preview:	<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">..<html>..<head>.. <title>SISTEMA 2.1.1.2 - ReadMe</title>...... <link rel="stylesheet" type="text/css" href="HelpFormat.css">....</head>......<body style="background-image: url(bg.gif); background-repeat: no-repeat;">....<h2>SISTEMA</h2>....<p>Software relativo all'Integrità della Sicurezza per..la Valutazione di Applicazioni sulle Macchine<br>....<a href="http://www.dguv.de/webcode/e34183" target="_blank">Istituto..per la Salute e la Sicurezza sul..Lavoro dell'Assicurazione per gli Incidenti sul Lavoro in Germania (IFA)</a>,..2024</p>....<p align="left"><img src="logo.gif"></p>....<p>Versione del software: <b>2.1.1 Build 2</b><b><span style="color: rgb(255, 0, 0);"></span></b><br>....Versione della norma: <b>ISO 13849-1:2015, ISO..13849-2:2012<br>....</b>Version of VDMA database: <span style="font-weight: bold;">VDMA..66413 1.0.0<br>....</span></p>....<p><span style="font-weight: bold;"></span><a href="

C:\Program Files (x86)\SISTEMA 2.1.1\is-8HB15.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	PDP-11 UNIX/RT ldp
Category:	dropped
Size (bytes):	149440
Entropy (8bit):	5.188635950592461
Encrypted:	false
SSDEEP:	3072:/m5Nfii9ViWJXRAkPsRCUnXQyZgoZHiwKY3MesfOslB:mfF9VtH7slNi6s7
MD5:	1D3A7E861EFE7C5F3C5FD420EB2E9B5A
SHA1:	88CB91C87C5A7C496FB5C8C5F2ED561051783D68
SHA-256:	4167C7C94A8663A3786A6A774B6BB234568D0DF60A38C0C53333C8F476E998CE
SHA-512:	690BA1C65FE1A87CC7F67794C9A86A8A3627F41061E117CB510825300D63EA81BD7C08AE9E523C8EDA3DEC62FF6811823F0FEB98D9EF37FDE16DD06A4F6F286D
Malicious:	false
Preview:	.....G.../1.................<...arithmetic exception, numeric overflow, or string truncation........invalid database key........file @1 is not a valid database.........invalid database handle (no active connection)......+...bad parameters on attach or create database.....%...unrecognized database parameter block...........invalid request handle..........invalid BLOB handle.........invalid BLOB ID.....0...invalid parameter in transaction parameter block........invalid format for transaction parameter block......A...invalid transaction handle (expecting explicit transaction start).......(...internal Firebird consistency check (@1)....!...conversion error from string "@1"......."...database file appears corrupt (@1)..........deadlock....*...attempt to start more than @1 transactions......#...no match for first value expression.....3...information type inappropriate for object specified.....:...no information of this type available for object specified..........unknown information item....

C:\Program Files (x86)\SISTEMA 2.1.1\is-8K3SL.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	HTML document, ASCII text, with very long lines (988), with CRLF line terminators
Category:	dropped
Size (bytes):	85360
Entropy (8bit):	4.932987975686221
Encrypted:	false
SSDEEP:	1536:YVAe2eHelelUfYy/vhQ+7cGzkK+Ba4MnhkjWjrlCkW4fl2B:+UfYy/vq0pzkKA2MWjrMkW4t2B
MD5:	EDE5516A1C94BA601934028BDADB84DC
SHA1:	1B7489592306A25DFFC2DF2143582BAEABCB09B1
SHA-256:	A201EF34FBF0A10E58D3CA9B8FD3082F2F4349F13D9C651F9E60A2540939BAEF
SHA-512:	5D315D214A87B70AEC0601A6E6F0AEE92D2992E49129D00158A2FD7A047BFA36AB129DAD1FF2E1ED0353992A5DFF7989EA8A5C9D6F99976C2CBFFBB428CF85D6
Malicious:	false
Preview:	<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">..<html>..<head>.. <title>SISTEMA 2.1.1.2 - ReadMe</title>...... <link rel="stylesheet" type="text/css" href="HelpFormat.css">....</head>......<body style="background-image: url(bg.gif); background-repeat: no-repeat;">....<h2>SISTEMA</h2>....<p>..Safety Integrity Software Tool for the Evaluation of Machine..Applications<br>....<a href="http://www.dguv.de/webcode/e34183" target="_blank">Institute..for Occupational Safety and Health..of the German Social..Accident Insurance (IFA)</a>, 2024</p>....<p align="left"><img src="logo.gif"></p>....<p>..Version of software: <b>2.1.1 Build 2</b><br>....Version of standard: <b>ISO 13849-1:2015, ISO..13849-2:2012</b><br>....Version of VDMA database: <span style="font-weight: bold;">VDMA..66413 1.0.0</span></p>....<p><a href="http://www.dguv.de/webcode.jsp?q=e89507" target="_blank">Information..about the standard</a>..</p>....<h4>About SISTEMA</h4>....<p>..The <b>SISTEMA</b> softwa

C:\Program Files (x86)\SISTEMA 2.1.1\is-9N41E.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	GIF image data, version 89a, 188 x 47
Category:	dropped
Size (bytes):	3213
Entropy (8bit):	7.853160994186846
Encrypted:	false
SSDEEP:	48:s2hwW17O35RIYUia9322IneXrSnPZoP9hlnQLp/B5ilY0JpUI86DeG6FUmi7+O:Jhwh5GYU3FInKm4hRQRihnUU6G6Y
MD5:	F81D9A0374ECBA3321876F45980E53A9
SHA1:	A6149DABC2307DC177905EF8547460BDF3B12A04
SHA-256:	1447018273D7EE1601BD91DEE219D78338ADF6834A013A191344A7CCBC3D0631
SHA-512:	2AAB5369F96FB09F33ED7E87A1E6F61597BE4BA4A3A0F1E3C976D96E1289FC36F87633EC39DC58E5A01C8D204501AE1A12EEE255603AE87667C418CAEA29D1E3
Malicious:	false
Preview:	GIF89a../...._..{....r..B..^...r.D..{../..9..\|..K...}.K..`.....s..B..&..K..N..{..h..^..U...c.j.....R.j.'y.`.. f./...V.3l.)o. i..m.g..Y.....Gr.{..x..v..~..s........m.....q..k.q...d..O~.X.K...h.&...Kx.`..[..R.....Jx.S.._.....Cm.../...\.9...Cld.^..{.....c.U..r...g.......B..q..q....&....q..K..N..q..q..K..q..r..&..K..q..q..q..K..K..&..&}.q..q...T{...K..q..K..h..&..&..&..<s.L..K..q..q...v.;\|.._.....r..W..)m.;..U..E...t.r..F}. b.3o....r..&..`..&..=u.V..K..M.._...Ku&..^..E...~.......j..<z.N..'v.=w.`...i.)p.V..E......W.9..&..N..W...z.i............)l.(t.&..N..W......^....q..../..h..^..U..B..F..{.....B..../...Oy.i.i..r..h..W..\|..{..{........:..9../...m./...w....V..U.......^......Z.!_.B......x.3k.q..9..q..\|.....9..9..L...s.U..M..{..U..../..i..^...a..f..\|.{..U....!.......,....../........H......\....#J.H....o.0.#... C..I.F.(U.\..K.'S..I...(m..."N.=...:.'.Hk.M...N.J..u....b.U+.Q....T,Y.Bn.....un.......NV.........HI....R.0\|..-J.I.<q(d...P.(.H7....w\|V.qa......,D.h.=

C:\Program Files (x86)\SISTEMA 2.1.1\is-9P2VV.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	133
Entropy (8bit):	4.049387095845199
Encrypted:	false
SSDEEP:	3:SVFiC8lK2FoeCecBJGjviBljJ5A6/vSvn:SVFiC8llFotTBUvGyiqvn
MD5:	DB0423CFE1D6FEB73B7F4817C0F9B211
SHA1:	1B9F5713F67ADA39955EDA4AB69BF5B171C010F6
SHA-256:	4A3E18693809DCDE89724CF9164392010D5DB935D701B8137FCFCABC2EDFBCD8
SHA-512:	B80327CACCB47F88C2052C210259D994BC128567CA6CBD76B99ED3865207DBA3E92979D7F1FE29732CC141D739374F5463B03235F8A6AD94BC93BC2A1E0B92EB
Malicious:	false
Preview:	# ..# List of known database aliases ..# ------------------------------ ..# ..# Examples: ..# ..# dummy = c:\data\dummy.fdb ..# ..

C:\Program Files (x86)\SISTEMA 2.1.1\is-AKAET.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	417792
Entropy (8bit):	6.543829116571883
Encrypted:	false
SSDEEP:	12288:u8D9DwpzrEUkzU9nteJsbkrE9l0nDYcZ/m4:w2NKybE9l0nR/
MD5:	BAC379AAD30D0B35D4821F8F586E1C23
SHA1:	8639C5984C4A9729AAE0C265F5887E0BA685DD50
SHA-256:	709FD2F622CC87A2CFC28002650C87E9AD27EE5E61F3985A9C412BCBD3261735
SHA-512:	EE9AB6E261CB395BDE55A07D4ADFFD0AFDDDAD4ABCF0FCA5255EB388819BC9322EC2F2BBCBF2AD87942C98D97FAB7BF7720FD67F8250257F7821C8CF16A41D95
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........\aR@=..@=..@=..g.r.Y=..g.t.C=...2R.B=..@=...<..g.b.4=..g.a.>=..g.u.A=..g.s.A=..g.w.A=..Rich@=..........PE..L...b.uW...........!.....P...........Z.......`.....J.................................................................2..........<.... .. ....................0...9......................................@............`...............................text....@.......P.................. ..`.rdata..Ft...`.......`..............@..@.data....9....... ..................@....rsrc... .... ......................@..@.reloc...G...0...P..................@..B................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\SISTEMA 2.1.1\is-B0U2U.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	4260768
Entropy (8bit):	6.7600826791938875
Encrypted:	false
SSDEEP:	49152:lRxOm9nppVX8DOet3SFzvQiTxLiu8t4Qddbg8X/fM398sxFF+I0:l7FJppd6+3pnQddbg8X/0NRbW
MD5:	D61C0C6ECD3D6BE9396F84362C97788A
SHA1:	AF50D3015718331516876731ABFE614B52A31BDF
SHA-256:	646DADDE96A76F434ACB71067A8E3923BBCEB920E19A60223F0D3BD811A6CBAA
SHA-512:	898D98CA0143FC935731C0DAAA7D9E0EEE745F3DA335EE003159CB1B73A27C82F54E90529F405EE23C811625A6CE43086C085BA84148A0B0E585A68A1B4E4DC6
Malicious:	false
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...h.$d...........!......'...........'.......'....P.........................pB....._.A...@...........................,......P)......P>...............@.......:..x............:.%....................................u)..$....,......................text...p.'.......'................. ..`.itext........'.. ....'............. ..`.data...D)....'......'.............@....bss....x=....(..........................idata.......P).......'.............@....didata.......,....................@....edata........,.......*.............@..@.rdata..j.....:......P9.............@..@.reloc...x....:..z...R9.............@..B.rsrc........P>.......<.............@..@.............pB.......@.............@..@........................................................

C:\Program Files (x86)\SISTEMA 2.1.1\is-B4FIL.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	MS Windows HtmlHelp Data
Category:	dropped
Size (bytes):	1137636
Entropy (8bit):	7.992115815327648
Encrypted:	true
SSDEEP:	24576:uL7IyEuhSWMtz+/FmyybqeU2sWK0zp2ylP6+kpPPP+q5m4Vjy:4IyEMjMtz+Nxyb580zxBCGq5m7
MD5:	E671E26E890DD7186CDA976B76E0E461
SHA1:	61E8BC959B5ED0699A2C66B54C8763A8A587807B
SHA-256:	7333A209FDF949BD3ECDA6228B61419A4D5DEEDF33B0C94784F3693166EBB90D
SHA-512:	A6D567B918CA629F019B0B479678DDDCF4ADE887FF97EF2FD625DEAABEF61B180CFBD66D7A47BB249E77106ABADAC945A416AFCC3FA9EC4FDCDBDB0CC8044B01
Malicious:	false
Preview:	ITSF....`........]*}.......\|.{.......".....\|.{......."..`...............x.......T0.......0...............[..............ITSP....T...........................................j..].!......."..T...............PMGLN................/..../#IDXHDR...1.../#ITBITS..../#IVB..n.../#STRINGS......./#SYSTEM..>.b./#TOPICS..1.0./#URLSTR..e.-./#URLTBL..a.../$FIftiMain...$..../$OBJINST......./$WWAssociativeLinks/..../$WWAssociativeLinks/Property....../$WWKeywordLinks/..../$WWKeywordLinks/BTree....L./$WWKeywordLinks/Data...V.}./$WWKeywordLinks/Map...S../$WWKeywordLinks/Property...e ./Basics/..../Basics/BL.htm.....x./Basics/Cat.htm.....s./Basics/CCF.htm...\|.e./Basics/CH.htm...a.[./Basics/CP.htm...<.x./Basics/DC.htm...4.y./Basics/DesArch.htm...-.9./Basics/EL.htm...f.v./Basics/Elements.htm...\.../Basics/MissionTime.htm...^.=./Basics/MTTFd.htm.....{./Basics/PL.htm.....T./Basics/PLr.htm...j.(./Basics/PR.htm.....k./Basics/SF.htm...}.U./Basics/State.htm...R.o./Basics/TE.htm...A.../CSS/..../CSS/HelpFormat.css

C:\Program Files (x86)\SISTEMA 2.1.1\is-B4K67.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	7680
Entropy (8bit):	4.557381237807728
Encrypted:	false
SSDEEP:	192:cRSm+hxXgUdU1faA2XvN3XN6MbrkSTXRB:cRr89U2p96MX
MD5:	316809D9C282ED6F69631BC6B107247A
SHA1:	8123AB6E6781A1A10DA09625A131F679453F1766
SHA-256:	0898D09FB6F2E667C4D513CCFF1FC8C9845F453BB44B4DFB3E3E9560936C53B9
SHA-512:	750968BBA57FFD816F2EE9F82AB525DD001420AAD810F7D80CC73F58B42EF3FBDF1492C026AE85599B8CD3AB5E3E5756036D04228DBC23DB53A82CEF14916C97
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............M..M..M. .M..M. .M..M. .M..M!..M..M..M..M. .M..M. .M..M. .M..M. .M..MRich..M................PE..L...(.uW...........!................1........ ...............................`......................................`%..d...."..<....@..p....................P..P.... ............................... ..@............ ...............................text...4........................... ..`.rdata....... ......................@..@.data...d....0......................@....rsrc...p....@......................@..@.reloc..\....P......................@..B........................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\SISTEMA 2.1.1\is-B5NB6.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	548864
Entropy (8bit):	6.393702958885723
Encrypted:	false
SSDEEP:	12288:BuYZhMltDoD+OSt+ujajk5RnchUgiW6QR7t553Ooc8NHkC2euB:oOhMltDoqvpjajk59g3Ooc8NHkC2eW
MD5:	2BC650257FB0867ABD54FD460EC2BAFC
SHA1:	EC063526AA14BCADEEFFA6D859B39A80680015B7
SHA-256:	9FC2E85BA84CF0459AAB0DC2EFAC734AD7B5B4C99BA19871FE8F6E35D0191838
SHA-512:	903966F1739727D166131B42DF6A7CD77D4F734C01437F7D96F18E8CB2C60A8E49BD952452FDE8F0D3A92A002D2404EE78B97472821C190B300C594A5525C0A2
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............................H...?.....Z=......?......?......?......?......?......?.....Rich...........PE..L....3C...........!.....@... ......z........P....B\|.........................p.......*..............................`.......,...<............................ ...2...S..............................@e..@............P...............................text....7.......@.................. ..`.rdata.......P.......P..............@..@.data...`&....... ..................@....rsrc...............................@..@.reloc...A... ...P..................@..B........................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\SISTEMA 2.1.1\is-BCABR.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	HTML document, ASCII text, with very long lines (988), with CRLF line terminators
Category:	dropped
Size (bytes):	87116
Entropy (8bit):	4.942556734561936
Encrypted:	false
SSDEEP:	1536:IBn8eieHeleCUfYy/vhQ+7cGzkK+Ba4MnhkjWjrlCkW4fl/H:aKUfYy/vq0pzkKA2MWjrMkW4t/H
MD5:	B33E32E9B698B5F00D19BFB1CBA6B72B
SHA1:	4B043E4C5AAEF41F0DC7D039BC891FE6ECD1D5D3
SHA-256:	E6046C162730405D1A8FDDDC07F8C17AEC4F70C6A1664BFD8FC5102DD4B86E31
SHA-512:	68FDAF5DAB524010D26A01DCCE7EA98332416FA1C7903911492B5E3620C418D30EE885A94ABE6DAE57D99080C2ADFD81EE933F3E964B14692BEB915D6C46B843
Malicious:	false
Preview:	<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">..<html>..<head>.. <title>SISTEMA 2.1.1.2 - ReadMe</title>...... <link rel="stylesheet" href="HelpFormat.css" type="text/css">....</head>......<body style="background-image: url(bg.gif); background-repeat: no-repeat;">....<h2> SISTEMA</h2>....<p> Safety Integrity Software Tool for the Evaluation of Machine..Applications<br>....<a href="http://www.dguv.de/webcode/e34183" target="_blank">Institute..for Occupational Safety and Health..of the German Social Accident Insurance (IFA)</a>, 2024..</p>....<p style="text-align: left;" align="left"> <img src="logo.gif" border="0" hspace="0" vspace="0"></p>....<p> Version du logiciel: <b>2.1.1 Build 2</b><b><span style="color: rgb(255, 0, 0);"></span></b><br>....Version de la norme: <b>ISO 13849-1:2015, ISO..13849-2:2012<br>....</b>Version of VDMA database: <span style="font-weight: bold;">VDMA..66413 1.0.0</span></p>....<p><span style="font-weight: bold;"></span><a hre

C:\Program Files (x86)\SISTEMA 2.1.1\is-C2KDT.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	GIF image data, version 89a, 408 x 84
Category:	dropped
Size (bytes):	6125
Entropy (8bit):	7.732853398247981
Encrypted:	false
SSDEEP:	96:0jm85EfjRYG5V1FwJOJ5+Ud1dApFmzoeA25UBk5caCfSs5AP/SoQU:y5Ef9YGT1FcYPCEirBk6fS0AXSoT
MD5:	EAE6B50166DC48A41EB645E4515A8796
SHA1:	08B104FD1456D322F09578A6A3874A8117DCC975
SHA-256:	CA0FDF244D36631D319C3729ADE2B70CD57EBBA966A987422B30C42785451174
SHA-512:	DA59A072DD9E8B0586B863EE53149A707E77E180763379601FB6114B7301FA0D1A9228B9C766AAA0AA94B3CA1D8DAC0C241E5FC680905B31190CA186CB6793A7
Malicious:	false
Preview:	GIF89a..T...TVT...tvt....J.Dv.$^.......d...V.\............l...F.4j....t......N..........T~..R.T..dfd...Dv.,f....,f.............F..Z.........l..<r.\|..$^........R.,j.......N....\.....\^\Tz....L.....d..lnlTz.....J....l.....<n....\|~\|...Dz....d........N....\|...........$Z.\.....Dz...............\|..\|..,b.....V.4n..N.\..\Z\...\|z\|....J.,b....d..$V...........l...J....\|......N........V.\..ljl...4f....dbdtrt..................F.t.....,^.4j..N.......T.........J.Lz.......Lz..........V....................................................................................................................................................................................................................................................................................................!.......,......T........H..A.Q ..eC.)..J.H....3j.... C..I..I..@.YicHK.Ar..I...8s....#..+.......H.]...f..%uh....j....6... u.U.C E....p..4...C^......'.]y./QN..+^..i.5..R5+....3k.48h..k.h.M.4.".>K6..D..

C:\Program Files (x86)\SISTEMA 2.1.1\is-CDA33.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3140157
Entropy (8bit):	6.358151655053589
Encrypted:	false
SSDEEP:	49152:xWGtLBcXqFpBR6SVb8kq4pgquLMMji4NYxtJpkxhGjIHTbU333HY:TtLutqgwh4NYxtJpkxhGj3334
MD5:	AAC0B9225DCA26A9FD21279798AF249B
SHA1:	F6BE9539CA0D49B1C518F696A5693D9F2576DF24
SHA-256:	6B4B1E2DC4ED3AE5CB6A435B01FEF57CCFB3C49048DC22475AC26AA8BFA43E1B
SHA-512:	F8E12E1B282AD5C3E00C0045D7B2F6ADDE878C9493C5230E0898E7886A380E487DECE0C68414A682376C9F89ED73411B874126DE9B4C27E00368E02582251080
Malicious:	false
Preview:	MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L......c.................L,..<......hf,......p,...@..........................p0...........@......@....................-.......-..9.......\...........................................................................-.......-......................text.... ,......",................. ..`.itext...(...@,.....&,............. ..`.data...X....p,......P,.............@....bss.....y....-..........................idata...9....-..:....,.............@....didata.......-.......-.............@....edata........-......-.............@..@.tls....L.....-..........................rdata..]............,-.............@..@.rsrc....\.......^....-.............@..@..............1.......0.............@..@........................................................

C:\Program Files (x86)\SISTEMA 2.1.1\is-CMH85.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	MS Windows HtmlHelp Data
Category:	dropped
Size (bytes):	1206431
Entropy (8bit):	7.992728155621692
Encrypted:	true
SSDEEP:	24576:q9kyrFFrWlOqYCVmyYM1HyGYPZagpMqzMzrvHjtkF8W3GxGkJb:q/DrWs+mC6agpMq+rvjtkFN3gzb
MD5:	3A1B011C353980727C2E76B37C408C81
SHA1:	2A61B8847985D132E4DD60772ADC43A53E7AF0EE
SHA-256:	6610EAEAAAD55B497EB9C9CD66AE747D505C113AA5644369C82A5C4E77B81CD9
SHA-512:	1216F31EF9021B2423E34858DCCDA7DC21BE9202EE88D0AC9B9A767D0F8796EE462E04407BD5A1F8103875AE096A228C95DDD45C1AC3F17F3E58DEF1597CBCE4
Malicious:	false
Preview:	ITSF....`.........b1.......\|.{.......".....\|.{......."..`...............x.......T0.......0...............h..............ITSP....T...........................................j..].!......."..T...............PMGLT................/..../#IDXHDR..].../#ITBITS..../#IVB...D.\./#STRINGS....\|./#SYSTEM..~.I./#TOPICS..].0./#URLSTR.....o./#URLTBL......./#WINDOWS...4.../$FIftiMain...{..b./$OBJINST..`.../$WWAssociativeLinks/..../$WWAssociativeLinks/Property..\../$WWKeywordLinks/..../$WWKeywordLinks/BTree... .L./$WWKeywordLinks/Data..l.>./$WWKeywordLinks/Map..*../$WWKeywordLinks/Property..< ./FHFlyoverPopups.js...c.F./FHFlyoverPopupStyle.css...).+./FHUtilities.js...$.../IDH_ActionNewBL.html..u.Z./IDH_ActionNewCP.html..O.^./IDH_ActionNewEL.html...-.\./IDH_ActionNewPR.html.....\./IDH_ActionNewSF.html...e.g./IDH_BL.html....../IDH_Cat.html.. ././IDH_CCF.html..y.'./IDH_CH.html...$.../IDH_CP.html..W.M./IDH_DC.html.../.J./IDH_DesArch.html...O.B./IDH_EditBL.html....../IDH_EditCH.html...4.E./IDH_

C:\Program Files (x86)\SISTEMA 2.1.1\is-CQHN4.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	MS Windows HtmlHelp Data
Category:	dropped
Size (bytes):	527904
Entropy (8bit):	7.97297568828217
Encrypted:	false
SSDEEP:	12288:nCCxVyuKsC79GuU2XSdNSA3knS9Kf6H6nmyhiTJkDk:z7yuKxUT2CH10S9MmQOJIk
MD5:	5F0BEFED5EE0D5504ECC639DE701D862
SHA1:	9AE058D1E0ED8908DB2DDBF2209DF5ACBDEE6C2D
SHA-256:	E7E5822E65C42F6587643938DDD1DA7A6766621CBBB4AC1ADE57D3E0DA942785
SHA-512:	C6B037B942A9E46FC4FBBB900AD585B32D98AFEE4D2C16916DB4E6CB7B6E4E7A2769591445E17697F635A13D7D42B3E3661A0666816B20FA13AAC5125F74EC89
Malicious:	false
Preview:	ITSF....`.......8.........\|.{.......".....\|.{......."..`...............x.......T0.......0.............. ...............ITSP....T...........................................j..].!......."..T...............PMGLN................/..../#IDXHDR...=.../#ITBITS..../#IVB......./#STRINGS.....G./#SYSTEM....V./#TOPICS...=.0./#URLSTR...q.-./#URLTBL...m.../$FIftiMain...8..../$OBJINST......./$WWAssociativeLinks/..../$WWAssociativeLinks/Property....../$WWKeywordLinks/..../$WWKeywordLinks/BTree.....L./$WWKeywordLinks/Data...j.}./$WWKeywordLinks/Map...g../$WWKeywordLinks/Property...y ./Basics/..../Basics/bg.gif...&.j./Basics/BL.htm...A. ./Basics/Cat.htm...a.P./Basics/CCF.htm...W.\|./Basics/CH.htm...1.../Basics/CP.htm...P.Z./Basics/DC.htm...L.i./Basics/DesArch.htm...*.../Basics/EL.htm...:.%./Basics/Elements.htm..._.T./Basics/green_new.ico.....~./Basics/HelpFormat.css...!.i./Basics/MissionTime.htm...F.../Basics/MTTFd.htm...M.../Basics/PL.htm...S.y./Basics/PLr.htm...5.N./Basics/PR.htm...3.h./Basics/red_new.

C:\Program Files (x86)\SISTEMA 2.1.1\is-D159B.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	GIF image data, version 89a, 408 x 84
Category:	dropped
Size (bytes):	6125
Entropy (8bit):	7.732853398247981
Encrypted:	false
SSDEEP:	96:0jm85EfjRYG5V1FwJOJ5+Ud1dApFmzoeA25UBk5caCfSs5AP/SoQU:y5Ef9YGT1FcYPCEirBk6fS0AXSoT
MD5:	EAE6B50166DC48A41EB645E4515A8796
SHA1:	08B104FD1456D322F09578A6A3874A8117DCC975
SHA-256:	CA0FDF244D36631D319C3729ADE2B70CD57EBBA966A987422B30C42785451174
SHA-512:	DA59A072DD9E8B0586B863EE53149A707E77E180763379601FB6114B7301FA0D1A9228B9C766AAA0AA94B3CA1D8DAC0C241E5FC680905B31190CA186CB6793A7
Malicious:	false
Preview:	GIF89a..T...TVT...tvt....J.Dv.$^.......d...V.\............l...F.4j....t......N..........T~..R.T..dfd...Dv.,f....,f.............F..Z.........l..<r.\|..$^........R.,j.......N....\.....\^\Tz....L.....d..lnlTz.....J....l.....<n....\|~\|...Dz....d........N....\|...........$Z.\.....Dz...............\|..\|..,b.....V.4n..N.\..\Z\...\|z\|....J.,b....d..$V...........l...J....\|......N........V.\..ljl...4f....dbdtrt..................F.t.....,^.4j..N.......T.........J.Lz.......Lz..........V....................................................................................................................................................................................................................................................................................................!.......,......T........H..A.Q ..eC.)..J.H....3j.... C..I..I..@.YicHK.Ar..I...8s....#..+.......H.]...f..%uh....j....6... u.U.C E....p..4...C^......'.]y./QN..+^..i.5..R5+....3k.48h..k.h.M.4.".>K6..D..

C:\Program Files (x86)\SISTEMA 2.1.1\is-DSFCI.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1035
Entropy (8bit):	5.096840469859322
Encrypted:	false
SSDEEP:	24:yPa7DSKH5uk5uF5uuCuuIzugWjupjcwx2EALZEgL8u+f:TDSCV0jfr/ACuZ8f
MD5:	0DA7A5B800B27ECF7FEF8FCED4D4566B
SHA1:	221E7FBA25CB0F5EF97CCA03DC70DDF4BE0981E7
SHA-256:	92A7A64EFA5CC7A8A4D2C73E67BA590DFB367C3866C33C59820C4A82F3DDFB80
SHA-512:	CC71A1B51C3F49D0901DBB4F0E26A3EB9270FEB64D6C83BF4A600F705492160E3322461418B9060A36FE3AEF6F1C99315A30F6ABBF8ACD003D86ED0372AE5F0E
Malicious:	false
Preview:	#Example of a list of SISTEMA databases, which are located on a (or several) firebird database server(s)...########################################################################################################....#Hostname (as IP adresse):DBName (as an fully qualified filename of a SISTEMA database)....192.168.1.10:C:\SSM-Databases\ManufacturerXYa-SSM-DB.slb..192.168.1.10:C:\SSM-Databases\ManufacturerXYb-SSM-DB.slb..192.168.1.10:C:\SSM-Databases\ManufacturerXYc-SSM-DB.slb..192.168.1.11:C:\SSM-Databases\ManufacturerXYd-SSM-DB.slb..192.168.1.12:C:\SSM-Databases\ManufacturerXYe-SSM-DB.slb..192.168.1.13:C:\SSM-Databases\ManufacturerXYf-SSM-DB.slb......#Hostname:DBName (DB name as an ALIAS, is configured in 'Firebird_1_5\aliases.conf')..# - Examples of an ALIAS in 'aliases.conf':..# ManufacturerXYa = C:\SSM-Databases\ManufacturerXYa-SSM-DB.slb ....DBServerXY1:ManufacturerXYa..DBServerXY1:ManufacturerXYb..DBServerXY1:ManufacturerXYc..DBServerXY2:ManufacturerXYd..DBServerXY3:ManufacturerX

C:\Program Files (x86)\SISTEMA 2.1.1\is-EUGLL.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	22726656
Entropy (8bit):	6.342895048986617
Encrypted:	false
SSDEEP:	393216:D2I/jv+43IjeivpUiTunNM/oIPQEEWFMu:qmYXAC
MD5:	9539E734CC3C8A2A935ACFD28CC08B31
SHA1:	2CF3FD9F3CFF784CF7C97B7B58531253ED460632
SHA-256:	09F388DB7E634A3430B660F60A2BFE38CFEE979836C84FDC0FFC3C6FD9D2F801
SHA-512:	7D7F55C6D9078F5292766FB71DF02B2AC4FC79CC1330889880F0CF0DBB8FDE0394D1F1DD96214A2B0496D498D5A5606A4AE9489619108605678D108C333F5BF3
Malicious:	false
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....N'f.................J...z.......[.......p....@...........................].......[...@......@...........................`.......p...nw..................0...7........................... ...........................3...........................text............................... ..`.itext...v.......x.................. ..`.data....<...p...>...N..............@....bss....`................................idata.......`......................@....didata.............................@....edata..............................@..@.tls....8................................rdata..].... ......................@..@.reloc...7...0...8... ..............@..B.rsrc....nw..p...pw..X..............@..@..............P.......M.............@..@................

C:\Program Files (x86)\SISTEMA 2.1.1\is-F9HCM.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1649664
Entropy (8bit):	6.501336495988769
Encrypted:	false
SSDEEP:	24576:2ID+iU+iAyeHOP/xkUIO39dL1pynRP4e:/yuOLFH1YP4e
MD5:	FF446448BBC3B3E82AB1BF8CB9BBF6A9
SHA1:	F0737840AD0507E52CA0F9BE86F6AA281ED86506
SHA-256:	8C05A26A4BD1D8CE8176C3EE0923DABC40E2EBEBA54CDEE63A96F89EB3FA182C
SHA-512:	6037B5CF98306445CB08B475B0F6717977D5DFD03BB1B462AA2C6C23FC7AA665687A84D515DD2BE5BA5C8CE228BA4DE81EBAB225661B1477A7827B4D5425B11B
Malicious:	false
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L.....He...........!.........4......4.............@.......................................@.............................J....@.......p...........................k...................................................O...............................text.............................. ..`.itext..<N.......P.................. ..`.data...d...........................@....bss.........0...........................idata.......@......................@....edata..J...........................@..@.rdata..a...........................@..@.reloc...k.......l..................@..B.rsrc........p......."..............@..@.....................,..............@..@................................................................................................

C:\Program Files (x86)\SISTEMA 2.1.1\is-GGC8U.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	HTML document, ASCII text, with very long lines (988), with CRLF line terminators
Category:	dropped
Size (bytes):	86302
Entropy (8bit):	4.952605230933474
Encrypted:	false
SSDEEP:	1536:mOFjeYleHelezUfYy/vhQ+7cGzkK+Ba4MnhkjWjrlCkW4fl/H:mAMUfYy/vq0pzkKA2MWjrMkW4t/H
MD5:	101439185425F718DD5CB0EBA7858C5B
SHA1:	B7EC418B04B2C409C73E8A72BFBF678262D708D5
SHA-256:	96C16858A0596173D5FCD3D69B8152F0F4B5873E61C156968EE6F5A89A15D3CE
SHA-512:	1D24A2D61EBA672DEF196C1C1604635A4637722142D3A0BBAFC39A7CA7B34B982A22D6485441AE101C7CDE91DF042ACFE6FA4BDDB37D48752651750A67926997
Malicious:	false
Preview:	<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">..<html>..<head>.. <title>SISTEMA 2.1.1.2 - ReadMe</title>...... <link rel="stylesheet" type="text/css" href="HelpFormat.css">....</head>......<body style="background-image: url(bg.gif); background-repeat: no-repeat;">....<h2>SISTEMA</h2>....<p>Ohjelmistotyökalu turvallisuuden eheyden arviointiin..konesovelluksissa<br>....<a href="http://www.dguv.de/webcode/e34183" target="_blank">IFA..on..Saksan sosiaalisen..tapaturmavakuutuksen työterveyden..ja työturvallisuuden laitos</a>, 2024</p>....<p align="left"><img src="logo.gif"></p>....<p>Ohjelmistoversio: <b>2.1.1 Build 2</b><b><span style="color: rgb(255, 0, 0);"></span></b><br>....Standardiversio: <b>ISO 13849-1:2015, ISO..13849-2:2012<br>....</b>Version of VDMA database: <span style="font-weight: bold;">VDMA..66413 1.0.0</span></p>....<p><span style="font-weight: bold;"></span><a href="http://www.dguv.de/webcode.jsp?q=e89507" target="_blank">T

C:\Program Files (x86)\SISTEMA 2.1.1\is-HHJBR.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	HTML document, ASCII text, with very long lines (988), with CRLF line terminators
Category:	dropped
Size (bytes):	85392
Entropy (8bit):	4.933474446024505
Encrypted:	false
SSDEEP:	1536:sVAe2eHeleDUfYy/vhQ+7cGzkK+Ba4MnhkjWjrlCkW4fl/H:6UfYy/vq0pzkKA2MWjrMkW4t/H
MD5:	C430492C134FB935CAC5BE65E4FBBA87
SHA1:	EFC7E9B99D1283A08FFF7BCA2ED1FF0F512B97CF
SHA-256:	F5ED6D9E065610A7D7B04DB5F625A211D40C4D541011CD760B85BE9486C0517E
SHA-512:	79363B6BA6C31851119B6FFEA4ED296B12D7CD6B46B076DE43B33D45C931B2F92D85DBB5B714BAC42E94DE66A47CD2AA21F45C08935E26E778743C78244B9C2C
Malicious:	false
Preview:	<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">..<html>..<head>.. <title>SISTEMA 2.1.1.2 - ReadMe</title>...... <link rel="stylesheet" type="text/css" href="HelpFormat.css">....</head>......<body style="background-image: url(bg.gif); background-repeat: no-repeat;">....<h2>SISTEMA</h2>....<p>..Safety Integrity Software Tool for the Evaluation of Machine..Applications<br>....<a href="http://www.dguv.de/webcode/e34183" target="_blank">Institute..for Occupational Safety and Health..of the German Social..Accident Insurance (IFA)</a>, 2024</p>....<p align="left"><img src="logo.gif"></p>....<p>..Version of software: <b>2.1.1 Build 2</b><b><span style="color: rgb(255, 0, 0);"></span></b><br>....Version of standard: <b>ISO 13849-1:2015, ISO..13849-2:2012</b><br>....Version of VDMA database: <span style="font-weight: bold;">VDMA..66413 1.0.0</span></p>....<p><a href="http://www.dguv.de/webcode.jsp?q=e89507" target="_blank">Information..about the standard</a>..</p>....<h4>A

C:\Program Files (x86)\SISTEMA 2.1.1\is-HVGVG.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3842048
Entropy (8bit):	6.075164190667764
Encrypted:	false
SSDEEP:	24576:XK+TOgFoc2XEN7DC3A/TtAiBS7bD9mNe0Hd1VChOr+3SRuUawbapAodXi1bDsxqL:a+TSADa5UfEOcZq15eiCI8knerj9GUS
MD5:	672D54CAD3E8B7EDCFF5B642387D1B94
SHA1:	47F6CC73A5999E3A1FFA8F2D352CC0DC077C7353
SHA-256:	2353FAEB13EC55655E039C70ECDA8E0FCC347C82A438710303846786CD00081B
SHA-512:	DB1AEBCB21E4E5418EB17149CB997B9A49AA3A6E13A9EDF25D840229E115A6F1C51F1072A58793C2D2015A07D7FB64C5FB51FEB27C7DEA9AEC6B17324AE84481
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........F7..'YM.'YM.'YMj.'M.'YM..4M.'YM..$M.'YM.."M.'YM>(.M.'YM.'XM.&YM..7M7'YM..#M.'YM..%M.'YM..!M.'YMRich.'YM........PE..L...X.uW...........!.....0%..`.......6.......@%...............................;......,;..............................g-......P-......p9.......................9.....pH%...............................*.@............@%..............................text....&%......0%................. ..`.rdata...E...@%..P...@%.............@..@.data.........-..p....-.............@....rsrc........p9.......9.............@..@.reloc........9.......9.............@..B........................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\SISTEMA 2.1.1\is-IKJO6.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	data
Category:	dropped
Size (bytes):	105016
Entropy (8bit):	6.7491575054641855
Encrypted:	false
SSDEEP:	1536:/6B9WLcXKdoGs6ydgdviVfTKQZMIGYX0Gnwe:/6BI4dr683W6
MD5:	7F6B5D892BEFB98A4CDADB19C7B25AE4
SHA1:	32A12D3C6AAC3864F5DD9F370BF8C6C621997E9D
SHA-256:	85700E8AFBDDD5B793D3F3171DF0CD561F2BFFDF41AD58AFAC443D429E9595ED
SHA-512:	064A2336534194F84E127EEAB30CB59055248C8D169867D52A7F9F2471DB56BE3F3A94F2BA9E540E34717BAA4912C7086AB2F2C884B5815906280F3F53CA81E2
Malicious:	false
Preview:	.....9 .=...N.8.^..G.Mg..!>(........'.k6.[lsQ.o.ld...0.^:Tp......cJ...V.E..S....+..S....+..S....+..S....+..S....+..S....+..S....+..S....+..S....+...p......z.H...S..L.B7%.Mr_.H...S....+.3...^5A...\|.....~...h...S....+..S....+.l<,..G...S....+ea.-.......f.Y.m..5d...0....}..0....}..,EX...?AoN..uz....S....+..S....+.*.(.u....S....+..S....+..S....+"W.>...)..S....+..S....+..S....+..S....+..S....+..S....+..S....+..S....+..S....+..S....+..S....+..S....+..S....+..S....+..S....+..S....+..S....+..S....+..S....+0.Up.D..&..x....S....+..S....+..S....+..S....+..S....+..S....+..S....+..S....+..S....+..S....+..S....+..S....+..S....+..S....+..S....+..S....+..S....+..S....+..S....+..S....+..S....+..S....+..S....+..S....+..S....+..S....+..S....+..S....+...p....4....R....N...nD.1,.>\u....e.CkR.w#.{N\.N.......[........3St5.x..C.M.VZ.....L...v.E.t%...Tb....L]+d6....G.. .J4..$...$...J...u..N.@.#.9..h6.i...{^;g..(9M..w.Y._.5.h.NqY[...>..vg.....<M\w......GW.T...&....9.....N.)./t.&.[.\V.E.....

C:\Program Files (x86)\SISTEMA 2.1.1\is-J49E2.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	GIF image data, version 89a, 1000 x 591
Category:	dropped
Size (bytes):	92837
Entropy (8bit):	7.9713328065284745
Encrypted:	false
SSDEEP:	1536:kzAhdnYRzI7EWn27x2jWdprCn/JHYZGyXM2mcH9cUeAkVjtMxY8SPJj4Q9NIT:k4dnSzFWn2+WdcRHYZGX2v0htMxsPxxk
MD5:	01E92E2A08BC6DFABDE5652248A292F5
SHA1:	74584EBCC5C2C81FC224A049E37CD82C44FEF9C5
SHA-256:	BA80B6F191F89C91CBCA973A652CDCE7ABC233CF606C5B1D4BC7D51196A2776A
SHA-512:	04C2A1D3103170F419BC01B18F9AF930342E0D881A66B73857852AD08F231CF7037527DEB61E499DCD142D4F42CDDC00552AC85B2CCA391051409DDCA59DA56F
Malicious:	false
Preview:	GIF89a..O............................... .."..$..".,% 3+"3/.70$;7%=6.D.D;+.D..F.D@.H..K.IC0.O..P..Q..S.OG6LI0.W..W..X..X.UL6.[..]..Z..[..\..].UO=.a..a..b.]T<.f.\TD.g..g..g..i..i.]Z<.k..h{b\D.o..r.&k}.q.eaI.r.ecC.t..r.1pwnfI.u..y..\|..z..y. w.#x.#y.qiP {.#~.#.....wpO+.....wrU-...../..1..~w[.xU>..?..1..9..R.{2...}U0..=...~[S..>..@..E..A....`S....[;..R..B..L..M....bT..^....`\....gN..V..W....m`..r....fb..`..e....m...u..s....sn..o..r.......s..{..............su..s..x.......{...~..................{...............................................................................................................................................................................................................................................!.......,......O........H......D8o...#J.H....3R.g..7s..i.I...(S.\...0c.I....o....@p.;>{....H.*]...P.J.J..U...q{...Pr..K...h.].m..:...=.x..........W..<.n.v.+c....[GY....3k...../....c6.........^

C:\Program Files (x86)\SISTEMA 2.1.1\is-LSB8O.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	675840
Entropy (8bit):	6.734758519357615
Encrypted:	false
SSDEEP:	12288:UGS0YPmKEK9uxS4TCNfbg4ibCcoInBliDxlPLkQGSWDhap:QmKEKEsnJbg4iFoIBlibLkvph
MD5:	42E885D15C760783ED8BC6EBBC3EE834
SHA1:	3447E69BA79DC55F27FB2D7A4F0DBEE7E5515D6B
SHA-256:	733308D8F7967C72E56A44A678412EBF364CB505E1F84045B1D65E5A75A8D307
SHA-512:	B53CBBC5D52B41BD73CF5DD2AEB13B0DA49C8C5998B53ACD3F8A1CF8996CB21CE44F6CD76DE3700F7E62AFC59646B22B48AC67D00E633F242DD8CEC2112BE9A6
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......./..k..k..k..L,..B..L,..i.....n..k.....L,..5..L,....L,..j..L,..j..L,..j..Richk..........PE..L...U.uW...........!.........@......D..............J................................2...............................@.......d...P.......$.................... ..dN...................................P..@...............`............................text...C........................... ..`.rdata..!...........................@..@.data....D....... ..................@....rsrc...$...........................@..@.reloc..Z[... ...`..................@..B................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\SISTEMA 2.1.1\is-LUSCN.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	MS Windows 95 Internet shortcut text (URL=<http://www.dguv.de/webcode/e109249>), ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	269
Entropy (8bit):	5.4006883807253425
Encrypted:	false
SSDEEP:	6:HRYFVm/r4vvXCRcOKbAmKLA0iEz2Yu4oTZiAs8lvsh4r54vVG/4xB:HRYFVmYXOKb5KL9i/404A0h4uVW4xB
MD5:	A2E82B12F1000F17AF168B170A70050F
SHA1:	508633BF009C2287B173B962A837DB91766FEEA7
SHA-256:	6215D9EE5E6B67B85ED1A56A9C20401974706D2846AB3A771140FC387767BD61
SHA-512:	B28E61C935DC77C1654FDCB3214231F70767EA27425D1DABE2FD520296E32489348E9A5934971E8A7CDB91AE1DB388FC646671B568C8259A7FA202566340F083
Malicious:	false
Preview:	[InternetShortcut]..URL=http://www.dguv.de/webcode/e109249..IconFile=C:\Dokumente und Einstellungen\Lungfiel.Andy\Eigene Dateien\Borland Studio Projects\1_1_3_v2\bin\SISTEMA_WEB.ICO..HotKey=0..IconIndex=0..IDList=..[{000214A0-0000-0000-C000-000000000046}]..Prop3=19,2..

C:\Program Files (x86)\SISTEMA 2.1.1\is-M5MNL.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	281504
Entropy (8bit):	6.5182888212806604
Encrypted:	false
SSDEEP:	3072:8WihKGL6uES+ebaYLfbuAhKkugp/RD8V6UZZZSdzPV5LABqSgbNc2ffVzjENwJUw:8Wih1LX8ODKsY2PV5YgbNc2ffJDP
MD5:	C4CA583D8EBA8FE2EA768458DE705A52
SHA1:	B6178F3566A2690882F22788311E6D0C9636CF23
SHA-256:	0BE487B75088393915D17DF15F85D6DD28339B9616DAC7C1F5AD4AC09A863277
SHA-512:	EE601509B50A1ABD97EA26D33994C6D7649AFBC5F0DF234133B3BF9F32DACE5805F579ED62AB717D6DD4AC8DE21325538D39645008653CA6073003DB073D8E2B
Malicious:	false
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...h.$d...........!................lD.......P.....Q......................................@..........................p......p.......`...>...........0....... ..X8..............$............................................`.......................text...h&.......(.................. ..`.itext..t....@.......,.............. ..`.data........P.......2..............@....bss....d....`...........................idata.......p.......4..............@....didata......`......."..............@....edata......p.......$..............@..@.rdata..i...........................@..@.reloc..X8... ...:..................@..B.rsrc....>...`...>..................@..@.....................0..............@..@........................................................

C:\Program Files (x86)\SISTEMA 2.1.1\is-MCHSJ.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	HTML document, ASCII text, with very long lines (986), with CRLF line terminators
Category:	dropped
Size (bytes):	116387
Entropy (8bit):	4.989683661194532
Encrypted:	false
SSDEEP:	1536:0Mg9eeeaew56hnTsIYAcpaT6o5ZjHgNbk5C/T2dRv2wXFt:G5WnTs2cpaT6o5ZjHsbRThqf
MD5:	E7842F3390A4B7EDAF33E8A18CB07857
SHA1:	D30816DCB2174048E81FDE9E8932D9AF0BA3A8D9
SHA-256:	28421BBE07BE5EB527C805490A72DE666A73E778E4587D8C58FEB099DFAD2F36
SHA-512:	9BDC4F319FD440FC736A324641844A2F51531892545F3B9E7D80446832DF298FAE202ED16613F286493A5587DA93FA0D7AAB5E4F801006D33499BE2CDD35574A
Malicious:	false
Preview:	<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">..<html>..<head>.... ...... .. <title>SISTEMA 2.1.1.2 - ReadMe</title>.. <link href="HelpFormat.css" type="text/css" rel="stylesheet">..</head>......<body style="background-image: url(bg.gif); background-repeat: no-repeat;">......<h2>SISTEMA</h2>......<p>..<b>Sicherheit von Steuerungen an Maschinen</b><br>......<a target="_blank" href="http://www.dguv.de/webcode/d11223">Institut..für Arbeitsschutz..der Deutschen Gesetzlichen Unfallversicherung (IFA)</a>, 2024..</p>......<p align="left"><img src="logo.gif"></p>......<p>Version der Software: <b>2.1.1 Build 2<span style="color: rgb(255, 0, 0);"></span></b><br>......Version der Norm: <b>ISO 13849-1:2015, ISO 13849-2:2012<br>......</b>Version der VDMA Datenbasis: <span style="font-weight: bold;">VDMA 66413 1.0.0<br>......</span></p>......<p><span style="font-weight: bold;"></span><a href="http://www.dguv.de/webcode.jsp?q=d18471" target="_blank">Informationen..zur Norm</

C:\Program Files (x86)\SISTEMA 2.1.1\is-N0KF3.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	23539712
Entropy (8bit):	6.598924019980046
Encrypted:	false
SSDEEP:	393216:XQXzlByn9XASOXB1Bk3u+GHBSAhr4GwJfwh7M1tn12f1EyxzBtOLDcVo3NOdCMlp:Sona98/G2Nwh7M1tn12qSbkqH
MD5:	8571B58DF1EC066D088F17BABBC2A009
SHA1:	5E490DEBADE3F22EB714782D079BC2C3B2ABA8DC
SHA-256:	FEEA8162475A13FEE180883DB69A227127CBAF5D2F2A5E3BDDCE78C7CBD8E90D
SHA-512:	A0999FF51B35CCCE4121C1D6868416855AC50CFE2754342272E11A5AB35399D8FCB55BAA21811F32198B61CDDEC1D386A26151B93AAD648BE99EF2FD61DF9AED
Malicious:	false
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...M..f.....................4].....h.............@...........................i.......h...@......@................... ..........Vp....$...E..................P...............................@..........................p.......J....................text... n.......p.................. ..`.itext...............t.............. ..`.data...@...........................@....bss.....................................idata..Vp.......r...~..............@....didata.J...........................@....edata....... ......................@..@.tls....\....0...........................rdata..]....@......................@..@.reloc.......P......................@..B.rsrc.....E...$...E...!.............@..@..............Z......2X.............@..@................

C:\Program Files (x86)\SISTEMA 2.1.1\is-NQL46.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	MS Windows icon resource - 2 icons, 32x32, 16x16
Category:	dropped
Size (bytes):	4150
Entropy (8bit):	4.576991219107238
Encrypted:	false
SSDEEP:	48:fO4DeB5NPPZPP0wvqihBN1S9ZflPfPs12HkGUW4XXR:7WNPxPcwvqihBHS7flPfP+GUW4XXR
MD5:	12116FD1B66CD34DD3A77EA413CF874C
SHA1:	335A3236FD2FA7042409F869411955CB339BB6B3
SHA-256:	FEEAC0E7D4074882AD2CB18AEBD6781C29979F2846D72F65508768C42A23B091
SHA-512:	41032EF16166E5E505EBF1862685D95801EBF481F2E4F2004BCF46AFB3415AB1635010A76C4DE51BCD5945CA2090C232C021375703467FCCAD96EBADDD0CB855
Malicious:	false
Preview:	...... ..........&...........h.......(... ...@..............................................................................................................................................................................................................................................................................................................d..d..d..d..d..d.......................................................................d.g.gg.gD.DD.D.d................................................................................~.~~.~~.~g.g...............................................................................e.h................................................................d..d..d..d..d..d.......w.y........>.Q.....................................................d.g.gg.gD.DD.D.d.......w.y........>.Q...................................d..d..d..d........s.~.~~.~g.gg.g..........D..X..G.T.T.D...................................g.gD.DD.D.d...........

C:\Program Files (x86)\SISTEMA 2.1.1\is-NS0KN.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (681), with CRLF line terminators
Category:	dropped
Size (bytes):	37004
Entropy (8bit):	5.223264427587912
Encrypted:	false
SSDEEP:	768:841fPvwKlXC4agyNipeZX3ckEBA13vDYtJPjX9g0lBikFoTQmNCguroIOSa1urS7:l1fPvwyXPHhMVMHwb8tprvN+TUp0hHoa
MD5:	29E02C1C485D9AEBE9B38DE2C584574D
SHA1:	B40BA36F4BB2A2C4A7A7B0C3C7BE03BF646D6600
SHA-256:	A2B2DF2AACB275A1299EB589E6337E411D3623F9E32FD9FF1B1FD5F2041A10D7
SHA-512:	13988B88F578844B4ECADC47D1A402C555CCC83A48F2307509AA7ABB95E6DB8AE4B7F824EB9F5460BDF964FA533FF1ACBCAF0A353AF10AFB03F54E258827A80F
Malicious:	false
Preview:	.<?xml version="1.0" encoding="UTF-8"?>..<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified" attributeFormDefault="unqualified">... ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -->...<xs:element name="xmldocdata">....<xs:annotation>.....<xs:documentation>Das Wurzelelement jeder XML-Datei f.r SISTEMA.</xs:documentation>....</xs:annotation>....<xs:complexType>.....<xs:sequence>......<xs:element name="tiopf">.......<xs:annotation>........<xs:documentation>Die XML-Struktur f.r die Tabellen wird durch das XML-Layer vom tiOPF Framework (http://tiopf.sourceforge.net/index.shtml) vorgegeben.</xs:documentation>.......</xs:annotation>.......<xs:complexType>........<xs:attribute name="version" use="required">.........<xs:annotation>..........<xs:documentation>Aktuell verwendet SISTEMA das Persistenz Framework in der Version "2.1".</xs:documentation>.........</xs:annotation>........</xs:attribute>.......</xs:complexType>......</xs:element>......

C:\Program Files (x86)\SISTEMA 2.1.1\is-O8I07.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	338944
Entropy (8bit):	6.448112058421481
Encrypted:	false
SSDEEP:	3072:t3S+2KCPNUzembFq1yFikXiBg4CI9ye9LzSCWqhz2EiMwiLw5AB9+4PEYhGGvRJo:t3kUzr4sopY3QDBwh9x5Ve0CmLr
MD5:	5D66EE03DEBB86E43534B001D6EB9F56
SHA1:	D47BE45312FECDD940F9E4C20DB20D9D74F358F8
SHA-256:	62F5149A73759BFCC7EDE51533FF5D6B79CF08903D76A28B3ACE320060F103EC
SHA-512:	AB5D4B89813B8508DB2B13D09BC8DC0A55335B19B3C2BECC34A6A57F715257DB175EB99FF1AF5E040BAEAFFE9CA5DF337ACBE444707ABDC79B3C6C7E2AA74DE3
Malicious:	false
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L.....He...........!.........Z....................@.......................................@..................................................................0...P........... ......................................."...............................text...$........................... ..`.itext.. ........................... ..`.data...`...........................@....bss.....................................idata..............................@....edata..............................@..@.rdata..^.... ......................@..@.reloc...P...0...R..................@..B.rsrc................$..............@..@.....................,..............@..@................................................................................................

C:\Program Files (x86)\SISTEMA 2.1.1\is-OMTFN.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	74144
Entropy (8bit):	6.448361767847363
Encrypted:	false
SSDEEP:	1536:+fwcvI/xIUg95JGuawdWgCSePkktdb3hiZ:+fwcvIqUg0ujCSePk+dIZ
MD5:	8D484B632DCCE62ACE30D9FC5CCCCEDB
SHA1:	BD90CD67EB3A59D067C0621164F9B1C7C6FBEF9A
SHA-256:	CBD5DCE7B363B6E288BD30C1211925E844EC445C3805ECDC9900882060A7724D
SHA-512:	41E2F42436981334FA4B4210AEC41F91839A7E1D74AFE8C439B078908985AB17507B67A3C2BC2B85A420C17AF0509FD7543B502EC9095C5A1A9D7149D1EF2C57
Malicious:	false
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...g.$d...........!.........>......(..............P................................$.....@.............................e....`.......................................................................................a.......p..$....................text...d........................... ..`.itext..P........................... ..`.data...t...........................@....bss.....W...............................idata.......`......................@....didata.$....p......................@....edata..e...........................@..@.rdata..E...........................@..@.reloc..............................@..B.rsrc...............................@..@....................................@..@........................................................

C:\Program Files (x86)\SISTEMA 2.1.1\is-PK0EM.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	GIF image data, version 89a, 1000 x 1200
Category:	dropped
Size (bytes):	10824
Entropy (8bit):	7.947583323826377
Encrypted:	false
SSDEEP:	192:MUnV7o8Noj+l/MUuha49ncC5J8jSgvTRLWTtDLuq4KnHgSKPoqEHqTi8ZDfgAs6x:MUnluj+luAiyjSOTRLW8qlHgQMN5fgqx
MD5:	DCB422179969FCCAEB341D7230B54CAD
SHA1:	FD23CDE24CFAEC037FDDC938939CB87551482275
SHA-256:	8B15C1AB00BA810BF29EE94391A20A5694440AE3777943EA959B06F8292F2D7E
SHA-512:	E625C15B0E2C3F1F33259E58153A6A28729E5B416321D390547971679F9DF334CD7A9FB58258F54B585A56725C4F90B2C778D350A3E20385F859C065D7AC3737
Malicious:	false
Preview:	GIF89a.......................................................................................................,........@...)..H......\....#J.H....3j.... C..I...(S.\...0c.I...8s.....@...J...H.]...P.J.J...X.j....`..K...h.]......K...x...K.............+^l....#K.L.......8 ..... L.M.....@?. ......\.=....s.vJ..... .p.....+_^\.....H......k.~..\.... `N......N...e.....z............`.u..g...&..l.(@...F(..9...z)...vh.c..G.$.hbr....]....0......p.8....H.W.@.).n.....H&.d.....PF).Z.....Xf.e...P.`.).U{..@.[.......\c.).C.%..l...)...t..0.e$..&.(.N...r.W..<....g..v....u..6fj.K...{...jM...+_#.u(...c. ...........DW.....#...G.Vk......sA{^.!.e.x.k.z..I-]...r....u.nr...@...... 0..u......K....pq.8....<lq..L..^..x...0,rC..LZ...%R....2..H@..-......sB%...u"....D..rF{E`i.&0..P..3..X........9..@.......r....G...D..2.!....f.._.."........2.-8.lo...!aM../......@.C7n.`..u.fC.dc ....'..z.U@.K.~i..j>8.v{.&..a..&G.vE...5.z....K.zo?..../_...._

C:\Program Files (x86)\SISTEMA 2.1.1\is-Q59EJ.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	GIF image data, version 89a, 406 x 104
Category:	dropped
Size (bytes):	5385
Entropy (8bit):	7.826058765247188
Encrypted:	false
SSDEEP:	96:tyFYi3RDoVA6s8hx8Ga+1G2RH74cb0FTiqaQQFulqBWhvTorG55tVpIlPPjFUrfg:tySMqA6s8Q03i2EQYlqYlorGJsSg
MD5:	1C7617E7951680C2C0A6C7904597EAEF
SHA1:	F626D93345A21EBFD3F093D9C9A52F0EE8E897D8
SHA-256:	AC4C502B4A85E4C3AA3673D0F6FC0F006D1C59FE8650A65E247672ADDCB88D2A
SHA-512:	C6F405AD75D92C78CCB589F3189C2275F19CEB8BD68B0186CE7A5531B818F19D451EB877BD45F0154070B8B6B3240972CFFA912948DAC354CAE5A220F5DE566C
Malicious:	false
Preview:	GIF89a..h.........................CCC.........-.................2..4........9..7................./......ede..............1"""...323vvv..0../.....8....................7...hgkTTT....3\.75:...427.......%Q..;..I.................\|..<b...xwy....Mp...................YW[..Bg.............\\|...... .#,........+V.h.gfi..Su.n..Xy.Gk.....=............205.....C....u.'%...8...$#'.....A. K.b...:......=.....=.1/3...mmo..H..D....ONQ.........dcfwvx..N..9[Z].........5DDD...@?C)',sru"!%..............6...zy\|UUW......GEH......98;.....5^]`CBE..!......por..&?=ARPTedhqps...JHKbad...............-2........jilDCG......LJN..2...=;?......}\|......................geh`_b....................7........2..........................69<..............0...........:..................!.......,......h........H......\....#J.H....3j.... C..I...(S.\...0c.I...8s.....@...J...H.].2.":..aJ....e.X..."B4$.x"...hy......."H.`.F......o.YLEX .B..,,H....."~#K.\|.J.,)T.0\....),...#..4.(.^... F.

C:\Program Files (x86)\SISTEMA 2.1.1\is-QVGMQ.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	MS Windows icon resource - 2 icons, 32x32, 16x16
Category:	dropped
Size (bytes):	4150
Entropy (8bit):	4.5969098600269
Encrypted:	false
SSDEEP:	96:aHRfPyPcwvqihBHS7flPfP04AZR3W4XXT:aHRnc/5Rmi
MD5:	5D6CCCBEADE9834C711C7961E0AD6DF3
SHA1:	E6ED37E62A62513BA4CCAB61A3ACDFC0B300E876
SHA-256:	36906E68EB60316AAB3FB8CB05812E50C891EC4C6C14B4C86DFE86E6E484C27A
SHA-512:	E3D07007D185CA4A4CA8F0CC08DBA8E0F9A8151B067EB0606C21ADEC80919333902CAB9D663D926581AC75003E313E696766483098D701B456571FA4385E23E8
Malicious:	false
Preview:	...... ..........&...........h.......(... ...@..............................................................................................................................................................................................................................................0..0..0..0......................................................d..d..d..d..d..d..........0..0........x..x..0..0................................................d.g.gg.gD.DD.D.d.......c..............s.......x..0...............................................~.~~.~~.~g.g.........c..............p........J............................................e.h.................c..............x........F.....................d..d..d..d..d..d.......w.y........>.Q......c.................x..x....M.....................d.g.gg.gD.DD.D.d.......w.y........>.Q......c.........................N...d..d..d..d........s.~.~~.~g.gg.g..........D..X..G.T.T.D.......c.....................C..g.gD.DD.D.d...........

C:\Program Files (x86)\SISTEMA 2.1.1\is-R8FKE.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	2025
Entropy (8bit):	5.261503994925398
Encrypted:	false
SSDEEP:	48:PC5T53YICFK/9RY6i29tS8o7WjwDt1fnjRYm7rdOXOU22JEY:4t2Fobi2DnGr1fnjRYmc+UVJEY
MD5:	62DA34DA202A65070BBB839177F2A52E
SHA1:	55CDF43232E74A36D01E7E76D5AF15AF7692D51F
SHA-256:	DB0AD3BCD7855BAF24C428930F526EA23B63E26FD973FE0D967EE21B4E91A52E
SHA-512:	99C33887953E59FFED88704E80585071363D12BB33791B0CDDD26D8CA2BA08A8180221852E333E63F78DEE6AD3971059DC17B46E994B37C6EFB630780CE2C68B
Malicious:	false
Preview:	/* DATEI: selfhtml.css /..../..body { style:"background-image:url(Resources/bgialogo.jpg); background-repeat:no-repeat" }../../..body { background-image:url("../Resources/bg.jpg");.. background-attachment:fixed;.. background-repeat:no-repeat; }../../..body { background:"../Resources/bg.jpg" }..*/....h1,h2,h3,h4,p,ul,ol,li,div,td,th,address,blockquote,nobr,b,i {.. font-family:Arial,sans-serif; }....h1 { font-size:18px; color:red; margin-bottom:18px; border-bottom:solid thin black; }....h2 { font-size:14px; margin-bottom:18px; }....h2.sh2 { font-size:10px; }....h3,h3.xmp,h3.xpl,h3.inf,h3.tip,h3.akt { font-size:12px; }....h4 { font-size:12px; }....p,ul,ol,li,div,td,th,address,blockquote { font-size:12px; }....ul { margin-left:0px; padding-left:20px; list-style-image:url("../Resources/BG_Logo_s.gif"); }....li { margin-top:3px; }....table { width:100%; border:1px solid #000; border-spacing:2px border-color:#000000; background-color:#FFFFD0; }....pre { font-family:Courier N

C:\Program Files (x86)\SISTEMA 2.1.1\is-S7GRH.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80384
Entropy (8bit):	5.416518258673608
Encrypted:	false
SSDEEP:	768:mwy+4TSOdrG7sPkIlYJQz/J0/SG9wypq6qbRrFfGhnMfJZysBQfP/H8wM0:G1pVuJIeQz/JwSSwyp+lGhnMfHQP/p
MD5:	9D9386C54C306425FA3DF8A1DB338632
SHA1:	E54F6C8F73BE0BACD060D2EA0FFA1BF18B1FC21E
SHA-256:	2CABF8D00F5630DA130E2F9DFBF54F12D840D78EF685C5026C1BE9B3DB9A96EF
SHA-512:	A649D16F536D6C54C2E8EAEB2D7420A5C0594AE7099E5643DAA8C8DD1CBE5199B21800515AE1C4E4B31D5D849CA4B27657AB5B4B980343173DB0C0F1C68B7CAF
Malicious:	false
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....PCe...........!..............................@.......................................@.......................... ..s.......n....P.......................@..H...............................................................$....................text.............................. ..`.itext.............................. ..`.data...H...........................@....bss.....5...............................idata..n...........................@....didata.$...........................@....edata..s.... ......................@..@.rdata..E....0......................@..@.reloc..H....@......................@..B.rsrc........P......................@..@.....................:..............@..@........................................................

C:\Program Files (x86)\SISTEMA 2.1.1\is-SRA0L.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	78336
Entropy (8bit):	5.474765970608447
Encrypted:	false
SSDEEP:	1536:u1pVuJIeQz/JwSSwypB6Noi718+EHAch2FC391V1yM86xaJ:u1psfQO2Noi718+EHAch2qt8/J
MD5:	1B1C19A94F42ED4C3DB298959F5217F6
SHA1:	B1FDF86E9F5FB42ABF238731834FF1434ED51931
SHA-256:	DFCA749D5D86F738157252E55CC07498CAD4F1843055975E71DB1DB4A55EF5C9
SHA-512:	59684C039A8D2299F399753F8462BDCCCC3A48548D0F49E3FC3389EDE3F3974B3860A31D79E9558BA1AC2BE3E53EB8E0F8010EBCD5733A0E82397F5292047E8B
Malicious:	false
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....de...........!..............................@.......................................@.......................... ..r.......n....P.......................@..H...............................................................$....................text.............................. ..`.itext.............................. ..`.data...H...........................@....bss.....5...............................idata..n...........................@....didata.$...........................@....edata..r.... ......................@..@.rdata..E....0......................@..@.reloc..H....@......................@..B.rsrc........P......................@..@.....................2..............@..@........................................................

C:\Program Files (x86)\SISTEMA 2.1.1\is-TRGCQ.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	13152672
Entropy (8bit):	6.612462699029988
Encrypted:	false
SSDEEP:	98304:dRy14auxgiHuelzcZfFT0/c8wgeTiwD5O2f6kpYvD2t:dRyKauxvafZnl9R82SQYr2t
MD5:	8E73A9F75A850BB10C78A497494BE50C
SHA1:	35AEB1706326293BC33ECE216CBB7C67879E8A38
SHA-256:	88EE1956F414D8E41B88B372A5A5A9660D33F1FE7724A08C24F24A53CA5C2BD2
SHA-512:	FD1B1BE9E8D68DB4F4B48BEFD89765205FE9BC37D42857262D9ACEDDD66D7444001946D0AF83C6BE1719F020FD7386EB82CB82C8BC65283816C2ABAB16145B94
Malicious:	false
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...g.$d...........!.....Ln..FZ.....Hbn......pn....P................................y.....@.......................... r.Y.L..pq..+...p..........................\|....................................................xq.......q.4u...................text...x.m.......m................. ..`.itext..Pr....m..t....m............. ..`.data...XZ...pn..\...Pn.............@....bss.........p..........................idata...+...pq..,....p.............@....didata.4u....q..v....p.............@....edata..Y.L.. r...L..Nq.............@..@.rdata..b..........................@..@.reloc..\|..........................@..B.rsrc........p.......~..............@..@....................................@..@........................................................

C:\Program Files (x86)\SISTEMA 2.1.1\is-TVR4D.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	27652
Entropy (8bit):	4.980561054087754
Encrypted:	false
SSDEEP:	768:/GK2GVA/z8csC986yC97cWhcOJlfdqILMXUIOXJC2SRa9sp6ux7kqULo:ecgb9397cWhB/L7XmRaCp6uxgq1
MD5:	4161288FFDAEBF35DFBC6E10655CF2B9
SHA1:	00F43122DE14D5843D332467356D65BCBC594401
SHA-256:	E079F63019A9F97C79B870A1063A4351DA7FC82C3AA3BD755125FED850A8EA49
SHA-512:	60D87D51B264305106EDC3F4E74CF39D3D6F8D58B957485C7CC22C16BC967DC94E8916D39B83766F993EB50E79C17543AB3E3C502CAEF82E4000F6FB415BE1AA
Malicious:	false
Preview:	#######################################..#..# Firebird configuration file..#..# Comments..# --------..# The # character is used for comments and can be placed anywhere on a..# line. Anything following the # character on a line is considered a..# comment...#..# Examples:..#..# # This is a comment..# DefaultDbCachePages = 2048 # This is an end-of-line comment..#..# Entries..# -------..# The default value for each entry is listed to the right of the "="...# To activate an entry, remove the leading "#"s and supply the desired..# value...#..# Please note, a number of the values are specified in Bytes (Not KB)...# Accordingly, we have provided some simple conversion tables at the bottom..# of this file...#..# There are three types of configuration values: integer, boolean and string...#..# Integer..# --------..# Integers is what they sound like, an integral value. Examples:..# 1..# 42..# 4711..#..# Boolean..# -------..# Boolean is expressed as integer values with 0 (zero)

C:\Program Files (x86)\SISTEMA 2.1.1\is-U90GV.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	18345
Entropy (8bit):	4.931758693536018
Encrypted:	false
SSDEEP:	384:L4C/RxTf0KdsIqZRRlCmORl/wRlYRlx4kdckoYjriXT:L4ufP4Emi/4kdjoYjriXT
MD5:	60D149A4424ED699241282F5F5009392
SHA1:	7B0D9875E182A9D97305DF853BA7BEFE063F66C3
SHA-256:	47FF04F779BF25A12A346E372301C65E859696FCF5797027E91E9461CCE49D3E
SHA-512:	0BF20B22D4D61D1D975F7A0E28B78571EB7183B02F4D90E6044F0F0ABA96D51694BEE92756FD1CE18434540A4E76C139B6CD836CF09990E6668A3311BCBB0BBE
Malicious:	false
Preview:	.<?xml version="1.0" encoding="UTF-8"?>..<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema">... ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -->...<xs:element name="xmldocdata">....<xs:annotation>.....<xs:documentation>Das Wurzelelement jeder XML-Datei f.r SISTEMA.</xs:documentation>....</xs:annotation>....<xs:complexType>.....<xs:sequence>......<xs:element name="tiopf">.......<xs:annotation>........<xs:documentation>Die XML-Struktur f.r die Tabellen wird durch das XML-Layer des OR-Mappers tiOPF (http://tiopf.sourceforge.net/index.shtml) vorgegeben.</xs:documentation>.......</xs:annotation>.......<xs:complexType>........<xs:attribute name="version" use="required">.........<xs:annotation>..........<xs:documentation>Aktuell verwendet SISTEMA das Persistenz Framework in der Version "2.0".</xs:documentation>.........</xs:annotation>........</xs:attribute>.......</xs:complexType>......</xs:element>......<xs:element name="tables">.......<xs:annotation>........<xs:docume

C:\Program Files (x86)\SISTEMA 2.1.1\is-VM0G9.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	6236160
Entropy (8bit):	6.693747866734302
Encrypted:	false
SSDEEP:	98304:wZk0YUgSrG9bInsR24IuPStFWot0ziPgZ12s+PegRHlUtP+/nYN:wu+g59b8sRLYiziPgZ123EtjN
MD5:	ABF7C0D74DFCD9C378A5F27FD20B18BD
SHA1:	DB8E3706BB303D7A07F73024AA3D560D7CA9C85F
SHA-256:	0992699B3B0C7B63A23635CAA51A73C65D71397ACD78778E4EBF7B9088E1921E
SHA-512:	24749394EAC5C92BF49D6B7996D2F753151D7E612B4F81072605DF65C79CAA00CA117C50724E3B0E996E8FB5E95D9CC53BDBE5DAC5503600C817E1D85248045E
Malicious:	false
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L......f..................O.. ........O...... O...@...........................`......._...@......@...................pQ.......Q..^....W..>....................Q../............................Q.....................H.Q......`Q......................text.....N.......N................. ..`.itext...`....N..`....N............. ..`.data....=... O..>....O.............@....bss....h....`P..........................idata...^....Q..`...FP.............@....didata......`Q.......P.............@....edata.......pQ.......P.............@..@.tls....\.....Q..........................rdata..].....Q.......P.............@..@.reloc.../....Q..0....P.............@..B.rsrc....>....W..@....V.............@..@..............[.......Z.............@..@................

C:\Program Files (x86)\SISTEMA 2.1.1\is-VN852.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	337920
Entropy (8bit):	6.5179445409168135
Encrypted:	false
SSDEEP:	6144:I6MNzVTEz1LgXCpfoaDRQHojjYkARhcPL0U2pHGS5VdQ/TOEzrqArrpA1riT1PiR:I6MNzVgz1LgXCpfoaDqHojjYkARqPL0z
MD5:	2117E31688AEF8ECF267978265BFCDCD
SHA1:	E8C3CFD65ED7947F23B1BB0B66185E1E73913CFC
SHA-256:	0A4031AB00664CC5E202C8731798800F0475EF76800122CEBD71D249655D725F
SHA-512:	DD03899429C2D542558E30C84A076D7E5DBDE5128495954093A7031854C1DF68F8FF8ECA4C791144937288B084DD261FBE090C4FF9A3E0768E26F0616B474ECA
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........`...3...3...3...3...3..f3...3..w3...3..q3...3...3i..3..a3...3..p3...3..v3...3..s3...3Rich...3........PE..L...#..]...........!.........l......i5..............................................................................@....).....<....0..0....................@...,..@...............................@...@............................................text...j........................... ..`.rdata..............................@..@.data....[.......@..................@....rsrc...0....0......................@..@.reloc...3...@...4..................@..B................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\SISTEMA 2.1.1\libeay32.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1380864
Entropy (8bit):	6.849124491618664
Encrypted:	false
SSDEEP:	24576:RNaU+KpPikndiNfzN4jH3PlMQzMjYpOtJqTp/kqg1:PlUfzN4jH3PlyjYpOLqd/kP1
MD5:	FA5DEF992198121D4BB5FF3BDE39FDC9
SHA1:	F684152C245CC708FBAF4D1C0472D783B26C5B18
SHA-256:	5264A4A478383F501961F2BD9BEB1F77A43A487B76090561BBA2CBFE951E5305
SHA-512:	4589382A71CD3A577B83BAB4A0209E72E02F603E7DA6EF3175B6A74BD958E70A891091DBDFF4BE0725BACA2D665470594B03F074983B3ED3242E5CD04783FDBA
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......lU.(4.y(4.y(4.y!L<y.4.y!L-y34.y(4.y.4.y...y#4.y(4.y=4.y!L;y.6.y!Ly)4.y!L,y)4.y!L)y)4.yRich(4.y................PE..L...#..]...........!.................................................................................................A.......6..x.......0...........................p...................................@...............(............................text............................... ..`.rdata..XY.......Z..................@..@.data............t..................@....rsrc...0............Z..............@..@.reloc..,............`..............@..B........................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\SISTEMA 2.1.1\logo.gif (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	GIF image data, version 89a, 408 x 84
Category:	dropped
Size (bytes):	6125
Entropy (8bit):	7.732853398247981
Encrypted:	false
SSDEEP:	96:0jm85EfjRYG5V1FwJOJ5+Ud1dApFmzoeA25UBk5caCfSs5AP/SoQU:y5Ef9YGT1FcYPCEirBk6fS0AXSoT
MD5:	EAE6B50166DC48A41EB645E4515A8796
SHA1:	08B104FD1456D322F09578A6A3874A8117DCC975
SHA-256:	CA0FDF244D36631D319C3729ADE2B70CD57EBBA966A987422B30C42785451174
SHA-512:	DA59A072DD9E8B0586B863EE53149A707E77E180763379601FB6114B7301FA0D1A9228B9C766AAA0AA94B3CA1D8DAC0C241E5FC680905B31190CA186CB6793A7
Malicious:	false
Preview:	GIF89a..T...TVT...tvt....J.Dv.$^.......d...V.\............l...F.4j....t......N..........T~..R.T..dfd...Dv.,f....,f.............F..Z.........l..<r.\|..$^........R.,j.......N....\.....\^\Tz....L.....d..lnlTz.....J....l.....<n....\|~\|...Dz....d........N....\|...........$Z.\.....Dz...............\|..\|..,b.....V.4n..N.\..\Z\...\|z\|....J.,b....d..$V...........l...J....\|......N........V.\..ljl...4f....dbdtrt..................F.t.....,^.4j..N.......T.........J.Lz.......Lz..........V....................................................................................................................................................................................................................................................................................................!.......,......T........H..A.Q ..eC.)..J.H....3j.... C..I..I..@.YicHK.Ar..I...8s....#..+.......H.]...f..%uh....j....6... u.U.C E....p..4...C^......'.]y./QN..+^..i.5..R5+....3k.48h..k.h.M.4.".>K6..D..

C:\Program Files (x86)\SISTEMA 2.1.1\logo_ES.gif (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	GIF image data, version 89a, 408 x 84
Category:	dropped
Size (bytes):	6125
Entropy (8bit):	7.732853398247981
Encrypted:	false
SSDEEP:	96:0jm85EfjRYG5V1FwJOJ5+Ud1dApFmzoeA25UBk5caCfSs5AP/SoQU:y5Ef9YGT1FcYPCEirBk6fS0AXSoT
MD5:	EAE6B50166DC48A41EB645E4515A8796
SHA1:	08B104FD1456D322F09578A6A3874A8117DCC975
SHA-256:	CA0FDF244D36631D319C3729ADE2B70CD57EBBA966A987422B30C42785451174
SHA-512:	DA59A072DD9E8B0586B863EE53149A707E77E180763379601FB6114B7301FA0D1A9228B9C766AAA0AA94B3CA1D8DAC0C241E5FC680905B31190CA186CB6793A7
Malicious:	false
Preview:	GIF89a..T...TVT...tvt....J.Dv.$^.......d...V.\............l...F.4j....t......N..........T~..R.T..dfd...Dv.,f....,f.............F..Z.........l..<r.\|..$^........R.,j.......N....\.....\^\Tz....L.....d..lnlTz.....J....l.....<n....\|~\|...Dz....d........N....\|...........$Z.\.....Dz...............\|..\|..,b.....V.4n..N.\..\Z\...\|z\|....J.,b....d..$V...........l...J....\|......N........V.\..ljl...4f....dbdtrt..................F.t.....,^.4j..N.......T.........J.Lz.......Lz..........V....................................................................................................................................................................................................................................................................................................!.......,......T........H..A.Q ..eC.)..J.H....3j.... C..I..I..@.YicHK.Ar..I...8s....#..+.......H.]...f..%uh....j....6... u.U.C E....p..4...C^......'.]y./QN..+^..i.5..R5+....3k.48h..k.h.M.4.".>K6..D..

C:\Program Files (x86)\SISTEMA 2.1.1\logo_FI.gif (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	GIF image data, version 89a, 188 x 47
Category:	dropped
Size (bytes):	3213
Entropy (8bit):	7.853160994186846
Encrypted:	false
SSDEEP:	48:s2hwW17O35RIYUia9322IneXrSnPZoP9hlnQLp/B5ilY0JpUI86DeG6FUmi7+O:Jhwh5GYU3FInKm4hRQRihnUU6G6Y
MD5:	F81D9A0374ECBA3321876F45980E53A9
SHA1:	A6149DABC2307DC177905EF8547460BDF3B12A04
SHA-256:	1447018273D7EE1601BD91DEE219D78338ADF6834A013A191344A7CCBC3D0631
SHA-512:	2AAB5369F96FB09F33ED7E87A1E6F61597BE4BA4A3A0F1E3C976D96E1289FC36F87633EC39DC58E5A01C8D204501AE1A12EEE255603AE87667C418CAEA29D1E3
Malicious:	false
Preview:	GIF89a../...._..{....r..B..^...r.D..{../..9..\|..K...}.K..`.....s..B..&..K..N..{..h..^..U...c.j.....R.j.'y.`.. f./...V.3l.)o. i..m.g..Y.....Gr.{..x..v..~..s........m.....q..k.q...d..O~.X.K...h.&...Kx.`..[..R.....Jx.S.._.....Cm.../...\.9...Cld.^..{.....c.U..r...g.......B..q..q....&....q..K..N..q..q..K..q..r..&..K..q..q..q..K..K..&..&}.q..q...T{...K..q..K..h..&..&..&..<s.L..K..q..q...v.;\|.._.....r..W..)m.;..U..E...t.r..F}. b.3o....r..&..`..&..=u.V..K..M.._...Ku&..^..E...~.......j..<z.N..'v.=w.`...i.)p.V..E......W.9..&..N..W...z.i............)l.(t.&..N..W......^....q..../..h..^..U..B..F..{.....B..../...Oy.i.i..r..h..W..\|..{..{........:..9../...m./...w....V..U.......^......Z.!_.B......x.3k.q..9..q..\|.....9..9..L...s.U..M..{..U..../..i..^...a..f..\|.{..U....!.......,....../........H......\....#J.H....o.0.#... C..I.F.(U.\..K.'S..I...(m..."N.=...:.'.Hk.M...N.J..u....b.U+.Q....T,Y.Bn.....un.......NV.........HI....R.0\|..-J.I.<q(d...P.(.H7....w\|V.qa......,D.h.=

C:\Program Files (x86)\SISTEMA 2.1.1\logo_FR.gif (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	GIF image data, version 89a, 406 x 104
Category:	dropped
Size (bytes):	5385
Entropy (8bit):	7.826058765247188
Encrypted:	false
SSDEEP:	96:tyFYi3RDoVA6s8hx8Ga+1G2RH74cb0FTiqaQQFulqBWhvTorG55tVpIlPPjFUrfg:tySMqA6s8Q03i2EQYlqYlorGJsSg
MD5:	1C7617E7951680C2C0A6C7904597EAEF
SHA1:	F626D93345A21EBFD3F093D9C9A52F0EE8E897D8
SHA-256:	AC4C502B4A85E4C3AA3673D0F6FC0F006D1C59FE8650A65E247672ADDCB88D2A
SHA-512:	C6F405AD75D92C78CCB589F3189C2275F19CEB8BD68B0186CE7A5531B818F19D451EB877BD45F0154070B8B6B3240972CFFA912948DAC354CAE5A220F5DE566C
Malicious:	false
Preview:	GIF89a..h.........................CCC.........-.................2..4........9..7................./......ede..............1"""...323vvv..0../.....8....................7...hgkTTT....3\.75:...427.......%Q..;..I.................\|..<b...xwy....Mp...................YW[..Bg.............\\|...... .#,........+V.h.gfi..Su.n..Xy.Gk.....=............205.....C....u.'%...8...$#'.....A. K.b...:......=.....=.1/3...mmo..H..D....ONQ.........dcfwvx..N..9[Z].........5DDD...@?C)',sru"!%..............6...zy\|UUW......GEH......98;.....5^]`CBE..!......por..&?=ARPTedhqps...JHKbad...............-2........jilDCG......LJN..2...=;?......}\|......................geh`_b....................7........2..........................69<..............0...........:..................!.......,......h........H......\....#J.H....3j.... C..I...(S.\...0c.I...8s.....@...J...H.].2.":..aJ....e.X..."B4$.x"...hy......."H.`.F......o.YLEX .B..,,H....."~#K.\|.J.,)T.0\....),...#..4.(.^... F.

C:\Program Files (x86)\SISTEMA 2.1.1\logo_IT.gif (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	GIF image data, version 89a, 1000 x 591
Category:	dropped
Size (bytes):	92837
Entropy (8bit):	7.9713328065284745
Encrypted:	false
SSDEEP:	1536:kzAhdnYRzI7EWn27x2jWdprCn/JHYZGyXM2mcH9cUeAkVjtMxY8SPJj4Q9NIT:k4dnSzFWn2+WdcRHYZGX2v0htMxsPxxk
MD5:	01E92E2A08BC6DFABDE5652248A292F5
SHA1:	74584EBCC5C2C81FC224A049E37CD82C44FEF9C5
SHA-256:	BA80B6F191F89C91CBCA973A652CDCE7ABC233CF606C5B1D4BC7D51196A2776A
SHA-512:	04C2A1D3103170F419BC01B18F9AF930342E0D881A66B73857852AD08F231CF7037527DEB61E499DCD142D4F42CDDC00552AC85B2CCA391051409DDCA59DA56F
Malicious:	false
Preview:	GIF89a..O............................... .."..$..".,% 3+"3/.70$;7%=6.D.D;+.D..F.D@.H..K.IC0.O..P..Q..S.OG6LI0.W..W..X..X.UL6.[..]..Z..[..\..].UO=.a..a..b.]T<.f.\TD.g..g..g..i..i.]Z<.k..h{b\D.o..r.&k}.q.eaI.r.ecC.t..r.1pwnfI.u..y..\|..z..y. w.#x.#y.qiP {.#~.#.....wpO+.....wrU-...../..1..~w[.xU>..?..1..9..R.{2...}U0..=...~[S..>..@..E..A....`S....[;..R..B..L..M....bT..^....`\....gN..V..W....m`..r....fb..`..e....m...u..s....sn..o..r.......s..{..............su..s..x.......{...~..................{...............................................................................................................................................................................................................................................!.......,......O........H......D8o...#J.H....3R.g..7s..i.I...(S.\...0c.I....o....@p.;>{....H.*]...P.J.J..U...q{...Pr..K...h.].m..:...=.x..........W..<.n.v.+c....[GY....3k...../....c6.........^

C:\Program Files (x86)\SISTEMA 2.1.1\logo_JP.gif (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	GIF image data, version 89a, 408 x 84
Category:	dropped
Size (bytes):	6125
Entropy (8bit):	7.732853398247981
Encrypted:	false
SSDEEP:	96:0jm85EfjRYG5V1FwJOJ5+Ud1dApFmzoeA25UBk5caCfSs5AP/SoQU:y5Ef9YGT1FcYPCEirBk6fS0AXSoT
MD5:	EAE6B50166DC48A41EB645E4515A8796
SHA1:	08B104FD1456D322F09578A6A3874A8117DCC975
SHA-256:	CA0FDF244D36631D319C3729ADE2B70CD57EBBA966A987422B30C42785451174
SHA-512:	DA59A072DD9E8B0586B863EE53149A707E77E180763379601FB6114B7301FA0D1A9228B9C766AAA0AA94B3CA1D8DAC0C241E5FC680905B31190CA186CB6793A7
Malicious:	false
Preview:	GIF89a..T...TVT...tvt....J.Dv.$^.......d...V.\............l...F.4j....t......N..........T~..R.T..dfd...Dv.,f....,f.............F..Z.........l..<r.\|..$^........R.,j.......N....\.....\^\Tz....L.....d..lnlTz.....J....l.....<n....\|~\|...Dz....d........N....\|...........$Z.\.....Dz...............\|..\|..,b.....V.4n..N.\..\Z\...\|z\|....J.,b....d..$V...........l...J....\|......N........V.\..ljl...4f....dbdtrt..................F.t.....,^.4j..N.......T.........J.Lz.......Lz..........V....................................................................................................................................................................................................................................................................................................!.......,......T........H..A.Q ..eC.)..J.H....3j.... C..I..I..@.YicHK.Ar..I...8s....#..+.......H.]...f..%uh....j....6... u.U.C E....p..4...C^......'.]y./QN..+^..i.5..R5+....3k.48h..k.h.M.4.".>K6..D..

C:\Program Files (x86)\SISTEMA 2.1.1\msvcp80.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	548864
Entropy (8bit):	6.393702958885723
Encrypted:	false
SSDEEP:	12288:BuYZhMltDoD+OSt+ujajk5RnchUgiW6QR7t553Ooc8NHkC2euB:oOhMltDoqvpjajk59g3Ooc8NHkC2eW
MD5:	2BC650257FB0867ABD54FD460EC2BAFC
SHA1:	EC063526AA14BCADEEFFA6D859B39A80680015B7
SHA-256:	9FC2E85BA84CF0459AAB0DC2EFAC734AD7B5B4C99BA19871FE8F6E35D0191838
SHA-512:	903966F1739727D166131B42DF6A7CD77D4F734C01437F7D96F18E8CB2C60A8E49BD952452FDE8F0D3A92A002D2404EE78B97472821C190B300C594A5525C0A2
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............................H...?.....Z=......?......?......?......?......?......?.....Rich...........PE..L....3C...........!.....@... ......z........P....B\|.........................p.......*..............................`.......,...<............................ ...2...S..............................@e..@............P...............................text....7.......@.................. ..`.rdata.......P.......P..............@..@.data...`&....... ..................@....rsrc...............................@..@.reloc...A... ...P..................@..B........................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\SISTEMA 2.1.1\msvcr80.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	626688
Entropy (8bit):	6.831644690760087
Encrypted:	false
SSDEEP:	6144:c4b7/ooikc5yxKK/euYpsZ4Q64ma9tiGVKkfhkQ6slProtGMSq4AOZ1ORCAOutSC:c4Rc5VE31XqaJusxGhr46CYtQ9mGyc
MD5:	16D7DDF3B659F7CF1CB9F4DCFF4219F0
SHA1:	A61454131940799F01C26943F1594EE6E7409D11
SHA-256:	120CD25F5D6002FFD9069CF9550BC16C682BCD3323053B95146E7CD3BA2215AC
SHA-512:	979907E2B13557C99CF90B76BCD57DAF0A1A699EA5D00C23E5D5AEBFAA36DB3443C99D9BA5D524BA2156ED3A8904AFE8DB1D076FFFB9A8CC3235C33484D470F7
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........L.........@................!......;.............d.......................Rich...................PE..L...U.3C...........!.....0...p.......#.......@.....x.................................................................q..O}..Pc..<....`.......................p..L3...B...............................F..@............@...............................text...j".......0.................. ..`.rdata.......@.......@..............@..@.data...Li.......P..................@....rsrc........`.......@..............@..@.reloc...7...p...@...P..............@..B........................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\SISTEMA 2.1.1\rtl280.bpl (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	13152672
Entropy (8bit):	6.612462699029988
Encrypted:	false
SSDEEP:	98304:dRy14auxgiHuelzcZfFT0/c8wgeTiwD5O2f6kpYvD2t:dRyKauxvafZnl9R82SQYr2t
MD5:	8E73A9F75A850BB10C78A497494BE50C
SHA1:	35AEB1706326293BC33ECE216CBB7C67879E8A38
SHA-256:	88EE1956F414D8E41B88B372A5A5A9660D33F1FE7724A08C24F24A53CA5C2BD2
SHA-512:	FD1B1BE9E8D68DB4F4B48BEFD89765205FE9BC37D42857262D9ACEDDD66D7444001946D0AF83C6BE1719F020FD7386EB82CB82C8BC65283816C2ABAB16145B94
Malicious:	false
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...g.$d...........!.....Ln..FZ.....Hbn......pn....P................................y.....@.......................... r.Y.L..pq..+...p..........................\|....................................................xq.......q.4u...................text...x.m.......m................. ..`.itext..Pr....m..t....m............. ..`.data...XZ...pn..\...Pn.............@....bss.........p..........................idata...+...pq..,....p.............@....didata.4u....q..v....p.............@....edata..Y.L.. r...L..Nq.............@..@.rdata..b..........................@..@.reloc..\|..........................@..B.rsrc........p.......~..............@..@....................................@..@........................................................

C:\Program Files (x86)\SISTEMA 2.1.1\schema\VDMA66413_2012-07_Language_XML-Schema.xsd (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
Category:	dropped
Size (bytes):	17029
Entropy (8bit):	5.016618153328249
Encrypted:	false
SSDEEP:	384:XrCcuJdfB2Z5xhRm1gpMDfq6blmAFbQ2fZspjFetIf4Hw+sssprOBWERlxhpnlJm:6ZuNuTu9bebSaEea3qBMcBM
MD5:	5A53C22E86ADE851BFEE95E94C71C8F2
SHA1:	820FC12A723B2F5C48532827AF1F6C6419B0A592
SHA-256:	B5CA0F8D0958D358ADE0D78C50F98FE2C084C0EF42E67F8BE1676B2E768D418A
SHA-512:	19EABFDF68B7952769936735C0B16D3837DD80BBE23E168485BF724323706A065ABA2E6EDADA5588AD88E3D344B5601606C6CA93B25A67B11B688217C73A3E70
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8"?>.. edited with XMLSpy v2006 sp2 U (http://www.altova.com) by Beckmann (BECKHOFF Automation GmbH) -->.. Version dieser Schemadatei: 1.0.20130308-->.. Version der Datenbasis Definition VDMA66413.Version: 1.0.0-->.. Historie: ..V1.0.20130308: ueberfluessige Type-definitionen geloescht..tText, tURL, tURLpng, tKey2, tYear2, tYear7, tRate, tPercent, tCycles, tInfoConfig, tPl, tSILCL..V1.0.20130226: SIL_4 geloescht im tSILCL..V1.0.20120704: Erstes Release.-->..<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified" attributeFormDefault="unqualified">...<xs:element name="VDMA66413_Language">....<xs:annotation>.....<xs:documentation>Schema of language file accoridng to universal data base VDMA66413: Funktionale Sicherheit - Universelle Datenbasis f.r sicherheitsbezogene Kennwerte von Komponenten oder Teilen von Steuerungen</xs:documentation>....</xs:annotation>....<xs:complexType>.....<xs:sequence>......<xs:ele

C:\Program Files (x86)\SISTEMA 2.1.1\schema\VDMA66413_2012-07_XML-Schema.xsd (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
Category:	dropped
Size (bytes):	29739
Entropy (8bit):	4.991396543960212
Encrypted:	false
SSDEEP:	768:PjO6bo82UuNuTu9bebSaEeaXq8Hrl0MUB6L2HauHRDBs:PjOouNuTu9bebSaEeaXq8Hrl0MUkL26h
MD5:	A517EA352EC97236A2F6EEA8C631A814
SHA1:	5BEC058750A6C2533E43B7FF9B92E455A711C64A
SHA-256:	5BAD136F2692CF90FD932D1BE351D6FF74B372FE89027249F1F5E7053EE15B5C
SHA-512:	7A1AD74FBB55046F89A0B5C5CA41796BE01AD3A5F56712C4988E940498E3D9A5BB8D0A9E9F9A0056F854BA032DBC83C95602BD56E4AEB2C4B3839C086D18BBDC
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8"?>.. Version dieser Schemadatei: 1.1.20180201-->.. Version der Datenbasis Definition VDMA66413.Version: 1.0.0-->.. Historie: ..V1.1.20180201: /SAB/Nebenversion++/ tCycles von 1e9 auf 1e99 (Integer bleibt bei 999.999.999)..V1.0.20130627: UseCaseType->Function: Unterelemente nicht mehr mandatory (zurueck geaendert), Default Wert = 0..V1.0.20130430: UseCaseType->Function: Unterelemente sind mandatory..V1.0.20130308: Korrektur der Schemaversion und der History..V1.0.20130226: SIL_4 gel.scht im tSILCL..V1.0.20121205: ParameterDeviceType4 -> TM_T1 Typ geaendert in tYear2..V1.0.20120704: Erstes Release.-->..<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified" attributeFormDefault="unqualified">...<xs:element name="VDMA66413">....<xs:annotation>.....<xs:documentation>Universelle Datenbasis lt. VDMA66413: Funktionale Sicherheit - Universelle Datenbasis f.r sicherheitsbezogene Kennwerte von Komponenten oder Teilen

C:\Program Files (x86)\SISTEMA 2.1.1\schema\is-0N162.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
Category:	dropped
Size (bytes):	17029
Entropy (8bit):	5.016618153328249
Encrypted:	false
SSDEEP:	384:XrCcuJdfB2Z5xhRm1gpMDfq6blmAFbQ2fZspjFetIf4Hw+sssprOBWERlxhpnlJm:6ZuNuTu9bebSaEea3qBMcBM
MD5:	5A53C22E86ADE851BFEE95E94C71C8F2
SHA1:	820FC12A723B2F5C48532827AF1F6C6419B0A592
SHA-256:	B5CA0F8D0958D358ADE0D78C50F98FE2C084C0EF42E67F8BE1676B2E768D418A
SHA-512:	19EABFDF68B7952769936735C0B16D3837DD80BBE23E168485BF724323706A065ABA2E6EDADA5588AD88E3D344B5601606C6CA93B25A67B11B688217C73A3E70
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8"?>.. edited with XMLSpy v2006 sp2 U (http://www.altova.com) by Beckmann (BECKHOFF Automation GmbH) -->.. Version dieser Schemadatei: 1.0.20130308-->.. Version der Datenbasis Definition VDMA66413.Version: 1.0.0-->.. Historie: ..V1.0.20130308: ueberfluessige Type-definitionen geloescht..tText, tURL, tURLpng, tKey2, tYear2, tYear7, tRate, tPercent, tCycles, tInfoConfig, tPl, tSILCL..V1.0.20130226: SIL_4 geloescht im tSILCL..V1.0.20120704: Erstes Release.-->..<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified" attributeFormDefault="unqualified">...<xs:element name="VDMA66413_Language">....<xs:annotation>.....<xs:documentation>Schema of language file accoridng to universal data base VDMA66413: Funktionale Sicherheit - Universelle Datenbasis f.r sicherheitsbezogene Kennwerte von Komponenten oder Teilen von Steuerungen</xs:documentation>....</xs:annotation>....<xs:complexType>.....<xs:sequence>......<xs:ele

C:\Program Files (x86)\SISTEMA 2.1.1\schema\is-LOA8Q.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
Category:	dropped
Size (bytes):	29739
Entropy (8bit):	4.991396543960212
Encrypted:	false
SSDEEP:	768:PjO6bo82UuNuTu9bebSaEeaXq8Hrl0MUB6L2HauHRDBs:PjOouNuTu9bebSaEeaXq8Hrl0MUkL26h
MD5:	A517EA352EC97236A2F6EEA8C631A814
SHA1:	5BEC058750A6C2533E43B7FF9B92E455A711C64A
SHA-256:	5BAD136F2692CF90FD932D1BE351D6FF74B372FE89027249F1F5E7053EE15B5C
SHA-512:	7A1AD74FBB55046F89A0B5C5CA41796BE01AD3A5F56712C4988E940498E3D9A5BB8D0A9E9F9A0056F854BA032DBC83C95602BD56E4AEB2C4B3839C086D18BBDC
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8"?>.. Version dieser Schemadatei: 1.1.20180201-->.. Version der Datenbasis Definition VDMA66413.Version: 1.0.0-->.. Historie: ..V1.1.20180201: /SAB/Nebenversion++/ tCycles von 1e9 auf 1e99 (Integer bleibt bei 999.999.999)..V1.0.20130627: UseCaseType->Function: Unterelemente nicht mehr mandatory (zurueck geaendert), Default Wert = 0..V1.0.20130430: UseCaseType->Function: Unterelemente sind mandatory..V1.0.20130308: Korrektur der Schemaversion und der History..V1.0.20130226: SIL_4 gel.scht im tSILCL..V1.0.20121205: ParameterDeviceType4 -> TM_T1 Typ geaendert in tYear2..V1.0.20120704: Erstes Release.-->..<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified" attributeFormDefault="unqualified">...<xs:element name="VDMA66413">....<xs:annotation>.....<xs:documentation>Universelle Datenbasis lt. VDMA66413: Funktionale Sicherheit - Universelle Datenbasis f.r sicherheitsbezogene Kennwerte von Komponenten oder Teilen

C:\Program Files (x86)\SISTEMA 2.1.1\ssleay32.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	337920
Entropy (8bit):	6.5179445409168135
Encrypted:	false
SSDEEP:	6144:I6MNzVTEz1LgXCpfoaDRQHojjYkARhcPL0U2pHGS5VdQ/TOEzrqArrpA1riT1PiR:I6MNzVgz1LgXCpfoaDqHojjYkARqPL0z
MD5:	2117E31688AEF8ECF267978265BFCDCD
SHA1:	E8C3CFD65ED7947F23B1BB0B66185E1E73913CFC
SHA-256:	0A4031AB00664CC5E202C8731798800F0475EF76800122CEBD71D249655D725F
SHA-512:	DD03899429C2D542558E30C84A076D7E5DBDE5128495954093A7031854C1DF68F8FF8ECA4C791144937288B084DD261FBE090C4FF9A3E0768E26F0616B474ECA
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........`...3...3...3...3...3..f3...3..w3...3..q3...3...3i..3..a3...3..p3...3..v3...3..s3...3Rich...3........PE..L...#..]...........!.........l......i5..............................................................................@....).....<....0..0....................@...,..@...............................@...@............................................text...j........................... ..`.rdata..............................@..@.data....[.......@..................@....rsrc...0....0......................@..@.reloc...3...@...4..................@..B................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\SISTEMA 2.1.1\ssm_20.xsd (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	18345
Entropy (8bit):	4.931758693536018
Encrypted:	false
SSDEEP:	384:L4C/RxTf0KdsIqZRRlCmORl/wRlYRlx4kdckoYjriXT:L4ufP4Emi/4kdjoYjriXT
MD5:	60D149A4424ED699241282F5F5009392
SHA1:	7B0D9875E182A9D97305DF853BA7BEFE063F66C3
SHA-256:	47FF04F779BF25A12A346E372301C65E859696FCF5797027E91E9461CCE49D3E
SHA-512:	0BF20B22D4D61D1D975F7A0E28B78571EB7183B02F4D90E6044F0F0ABA96D51694BEE92756FD1CE18434540A4E76C139B6CD836CF09990E6668A3311BCBB0BBE
Malicious:	false
Preview:	.<?xml version="1.0" encoding="UTF-8"?>..<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema">... ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -->...<xs:element name="xmldocdata">....<xs:annotation>.....<xs:documentation>Das Wurzelelement jeder XML-Datei f.r SISTEMA.</xs:documentation>....</xs:annotation>....<xs:complexType>.....<xs:sequence>......<xs:element name="tiopf">.......<xs:annotation>........<xs:documentation>Die XML-Struktur f.r die Tabellen wird durch das XML-Layer des OR-Mappers tiOPF (http://tiopf.sourceforge.net/index.shtml) vorgegeben.</xs:documentation>.......</xs:annotation>.......<xs:complexType>........<xs:attribute name="version" use="required">.........<xs:annotation>..........<xs:documentation>Aktuell verwendet SISTEMA das Persistenz Framework in der Version "2.0".</xs:documentation>.........</xs:annotation>........</xs:attribute>.......</xs:complexType>......</xs:element>......<xs:element name="tables">.......<xs:annotation>........<xs:docume

C:\Program Files (x86)\SISTEMA 2.1.1\ssm_21.xsd (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (681), with CRLF line terminators
Category:	dropped
Size (bytes):	37004
Entropy (8bit):	5.223264427587912
Encrypted:	false
SSDEEP:	768:841fPvwKlXC4agyNipeZX3ckEBA13vDYtJPjX9g0lBikFoTQmNCguroIOSa1urS7:l1fPvwyXPHhMVMHwb8tprvN+TUp0hHoa
MD5:	29E02C1C485D9AEBE9B38DE2C584574D
SHA1:	B40BA36F4BB2A2C4A7A7B0C3C7BE03BF646D6600
SHA-256:	A2B2DF2AACB275A1299EB589E6337E411D3623F9E32FD9FF1B1FD5F2041A10D7
SHA-512:	13988B88F578844B4ECADC47D1A402C555CCC83A48F2307509AA7ABB95E6DB8AE4B7F824EB9F5460BDF964FA533FF1ACBCAF0A353AF10AFB03F54E258827A80F
Malicious:	false
Preview:	.<?xml version="1.0" encoding="UTF-8"?>..<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified" attributeFormDefault="unqualified">... ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -->...<xs:element name="xmldocdata">....<xs:annotation>.....<xs:documentation>Das Wurzelelement jeder XML-Datei f.r SISTEMA.</xs:documentation>....</xs:annotation>....<xs:complexType>.....<xs:sequence>......<xs:element name="tiopf">.......<xs:annotation>........<xs:documentation>Die XML-Struktur f.r die Tabellen wird durch das XML-Layer vom tiOPF Framework (http://tiopf.sourceforge.net/index.shtml) vorgegeben.</xs:documentation>.......</xs:annotation>.......<xs:complexType>........<xs:attribute name="version" use="required">.........<xs:annotation>..........<xs:documentation>Aktuell verwendet SISTEMA das Persistenz Framework in der Version "2.1".</xs:documentation>.........</xs:annotation>........</xs:attribute>.......</xs:complexType>......</xs:element>......

C:\Program Files (x86)\SISTEMA 2.1.1\unins000.dat

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	InnoSetup Log SISTEMA 2.1.1 - Safety Integrity Software Tool for the Evaluation of Machine Applications {20325465-F3CB-49EA-93FB-B7A88FFAD631}, version 0x418, 49445 bytes, 549163\37\user\376\, C:\Program Files (x86)\SISTEMA 2.1.1\376\3
Category:	dropped
Size (bytes):	49445
Entropy (8bit):	3.9974883939841392
Encrypted:	false
SSDEEP:	768:BVg2s1BN9NmhFtnTRiOsoUbf8cYWTYdhHlXX3wq3aue:g2s1JmXlxW4hHJX3wq3a9
MD5:	788005027E75ED5B9F9E0901FA092440
SHA1:	BFF885013851F4575FA819B622B7EC53001C5BDE
SHA-256:	04CD90B895569E4C69D2693DED7F8E445FFD962DEA102BAACFAFF7FA7965844D
SHA-512:	B3A56DE4441295B5F0D166C31D3A3C93F30FACACFBFA9A6327FFD5EF673D65D346D58D4064BB42800330580D64E996F8DC399738D96854616B3B40AC0CC8DF8C
Malicious:	false
Preview:	Inno Setup Uninstall Log (b)....................................{20325465-F3CB-49EA-93FB-B7A88FFAD631}..........................................................................................SISTEMA 2.1.1 - Safety Integrity Software Tool for the Evaluation of Machine Applications...........................................w...%.....................................................................................................................1.........).'&...............5.4.9.1.6.3......c.a.l.i......C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.S.I.S.T.E.M.A. .2...1...1................3...A.. .....~\|...F...IFPS....4...`....................................................................................................ANYMETHOD.....................................................................BOOLEAN..............TWIZARDFORM....TWIZARDFORM.........TMAINFORM....TMAINFORM.........TUNINSTALLPROGRESSFORM....TUNINSTALLPROGRESSFORM.........TCHECKBOX....TCHECKBOX.........TNEWSTATICTEXT....TN

C:\Program Files (x86)\SISTEMA 2.1.1\unins000.exe (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3140157
Entropy (8bit):	6.358151655053589
Encrypted:	false
SSDEEP:	49152:xWGtLBcXqFpBR6SVb8kq4pgquLMMji4NYxtJpkxhGjIHTbU333HY:TtLutqgwh4NYxtJpkxhGj3334
MD5:	AAC0B9225DCA26A9FD21279798AF249B
SHA1:	F6BE9539CA0D49B1C518F696A5693D9F2576DF24
SHA-256:	6B4B1E2DC4ED3AE5CB6A435B01FEF57CCFB3C49048DC22475AC26AA8BFA43E1B
SHA-512:	F8E12E1B282AD5C3E00C0045D7B2F6ADDE878C9493C5230E0898E7886A380E487DECE0C68414A682376C9F89ED73411B874126DE9B4C27E00368E02582251080
Malicious:	false
Preview:	MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L......c.................L,..<......hf,......p,...@..........................p0...........@......@....................-.......-..9.......\...........................................................................-.......-......................text.... ,......",................. ..`.itext...(...@,.....&,............. ..`.data...X....p,......P,.............@....bss.....y....-..........................idata...9....-..:....,.............@....didata.......-.......-.............@....edata........-......-.............@..@.tls....L.....-..........................rdata..]............,-.............@..@.rsrc....\.......^....-.............@..@..............1.......0.............@..@........................................................

C:\Program Files (x86)\SISTEMA 2.1.1\vcl280.bpl (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	4260768
Entropy (8bit):	6.7600826791938875
Encrypted:	false
SSDEEP:	49152:lRxOm9nppVX8DOet3SFzvQiTxLiu8t4Qddbg8X/fM398sxFF+I0:l7FJppd6+3pnQddbg8X/0NRbW
MD5:	D61C0C6ECD3D6BE9396F84362C97788A
SHA1:	AF50D3015718331516876731ABFE614B52A31BDF
SHA-256:	646DADDE96A76F434ACB71067A8E3923BBCEB920E19A60223F0D3BD811A6CBAA
SHA-512:	898D98CA0143FC935731C0DAAA7D9E0EEE745F3DA335EE003159CB1B73A27C82F54E90529F405EE23C811625A6CE43086C085BA84148A0B0E585A68A1B4E4DC6
Malicious:	false
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...h.$d...........!......'...........'.......'....P.........................pB....._.A...@...........................,......P)......P>...............@.......:..x............:.%....................................u)..$....,......................text...p.'.......'................. ..`.itext........'.. ....'............. ..`.data...D)....'......'.............@....bss....x=....(..........................idata.......P).......'.............@....didata.......,....................@....edata........,.......*.............@..@.rdata..j.....:......P9.............@..@.reloc...x....:..z...R9.............@..B.rsrc........P>.......<.............@..@.............pB.......@.............@..@........................................................

C:\Program Files (x86)\SISTEMA 2.1.1\vclactnband280.bpl (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	472992
Entropy (8bit):	6.641095043570184
Encrypted:	false
SSDEEP:	6144:/3zu+UyTMQhuCupVZ1aTxlEfMxH1ojfEVLyZWyGbks43Y7QD3G:/3zu+UUuCGYT4MsZWyD2
MD5:	C35D7043D870F0D762CC217EB6809C1A
SHA1:	0D8EAE12502E1459394A5F06B9D8B8DFF5B6939E
SHA-256:	B21F64EB2B27BA5121A9FA499730D86E4D60858EB674012ED4F9CA8D33F0E968
SHA-512:	5F0B13C43BB7CB361E641086C17ACBAB803018ADAE71E21663F44877EDEEBB8EAE38A9EC99C44CC711456A6337762EC57F038A42CA8A2B53DB0B7D8B1F5DA17A
Malicious:	false
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...g.$d...........!................\........ .....!......................................@..........................p..<h...@.......p...$.......................q..............#....................................T.......`.......................text............................... ..`.itext..d........................... ..`.data...4.... ......................@....bss.........0...........................idata.......@......................@....didata......`......................@....edata..<h...p...j..................@..@.rdata..h...........................@..@.reloc...q.......r..................@..B.rsrc....$...p...$..................@..@....................................@..@........................................................

C:\Program Files (x86)\SISTEMA 2.1.1\vclx280.bpl (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	281504
Entropy (8bit):	6.5182888212806604
Encrypted:	false
SSDEEP:	3072:8WihKGL6uES+ebaYLfbuAhKkugp/RD8V6UZZZSdzPV5LABqSgbNc2ffVzjENwJUw:8Wih1LX8ODKsY2PV5YgbNc2ffJDP
MD5:	C4CA583D8EBA8FE2EA768458DE705A52
SHA1:	B6178F3566A2690882F22788311E6D0C9636CF23
SHA-256:	0BE487B75088393915D17DF15F85D6DD28339B9616DAC7C1F5AD4AC09A863277
SHA-512:	EE601509B50A1ABD97EA26D33994C6D7649AFBC5F0DF234133B3BF9F32DACE5805F579ED62AB717D6DD4AC8DE21325538D39645008653CA6073003DB073D8E2B
Malicious:	false
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...h.$d...........!................lD.......P.....Q......................................@..........................p......p.......`...>...........0....... ..X8..............$............................................`.......................text...h&.......(.................. ..`.itext..t....@.......,.............. ..`.data........P.......2..............@....bss....d....`...........................idata.......p.......4..............@....didata......`......."..............@....edata......p.......$..............@..@.rdata..i...........................@..@.reloc..X8... ...:..................@..B.rsrc....>...`...>..................@..@.....................0..............@..@........................................................

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SISTEMA 2.1.1\Remove SISTEMA 2.1.1.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Icon number=0, Archive, ctime=Wed Sep 11 08:51:30 2024, mtime=Wed Sep 11 08:51:30 2024, atime=Wed Sep 11 08:51:12 2024, length=3140157, window=hide
Category:	dropped
Size (bytes):	1231
Entropy (8bit):	4.5857945976312
Encrypted:	false
SSDEEP:	24:8moapPEZdOEigXUMAlHbdmspdm92fYhcUUnq/qygm:8moYsZdO1RLlHbdDpdzQhJGyg
MD5:	EEB5F555FCC7FA1982499613FD731696
SHA1:	2A51C5B09BDBA45D2006F940EC4EBD6F41A667ED
SHA-256:	81738528627B3B7D577223ED2A4E08885770C3F9996ACF8734A2447933406863
SHA-512:	0D1B351E232975564297156C1A448ED0E15260C346D8ECDD133B75257F26957A91672E880C1F1DB2B0101C3BBBD8501485FA1560C558D888B701524B0A0B7A50
Malicious:	false
Preview:	L..................F.... ......-0...:.-0......"0...=./..........................P.O. .:i.....+00.../C:\.....................1.....+YpN..PROGRA~2.........O.I+YsN....................V........P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....f.1.....+YsN..SISTEM~1.1..L......+YpN+YsN...........................+.S.I.S.T.E.M.A. .2...1...1.....f.2.=./.+YgN .unins000.exe..J......+YpN+YpN...........................7..u.n.i.n.s.0.0.0...e.x.e.......`...............-......._...........M.6......C:\Program Files (x86)\SISTEMA 2.1.1\unins000.exe..@.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.S.I.S.T.E.M.A. .2...1...1.\.u.n.i.n.s.0.0.0...e.x.e.$.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.S.I.S.T.E.M.A. .2...1...1./.%.P.r.o.g.r.a.m.F.i.l.e.s.(.x.8.6.).%.\.S.I.S.T.E.M.A. .2...1...1.\.U.n.i.n.s.t.a.l.l...i.c.o.........................@Z\|...K.J.........`.......X.......549163...........hT..CrF.f4... ...............%..hT..CrF.f4...

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SISTEMA 2.1.1\SISTEMA Cookbooks.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Icon number=0, Archive, ctime=Wed Sep 11 08:51:36 2024, mtime=Wed Sep 11 08:51:36 2024, atime=Mon Nov 6 16:00:46 2023, length=269, window=hide
Category:	dropped
Size (bytes):	1280
Entropy (8bit):	4.552645075869353
Encrypted:	false
SSDEEP:	24:8mOXNPEZdOEigbi1HCAcHPdmli1HFgdmCfldfyUUnqnqygm:8mOdsZdO1L1BcHPdv1id9jeyg
MD5:	DF206A21086AB2A56FCBC7400211E314
SHA1:	2AF3D1B819FDB8B9AD66B7BD497ABFB1A2A1059C
SHA-256:	7AD003F28DE2622A5D686FD7C420EBA4002F88DA776C32D4BDCC05284A52C30B
SHA-512:	5D6089A5D724257A5222BC2CB29DC6307EEB62ADBB7BF3B39D851A1AEFBE7906DCF345B6B845F3EE8DBD8BDD336A47B72AB3B9619819A05AAECA4B238B7D26A1
Malicious:	false
Preview:	L..................F.... ...+..10...+..10........................................P.O. .:i.....+00.../C:\.....................1.....+YpN..PROGRA~2.........O.I+YsN....................V........P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....f.1.....+YsN..SISTEM~1.1..L......+YpN+YsN...........................+.S.I.S.T.E.M.A. .2...1...1.....x.2.....fW.. .SISTEM~1.URL..\......+YsN+YsN....fT........................S.I.S.T.E.M.A._.C.o.o.k.b.o.o.k.s...u.r.l.......i...............-.......h...........M.6......C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA_Cookbooks.url..I.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.S.I.S.T.E.M.A. .2...1...1.\.S.I.S.T.E.M.A._.C.o.o.k.b.o.o.k.s...u.r.l.$.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.S.I.S.T.E.M.A. .2...1...1.1.%.P.r.o.g.r.a.m.F.i.l.e.s.(.x.8.6.).%.\.S.I.S.T.E.M.A. .2...1...1.\.S.I.S.T.E.M.A._.W.E.B...I.C.O.........................@Z\|...K.J.........`.......X.......549163........

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SISTEMA 2.1.1\SISTEMA-Configurator.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Wed Sep 11 08:51:30 2024, mtime=Wed Sep 11 08:51:31 2024, atime=Mon Apr 15 11:55:08 2024, length=23539712, window=hide
Category:	dropped
Size (bytes):	1155
Entropy (8bit):	4.615235363084021
Encrypted:	false
SSDEEP:	24:8mlhIPEZdOEigQTKxKjAxHJdmvIdmSVUUnqnqygm:8mlmsZdO11axHJdXdFWeyg
MD5:	7F75DEC8054E172D1D278803F95C2622
SHA1:	4B5A407325D0AFCF10F4F8A1D162CB6C8F10F95C
SHA-256:	B28024DE2642F6B81BADC499B81DADFE311AA4FFA63802AFDBCE78F763749867
SHA-512:	501995753A25832EE355DCECC578EF903137B353E7CEB3506F34957FFE6163AE343B0094ECBF569E03ABC7C4A1D45594D642E183FC4BA4F6AA44BCEAFA42FBC7
Malicious:	false
Preview:	L..................F.... ...)-.-0...8.=.0......$4....0g..........................P.O. .:i.....+00.../C:\.....................1.....+YpN..PROGRA~2.........O.I+YsN....................V........P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....f.1.....+YsN..SISTEM~1.1..L......+YpN+YsN...........................+.S.I.S.T.E.M.A. .2...1...1.....n.2..0g..X.f .CONFIG~1.EXE..R......+YpN+YpN..............................C.o.n.f.i.g.u.r.a.t.o.r...e.x.e.......d...............-.......c...........M.6......C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe..D.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.S.I.S.T.E.M.A. .2...1...1.\.C.o.n.f.i.g.u.r.a.t.o.r...e.x.e.$.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.S.I.S.T.E.M.A. .2...1...1.........................@Z\|...K.J.........`.......X.......549163...........hT..CrF.f4... ...............%..hT..CrF.f4... ...............%.............1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SISTEMA 2.1.1\SISTEMA.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Wed Sep 11 08:51:32 2024, mtime=Wed Sep 11 08:51:32 2024, atime=Tue Apr 23 11:01:14 2024, length=22726656, window=hide
Category:	dropped
Size (bytes):	1128
Entropy (8bit):	4.594890487031707
Encrypted:	false
SSDEEP:	24:8mHXiEBbdOEigHr9AeHm6dmlLdmSVUUnqwfMqygm:8mHXVBbdO1leH9dOdFWkfVyg
MD5:	D1E334C9F69194C75ECE6795A698D61A
SHA1:	130ADE3A2856F475980B782B3CC24B20D7143DA6
SHA-256:	9D0B1E430262BB50992D814E2288D6DAA39515660CC72B15551C58A8956397C1
SHA-512:	E623E046A2DAFD7144ACDE1E92C4379FE9E15BC62507FA3C80B0DAF567A311F3E1F9CC150F93CC4513CC12FBF24F153F02BB088C04ABF682B86980DFC39460FD
Malicious:	false
Preview:	L..................F.... ...?..0...W6..0......u.....Z..........................P.O. .:i.....+00.../C:\.....................1.....+YVN..PROGRA~2.........O.I+YVN....................V......F.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....f.1.....+YsN..SISTEM~1.1..L......+YpN+YsN...........................+.S.I.S.T.E.M.A. .2...1...1.....b.2...Z..X'` .SISTEMA.exe.H......+YqN+YqN..............................S.I.S.T.E.M.A...e.x.e......._...............-.......^...........M.6......C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe..?.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.S.I.S.T.E.M.A. .2...1...1.\.S.I.S.T.E.M.A...e.x.e.$.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.S.I.S.T.E.M.A. .2...1...1.........................@Z\|...K.J.........`.......X.......549163...........hT..CrF.f4... ...............%..hT..CrF.f4... ...............%.............1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.2.2.4.6.1.2.2.6.5.8

C:\ProgramData\firebird\fb_lock_4dbb36c8000002002ca50400

Download File

Process:	C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe
File Type:	data
Category:	dropped
Size (bytes):	1048576
Entropy (8bit):	0.10995010331186865
Encrypted:	false
SSDEEP:	192:bxlt0OHh9Eu1SiGndiFkuV9noZwibqRX4BLsE7zZ29U:tnBSiGnEkC99RXbE8G
MD5:	26443C759BBEC3C4A395CA5CB969BE11
SHA1:	559ED931B2577DAA2A879E5B3EC27FDA10F11A31
SHA-256:	690E22064A1E4702A5D31D62F0E1537D142607A077CEB5D17114C72E176EA569
SHA-512:	28E4E32837D161A4D22FA23DC813E105D45E3584FC99BE98D79645E9E1154545F4207DBF4B6344F7F4AFD26FED21A99635B18A19626E8A951E8F4F861211B81E
Malicious:	false
Preview:	..... ......HI..HI...I...I..........$...$...HO..HO..4...4.......hX......................t'..............6...............6...............".......................................................$...............................................................................................................0...0...8...8...@...@...H...H....O...O..X...X...`...`...TJ...K...T..lU..4K...S...P..PQ...O...O...Q...T..`N..`N...........................................L...L..8R...R..................................................................xM...M.. ... ....L...M..0...0...8...8...@...@...H...H...P...P...X...X...`...`...h...h...p...p...x...x................................................................................................................................................................... ... ...(...(...0...0...8...8...@...@...H...H...P...P...X...X...`...`...h...h...p...p...x...x...........................................................................................................

C:\ProgramData\firebird\fb_lock_4dbb36c8000002002ea50400

Download File

Process:	C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe
File Type:	data
Category:	dropped
Size (bytes):	1048576
Entropy (8bit):	0.12112242584379469
Encrypted:	false
SSDEEP:	192:OJFlt0OHH9Eu1qiGndij5kuV9n4o4PibqRX4BLsE7g3m+E3C9SIdv:OLnnqiGnEkC9347RXbbTV
MD5:	9DE5724F6F3F88FFD2E473D2F4D9E1EF
SHA1:	093FF5C08BC547E45CFDF4BBF1F706428623B0E7
SHA-256:	3AF570EA6C885ED4ED2D603E97150C39F2DCF9F8E1192FA82D7ADA669532AB38
SHA-512:	66C16A44E545C5B2EB6306A97B1568721A1A9143B21A340604DC60C679C6F707BCAFF3CB36B022182FDBB4BD479048617F5E6A7B01E11E89BCADC99DB5904375
Malicious:	false
Preview:	..... ......HI..HI...I...I..........$...$...HO...O..$O..$O.......].......................*..............L...............L...............1.......................................................1...............................................................................................................0...0...8...8...@...@...H...H...P...P...X...X...`...`...TJ...K...T...T..4K...S...N.. S...O..hP...Q...T..`N..lU..................................4Y..4Y...L...L..8R...R..................................................................xM...M.. ... ....L...M..0...0...8...8...@...@...H...H...P...P...X...X...`...`...h...h...p...p...x...x................................................................................................................................................................... ... ...(...(...0...0...8...8...@...@...H...H...P...P...X...X...`...`...h...h...p...p...x...x...........................................................................................................

C:\ProgramData\firebird\fb_trace.1

Download File

Process:	C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe
File Type:	Matlab v4 mat-file (little endian) rogramData\firebird\fb_trace_qw6vy7, sparse, rows 0, columns 1, imaginary
Category:	dropped
Size (bytes):	288
Entropy (8bit):	1.2524836948796274
Encrypted:	false
SSDEEP:	3:/l1luNkREmfD4jlt:nUi5El
MD5:	0F308D9333A8EB8B3B11F4D9DD9BD854
SHA1:	490A191B7C72621C0CC1FA3E865EC0E18C7910B6
SHA-256:	0657D8A306FACA4861A9004A861738913CE5D701D3B09CAD1A17786E73D26A24
SHA-512:	A54055AFCF9D582AE43F33788ADFF670D22B41BD3FAB480058AFFC37E2175FB36B1702204CF4596D6440622AAC298C4742EAB177275A1346428B34F18DC074A6
Malicious:	false
Preview:	................C:\ProgramData\firebird\fb_trace_qw6vy7.........................................................................................................................................................................................................................................

C:\Users\Public\Desktop\SISTEMA.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Wed Sep 11 08:51:32 2024, mtime=Wed Sep 11 08:51:37 2024, atime=Tue Apr 23 11:01:14 2024, length=22726656, window=hide
Category:	dropped
Size (bytes):	1110
Entropy (8bit):	4.612198756938329
Encrypted:	false
SSDEEP:	24:8m0QPEZdOEigHr9AeHwdmlLdmSVUUnqwfMqygm:8m0QsZdO1leHwdOdFWkfVyg
MD5:	3A3AB8E54736FBB0ADA936244536E453
SHA1:	925238BE1CCDD7C39637AE2BB0A65098BDF364C3
SHA-256:	B31E2945C96EBC9C6B415202A016D83E29E417FAFA036684B7E8D8A7B40FA52C
SHA-512:	3A3B350AD3D8529DF2D9B45BDDF200636388C9C6FDB3AF01E83CAE4EE29126BDD04516303BAE8123CEDBB9867680B514AC66E5E9327DE750E850C50F5E6A3A2E
Malicious:	false
Preview:	L..................F.... ...?..0....}.10......u.....Z..........................P.O. .:i.....+00.../C:\.....................1.....+YpN..PROGRA~2.........O.I+YsN....................V........P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....f.1.....+YsN..SISTEM~1.1..L......+YpN+YsN...........................+.S.I.S.T.E.M.A. .2...1...1.....b.2...Z..X'` .SISTEMA.exe.H......+YqN+YqN..............................S.I.S.T.E.M.A...e.x.e......._...............-.......^...........M.6......C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe..6.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.S.I.S.T.E.M.A. .2...1...1.\.S.I.S.T.E.M.A...e.x.e.$.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.S.I.S.T.E.M.A. .2...1...1.........................@Z\|...K.J.........`.......X.......549163...........hT..CrF.f4... ...............%..hT..CrF.f4... ...............%.............1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.2.2.4.6.1.2.2.6.5.8.-.3.6.9.3.4.0.5.1

C:\Users\user\AppData\Local\Temp\is-08PUE.tmp\_isetup\_setup64.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	PE32+ executable (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	6144
Entropy (8bit):	4.720366600008286
Encrypted:	false
SSDEEP:	96:sfkcXegaJ/ZAYNzcld1xaX12p+gt1sONA0:sfJEVYlvxaX12C6A0
MD5:	E4211D6D009757C078A9FAC7FF4F03D4
SHA1:	019CD56BA687D39D12D4B13991C9A42EA6BA03DA
SHA-256:	388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
SHA-512:	17257F15D843E88BB78ADCFB48184B8CE22109CC2C99E709432728A392AFAE7B808ED32289BA397207172DE990A354F15C2459B6797317DA8EA18B040C85787E
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^...............l...............=\......=\......=\......Rich............................PE..d.....R..........#............................@.............................`.......,......................................................<!.......P..H....@..0.................................................................... ...............................text............................... ..`.rdata..\|.... ......................@..@.data...,....0......................@....pdata..0....@......................@..@.rsrc...H....P......................@..@................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\is-0GTQV.tmp\SISTEMA_2_1_1_Build2.tmp

Download File

Process:	C:\Users\user\Desktop\sistema_2_1_1_build2\SISTEMA_2_1_1_Build2.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3116032
Entropy (8bit):	6.3715788946119005
Encrypted:	false
SSDEEP:	49152:5WGtLBcXqFpBR6SVb8kq4pgquLMMji4NYxtJpkxhGjIHTbU333Hg:rtLutqgwh4NYxtJpkxhGj333A
MD5:	38A0CE4967C1A254DDB91920046DDE5B
SHA1:	41F59E91F0D319E3D0C86C53F1906E3FD07114F8
SHA-256:	55E7B001B91938E05F376D233B5A4EEE0B9CB7A1D26E488C864B65EBFAE1D33F
SHA-512:	F91D46CDB42464DB4213231F208B798A19B9B4AFFBE10A9466E5B287F6C87CE7D48530E6EC24F11EC54A1C3F310A95BFEBCD0E982B421A740DC28E8CE8E4FE0D
Malicious:	false
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L......c.................L,..<......hf,......p,...@..........................p0...........@......@....................-.......-..9.......\...........................................................................-.......-......................text.... ,......",................. ..`.itext...(...@,.....&,............. ..`.data...X....p,......P,.............@....bss.....y....-..........................idata...9....-..:....,.............@....didata.......-.......-.............@....edata........-......-.............@..@.tls....L.....-..........................rdata..]............,-.............@..@.rsrc....\.......^....-.............@..@..............1.......0.............@..@........................................................

C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp

Download File

Process:	C:\Users\user\Desktop\sistema_2_1_1_build2\SISTEMA_2_1_1_Build2.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3116032
Entropy (8bit):	6.3715788946119005
Encrypted:	false
SSDEEP:	49152:5WGtLBcXqFpBR6SVb8kq4pgquLMMji4NYxtJpkxhGjIHTbU333Hg:rtLutqgwh4NYxtJpkxhGj333A
MD5:	38A0CE4967C1A254DDB91920046DDE5B
SHA1:	41F59E91F0D319E3D0C86C53F1906E3FD07114F8
SHA-256:	55E7B001B91938E05F376D233B5A4EEE0B9CB7A1D26E488C864B65EBFAE1D33F
SHA-512:	F91D46CDB42464DB4213231F208B798A19B9B4AFFBE10A9466E5B287F6C87CE7D48530E6EC24F11EC54A1C3F310A95BFEBCD0E982B421A740DC28E8CE8E4FE0D
Malicious:	false
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L......c.................L,..<......hf,......p,...@..........................p0...........@......@....................-.......-..9.......\...........................................................................-.......-......................text.... ,......",................. ..`.itext...(...@,.....&,............. ..`.data...X....p,......P,.............@....bss.....y....-..........................idata...9....-..:....,.............@....didata.......-.......-.............@....edata........-......-.............@..@.tls....L.....-..........................rdata..]............,-.............@..@.rsrc....\.......^....-.............@..@..............1.......0.............@..@........................................................

C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\SISTEMA.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Wed Sep 11 08:51:32 2024, mtime=Wed Sep 11 08:51:37 2024, atime=Tue Apr 23 11:01:14 2024, length=22726656, window=hide
Category:	dropped
Size (bytes):	1134
Entropy (8bit):	4.589262753882316
Encrypted:	false
SSDEEP:	24:8m9pPEZdOEigHr9AeHEdmlLdmSVUUnqwfMqygm:8m9psZdO1leHEdOdFWkfVyg
MD5:	0CC06EA22AC3F64C1D835E354124DFA6
SHA1:	5C6C9D21796F1EE7214D2CC161D360BF91C4A32B
SHA-256:	DF3AEE2149FC0142D6DAE402541FDA20544432B10282CB5A7CF920521E494EC0
SHA-512:	BC5E337D8D51BFDD50D1872DD9217E220DAE7901A67213657B43E3D3B5CBDE5D09EF6F218F7339479F833219B1F324ED25A85929F70FDB7F45398E3B960CFBB5
Malicious:	false
Preview:	L..................F.... ...?..0......10......u.....Z..........................P.O. .:i.....+00.../C:\.....................1.....+YpN..PROGRA~2.........O.I+YsN....................V........P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....f.1.....+YsN..SISTEM~1.1..L......+YpN+YsN...........................+.S.I.S.T.E.M.A. .2...1...1.....b.2...Z..X'` .SISTEMA.exe.H......+YqN+YqN..............................S.I.S.T.E.M.A...e.x.e......._...............-.......^...........M.6......C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe..B.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.S.I.S.T.E.M.A. .2...1...1.\.S.I.S.T.E.M.A...e.x.e.$.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.S.I.S.T.E.M.A. .2...1...1.........................@Z\|...K.J.........`.......X.......549163...........hT..CrF.f4... ...............%..hT..CrF.f4... ...............%.............1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.2.2.4.6.1.2.2

C:\Users\user\AppData\Roaming\SISTEMA\db\SISTEMA_GEN200_DE.FDB

Download File

Process:	C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe
File Type:	data
Category:	dropped
Size (bytes):	1327104
Entropy (8bit):	1.8615862761593724
Encrypted:	false
SSDEEP:	3072:9ySy4GS+YYCCnEbRemTxZ0dbInPMxnByu5tq1gs0Zo8jzuwsho0MXb5+hJD/+V2f:dy4OYSk8oIqvzB/GL
MD5:	F97AAA78F000CF8F7B325A2420C1A3A4
SHA1:	9B643BE378CB383C3926647A313B40821F8E83F3
SHA-256:	21A34F169D712DDF3F43701ABF83EA9AE8E520975039F59B14EE3A6FD51F2100
SHA-512:	CF46D5D4FA9CEB47668E11E327C50976BEE1B6C6852211F0A3441455A181E6EDF5951F99E60A80C7C5983E8F1ABAAB3D2D150DC7D06EB75FF11963609B9056C5
Malicious:	false
Preview:	..90..............................................................`.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\SISTEMA\db\SISTEMA_Gen200_DE.fdb (copy)

Download File

Process:	C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe
File Type:	data
Category:	dropped
Size (bytes):	1327104
Entropy (8bit):	1.8615862761593724
Encrypted:	false
SSDEEP:	3072:9ySy4GS+YYCCnEbRemTxZ0dbInPMxnByu5tq1gs0Zo8jzuwsho0MXb5+hJD/+V2f:dy4OYSk8oIqvzB/GL
MD5:	F97AAA78F000CF8F7B325A2420C1A3A4
SHA1:	9B643BE378CB383C3926647A313B40821F8E83F3
SHA-256:	21A34F169D712DDF3F43701ABF83EA9AE8E520975039F59B14EE3A6FD51F2100
SHA-512:	CF46D5D4FA9CEB47668E11E327C50976BEE1B6C6852211F0A3441455A181E6EDF5951F99E60A80C7C5983E8F1ABAAB3D2D150DC7D06EB75FF11963609B9056C5
Malicious:	false
Preview:	..90..............................................................`.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\Documents\SISTEMA\Data\SSMVDMADatabase.xml

Download File

Process:	C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe
File Type:	XML 1.0 document, ASCII text, with very long lines (1022), with CRLF line terminators
Category:	dropped
Size (bytes):	1047
Entropy (8bit):	4.657398759490654
Encrypted:	false
SSDEEP:	12:TMGcjykE4oln/vpkl5S/vpk8GRNVJE/vp8:3Ey94ol/606TjCe
MD5:	AC172498EB1A05E321C6B7BBD1FBAC77
SHA1:	AE70B3C20B11C45F3976CDF39534E08658B7B4AC
SHA-256:	AC9C6976043B4674B8AE5C13530754C5838CEC7B185A9E85CACC69E8C70A50DF
SHA-512:	BAE06A279D1DDC3ABEF409CE3820EE4F750C5288E16AA0DBADCCBED5E188CCB049F808565D807C23991F13D3DBFBBAC0AE59F1E89E071FE695060C98B7F31034
Malicious:	false
Preview:	<?xml version="1.0"?>..<xmldocdata><tiopf version="2.1"/><tables><table table_name="vdma_manufacture"><fields><field field_name="oid" field_kind="string" field_Size="36"/><field field_name="manufacture_name" field_kind="string" field_Size="256"/><field field_name="comments" field_kind="string" field_Size="8196"/><field field_name="contacts_id" field_kind="string" field_Size="8196"/></fields><rows/></table><table table_name="vdma_66413"><fields><field field_name="oid" field_kind="string" field_Size="36"/><field field_name="oid_manufacture" field_kind="string" field_Size="36"/><field field_name="db_66413_file_name" field_kind="string" field_Size="256"/><field field_name="dbfile_name" field_kind="string" field_Size="256"/></fields><rows/></table><table table_name="vdma_language_file"><fields><field field_name="oid" field_kind="string" field_Size="36"/><field field_name="oid_vdma66413" field_kind="string" field_Size="36"/><field field_name="filename" field_kind="string" field_Size="256"/><

C:\Users\user\Documents\SISTEMA\Libraries\SISTEMA_LIB200_DE.SLB

Download File

Process:	C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe
File Type:	data
Category:	dropped
Size (bytes):	1196032
Entropy (8bit):	1.9695054806630388
Encrypted:	false
SSDEEP:	3072:Gy4y4GS+Y5CCnEbRemTxZ0dbInPMxnBia5KG8W2qgE+YwDWzk35H4sh6jWcqYMAr:4y4OYDUFDq1Foh4HqY6
MD5:	CB876FC504CEA416FA0716D4CB43A334
SHA1:	69C2FC87D5E01B21002DBC00E648B70EC0018221
SHA-256:	2529E442F29225B15D42CCFEE9CE02F2868915E9C5C11767DB538B89340FB86A
SHA-512:	0D8923C831160244B4718190B96B60FFA2E257288D488463E905E6FFCE951DAB4F97025F797F1F9EBADD0186E98E85919A41384F26830992D8ACD32D85E8BCD1
Malicious:	false
Preview:	..90.............................................................`.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\Documents\SISTEMA\Libraries\SISTEMA_Lib200_DE.slb (copy)

Download File

Process:	C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe
File Type:	data
Category:	dropped
Size (bytes):	1196032
Entropy (8bit):	1.9695054806630388
Encrypted:	false
SSDEEP:	3072:Gy4y4GS+Y5CCnEbRemTxZ0dbInPMxnBia5KG8W2qgE+YwDWzk35H4sh6jWcqYMAr:4y4OYDUFDq1Foh4HqY6
MD5:	CB876FC504CEA416FA0716D4CB43A334
SHA1:	69C2FC87D5E01B21002DBC00E648B70EC0018221
SHA-256:	2529E442F29225B15D42CCFEE9CE02F2868915E9C5C11767DB538B89340FB86A
SHA-512:	0D8923C831160244B4718190B96B60FFA2E257288D488463E905E6FFCE951DAB4F97025F797F1F9EBADD0186E98E85919A41384F26830992D8ACD32D85E8BCD1
Malicious:	false
Preview:	..90.............................................................`.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\Documents\SISTEMA\Projects\Projects.dat

Download File

Process:	C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=store
Category:	dropped
Size (bytes):	110478
Entropy (8bit):	7.971115364593538
Encrypted:	false
SSDEEP:	3072:mrlbTQm3A+nYRAUQTF02YRAU8o3EYRAUTUhXjkj:m5Ql+ntUQK2tUh3EtUTUhXjw
MD5:	6AF0020CB16796BD8B5C002BA4D9F22B
SHA1:	EDBC51ECFD876F2228466BB47658383FD4B5B638
SHA-256:	F4F4E37423D65249848476B453D987AF47ECE819542DBBB82F088ECCE9C1E13A
SHA-512:	62E5645273291C3DBEFAD0639895ECAFC111A50B33C8794144B21C45AE71F0938DAE024DB5E2CE0379A87635741CFCEC2730E3A0F57671D5DB331CDD6F1808D2
Malicious:	false
Preview:	PK.........`fW................de/PK.........`fW............9...de/pld_kat3_trennende_schutzeinrichtung_mit_verriegelung/PK........%`fW............C...de/pld_kat3_trennende_schutzeinrichtung_mit_verriegelung/dokumente/PK........%`fW.?..0...H..T...de/pld_kat3_trennende_schutzeinrichtung_mit_verriegelung/dokumente/Blockdiagramm.pdf.\.XSA.....E.Q.......].HSA.....HH.B.0......h..<E.....(.........{..=..w.n...ov.......q....Z.+..cGu. .......E.. -}.DB.o....FZ".xuM....G. .X,.....v...."."...8..ZC.EOO.H..P...(..a.D/H..".Z,hH0. .K4.V.'.........HC.Q.?..?....?..Q.?.j?..4.G.:J.....Ei.LSS.yl......_.1P..r.-.......H.a...E.P....Hs.....P5v.1......1.x.#.....n.611.@..Q.F8.=...&....@.....F&......!V...a...........B..o.hbc.../....."....#M}ITb .D......O"...FAQ.n.E.i...Q....(.>..@.....8`.hn;:.\y.....S.G./.........}..Lx..Y..c.m..Z.D.O...W/..qZ..IG......r.T.r.A~(..$.>.qKzZ...O......m;....P......FP...=.`Ip'...hv../a..R..)a.(...E!p....1.H..B.Q.T.....<G....DAzx..~..D...T.\Ri^.o....}/....

C:\Users\user\Documents\SISTEMA\Projects\de\pld_kat3_trennende_schutzeinrichtung_mit_verriegelung\PLd_Kat3_Trennende_Schutzeinrichtung_mit_Verriegelung.ssm

Download File

Process:	C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe
File Type:	XML 1.0 document, Unicode text, UTF-8 text, with very long lines (52646), with CRLF line terminators
Category:	dropped
Size (bytes):	52755
Entropy (8bit):	5.0666985522732375
Encrypted:	false
SSDEEP:	384:dEptqzoHy0132WzabjpPuOQnLaWNNm2vKaabAPuILxHUxgmD5LaabAPu1McYZ8Sm:dett4+LaWNNN1J3+WQA8
MD5:	A822B982A349733561680B8E26280DED
SHA1:	2251D5E0E4AB8C09C6FD780900AD7B1E02A85560
SHA-256:	B7D7663205198E8223765B2997C15A09FF0B497E4B4B236F8642E90E1962909A
SHA-512:	88F85207C463E7A2E377F7D1E6ED662830EA198CB0854809AD42C36382AC3DC5DF8DA17945DF59834C4290C980997AF74F16E0FBAA554AA11173FBAB6868C1CD
Malicious:	false
Preview:	<?xml version="1.0"?>..<xmldocdata><tiopf version="2.1"/><tables><table table_name="projectops"><fields><field field_name="oid" field_kind="string" field_Size="38"/><field field_name="ssmversion" field_kind="string" field_Size="40"/><field field_name="normversion" field_kind="string" field_Size="40"/><field field_name="isprotected" field_kind="integer" field_Size="0"/><field field_name="name" field_kind="string" field_Size="512"/><field field_name="author" field_kind="string" field_Size="256"/><field field_name="tester" field_kind="string" field_Size="256"/><field field_name="manager" field_kind="string" field_Size="256"/><field field_name="document" field_kind="string" field_Size="1024"/><field field_name="documentation" field_kind="string" field_Size="4000"/><field field_name="filename" field_kind="string" field_Size="1024"/><field field_name="machinename" field_kind="string" field_Size="512"/><field field_name="standardsfolder" field_kind="string" field_Size="1024"/><field field_nam

C:\Users\user\Documents\SISTEMA\Projects\de\pld_kat3_trennende_schutzeinrichtung_mit_verriegelung\dokumente\Blockdiagramm.pdf

Download File

Process:	C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe
File Type:	PDF document, version 1.4, 1 pages
Category:	dropped
Size (bytes):	18590
Entropy (8bit):	7.120274146786177
Encrypted:	false
SSDEEP:	384:nsUUilClOnnnbx7oe/YP35o59qqq5EIyFOe6666666IRSJnNncW:nAilCgnbxkewAqqq5eFOe6666666IRM9
MD5:	10448C549C2CD80BEC525B018C1123BF
SHA1:	E64D39CFC8C60EF43FA7F99B1FB499D5D15EFF01
SHA-256:	B4856E4C53ADD1A369DBD65913BA20EBCB8BEE2F5E4ADAAB31B63DDEF34F55E8
SHA-512:	9935E6CE6B8428AB276EA4BB3DE6AFA9B857A1F10681915C7635D4CF7A55116793EDABA80F8E4D590C39495F2A49EE671897E5F1004571DC56ACD21B42185C45
Malicious:	false
Preview:	%PDF-1.4.%......6 0 obj <</Linearized 1/L 18590/O 8/E 14411/N 1/T 18424/H [ 576 169]>>.endobj. ..xref..6 14..0000000016 00000 n..0000000745 00000 n..0000000821 00000 n..0000000948 00000 n..0000001105 00000 n..0000001149 00000 n..0000001351 00000 n..0000001509 00000 n..0000001543 00000 n..0000004212 00000 n..0000005064 00000 n..0000014094 00000 n..0000014335 00000 n..0000000576 00000 n..trailer..<</Size 20/Prev 18414/Root 7 0 R/Info 5 0 R/ID[<C4CDFD82B86C20DF75A1EEC60C10FC76><239403827457314D9CE22F95CB498472>]>>..startxref..0..%%EOF.. ..19 0 obj<</Length 85/Filter/FlateDecode/I 101/L 85/S 39>>stream..x.b``.f``.a..S1.T...,...........A.....}.S.....L....L......cd`0_.5...Y...<!.......0..c..endstream.endobj.7 0 obj<</Metadata 4 0 R/Pages 3 0 R/Type/Catalog/PageLabels 1 0 R>>.endobj.8 0 obj<</CropBox[0 0 540 720]/Parent 3 0 R/Contents 11 0 R/Rotate 90/MediaBox[0 0 540 720]/Resources 9 0 R/Type/Page>>.endobj.9 0 obj<</XObject<</Im1 16 0 R>>/ColorSpace<</Cs6 13

C:\Users\user\Documents\SISTEMA\Projects\de\pld_kat3_trennende_schutzeinrichtung_mit_verriegelung\dokumente\Schaltbild.pdf

Download File

Process:	C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe
File Type:	PDF document, version 1.4, 1 pages
Category:	dropped
Size (bytes):	17514
Entropy (8bit):	5.967308885942057
Encrypted:	false
SSDEEP:	192:xWBcnrc4V3l79fIs6zdczmpkOWq3HFwFrwwiLlhQe/ekBHkzg:wBKPn9QxW4gilCliL31NCc
MD5:	4DE4538B36F761DC80167CCFB3D75327
SHA1:	FA5529E7F9FF2C82FDFA1F9F3DE1801FA43B9C95
SHA-256:	DA80E3746FA7878E969CE37FCCD56206A44169A41F91B3F12601D5595647F4A8
SHA-512:	C40D0A89798C7A3A458D4BAF657401052A74F134E42E0DF6127C4FCA6412CFA2F1C05EB3C6EE3B7EE659008D104700FF0351D59AB24BDF370779925F41A5A657
Malicious:	false
Preview:	%PDF-1.4.%......6 0 obj <</Linearized 1/L 13279/O 8/E 9126/N 1/T 13113/H [ 696 175]>>.endobj. ..xref..6 20..0000000016 00000 n..0000000871 00000 n..0000000947 00000 n..0000001124 00000 n..0000001244 00000 n..0000001861 00000 n..0000001895 00000 n..0000002434 00000 n..0000002655 00000 n..0000003092 00000 n..0000003595 00000 n..0000004106 00000 n..0000004615 00000 n..0000004971 00000 n..0000005420 00000 n..0000005933 00000 n..0000008602 00000 n..0000008823 00000 n..0000009050 00000 n..0000000696 00000 n..trailer..<</Size 26/Prev 13103/Root 7 0 R/Info 5 0 R/ID[<249A6E103EA6CD2F4947F3921440D701><3A7C8416E4E81A458F3C92A75FBDF454>]>>..startxref..0..%%EOF.. ..25 0 obj<</Length 91/Filter/FlateDecode/I 108/L 92/S 39>>stream..x.b``.d``fa.........Y.8.0. ..B1......0......%...^.-.8_..7...L. .....CM..bV....q............endstream.endobj.7 0 obj<</Metadata 4 0 R/Pages 3 0 R/Type/Catalog/PageLabels 1 0 R>>.endobj.8 0 obj<</CropBox[0 0 595 842]/Parent 3 0 R/Contents[

C:\Users\user\Documents\SISTEMA\Projects\en\pld_cat3_interlocking_of_movable_guard\PLd_Cat3_Interlocking_of_Movable_Guard.ssm

Download File

Process:	C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe
File Type:	XML 1.0 document, Unicode text, UTF-8 text, with very long lines (52556), with CRLF line terminators
Category:	dropped
Size (bytes):	52606
Entropy (8bit):	5.046641919279684
Encrypted:	false
SSDEEP:	384:YtXbqzoHv9uTWzabjpPuOEnLaPvlaabAPu9O9jhnmv2vLaabAPucVcLc8uae620J:YFbd9O6LaPv+5IsczfAjWsy8
MD5:	477C24BE9C0B7D68EE41E7F35698CDBA
SHA1:	D11DB46C89892836D4D1D416A1BB4EBCD945384B
SHA-256:	38C8C223E990B226E2B639BB6C05DD5FFE01A29ADEDF4ED9466631404E067FD4
SHA-512:	D678967BDB0808A1318CD49E58BE934E8F36C13620D6460F5781710D4D088B9F6FC987BD73FD752E63F3D8567C98C0B344FDF89DD77E0B6CBF21D1254C249151
Malicious:	false
Preview:	<?xml version="1.0"?>..<xmldocdata><tiopf version="2.1"/><tables><table table_name="projectops"><fields><field field_name="oid" field_kind="string" field_Size="38"/><field field_name="ssmversion" field_kind="string" field_Size="40"/><field field_name="normversion" field_kind="string" field_Size="40"/><field field_name="isprotected" field_kind="integer" field_Size="0"/><field field_name="name" field_kind="string" field_Size="512"/><field field_name="author" field_kind="string" field_Size="256"/><field field_name="tester" field_kind="string" field_Size="256"/><field field_name="manager" field_kind="string" field_Size="256"/><field field_name="document" field_kind="string" field_Size="1024"/><field field_name="documentation" field_kind="string" field_Size="4000"/><field field_name="filename" field_kind="string" field_Size="1024"/><field field_name="machinename" field_kind="string" field_Size="512"/><field field_name="standardsfolder" field_kind="string" field_Size="1024"/><field field_nam

C:\Users\user\Documents\SISTEMA\Projects\en\pld_cat3_interlocking_of_movable_guard\documents\Block-diagram.pdf

Download File

Process:	C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe
File Type:	PDF document, version 1.4, 1 pages
Category:	dropped
Size (bytes):	21614
Entropy (8bit):	6.54009112895976
Encrypted:	false
SSDEEP:	192:8CFoeSW/u3Wq3HFwFrwwGSt27+FZiMhKUbNnQOn8rbCTsx3PmQbtck31gc1uxkE:eex2GilClziUwMhzGruIx3Pm0JlPuKE
MD5:	9FD1F22A2D24CDD2014A28CC0F8B1560
SHA1:	060293EBA680A61127F97A6FE4D801131C591569
SHA-256:	7051B3BF51A7B3FE5E7352FBBFD5E7D69F1B7E294A15643665736118C1FB1314
SHA-512:	DFC987651CB812C05C92324EF56ECACA4A72740C34A3B70EE55934AE6C01ABD1358A11810ACC7C03D8078FD8253CD7E2C18A17FE072AE11E906009EC43F4FFC7
Malicious:	false
Preview:	%PDF-1.4.%......6 0 obj <</Linearized 1/L 17134/O 8/E 12971/N 1/T 16968/H [ 596 166]>>.endobj. ..xref..6 15..0000000016 00000 n..0000000762 00000 n..0000000838 00000 n..0000000965 00000 n..0000001119 00000 n..0000001153 00000 n..0000001196 00000 n..0000001238 00000 n..0000001403 00000 n..0000004072 00000 n..0000004300 00000 n..0000012658 00000 n..0000012710 00000 n..0000012895 00000 n..0000000596 00000 n..trailer..<</Size 21/Prev 16958/Root 7 0 R/Info 5 0 R/ID[<73DEFD62C334634D1F1CA37998BBFF4D><E43F98D7D2F5D749BDCAD02C130F465D>]>>..startxref..0..%%EOF.. ..20 0 obj<</Length 82/Filter/FlateDecode/I 102/L 86/S 39>>stream..x.b``.a``Z..........Y.8....@1.....c.{...'..........T.h.%....X.fX.1..."... .......endstream.endobj.7 0 obj<</Metadata 4 0 R/Pages 3 0 R/Type/Catalog/PageLabels 1 0 R>>.endobj.8 0 obj<</CropBox[0 0 595 842]/Parent 3 0 R/Contents 13 0 R/Rotate 90/MediaBox[0 0 595 842]/Resources 9 0 R/Type/Page>>.endobj.9 0 obj<</XObject<</Im1 16 0 R/Im2

C:\Users\user\Documents\SISTEMA\Projects\en\pld_cat3_interlocking_of_movable_guard\documents\Control-circuit.pdf

Download File

Process:	C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe
File Type:	PDF document, version 1.4, 1 pages
Category:	dropped
Size (bytes):	17537
Entropy (8bit):	6.011547168199044
Encrypted:	false
SSDEEP:	192:Ac7tPWh1aSptCv3nsaBo3M/yWq3HFwFrwwiLlhQe/uklkYn:AM+LVp4v3VBcMxilCliL3192Yn
MD5:	B560ECF8EF6EFD6D4B226D6C514FE366
SHA1:	28274D0CBD6C5021FED346759F58C167BEBAC0A1
SHA-256:	A3FA7F1B6C52E94C644FD81DB73D49D3267D3A3A1421C16BC67F825D74F082E0
SHA-512:	A5EEEE7CA03E8613BF00521C7272AF298E93C647349C2A9D411248AF1CDE33C8BA3AF90F3D6C9287A06E988DF61EBC7594C178F29748FF31DE156CA63171688F
Malicious:	false
Preview:	%PDF-1.4.%......6 0 obj <</Linearized 1/L 13057/O 8/E 8904/N 1/T 12891/H [ 696 174]>>.endobj. ..xref..6 20..0000000016 00000 n..0000000870 00000 n..0000000946 00000 n..0000001123 00000 n..0000001243 00000 n..0000001628 00000 n..0000001662 00000 n..0000002213 00000 n..0000002434 00000 n..0000002874 00000 n..0000003373 00000 n..0000003881 00000 n..0000004358 00000 n..0000004729 00000 n..0000005206 00000 n..0000005711 00000 n..0000008380 00000 n..0000008601 00000 n..0000008828 00000 n..0000000696 00000 n..trailer..<</Size 26/Prev 12881/Root 7 0 R/Info 5 0 R/ID[<478A5CAE4A877FC87F53D34B74CA38FA><D750B918FDF37F4790EB2AA8339ECED4>]>>..startxref..0..%%EOF.. ..25 0 obj<</Length 90/Filter/FlateDecode/I 108/L 92/S 39>>stream..x.b``.d``fa..y1.T...,...........A....C.........e.....-[... ...bF.*).I.@...`.."... ...V....endstream.endobj.7 0 obj<</Metadata 4 0 R/Pages 3 0 R/Type/Catalog/PageLabels 1 0 R>>.endobj.8 0 obj<</CropBox[0 0 595 842]/Parent 3 0 R/Contents[1

C:\Users\user\Documents\SISTEMA\Projects\fr\pld_cat3_verrouillage de protecteur mobile\Verrouillage electrique dun protecteur mobile - Categorie 3 - PL d_.ssm

Download File

Process:	C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe
File Type:	XML 1.0 document, Unicode text, UTF-8 text, with very long lines (53332), with CRLF line terminators
Category:	dropped
Size (bytes):	53551
Entropy (8bit):	5.073710614315623
Encrypted:	false
SSDEEP:	384:pubqzoHSd6iWzabjpPuAtnLaVnkTH8tKERaabAPugPuqlHzMYA+MECtLaabAPuy/:sbAd6O1LahkTctK94YABEuHWdY8
MD5:	BDE1A3A74983A4C9138165FE3E84CE55
SHA1:	95523CBAB49778E13717A0908811F6CC24626273
SHA-256:	8EF08A26E861A819D5A3FC974EAF71F0CFE16B8DE0F1F05E77701965D55772FA
SHA-512:	E57F97474B747E1E00D559588FE907B115D50E0FA8DC6D1ED57FF65FA6EDEDCAD9864426E0D7C390EC56376C17F89E34F01CC45872C84F8E4E4F95EEB8B8B64A
Malicious:	false
Preview:	<?xml version="1.0"?>..<xmldocdata><tiopf version="2.1"/><tables><table table_name="projectops"><fields><field field_name="oid" field_kind="string" field_Size="38"/><field field_name="ssmversion" field_kind="string" field_Size="40"/><field field_name="normversion" field_kind="string" field_Size="40"/><field field_name="isprotected" field_kind="integer" field_Size="0"/><field field_name="name" field_kind="string" field_Size="512"/><field field_name="author" field_kind="string" field_Size="256"/><field field_name="tester" field_kind="string" field_Size="256"/><field field_name="manager" field_kind="string" field_Size="256"/><field field_name="document" field_kind="string" field_Size="1024"/><field field_name="documentation" field_kind="string" field_Size="4000"/><field field_name="filename" field_kind="string" field_Size="1024"/><field field_name="machinename" field_kind="string" field_Size="512"/><field field_name="standardsfolder" field_kind="string" field_Size="1024"/><field field_nam

C:\Users\user\Documents\SISTEMA\Projects\fr\pld_cat3_verrouillage de protecteur mobile\documents\Block-diagram.pdf

Download File

Process:	C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe
File Type:	PDF document, version 1.4, 1 pages
Category:	dropped
Size (bytes):	21614
Entropy (8bit):	6.54009112895976
Encrypted:	false
SSDEEP:	192:8CFoeSW/u3Wq3HFwFrwwGSt27+FZiMhKUbNnQOn8rbCTsx3PmQbtck31gc1uxkE:eex2GilClziUwMhzGruIx3Pm0JlPuKE
MD5:	9FD1F22A2D24CDD2014A28CC0F8B1560
SHA1:	060293EBA680A61127F97A6FE4D801131C591569
SHA-256:	7051B3BF51A7B3FE5E7352FBBFD5E7D69F1B7E294A15643665736118C1FB1314
SHA-512:	DFC987651CB812C05C92324EF56ECACA4A72740C34A3B70EE55934AE6C01ABD1358A11810ACC7C03D8078FD8253CD7E2C18A17FE072AE11E906009EC43F4FFC7
Malicious:	false
Preview:	%PDF-1.4.%......6 0 obj <</Linearized 1/L 17134/O 8/E 12971/N 1/T 16968/H [ 596 166]>>.endobj. ..xref..6 15..0000000016 00000 n..0000000762 00000 n..0000000838 00000 n..0000000965 00000 n..0000001119 00000 n..0000001153 00000 n..0000001196 00000 n..0000001238 00000 n..0000001403 00000 n..0000004072 00000 n..0000004300 00000 n..0000012658 00000 n..0000012710 00000 n..0000012895 00000 n..0000000596 00000 n..trailer..<</Size 21/Prev 16958/Root 7 0 R/Info 5 0 R/ID[<73DEFD62C334634D1F1CA37998BBFF4D><E43F98D7D2F5D749BDCAD02C130F465D>]>>..startxref..0..%%EOF.. ..20 0 obj<</Length 82/Filter/FlateDecode/I 102/L 86/S 39>>stream..x.b``.a``Z..........Y.8....@1.....c.{...'..........T.h.%....X.fX.1..."... .......endstream.endobj.7 0 obj<</Metadata 4 0 R/Pages 3 0 R/Type/Catalog/PageLabels 1 0 R>>.endobj.8 0 obj<</CropBox[0 0 595 842]/Parent 3 0 R/Contents 13 0 R/Rotate 90/MediaBox[0 0 595 842]/Resources 9 0 R/Type/Page>>.endobj.9 0 obj<</XObject<</Im1 16 0 R/Im2

C:\Users\user\Documents\SISTEMA\Projects\fr\pld_cat3_verrouillage de protecteur mobile\documents\Control-circuit.pdf

Download File

Process:	C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe
File Type:	PDF document, version 1.3, 1 pages
Category:	dropped
Size (bytes):	13200
Entropy (8bit):	7.715864725587699
Encrypted:	false
SSDEEP:	192:WyLqBckClRpV6GlPWXk5Y4KxdlKnMvFIs0yqT+BcCK2t+16JJS2skOuNd8/dSg/B:LLYC1wGWdlKn6m2qTEcFmiNnu8lSg/oO
MD5:	B13B6B4C09970A659CD2CD3F7AFCB7D4
SHA1:	918E36521CBE8955F7FC19BD71978FBBA14BA3D9
SHA-256:	F70D59044E1C953F55DC25E906F071B4B70D02C2B9EB2514BE58E5128DB3AEC2
SHA-512:	4050A05A65C11393B293AC62A8BBFE250A4EAC916DCF71741C1E4C01D7BA97410E6D4A74A8A4E3FCA9D028FC805CC390C919C1EC4E12AA459945B47B4C53B545
Malicious:	false
Preview:	%PDF-1.3.%...5 0 obj.<</Length 6 0 R/Filter /FlateDecode>>.stream.x..T.n.1...Wx9F....V....6;......6........$....>.........0.V.......'.4.t3.PSJA.Qf(...........`.+1A).d.B..:......m.r....<u..~.@k....V!t......F..6...D..%..7_u....!......%....$s..Sp.gF;....=.\|;..].[B...c..2..\...7.n....5.D.L@......d..._~&...M7F.St..(S..z...9...m.@.$[..~9..v.$......p....`S..R.....T..;..=!pBnz.iF.6.......f..1.nW...._z6q....i.....$..c...y.4..n.."6...8`v...R....T.nW........T....b......1`.X'..-.._M.%..;d........9...=.[6..>.c....T.....Y.....'>K..C4..%.!....... u.*...U.X..M.Y,.C...6..@\..../..a.X.5. .mA.wS4.>..m.8.N......G.V.....W.pN......xGUendstream.endobj.6 0 obj.586.endobj.4 0 obj.<</Type/Page/MediaBox [0 0 595 842]./Rotate 90/Parent 3 0 R./Resources<</ProcSet[/PDF /ImageC /ImageI /Text]./ColorSpace 12 0 R./ExtGState 13 0 R./XObject 14 0 R./Font 15 0 R.>>./Contents 5 0 R.>>.endobj.3 0 obj.<< /Type /Pages /Kids [.4 0 R.] /Count 1./Rotate 90>>.endobj.1 0 obj.<</Type /Catalog /Pag

C:\Users\user\Documents\SISTEMA\Projects\it\pld_cat3_interblocco_di_riparo_mobile\PLd_Cat3_Interblocco_di_Riparo_Mobile.ssm

Download File

Process:	C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe
File Type:	XML 1.0 document, Unicode text, UTF-8 text, with very long lines (53161), with CRLF line terminators
Category:	dropped
Size (bytes):	53225
Entropy (8bit):	5.0332840194550315
Encrypted:	false
SSDEEP:	384:LPrbqzoHBMqmvjTMWzabjpPuOEnLa1yZukSaabAPuugh9WmitDxvLaabAPuPkMjD:XbLmbK6La1yIcRBW7T58
MD5:	3079C26F111A6A7F06982732191A8327
SHA1:	E418391F91AAB7C958A0A7E007D6869475FF3098
SHA-256:	43BFFF8411B12C74074DB307FFAD936E94C4CE3B31A7D129D161D20BF542159C
SHA-512:	0504A7F97077D4639A7D82C7B2C85AD519C27E65BDC4F26A221CADDE0C462E23B67ECEC17695990A254007386F1953315ED4F0B30596A9DF5044A5B344469090
Malicious:	false
Preview:	<?xml version="1.0"?>..<xmldocdata><tiopf version="2.1"/><tables><table table_name="projectops"><fields><field field_name="oid" field_kind="string" field_Size="38"/><field field_name="ssmversion" field_kind="string" field_Size="40"/><field field_name="normversion" field_kind="string" field_Size="40"/><field field_name="isprotected" field_kind="integer" field_Size="0"/><field field_name="name" field_kind="string" field_Size="512"/><field field_name="author" field_kind="string" field_Size="256"/><field field_name="tester" field_kind="string" field_Size="256"/><field field_name="manager" field_kind="string" field_Size="256"/><field field_name="document" field_kind="string" field_Size="1024"/><field field_name="documentation" field_kind="string" field_Size="4000"/><field field_name="filename" field_kind="string" field_Size="1024"/><field field_name="machinename" field_kind="string" field_Size="512"/><field field_name="standardsfolder" field_kind="string" field_Size="1024"/><field field_nam

C:\Users\user\Documents\SISTEMA\Projects\it\pld_cat3_interblocco_di_riparo_mobile\documents\Block-diagram.pdf

Download File

Process:	C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe
File Type:	PDF document, version 1.4, 1 pages
Category:	dropped
Size (bytes):	21614
Entropy (8bit):	6.54009112895976
Encrypted:	false
SSDEEP:	192:8CFoeSW/u3Wq3HFwFrwwGSt27+FZiMhKUbNnQOn8rbCTsx3PmQbtck31gc1uxkE:eex2GilClziUwMhzGruIx3Pm0JlPuKE
MD5:	9FD1F22A2D24CDD2014A28CC0F8B1560
SHA1:	060293EBA680A61127F97A6FE4D801131C591569
SHA-256:	7051B3BF51A7B3FE5E7352FBBFD5E7D69F1B7E294A15643665736118C1FB1314
SHA-512:	DFC987651CB812C05C92324EF56ECACA4A72740C34A3B70EE55934AE6C01ABD1358A11810ACC7C03D8078FD8253CD7E2C18A17FE072AE11E906009EC43F4FFC7
Malicious:	false
Preview:	%PDF-1.4.%......6 0 obj <</Linearized 1/L 17134/O 8/E 12971/N 1/T 16968/H [ 596 166]>>.endobj. ..xref..6 15..0000000016 00000 n..0000000762 00000 n..0000000838 00000 n..0000000965 00000 n..0000001119 00000 n..0000001153 00000 n..0000001196 00000 n..0000001238 00000 n..0000001403 00000 n..0000004072 00000 n..0000004300 00000 n..0000012658 00000 n..0000012710 00000 n..0000012895 00000 n..0000000596 00000 n..trailer..<</Size 21/Prev 16958/Root 7 0 R/Info 5 0 R/ID[<73DEFD62C334634D1F1CA37998BBFF4D><E43F98D7D2F5D749BDCAD02C130F465D>]>>..startxref..0..%%EOF.. ..20 0 obj<</Length 82/Filter/FlateDecode/I 102/L 86/S 39>>stream..x.b``.a``Z..........Y.8....@1.....c.{...'..........T.h.%....X.fX.1..."... .......endstream.endobj.7 0 obj<</Metadata 4 0 R/Pages 3 0 R/Type/Catalog/PageLabels 1 0 R>>.endobj.8 0 obj<</CropBox[0 0 595 842]/Parent 3 0 R/Contents 13 0 R/Rotate 90/MediaBox[0 0 595 842]/Resources 9 0 R/Type/Page>>.endobj.9 0 obj<</XObject<</Im1 16 0 R/Im2

C:\Users\user\Documents\SISTEMA\Projects\it\pld_cat3_interblocco_di_riparo_mobile\documents\Circuito di controllo.pdf

Download File

Process:	C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe
File Type:	PDF document, version 1.3, 1 pages
Category:	dropped
Size (bytes):	7864
Entropy (8bit):	7.6076017718594064
Encrypted:	false
SSDEEP:	192:pT89Ne/vUKqDLNo+bh2/Im9YHpqW2dTNPVFmxE5g3R1nx4:SfenUKqDLa3IQypH2dxrWE5g7K
MD5:	68974F445A4754A93D14D28D74DB7E5E
SHA1:	029DAF12BDEEAD006B2333483D1A3BD392618DF8
SHA-256:	B3163BF24A0952F524CA2EF93B38BA602C01D5C20BEE4A1709BFBA5CFF40D66D
SHA-512:	D1A8A4A480833FEFEF2900F13DC15C441E47FB76BAA9C77EF8A4E2201D7CF75C24A063B33E842CCDF620D3661A43924FB610AE12781DF871120B4AF532BC3395
Malicious:	false
Preview:	%PDF-1.3.%...5 0 obj.<</Length 6 0 R/Filter /FlateDecode>>.stream.x..ZK........S.&..QR..)q,k7.....Z.zkF...\._o...G.eY.......H.."9....^T...7....SaMZ/6....v.B......0WCnw..by..%.....WJ-..?...~.b...ey......."-.)@.\|sZ.^.\|..\...;XQ.s..,N.5...v.v.>..._....2i...Y}.......^..]^......`.>.j DW.F.j.AR..2ZY..T..5..&../.:R\,d.......2..L.W..._..ng.KDK_I..m...1.f.S%.H.B....d1....fY!.~.l..e&...}b..&Ty..G.......Am.U!.h.g.W.0.]\.B..}w..^.[...[..K=....:7...{.o..j...n.Q....g.V..hc'.o..T.#.j2....M........1. ..R.>;....b..F.h.W.u.~....Y=."". ..vEk...S....qg.....f...;..b..7.....j.;..f..q......P.7;F\t..$.Dc.......(.....ws.". ...I...N/.......#V..K.8J..........Vk..\.Z........#....=m>UvT.X^...e.QY.'Y.$)...Z.0.&.^...e.2.b........q"...#d1.....\9N..d.&.$KD..j:._.-..F..~.u...L...Y..&...X....7M....A.._.....(..Z..W..z.........MQ..V'..p.W.q(..0dz.hY._K.A.j-+..d......+6.....2=.q.U2..*.auho..V..~.....LxYIPnu....h......bZ....,.f.b.7.....n..-....e...r..=UM...bK.l..7dKF..1....C

Static File Info

General

File type:	Zip archive data, at least v2.0 to extract, compression method=deflate
Entropy (8bit):	7.999988251299981
TrID:	ZIP compressed archive (8000/1) 100.00%
File name:	sistema_2_1_1_build2.zip
File size:	30'133'937 bytes
MD5:	30305b17e5ea45e503d23f0e0a615b39
SHA1:	5e31dcfac8b74ef8c608a347be20b13ed41febb8
SHA256:	81553028bf92457d74960902e03f628f2c8719fe0e8e30706fc4ab2d522090d0
SHA512:	f00237ef96f5ae654c54d11fdb24ce73c75b0aa63eebd9f3c688a79ae0667890f24ccd0e96a74fff7d637bb2c8193ca8c0dd931cc4ada2c38f1eb661eaef1617
SSDEEP:	786432:FPueeTAD8q2NUXy8M2UJyETyFOnDvhPvmQQstdPS:Ix0F2NizayEyUnDvh2QQN
TLSH:	006733487BCC24FFAB5091A952C9C7F47192B483729C570AC6ADC7A817FFC5BCA04929
File Content Preview:	PK........`A.X.........x......SISTEMA_2_1_1_Build2.exe.\.\|.........%w...Q.......`L..`..A~....B.!I/{......l......?........UD.^8L......J.Z7.jZ(...~...]....?.....7o...f...=.-..VA.D.-.. ..._.0J....A...Rn}6.OcvY..iLSSQEe]Zm.fM.t]..`....?-..N.V...i.*..&%;....O.

File Icon


Icon Hash:	1c1c1e4e4ececedc

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 11, 2024 11:52:13.421401978 CEST	49710	443	192.168.2.16	185.103.232.54
Sep 11, 2024 11:52:13.421448946 CEST	443	49710	185.103.232.54	192.168.2.16
Sep 11, 2024 11:52:13.421529055 CEST	49710	443	192.168.2.16	185.103.232.54
Sep 11, 2024 11:52:13.422228098 CEST	49710	443	192.168.2.16	185.103.232.54
Sep 11, 2024 11:52:13.422251940 CEST	443	49710	185.103.232.54	192.168.2.16
Sep 11, 2024 11:52:13.724936008 CEST	49711	443	192.168.2.16	185.103.232.54
Sep 11, 2024 11:52:13.724987984 CEST	443	49711	185.103.232.54	192.168.2.16
Sep 11, 2024 11:52:13.725106001 CEST	49711	443	192.168.2.16	185.103.232.54
Sep 11, 2024 11:52:13.725883961 CEST	49711	443	192.168.2.16	185.103.232.54
Sep 11, 2024 11:52:13.725898027 CEST	443	49711	185.103.232.54	192.168.2.16
Sep 11, 2024 11:52:14.308794975 CEST	443	49710	185.103.232.54	192.168.2.16
Sep 11, 2024 11:52:14.308868885 CEST	49710	443	192.168.2.16	185.103.232.54
Sep 11, 2024 11:52:14.312887907 CEST	49710	443	192.168.2.16	185.103.232.54
Sep 11, 2024 11:52:14.312899113 CEST	443	49710	185.103.232.54	192.168.2.16
Sep 11, 2024 11:52:14.313242912 CEST	443	49710	185.103.232.54	192.168.2.16
Sep 11, 2024 11:52:14.316272020 CEST	49710	443	192.168.2.16	185.103.232.54
Sep 11, 2024 11:52:14.363403082 CEST	443	49710	185.103.232.54	192.168.2.16
Sep 11, 2024 11:52:14.661931992 CEST	443	49710	185.103.232.54	192.168.2.16
Sep 11, 2024 11:52:14.662234068 CEST	443	49710	185.103.232.54	192.168.2.16
Sep 11, 2024 11:52:14.662302971 CEST	49710	443	192.168.2.16	185.103.232.54
Sep 11, 2024 11:52:14.670058012 CEST	49710	443	192.168.2.16	185.103.232.54
Sep 11, 2024 11:52:14.670082092 CEST	443	49710	185.103.232.54	192.168.2.16
Sep 11, 2024 11:52:14.670205116 CEST	443	49711	185.103.232.54	192.168.2.16
Sep 11, 2024 11:52:14.670280933 CEST	49711	443	192.168.2.16	185.103.232.54
Sep 11, 2024 11:52:14.674014091 CEST	49711	443	192.168.2.16	185.103.232.54
Sep 11, 2024 11:52:14.674026966 CEST	443	49711	185.103.232.54	192.168.2.16
Sep 11, 2024 11:52:14.674293041 CEST	443	49711	185.103.232.54	192.168.2.16
Sep 11, 2024 11:52:14.674597025 CEST	49711	443	192.168.2.16	185.103.232.54
Sep 11, 2024 11:52:14.719412088 CEST	443	49711	185.103.232.54	192.168.2.16
Sep 11, 2024 11:52:15.030052900 CEST	443	49711	185.103.232.54	192.168.2.16
Sep 11, 2024 11:52:15.030534983 CEST	443	49711	185.103.232.54	192.168.2.16
Sep 11, 2024 11:52:15.030587912 CEST	49711	443	192.168.2.16	185.103.232.54
Sep 11, 2024 11:52:15.038719893 CEST	49711	443	192.168.2.16	185.103.232.54
Sep 11, 2024 11:52:15.038742065 CEST	443	49711	185.103.232.54	192.168.2.16

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 11, 2024 11:52:13.350894928 CEST	51654	53	192.168.2.16	1.1.1.1
Sep 11, 2024 11:52:13.388598919 CEST	53	51654	1.1.1.1	192.168.2.16

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Sep 11, 2024 11:52:13.350894928 CEST	192.168.2.16	1.1.1.1	0xa83	Standard query (0)	sistema-anfrage.ifa.dguv.de	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Sep 11, 2024 11:52:13.388598919 CEST	1.1.1.1	192.168.2.16	0xa83	No error (0)	sistema-anfrage.ifa.dguv.de		185.103.232.54	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

sistema-anfrage.ifa.dguv.de

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.16	49710	185.103.232.54	443	6724	C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-11 09:52:14 UTC	190	OUT	GET /?v=2.1.1&b=2 HTTP/1.1 Host: sistema-anfrage.ifa.dguv.de Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 User-Agent: Mozilla/3.0 (compatible; Indy Library)
2024-09-11 09:52:14 UTC	280	IN	HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Expires: Wed, 11 Sep 2024 09:51:14 GMT Server: Microsoft-IIS/10.0 X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET Date: Wed, 11 Sep 2024 09:52:14 GMT Connection: close Content-Length: 737
2024-09-11 09:52:14 UTC	737	IN	Data Raw: 7b 22 43 6f 6e 74 30 22 3a 20 5b 22 32 2e 31 2e 30 22 2c 22 31 22 2c 22 45 6e 74 68 c3 a4 6c 74 20 46 65 68 6c 65 72 2c 20 77 75 72 64 65 20 7a 75 72 c3 bc 63 6b 67 65 72 75 66 65 6e 7c 43 6f 6e 74 61 69 6e 73 20 65 72 72 6f 72 73 2c 20 68 61 73 20 62 65 65 6e 20 72 65 63 61 6c 6c 65 64 22 2c 22 32 20 22 2c 22 36 22 5d 2c 22 43 6f 6e 74 31 22 3a 20 5b 22 32 2e 31 2e 30 22 2c 22 32 22 2c 22 45 6e 74 68 c3 a4 6c 74 20 46 65 68 6c 65 72 2c 20 55 70 64 61 74 65 20 76 65 72 66 c3 bc 67 62 61 72 7c 43 6f 6e 74 61 69 6e 73 20 65 72 72 6f 72 73 2c 20 75 70 64 61 74 65 20 61 76 61 69 6c 61 62 6c 65 22 2c 22 31 20 22 2c 22 31 39 22 5d 2c 22 43 6f 6e 74 32 22 3a 20 5b 22 32 2e 31 2e 30 22 2c 22 33 22 2c 22 45 6e 74 68 c3 a4 6c 74 20 46 65 68 6c 65 72 2c 20 55 70 64 Data Ascii: {"Cont0": ["2.1.0","1","Enthlt Fehler, wurde zurckgerufen\|Contains errors, has been recalled","2 ","6"],"Cont1": ["2.1.0","2","Enthlt Fehler, Update verfgbar\|Contains errors, update available","1 ","19"],"Cont2": ["2.1.0","3","Enthlt Fehler, Upd

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.16	49711	185.103.232.54	443	7084	C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-11 09:52:14 UTC	190	OUT	GET /?v=2.1.1&b=2 HTTP/1.1 Host: sistema-anfrage.ifa.dguv.de Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 User-Agent: Mozilla/3.0 (compatible; Indy Library)
2024-09-11 09:52:15 UTC	280	IN	HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Expires: Wed, 11 Sep 2024 09:51:14 GMT Server: Microsoft-IIS/10.0 X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET Date: Wed, 11 Sep 2024 09:52:14 GMT Connection: close Content-Length: 737
2024-09-11 09:52:15 UTC	737	IN	Data Raw: 7b 22 43 6f 6e 74 30 22 3a 20 5b 22 32 2e 31 2e 30 22 2c 22 31 22 2c 22 45 6e 74 68 c3 a4 6c 74 20 46 65 68 6c 65 72 2c 20 77 75 72 64 65 20 7a 75 72 c3 bc 63 6b 67 65 72 75 66 65 6e 7c 43 6f 6e 74 61 69 6e 73 20 65 72 72 6f 72 73 2c 20 68 61 73 20 62 65 65 6e 20 72 65 63 61 6c 6c 65 64 22 2c 22 32 20 22 2c 22 36 22 5d 2c 22 43 6f 6e 74 31 22 3a 20 5b 22 32 2e 31 2e 30 22 2c 22 32 22 2c 22 45 6e 74 68 c3 a4 6c 74 20 46 65 68 6c 65 72 2c 20 55 70 64 61 74 65 20 76 65 72 66 c3 bc 67 62 61 72 7c 43 6f 6e 74 61 69 6e 73 20 65 72 72 6f 72 73 2c 20 75 70 64 61 74 65 20 61 76 61 69 6c 61 62 6c 65 22 2c 22 31 20 22 2c 22 31 39 22 5d 2c 22 43 6f 6e 74 32 22 3a 20 5b 22 32 2e 31 2e 30 22 2c 22 33 22 2c 22 45 6e 74 68 c3 a4 6c 74 20 46 65 68 6c 65 72 2c 20 55 70 64 Data Ascii: {"Cont0": ["2.1.0","1","Enthlt Fehler, wurde zurckgerufen\|Contains errors, has been recalled","2 ","6"],"Cont1": ["2.1.0","2","Enthlt Fehler, Update verfgbar\|Contains errors, update available","1 ","19"],"Cont2": ["2.1.0","3","Enthlt Fehler, Upd

Target ID:	0
Start time:	05:50:47
Start date:	11/09/2024
Path:	C:\Windows\System32\rundll32.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Imagebase:	0x7ff613600000
File size:	71'680 bytes
MD5 hash:	EF3179D498793BF4234F708D3BE28633
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	05:51:11
Start date:	11/09/2024
Path:	C:\Users\user\Desktop\sistema_2_1_1_build2\SISTEMA_2_1_1_Build2.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\sistema_2_1_1_build2\SISTEMA_2_1_1_Build2.exe"
Imagebase:	0x400000
File size:	30'636'209 bytes
MD5 hash:	2B4060A1BE4AC1AA9C99F0B0FEAA23FA
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	Borland Delphi
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	12
Start time:	05:51:11
Start date:	11/09/2024
Path:	C:\Users\user\AppData\Local\Temp\is-0GTQV.tmp\SISTEMA_2_1_1_Build2.tmp
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\is-0GTQV.tmp\SISTEMA_2_1_1_Build2.tmp" /SL5="$203B8,29753000,779776,C:\Users\user\Desktop\sistema_2_1_1_build2\SISTEMA_2_1_1_Build2.exe"
Imagebase:	0x400000
File size:	3'116'032 bytes
MD5 hash:	38A0CE4967C1A254DDB91920046DDE5B
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	Borland Delphi
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	15
Start time:	05:51:12
Start date:	11/09/2024
Path:	C:\Users\user\Desktop\sistema_2_1_1_build2\SISTEMA_2_1_1_Build2.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\sistema_2_1_1_build2\SISTEMA_2_1_1_Build2.exe" /SPAWNWND=$1044E /NOTIFYWND=$203B8
Imagebase:	0x400000
File size:	30'636'209 bytes
MD5 hash:	2B4060A1BE4AC1AA9C99F0B0FEAA23FA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Borland Delphi
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	16
Start time:	05:51:12
Start date:	11/09/2024
Path:	C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\is-CT0T4.tmp\SISTEMA_2_1_1_Build2.tmp" /SL5="$20450,29753000,779776,C:\Users\user\Desktop\sistema_2_1_1_build2\SISTEMA_2_1_1_Build2.exe" /SPAWNWND=$1044E /NOTIFYWND=$203B8
Imagebase:	0x400000
File size:	3'116'032 bytes
MD5 hash:	38A0CE4967C1A254DDB91920046DDE5B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Borland Delphi
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	18
Start time:	05:51:42
Start date:	11/09/2024
Path:	C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\SISTEMA 2.1.1\SISTEMA.exe"
Imagebase:	0x5a0000
File size:	22'726'656 bytes
MD5 hash:	9539E734CC3C8A2A935ACFD28CC08B31
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	Borland Delphi
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	19
Start time:	05:51:44
Start date:	11/09/2024
Path:	C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe" NOPOPUP
Imagebase:	0x970000
File size:	23'539'712 bytes
MD5 hash:	8571B58DF1EC066D088F17BABBC2A009
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	Borland Delphi
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	22
Start time:	05:52:09
Start date:	11/09/2024
Path:	C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe" -v:2.1.1 -b:2 -l:de -i -t -u -w:500 -h:500
Imagebase:	0x930000
File size:	6'236'160 bytes
MD5 hash:	ABF7C0D74DFCD9C378A5F27FD20B18BD
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	Borland Delphi
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	23
Start time:	05:52:11
Start date:	11/09/2024
Path:	C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe" -v:2.1.1 -b:2 -l:de -i -t -e -w:700 -h:500
Imagebase:	0x930000
File size:	6'236'160 bytes
MD5 hash:	ABF7C0D74DFCD9C378A5F27FD20B18BD
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	Borland Delphi
Reputation:	low
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	1.6%
Dynamic/Decrypted Code Coverage:	6.9%
Signature Coverage:	0.9%
Total number of Nodes:	788
Total number of Limit Nodes:	68

Executed Functions

Function 05D1BBB0 Relevance: 1.5, APIs: 1, Instructions: 7COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(00001000), ref: 05D1BBB7

Memory Dump Source

Source File: 00000012.00000002.2432177447.0000000005D01000.00000020.00000001.01000000.0000001D.sdmp, Offset: 05D00000, based on PE: true

Associated: 00000012.00000002.2432135585.0000000005D00000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2432748975.0000000005D2D000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2434993691.0000000005DDB000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2435043213.0000000005DDD000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5d00000_SISTEMA.jbxd

Similarity

API ID: InfoSystem
String ID:
API String ID: 31276548-0
Opcode ID: 3774b6fcca94c2c0ac5c5b97be123096da0f5d508a327107bd2cfb422f9e143b
Instruction ID: 2319298a0b4ac30be8fc3a4978dc8163696f25d008c341cf8a559d4dea3b2bdc
Opcode Fuzzy Hash: 3774b6fcca94c2c0ac5c5b97be123096da0f5d508a327107bd2cfb422f9e143b
Instruction Fuzzy Hash: 57B092B48082009BC618FB5AC58A80A7BE8AB48200F800825F89EC2300E638D5ECCB46

Function 100749B0 Relevance: 130.0, APIs: 62, Strings: 12, Instructions: 528
filesynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 1004EB10: gds__prefix_lock.FBCLIENT25(0bru,102559A8,00000000,10074A19,?,?,00000001,00000000,00000000,75726230,00000000), ref: 1004EB1B

CreateFileA.KERNEL32(?,C0000000,00000003,00000000,00000004,00000080,00000000), ref: 10074A68
GetLastError.KERNEL32(?,?,?,?,?,00000000,75726230,00000000), ref: 10074A76

Part of subcall function 10035D20: SleepEx.KERNEL32(?,00000000,10074A4B,0000000A), ref: 10035D27

Part of subcall function 10074700: _snprintf.MSVCR80 ref: 10074726
Part of subcall function 10074700: _strlwr.MSVCR80 ref: 1007479D

CreateEventA.KERNEL32(00000000,00000001,00000000,?), ref: 10074ADE
GetLastError.KERNEL32 ref: 10074AEA
SetHandleInformation.KERNEL32(00000000,00000001,00000000), ref: 10074B14
GetFileSize.KERNEL32(00000000,00000000), ref: 10074B27
CloseHandle.KERNEL32(00000000), ref: 10074B3E
WaitForSingleObject.KERNEL32(?,00002710), ref: 10074B51
CloseHandle.KERNEL32(?), ref: 10074B5F
CreateFileA.KERNEL32(?,C0000000,00000003,00000000,00000004,00000080,00000000), ref: 10074BB7
GetLastError.KERNEL32 ref: 10074BC4
CloseHandle.KERNEL32(?), ref: 10074BED
GetLastError.KERNEL32 ref: 10074BFB
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002), ref: 10074C0B
CloseHandle.KERNEL32(?), ref: 10074C1A
CloseHandle.KERNEL32(00000000), ref: 10074C1D
CreateFileMappingA.KERNEL32(000000FF,00000000,00000004,00000000,00000008,?), ref: 10074C5A
GetLastError.KERNEL32 ref: 10074C79
CloseHandle.KERNEL32(00000000), ref: 10074C87
CloseHandle.KERNEL32(?), ref: 10074C8E
CloseHandle.KERNEL32(00000000), ref: 10074C91
GetLastError.KERNEL32(?,?,00000000,75726230,00000000), ref: 10074C98
CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,75726230,00000000), ref: 10074CAD
CloseHandle.KERNEL32(00000000), ref: 10074CBF
CloseHandle.KERNEL32(00000000), ref: 10074CC2
GetLastError.KERNEL32 ref: 10074CF8
CloseHandle.KERNEL32(?,?,?,?,?,?,?,00000000,75726230,00000000), ref: 10074D11
CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,00000000,75726230,00000000), ref: 10074D14

Strings

_mapping, xrefs: 10074C28
CreateFileMapping, xrefs: 10074DA8, 10074ED7
WaitForSingleObject, xrefs: 10074B72
SetFilePointer, xrefs: 10075018
CreateEvent, xrefs: 10074CB7
shmem_data->sh_mem_length_mapped is 0, xrefs: 10074F5F
CreateFile, xrefs: 10074A87, 10074D79
MapViewOfFile, xrefs: 10074DF5, 10074F34
_event, xrefs: 10074AA4
make_object_name, xrefs: 10074C9B, 10074D97, 10074E78
GetFileSize, xrefs: 10074CFB
_mapping_%lu, xrefs: 10074E40

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: Handle$Close$ErrorLast$File$Create$EventInformationMappingObjectPointerSingleSizeSleepWait_snprintf_strlwrgds__prefix_lock
String ID: CreateEvent$CreateFile$CreateFileMapping$GetFileSize$MapViewOfFile$SetFilePointer$WaitForSingleObject$_event$_mapping$_mapping_%lu$make_object_name$shmem_data->sh_mem_length_mapped is 0
API String ID: 206094198-609291605
Opcode ID: 341edcf4e51ac2fa7983af7185c3e704f0c2aef8f57fe028627cc64a82262eb4
Instruction ID: e62e0b8b793944b7384fe634b5a2e0600b19f9b76dfafaaf1783eaff692df204
Opcode Fuzzy Hash: 341edcf4e51ac2fa7983af7185c3e704f0c2aef8f57fe028627cc64a82262eb4
Instruction Fuzzy Hash: 3702C471608341AFD360DB60CC89B5FB7E4EB89744F11890DF68997291DF78E844CBAA

Function 1002D260 Relevance: 50.9, APIs: 19, Strings: 10, Instructions: 148
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetVersion.KERNEL32(94BA138F,102559A8,1038FB40,?,?,00000080,1038FB40,00000000,00000080,94BA138F), ref: 1002D287
LoadLibraryA.KERNEL32(advapi32.dll,?,00000080,1038FB40,00000000,00000080,94BA138F,?,?,?,?,?,?,?,10230B60,000000FF), ref: 1002D2BF
GetLastError.KERNEL32 ref: 1002D2D7
gds__log.FBCLIENT25(LoadLibrary failed for advapi32.dll. Error code: %lu,00000000), ref: 1002D2E3

Part of subcall function 1002C9E0: lstrcmpA.KERNEL32(94BA138F,?,94BA138F), ref: 1002CAAC
Part of subcall function 1002C9E0: lstrlenA.KERNEL32(94BA138F), ref: 1002CAB3

Strings

Terminal Server, xrefs: 1002D299
LoadLibrary failed for advapi32.dll. Error code: %lu, xrefs: 1002D2DE
OpenProcessToken failed. Error code: %lu, xrefs: 1002D347
LookupPrivilegeValueA, xrefs: 1002D2FE
advapi32.dll, xrefs: 1002D2BA
PrivilegeCheck failed. Error code: %lu, xrefs: 1002D3D5
PrivilegeCheck, xrefs: 1002D308
OpenProcessToken, xrefs: 1002D2F6
Cannot access privilege management API, xrefs: 1002D404
SeCreateGlobalPrivilege, xrefs: 1002D360

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: ErrorLastLibraryLoadVersiongds__loglstrcmplstrlen
String ID: Cannot access privilege management API$LoadLibrary failed for advapi32.dll. Error code: %lu$LookupPrivilegeValueA$OpenProcessToken$OpenProcessToken failed. Error code: %lu$PrivilegeCheck$PrivilegeCheck failed. Error code: %lu$SeCreateGlobalPrivilege$Terminal Server$advapi32.dll
API String ID: 924167468-945566528
Opcode ID: 5711a849946bb09d3f18ef2eb5359f4f557aa15f69ad88d573d0f4658576081a
Instruction ID: 9bd9f9d8d8b79596aca6d6a1508108fdf9ade0fb26817bdda4be7b04c1c9de01
Opcode Fuzzy Hash: 5711a849946bb09d3f18ef2eb5359f4f557aa15f69ad88d573d0f4658576081a
Instruction Fuzzy Hash: F3412A725083019FC344EF75EC88BDBB7E8EF89255F90052EF905D2240EB75E9048B66

Function 1003D7B0 Relevance: 35.3, APIs: 10, Strings: 10, Instructions: 299
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

memcpy.MSVCR80(00000000,00000000,-00000001,-00000001,94BA138F), ref: 1003D84C
memcpy.MSVCR80(00000000,c:\Program Files\Firebird\,c:\Program Files\Firebird\,c:\Program Files\Firebird\), ref: 1003D894
memcpy.MSVCR80(C:\Program Files (x86)\SISTEMA 2.1.1\,?,00000103), ref: 1003D8E3
GetTempPathA.KERNEL32(00000104,C:\Users\user\AppData\Local\Temp\), ref: 1003D941
memcpy.MSVCR80(C:\Users\user\AppData\Local\Temp\,?,00000103,00000008), ref: 1003D9AB

Strings

c:\Program Files\Firebird\, xrefs: 1003D86C, 1003D881, 1003D88D, 1003D88E
C:\Program Files (x86)\SISTEMA 2.1.1\, xrefs: 1003D8DE, 1003D8EF
FIREBIRD_LOCK, xrefs: 1003D9D7
C:\Users\user\AppData\Local\Temp\, xrefs: 1003D937, 1003D952, 1003D9A6
FIREBIRD_TMP, xrefs: 1003D922
FIREBIRD_MSG, xrefs: 1003DAF2
C:\Program Files (x86)\SISTEMA 2.1.1\, xrefs: 1003DB3C, 1003DB55
c:\temp\, xrefs: 1003D97B
C:\ProgramData\firebird, xrefs: 1003DAB5, 1003DAC6
firebird, xrefs: 1003DA06

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: memcpy$PathTemp
String ID: C:\Program Files (x86)\SISTEMA 2.1.1\$C:\Program Files (x86)\SISTEMA 2.1.1\$C:\ProgramData\firebird$C:\Users\user\AppData\Local\Temp\$FIREBIRD_LOCK$FIREBIRD_MSG$FIREBIRD_TMP$c:\Program Files\Firebird\$c:\temp\$firebird
API String ID: 2547961022-3868685652
Opcode ID: 9829e732f8906af5971ee4fcfc8254f31d319bcf8e9d68a5efdaff34ac3b87e5
Instruction ID: 61fa732f466170ae1f6156db0c28101ea166986c66add448e7d54ef296f86788
Opcode Fuzzy Hash: 9829e732f8906af5971ee4fcfc8254f31d319bcf8e9d68a5efdaff34ac3b87e5
Instruction Fuzzy Hash: 6FB1E575900288AFDF20DF64EC41FEE77A8EF15304F45815AFC499B241EB34AA48C7A2

Function 100572B0 Relevance: 30.1, APIs: 9, Strings: 8, Instructions: 301
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_open.MSVCR80 ref: 10057408

Part of subcall function 1004EB10: gds__prefix_lock.FBCLIENT25(0bru,102559A8,00000000,10074A19,?,?,00000001,00000000,00000000,75726230,00000000), ref: 1004EB1B

memcpy.MSVCR80(?,?,00000103,fb_trace_,?,?,00000000,00000000,00000000), ref: 100573C3
fseek.MSVCR80 ref: 100575BD
ftell.MSVCR80 ref: 100575C3
fseek.MSVCR80 ref: 100575D7
fread.MSVCR80 ref: 100575EF
fopen.MSVCR80 ref: 10057574

Part of subcall function 10056450: _errno.MSVCR80 ref: 1005647D
Part of subcall function 10056450: _errno.MSVCR80 ref: 10056488
Part of subcall function 10056450: strerror.MSVCR80 ref: 1005648D

gds__log.FBCLIENT25(Audit configuration file "%s" is empty,?), ref: 10057627
fclose.MSVCR80 ref: 100576BC

Strings

fread, xrefs: 10057607
fopen, xrefs: 10057591
open, xrefs: 10057425
Firebird::string - pos out of range, xrefs: 10057489
fb_trace_, xrefs: 1005734D
Audit configuration file "%s" is empty, xrefs: 10057622
Firebird Audit, xrefs: 1005763C
SYSDBA, xrefs: 1005762F

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: _errnofseek$_openfclosefopenfreadftellgds__loggds__prefix_lockmemcpystrerror
String ID: Audit configuration file "%s" is empty$Firebird Audit$Firebird::string - pos out of range$SYSDBA$fb_trace_$fopen$fread$open
API String ID: 2407999650-4211843549
Opcode ID: 92d7b2c49beddb202a3e05b3b1af043a83c5cc945cc723c25a8b63c8328fad9c
Instruction ID: e266ebf7c3dd63ed79b325aa80ea3df865c6b833cbce2e09729207a8855f32db
Opcode Fuzzy Hash: 92d7b2c49beddb202a3e05b3b1af043a83c5cc945cc723c25a8b63c8328fad9c
Instruction Fuzzy Hash: 1AB1D3B5900189ABDB21DF64EC46FDE37A8EF05344F504528FD0D9B282EB716B48CBA1

Function 10073700 Relevance: 30.0, APIs: 12, Strings: 5, Instructions: 241
memorystringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

strchr.MSVCR80 ref: 1007376F
GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 100737B8
GetNamedSecurityInfoA.ADVAPI32(?,00000001,00000004,00000000,00000000,?,00000000), ref: 10073803
AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000221,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 1007384A
AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 10073874
memset.MSVCR80 ref: 1007388E
SetEntriesInAclA.ADVAPI32(00000002,?,?,?), ref: 100738D7
SetNamedSecurityInfoA.ADVAPI32(?,00000001,00000004,00000000,00000000,?,00000000), ref: 100738FC

Part of subcall function 1002B1F0: GetLastError.KERNEL32 ref: 1002B1F3
Part of subcall function 1002B1F0: _CxxThrowException.MSVCR80(00000000,102B3F80), ref: 1002B211

FreeSid.ADVAPI32(?), ref: 10073984
FreeSid.ADVAPI32(?), ref: 10073992
LocalFree.KERNEL32(?), ref: 100739A0
LocalFree.KERNEL32(?), ref: 100739AE

Strings

GetVolumeInformation, xrefs: 100737C2
AllocateAndInitializeSid, xrefs: 10073850, 1007387A
GetNamedSecurityInfo, xrefs: 1007380D
SetNamedSecurityInfo, xrefs: 10073906
SetEntriesInAcl, xrefs: 100738E1

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: Free$AllocateInfoInitializeLocalNamedSecurity$EntriesErrorExceptionInformationLastThrowVolumememsetstrchr
String ID: AllocateAndInitializeSid$GetNamedSecurityInfo$GetVolumeInformation$SetEntriesInAcl$SetNamedSecurityInfo
API String ID: 1603834543-3179056192
Opcode ID: a01c5e723518cb94902a92ad50148120970fbd4416550c3e2bfa34c05108bcc0
Instruction ID: 2061116f95b0a1ddea365e3772c6419b2085f9c6424954d3a4523fb83433611c
Opcode Fuzzy Hash: a01c5e723518cb94902a92ad50148120970fbd4416550c3e2bfa34c05108bcc0
Instruction Fuzzy Hash: 38818EF190024CAFEB00CFA8DC89AEEBBB9EB14344F508529FA09D7241D774AD44CB65

Function 10057700 Relevance: 29.9, APIs: 9, Strings: 8, Instructions: 194
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateSemaphoreA.KERNEL32 ref: 1005777A
CreateSemaphoreA.KERNEL32(00000000,00000000,7FFFFFFF,00000000), ref: 100577A2
CreateSemaphoreA.KERNEL32(00000000,00000000,7FFFFFFF,00000000), ref: 100577DE
InterlockedIncrement.KERNEL32(-00000004), ref: 10057819
GetModuleHandleA.KERNEL32(kernel32.dll), ref: 10057862
GetProcAddress.KERNEL32(00000000,ProcessIdToSessionId), ref: 1005786E
GetCurrentProcessId.KERNEL32(94BA138F), ref: 10057888

Part of subcall function 1002B330: GetLastError.KERNEL32(1002ECEF,00000001,?,10233AE0,10045CBE,14000004,94BA138F,?,?,?,00000100,10254A18), ref: 1002B333
Part of subcall function 1002B330: _CxxThrowException.MSVCR80(00000000,102B4004), ref: 1002B351

Part of subcall function 100562F0: GetCurrentThreadId.KERNEL32 ref: 100562F4

Part of subcall function 100572B0: memcpy.MSVCR80(?,?,00000103,fb_trace_,?,?,00000000,00000000,00000000), ref: 100573C3

gds__thread_start.FBCLIENT25(10056B70,00000000,00000003,00000000,00000000), ref: 10057947
gds__log.FBCLIENT25(Trace facility: can't start touch thread), ref: 10057955

Part of subcall function 1003AC40: _time64.MSVCR80 ref: 1003AC7B
Part of subcall function 1003AC40: WaitForSingleObject.KERNEL32 ref: 1003ACB1
Part of subcall function 1003AC40: fopen.MSVCR80 ref: 1003ACC1
Part of subcall function 1003AC40: _ctime64.MSVCR80 ref: 1003ACD5
Part of subcall function 1003AC40: fprintf.MSVCR80 ref: 1003AD03
Part of subcall function 1003AC40: vfprintf.MSVCR80 ref: 1003AD16
Part of subcall function 1003AC40: fprintf.MSVCR80 ref: 1003AD22
Part of subcall function 1003AC40: fclose.MSVCR80 ref: 1003AD25
Part of subcall function 1003AC40: ReleaseMutex.KERNEL32(00000388,00000388,000000FF), ref: 1003AD35

Strings

Trace facility: can't start touch thread, xrefs: 10057950
ConfigStorage: Cannot initialize the shared memory region, xrefs: 100578F7
%s.%u, xrefs: 100578A7
CreateSemaphore, xrefs: 10057786, 100577AE, 100577E7
kernel32.dll, xrefs: 10057851
ProcessIdToSessionId, xrefs: 10057868
fb_trace, xrefs: 1005789E, 100578BB
, xrefs: 10057843

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: CreateSemaphore$Currentfprintf$AddressErrorExceptionHandleIncrementInterlockedLastModuleMutexObjectProcProcessReleaseSingleThreadThrowWait_ctime64_time64fclosefopengds__loggds__thread_startmemcpyvfprintf
String ID: $%s.%u$ConfigStorage: Cannot initialize the shared memory region$CreateSemaphore$ProcessIdToSessionId$Trace facility: can't start touch thread$fb_trace$kernel32.dll
API String ID: 2943756015-3804924534
Opcode ID: 63464205c63322189c6821290d7e913231b46190990abd9d09223736997c057a
Instruction ID: 026d8178c464372dd2d3d6fc90e9ab6ed54ddc90e8597b2122255042003e9daf
Opcode Fuzzy Hash: 63464205c63322189c6821290d7e913231b46190990abd9d09223736997c057a
Instruction Fuzzy Hash: CB61B1B1604740AFD321DF34AC85B9BB7E8FB4A354F50092DF59D87242DB30A848CBA2

Function 1003D8C2 Relevance: 28.2, APIs: 7, Strings: 9, Instructions: 219
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

memcpy.MSVCR80(C:\Program Files (x86)\SISTEMA 2.1.1\,?,00000103), ref: 1003D8E3
GetTempPathA.KERNEL32(00000104,C:\Users\user\AppData\Local\Temp\), ref: 1003D941
memcpy.MSVCR80(C:\Users\user\AppData\Local\Temp\,?,00000103,00000008), ref: 1003D9AB
SHGetSpecialFolderPathA.SHELL32(00000000,?,00000023,00000001,?,?,?,?,00000008), ref: 1003D9FC

Part of subcall function 1002BED0: memcpy.MSVCR80(00000000,?,?,?,94BA138F,94BA138F,?,00000000), ref: 1002BF2A

memcpy.MSVCR80(C:\ProgramData\firebird,?,00000103,?,?,?,?,00000008), ref: 1003DABA
memcpy.MSVCR80(00000000,?,?,?,?,?,?,?,?,?,?,?,?,00000008), ref: 1003DB20
memcpy.MSVCR80(C:\Program Files (x86)\SISTEMA 2.1.1\,?,00000103,?,?,?,?,?,?,?,?,?,00000008), ref: 1003DB41

Strings

C:\Program Files (x86)\SISTEMA 2.1.1\, xrefs: 1003D8DE, 1003D8EF
C:\Users\user\AppData\Local\Temp\, xrefs: 1003D937, 1003D952, 1003D9A6
FIREBIRD_LOCK, xrefs: 1003D9D7
FIREBIRD_TMP, xrefs: 1003D922
FIREBIRD_MSG, xrefs: 1003DAF2
C:\Program Files (x86)\SISTEMA 2.1.1\, xrefs: 1003DB3C, 1003DB55
c:\temp\, xrefs: 1003D97B
firebird, xrefs: 1003DA06
C:\ProgramData\firebird, xrefs: 1003DAB5, 1003DAC6

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: memcpy$Path$FolderSpecialTemp
String ID: C:\Program Files (x86)\SISTEMA 2.1.1\$C:\Program Files (x86)\SISTEMA 2.1.1\$C:\ProgramData\firebird$C:\Users\user\AppData\Local\Temp\$FIREBIRD_LOCK$FIREBIRD_MSG$FIREBIRD_TMP$c:\temp\$firebird
API String ID: 3626498042-4238386715
Opcode ID: 7820e3b4d7acb56cf637c046fc111d58c390b6ae122c0871aa155dbafeef270e
Instruction ID: c5142975571e93e459ce90209a73d800d38e16f385d2d95fed64c3c8f361589c
Opcode Fuzzy Hash: 7820e3b4d7acb56cf637c046fc111d58c390b6ae122c0871aa155dbafeef270e
Instruction Fuzzy Hash: 7E81F575900288AFDF10DF54EC41FEE77A9EF15304F45416AFD499B242EB34AA48C7A2

Function 10050190 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 187
sharestringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

strchr.MSVCR80 ref: 100501DF
GetDriveTypeA.KERNEL32 ref: 10050243
WNetOpenEnumA.MPR(00000001,00000001,00000000,00000000,?), ref: 1005027E
gds__alloc.FBCLIENT25(?), ref: 10050290
WNetEnumResourceA.MPR(?,?,00000000,?), ref: 100502AF
gds__free.FBCLIENT25(00000000,?), ref: 100502BC
gds__alloc.FBCLIENT25(?,?), ref: 100502C6
WNetEnumResourceA.MPR(?,?,00000000,?), ref: 100502E5
WNetCloseEnum.MPR(?), ref: 10050338
WNetGetUniversalNameA.MPR(?,00000002,00000000,?), ref: 1005035B
gds__free.FBCLIENT25(00000000,?), ref: 10050368
gds__alloc.FBCLIENT25(?,?), ref: 10050372
WNetGetUniversalNameA.MPR(?,00000002,00000000,?), ref: 1005038A
gds__free.FBCLIENT25(00000000,?), ref: 1005039F

Strings

Firebird::string - pos out of range, xrefs: 10050302

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: Enum$gds__allocgds__free$NameResourceUniversal$CloseDriveOpenTypestrchr
String ID: Firebird::string - pos out of range
API String ID: 3311379599-2821963893
Opcode ID: 2001c1f1148125443272e3a2048565b1286942f45c606935ad3b89ad6be0a546
Instruction ID: 2c3eebd8bfb9ccd4205f363999288bcbba777d646f398849633f614af661f098
Opcode Fuzzy Hash: 2001c1f1148125443272e3a2048565b1286942f45c606935ad3b89ad6be0a546
Instruction Fuzzy Hash: 1651BF756083419FD710DB64C885E6FB3E9EBC9B44F00891CF58587241EB74E948CB63

Function 1004E550 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 158
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcessId.KERNEL32(00000000,1039052C,75732E90,00000000), ref: 1004E579
OpenProcess.KERNEL32(00060000,00000000,00000000), ref: 1004E586
GetSecurityInfo.ADVAPI32(00000000,00000006,00000004,00000000,00000000,?,00000000,?), ref: 1004E5B1
CloseHandle.KERNEL32(00000000), ref: 1004E5CC

Part of subcall function 1002B2C0: _CxxThrowException.MSVCR80(?,102B4004), ref: 1002B2E0

AllocateAndInitializeSid.ADVAPI32 ref: 1004E61B
SetEntriesInAclA.ADVAPI32(00000001,?,00000000,00000000), ref: 1004E680
SetSecurityInfo.ADVAPI32(00000000,00000006,00000004,00000000,00000000,00000000,00000000), ref: 1004E693
FreeSid.ADVAPI32(00000000), ref: 1004E6A2
LocalFree.KERNEL32(00000000), ref: 1004E6B1
CloseHandle.KERNEL32(00000000), ref: 1004E6B8
LocalFree.KERNEL32(?), ref: 1004E6C7
InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,00000014), ref: 1004E6F0
SetSecurityDescriptorDacl.ADVAPI32(00000000,00000001,00000000,00000000), ref: 1004E6FF

Part of subcall function 1002B330: GetLastError.KERNEL32(1002ECEF,00000001,?,10233AE0,10045CBE,14000004,94BA138F,?,?,?,00000100,10254A18), ref: 1002B333
Part of subcall function 1002B330: _CxxThrowException.MSVCR80(00000000,102B4004), ref: 1002B351

Strings

GetSecurityInfo, xrefs: 1004E5D3
OpenProcess, xrefs: 1004E592

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: Security$Free$CloseDescriptorExceptionHandleInfoInitializeLocalProcessThrow$AllocateCurrentDaclEntriesErrorLastOpen
String ID: GetSecurityInfo$OpenProcess
API String ID: 480098664-3733929587
Opcode ID: a81be10f6d32beb27305de6cbdd89f64178f122659e53aeae89f08c219d6a5d2
Instruction ID: b470ffb4245ad60b18c842051feed159f083e84d69611b44059be0021a28f304
Opcode Fuzzy Hash: a81be10f6d32beb27305de6cbdd89f64178f122659e53aeae89f08c219d6a5d2
Instruction Fuzzy Hash: C1514DB1608351AFD340CF64CC88AAFBBE8EF99348F50492DF685D7250D7719D448B66

Function 100739E0 Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 130
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileAttributesA.KERNEL32(?,94BA138F,00000000,0bru,75726230,00000000,000000FF,1004EB2D,0bru,00000000,10074A19,?,?,00000001), ref: 10073A1D
GetLastError.KERNEL32 ref: 10073A28
CreateDirectoryA.KERNEL32(?,00000000), ref: 10073A38
GetLastError.KERNEL32 ref: 10073A55

Part of subcall function 10073700: strchr.MSVCR80 ref: 1007376F
Part of subcall function 10073700: GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 100737B8

GetFileAttributesA.KERNEL32(?), ref: 10073A4C
gds__log.FBCLIENT25(?), ref: 10073AB2
gds__log.FBCLIENT25(?), ref: 10073AF4
gds__log.FBCLIENT25(?), ref: 10073B36

Strings

, xrefs: 10073A75
Can't create directory "%s". OS errno is %d, xrefs: 10073A8F
0bru, xrefs: 100739FE
Can't create directory "%s". Readonly directory with same name already exists, xrefs: 10073B13
Can't create directory "%s". File with same name already exists, xrefs: 10073AD1

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: gds__log$AttributesErrorFileLast$CreateDirectoryInformationVolumestrchr
String ID: $0bru$Can't create directory "%s". File with same name already exists$Can't create directory "%s". OS errno is %d$Can't create directory "%s". Readonly directory with same name already exists
API String ID: 2497542767-2218066078
Opcode ID: 169edaf40480faa0854f7667b254f3a620b950cda90779707daaf984b122c887
Instruction ID: 27c791293d4f8367d8c96a3634b30480177ad5e857a37c6c56f7a29c3ba4a846
Opcode Fuzzy Hash: 169edaf40480faa0854f7667b254f3a620b950cda90779707daaf984b122c887
Instruction Fuzzy Hash: CD412AF59043806FD304DB349C8AB4BBBD8DF95394F409919F48693292EB39E584C797

Function 10039E80 Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 207
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

memcpy.MSVCR80(00000000,00000000,?,00000000,94BA138F,?,?,?,94BA138F), ref: 10039EE8
memcpy.MSVCR80(00000000), ref: 10039F21
_ftime64.MSVCR80(?,?,?,?,94BA138F), ref: 10039F54
__alldvrm.LIBCMT ref: 10039FFA
memcpy.MSVCR80(00000000,00000000,?,00000000,?,?), ref: 1003A040
CreateFileA.KERNEL32(?,C0000000,00000000,00000000,00000001,00000180,00000000,?,000003E8,00000000), ref: 1003A072

Part of subcall function 10039C90: getenv.MSVCR80 ref: 10039CED
Part of subcall function 10039C90: GetTempPathA.KERNEL32(00000104,?), ref: 10039D3E
Part of subcall function 10039C90: memcpy.MSVCR80(00000000,10259633,10259634,10259633), ref: 10039D86

memcpy.MSVCR80(00000000,?,?,?), ref: 1003A0DC

Strings

Firebird::string - pos out of range, xrefs: 10039FE7
CreateFile, xrefs: 1003A10A
XXXXXX, xrefs: 10039F7F

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: memcpy$CreateFilePathTemp__alldvrm_ftime64getenv
String ID: CreateFile$Firebird::string - pos out of range$XXXXXX
API String ID: 541934492-1529190114
Opcode ID: 896cef21b777f22315fa0e763d653109a734cc5e4382105133f9e9538b6e8568
Instruction ID: c784ffa683da4ea4e57ff44ab3e47036060e06c2f30510671f175a9be227dca0
Opcode Fuzzy Hash: 896cef21b777f22315fa0e763d653109a734cc5e4382105133f9e9538b6e8568
Instruction Fuzzy Hash: F071B6B59083809FD720CB24DC85FABB3E9FB99754F104A1DF88997281D774E948C762

Function 1004E3E0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 63
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_beginthreadex.MSVCR80 ref: 1004E44B
GetLastError.KERNEL32(?,94BA138F,94BA138F), ref: 1004E45A
SetThreadPriority.KERNEL32(00000000,FFFFFFFE,?,94BA138F,94BA138F), ref: 1004E470
ResumeThread.KERNEL32(00000000,?,94BA138F,94BA138F), ref: 1004E477
CloseHandle.KERNEL32(00000000,?,94BA138F,94BA138F), ref: 1004E48B

Strings

_beginthreadex, xrefs: 1004E461

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: Thread$CloseErrorHandleLastPriorityResume_beginthreadex
String ID: _beginthreadex
API String ID: 1456111909-3014514943
Opcode ID: a92dbf062dda6c660e9a0afb6d55d16855f1218f3dbe84af6b3fa5480fcf567f
Instruction ID: 0c8c1af7d8eac0ac325321b8580b9b576f6331e4548216b6121fcd49f3e5c50c
Opcode Fuzzy Hash: a92dbf062dda6c660e9a0afb6d55d16855f1218f3dbe84af6b3fa5480fcf567f
Instruction Fuzzy Hash: D211823560C590ABE621DB249C48B9EB794EBC5371F324235FE14D72D0DA309D4197AA

Function 05D14AE0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 85
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 05D14830: GetModuleHandleA.KERNEL32(kernel32.dll,?,?,00000000,icuuc%s.dll), ref: 05D14859
Part of subcall function 05D14830: GetProcAddress.KERNEL32(00000000,FindActCtxSectionStringA), ref: 05D1486B
Part of subcall function 05D14830: GetModuleHandleA.KERNEL32(kernel32.dll), ref: 05D14877
Part of subcall function 05D14830: GetProcAddress.KERNEL32(00000000,CreateActCtxA), ref: 05D14883
Part of subcall function 05D14830: GetModuleHandleA.KERNEL32(kernel32.dll), ref: 05D14890
Part of subcall function 05D14830: GetProcAddress.KERNEL32(00000000,ReleaseActCtx), ref: 05D1489C
Part of subcall function 05D14830: GetModuleHandleA.KERNEL32(kernel32.dll), ref: 05D148A9
Part of subcall function 05D14830: GetProcAddress.KERNEL32(00000000,ActivateActCtx), ref: 05D148B5
Part of subcall function 05D14830: GetModuleHandleA.KERNEL32(kernel32.dll), ref: 05D148C2
Part of subcall function 05D14830: GetProcAddress.KERNEL32(00000000,DeactivateActCtx), ref: 05D148CE
Part of subcall function 05D14830: memset.MSVCR80 ref: 05D148F7
Part of subcall function 05D14830: GetModuleFileNameA.KERNEL32(00000000,?,00000400), ref: 05D1496D

SetErrorMode.KERNEL32 ref: 05D14B22
LoadLibraryExA.KERNEL32(?,00000000,00000000), ref: 05D14B3E
SetErrorMode.KERNEL32(00000000), ref: 05D14B47

Strings

icuuc%s.dll, xrefs: 05D14AF1

Memory Dump Source

Source File: 00000012.00000002.2432177447.0000000005D01000.00000020.00000001.01000000.0000001D.sdmp, Offset: 05D00000, based on PE: true

Associated: 00000012.00000002.2432135585.0000000005D00000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2432748975.0000000005D2D000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2434993691.0000000005DDB000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2435043213.0000000005DDD000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5d00000_SISTEMA.jbxd

Similarity

API ID: Module$AddressHandleProc$ErrorMode$FileLibraryLoadNamememset
String ID: icuuc%s.dll
API String ID: 876916740-4118304135
Opcode ID: ba1289f497a7b84dc7df2243dcb2d9864507f2fc8958d7e01e1f8aa4af13f413
Instruction ID: aba3f052ab966a477a66cdda4004f6326dee961e6643a9fecf3037c09b520a43
Opcode Fuzzy Hash: ba1289f497a7b84dc7df2243dcb2d9864507f2fc8958d7e01e1f8aa4af13f413
Instruction Fuzzy Hash: CB21AC72609300AFC710DF68DA45B1BBBE4EB88B65F404A1BF995D3380DA34D801CBA2

Function 100023BE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 1002A250: memcpy.MSVCR80(?,?,?,?,94BA138F,?,1002CF7E,?,?,00000054,00001000), ref: 1002A278

Part of subcall function 10001CA0: memcpy.MSVCR80(?,?,?,?,94BA138F,?,?,?,?,?,1022EDD8,000000FF), ref: 10001CEB
Part of subcall function 10001CA0: memcpy.MSVCR80(?,?,?,?,?,?,?,?,?,?,?,?,?,1022EDD8,000000FF), ref: 10001D1D

feof.MSVCR80 ref: 10002572
fclose.MSVCR80 ref: 100025C8

Strings

%d bad lines in %s, xrefs: 10002590

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: memcpy$fclosefeof
String ID: %d bad lines in %s
API String ID: 425600628-330817434
Opcode ID: dda69bf5b48d81c06200ec3a786e6c556713761e053335af28b7d521290a6e95
Instruction ID: 91b81267e0290ee0451457d1426013415fe2b58c7b6d85ea5772be96a1ab7289
Opcode Fuzzy Hash: dda69bf5b48d81c06200ec3a786e6c556713761e053335af28b7d521290a6e95
Instruction Fuzzy Hash: 27316FB5A083819BE634CB24D895BEFB3E9EFD5344F40491CE48983246EB31A548CB93

Function 10026C10 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 71
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

EnterCriticalSection.KERNEL32(1038FD44,94BA138F,00000002,00000000,00000000,102314C8,000000FF,1002980D,00000002,00000100,00000000,00000001,?,?,?,10231500), ref: 10026C4F

Part of subcall function 10004440: LeaveCriticalSection.KERNEL32(?,94BA138F,00010000,05BC00A8,00000000,00010000,00000004,1022F040,000000FF,05BC0014,10026BB0,?,?,10231500,000000FF,10026F9D), ref: 10004473

VirtualFree.KERNELBASE(10046AE8,00000000,00008000,94BA138F,00000002,00000000,00000000,102314C8,000000FF,1002980D,00000002,00000100,00000000,00000001,?), ref: 10026CDB

Strings

VirtualFree, xrefs: 10026CE5

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: CriticalSection$EnterFreeLeaveVirtual
String ID: VirtualFree
API String ID: 1320683145-3444831709
Opcode ID: 0e0ce720fc37150d6de1bff50963d253b52a892da44af13fdce60342d737d856
Instruction ID: 828522eb646ca808ed8394342c3407bf84cdfc86dff060132838f1285982efe8
Opcode Fuzzy Hash: 0e0ce720fc37150d6de1bff50963d253b52a892da44af13fdce60342d737d856
Instruction Fuzzy Hash: B92192752046519FD301DF28EC8176AB7F4FB88764F90472EF999D3290EB35AA04CB51

Function 05D2C2E0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 6synchronizationCOMMON

Download Yara Rule

APIs

CreateMutexA.KERNEL32(00000000,00000000,firebird_trace_mutex), ref: 05D2C2E9

Strings

firebird_trace_mutex, xrefs: 05D2C2E0

Memory Dump Source

Source File: 00000012.00000002.2432177447.0000000005D01000.00000020.00000001.01000000.0000001D.sdmp, Offset: 05D00000, based on PE: true

Associated: 00000012.00000002.2432135585.0000000005D00000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2432748975.0000000005D2D000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2434993691.0000000005DDB000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2435043213.0000000005DDD000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5d00000_SISTEMA.jbxd

Similarity

API ID: CreateMutex
String ID: firebird_trace_mutex
API String ID: 1964310414-4265711585
Opcode ID: 94a79565264ba70e70771ac630c9ce0820faa6128dd021e40fc6bfe862f51a50
Instruction ID: d7b47026c07579256f6d7713ccd60d159263331adc1692be0e83bcb74a23e64f
Opcode Fuzzy Hash: 94a79565264ba70e70771ac630c9ce0820faa6128dd021e40fc6bfe862f51a50
Instruction Fuzzy Hash: 38B012702A130056E2106F246D07F043E929310B02F111003B200D43C9EEF001019E21

Function 10050020 Relevance: 3.1, APIs: 2, Instructions: 117stringCOMMON

Download Yara Rule

APIs

Part of subcall function 10029C80: memmove.MSVCR80(00000000,00000000,?,?,1003E207,1003E207,00000000,00000000,?,1003E207,00000000,-00000001,0000002F,FFFFFFFF,?,00000104), ref: 10029CB4

strchr.MSVCR80 ref: 10050072
GetDriveTypeA.KERNEL32(?), ref: 10050109

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: DriveTypememmovestrchr
String ID:
API String ID: 2567220443-0
Opcode ID: 1613139cc9c89a2684e0e381fa739d88e650c783939b881d54fbc15ac27da257
Instruction ID: 2650a72a9bc75a84bec346b06889cb3cdc1fe096cf5b6a78ae8bc3b780e5f9a9
Opcode Fuzzy Hash: 1613139cc9c89a2684e0e381fa739d88e650c783939b881d54fbc15ac27da257
Instruction Fuzzy Hash: 4C3127766047109BC610CB24CC85BAFB7E9FB857A0F100A2DF95A87790E735EC08CB96

Function 1002A4A0 Relevance: 3.0, APIs: 2, Instructions: 44COMMON

Download Yara Rule

APIs

Part of subcall function 10029C80: memmove.MSVCR80(00000000,00000000,?,?,1003E207,1003E207,00000000,00000000,?,1003E207,00000000,-00000001,0000002F,FFFFFFFF,?,00000104), ref: 10029CB4

fgetc.MSVCR80 ref: 1002A4CD
fgetc.MSVCR80 ref: 1002A4F1

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: fgetc$memmove
String ID:
API String ID: 651944071-0
Opcode ID: b0ad2e13d689e64379aed40ed54fe88e317713cf9a7e94f3ee0bfeef64a639fe
Instruction ID: a5fecc42828b782dea3b8375a1e15ba92f13ab1703982acf7a896ac575315ba7
Opcode Fuzzy Hash: b0ad2e13d689e64379aed40ed54fe88e317713cf9a7e94f3ee0bfeef64a639fe
Instruction Fuzzy Hash: E7F028226443551AC20195683C407DBB7C89FD7778F150226F96997292C8E5ECC583F2

Function 10039A30 Relevance: 3.0, APIs: 2, Instructions: 38COMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32(?,94BA138F), ref: 10039A6A
_unlink.MSVCR80(?), ref: 10039A7A

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: CloseHandle_unlink
String ID:
API String ID: 1779092267-0
Opcode ID: 98087373d1810747d705300e223d67269444b85268a14c81583e4806d52b5a5f
Instruction ID: 3dd1c893658438347a2f90ff23ab33e0834f4c0d92c0e1f4cee0302cb22bf63f
Opcode Fuzzy Hash: 98087373d1810747d705300e223d67269444b85268a14c81583e4806d52b5a5f
Instruction Fuzzy Hash: 1E01ADB1908B51AFD320CF18C884B83BBE9FB49720F508E1DF49A87650D779E848CB81

Function 10026B20 Relevance: 2.6, APIs: 2, Instructions: 68memoryCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(1038FD44,94BA138F,00000001,05BC00A8,00000015,10231498,000000FF,10029402,00000001,?,05BC0014,10046AE5,00000000,05BC0014,10026F46,10046AE5), ref: 10026B58

Part of subcall function 10004440: LeaveCriticalSection.KERNEL32(?,94BA138F,00010000,05BC00A8,00000000,00010000,00000004,1022F040,000000FF,05BC0014,10026BB0,?,?,10231500,000000FF,10026F9D), ref: 10004473

VirtualAlloc.KERNEL32(00000000,?,00001000,00000004,94BA138F,00000001,05BC00A8,00000015,10231498,000000FF,10029402,00000001,?,05BC0014,10046AE5,00000000), ref: 10026BEC

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: CriticalSection$AllocEnterLeaveVirtual
String ID:
API String ID: 2840768102-0
Opcode ID: 6b6d75efb9c89f7d1ed47584db3a8df6529344a783cd7c7a1bb3abb7ec596919
Instruction ID: 383d23e4207f9c55074da9b0b0f70707c016933c1307d1f4e573a3003764b8e1
Opcode Fuzzy Hash: 6b6d75efb9c89f7d1ed47584db3a8df6529344a783cd7c7a1bb3abb7ec596919
Instruction Fuzzy Hash: 63219A752046528FD301CF28DC81B5AB3E8FB88764F90472AEA65C33D0EB34A944CB91

Function 05D1C260 Relevance: 2.6, APIs: 2, Instructions: 68memoryCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(05DDBBC4,521C82CE,00000001,05C100A8,00000015,05D2B498,000000FF,05D1EB42,00000001,?,05C10014,?,?,05C10014,05D1C686,?), ref: 05D1C298

Part of subcall function 05D0B5D0: LeaveCriticalSection.KERNEL32(?,521C82CE,00010000,05C100A8,00000000,00010000,00000000,05D2A1B0,000000FF,05C10014,05D1C2F0,?,05C10014,05D1C686,?,?), ref: 05D0B603

VirtualAlloc.KERNEL32(00000000,?,00001000,00000004,521C82CE,00000001,05C100A8,00000015,05D2B498,000000FF,05D1EB42,00000001,?,05C10014,?), ref: 05D1C32C

Memory Dump Source

Source File: 00000012.00000002.2432177447.0000000005D01000.00000020.00000001.01000000.0000001D.sdmp, Offset: 05D00000, based on PE: true

Associated: 00000012.00000002.2432135585.0000000005D00000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2432748975.0000000005D2D000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2434993691.0000000005DDB000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2435043213.0000000005DDD000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5d00000_SISTEMA.jbxd

Similarity

API ID: CriticalSection$AllocEnterLeaveVirtual
String ID:
API String ID: 2840768102-0
Opcode ID: 9a3a1e2936c0c5db492189e8356949a1174c54ade5df7d979f5aeca9882bc880
Instruction ID: 01860d13236956cecf3af696f9a19111e7f562b362c8286b0b73afd82b7398c3
Opcode Fuzzy Hash: 9a3a1e2936c0c5db492189e8356949a1174c54ade5df7d979f5aeca9882bc880
Instruction Fuzzy Hash: 1A21AC722586429FE310CF2CE951B267BE4FB54B24F01422BF860873C4EB349804CB66

Function 10073650 Relevance: 1.5, APIs: 1, Instructions: 9COMMON

Download Yara Rule

APIs

_open.MSVCR80 ref: 10073664

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: _open
String ID:
API String ID: 4183159743-0
Opcode ID: ff0445791e4912308ed448907a6d30ff47c1a0110c0b75584836ffcf4a75cca4
Instruction ID: f011678063dbb2f9b55c36bb06682935577fdb9897f6927693aea469853a7780
Opcode Fuzzy Hash: ff0445791e4912308ed448907a6d30ff47c1a0110c0b75584836ffcf4a75cca4
Instruction Fuzzy Hash: 57C09B74654300BBD204C754DC49F7A77A5EB84704F80C818F98986191C975DD5CC716

Function 10026380 Relevance: 1.5, APIs: 1, Instructions: 7COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(00001000,000000FF,10046AE8), ref: 10026387

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: InfoSystem
String ID:
API String ID: 31276548-0
Opcode ID: 6ae53a414623f331377c07cd6022b3ce14da199d42730741028571343e3c2aa1
Instruction ID: ce223d574ff50039ce56bb31c22c0fbb6edb28ddda9f4a8bacb2dfe56ffe4bb9
Opcode Fuzzy Hash: 6ae53a414623f331377c07cd6022b3ce14da199d42730741028571343e3c2aa1
Instruction Fuzzy Hash: 18B092B49081009BC608EB99C9C984AB7F8AB48204F808825EC9EC2200EA34D5E88B4A

Function 1002A010 Relevance: 1.3, APIs: 1, Instructions: 6COMMON

Download Yara Rule

APIs

CharUpperBuffA.USER32(00000000,?,10004270,?,00000000,?,00000000,00000010,?,?,?,?), ref: 1002A019

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: BuffCharUpper
String ID:
API String ID: 3964851224-0
Opcode ID: 232c8cea4bed925a9b32d4969dd8c99d065c35718c3d902fd555b11487c76bd0
Instruction ID: 0e206308f1ef981f13711d78dda5575247fe4b480b03572a4ca1f37eb62f2608
Opcode Fuzzy Hash: 232c8cea4bed925a9b32d4969dd8c99d065c35718c3d902fd555b11487c76bd0
Instruction Fuzzy Hash: FDB012F1110110ABCE048B50C94883137B8EB4C71D320028CF80985241CB36DC93CB10

Non-executed Functions

Function 10007CD0 Relevance: 100.5, APIs: 44, Strings: 13, Instructions: 778networksleepstringCOMMON

Download Yara Rule

APIs

Part of subcall function 100078F0: EnterCriticalSection.KERNEL32(05BCE4A0,94BA138F,?,?,00000000), ref: 1000794D
Part of subcall function 100078F0: WSAStartup.WS2_32(00000002,1038F958), ref: 10007973

memcpy.MSVCR80(00000000,?,?,?), ref: 10007DF3
strstr.MSVCR80 ref: 10007E05
memcpy.MSVCR80(00000000), ref: 10007E61
memcpy.MSVCR80(00000000,?,?,?), ref: 10007EBF
memcpy.MSVCR80(00000000,?,?,?), ref: 10007F4B
memcpy.MSVCR80(00000000,-00000001,00000000,-00000001), ref: 10007FAB
WSAGetLastError.WS2_32 ref: 10008024
gds__log.FBCLIENT25(INET/INET_connect: gethostbyname (%s) failed, error code = %d,?,00000000), ref: 10008031
getservbyname.WS2_32(?,tcp), ref: 1000810A
WSAGetLastError.WS2_32 ref: 10008114
getservbyname.WS2_32(?,tcp), ref: 10008133
WSAGetLastError.WS2_32 ref: 1000813E
_stricmp.MSVCR80(00000000,?), ref: 10008158
atoi.MSVCR80(?), ref: 1000819E
htons.WS2_32(00000000), ref: 100081A8
WSAGetLastError.WS2_32 ref: 100081BF
gds__log.FBCLIENT25(INET/INET_connect: getservbyname failed, error code = %d,00000000), ref: 100081CB
socket.WS2_32(00000002,00000001,00000000), ref: 100082C8
WSAGetLastError.WS2_32 ref: 100082D8
setsockopt.WS2_32(?,?,00000000,0000FFFF,00000008), ref: 10008321
gds__log.FBCLIENT25(setsockopt: error setting SO_KEEPALIVE,?,?,00000000,0000FFFF,00000008,?,00000004), ref: 10008331
WSAGetLastError.WS2_32 ref: 10008346
connect.WS2_32(?,?,00000010), ref: 100083BA
WSAGetLastError.WS2_32(?,?,00000010), ref: 100083C2
getsockopt.WS2_32(?,0000FFFF,00000080,00000074,?), ref: 10008499
setsockopt.WS2_32(?,0000FFFF,00000080,00000000,00000004), ref: 100084BA
WSAGetLastError.WS2_32(?,0000FFFF,00000080,00000000,00000004,?,0000FFFF,00000080,00000074,?), ref: 100084C5
WSAGetLastError.WS2_32 ref: 10008528
bind.WS2_32(?,?,00000010), ref: 10008591
WSAGetLastError.WS2_32 ref: 100085A2
Sleep.KERNEL32(00002710), ref: 100085BC
bind.WS2_32(?,?,00000010), ref: 100085CF
WSAGetLastError.WS2_32(?,?,00000010), ref: 100085DC
WSAGetLastError.WS2_32 ref: 100085EE
listen.WS2_32(00000000,7FFFFFFF), ref: 1000860B
WSAGetLastError.WS2_32 ref: 10008616

Part of subcall function 10017810: EnterCriticalSection.KERNEL32(05BCC3E0,94BA138F,?,00000000,?,?,00000000), ref: 10017840

accept.WS2_32(?,?,?), ref: 10008671
WSAGetLastError.WS2_32(?,?,?,00000000), ref: 10008683
EnterCriticalSection.KERNEL32(05BCE4E0,?,?,?,00000000), ref: 100086B7
CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 100086DB
gds__thread_start.FBCLIENT25(Function_000066E0,?,00000003,00000000,00000000), ref: 10008720
SetEvent.KERNEL32(FFFFFFFF), ref: 1000873C
accept.WS2_32(?,?,?), ref: 1000876B
WSAGetLastError.WS2_32(?,?,?), ref: 10008777

Strings

setsockopt: error setting SO_KEEPALIVE, xrefs: 1000832C
gds_db, xrefs: 1000817D
tcp, xrefs: 10008100, 1000812D, 100081D3
listen, xrefs: 1000861C
INET/INET_connect: getservbyname failed, error code = %d, xrefs: 100081C6
setsockopt LINGER, xrefs: 100084CB
connect, xrefs: 100083F2
setsockopt TCP_NODELAY, xrefs: 1000834C, 1000852E
socket, xrefs: 100082DE
accept, xrefs: 10008790
INET/INET_connect: gethostbyname (%s) failed, error code = %d, xrefs: 1000802C
%hu, xrefs: 10007F76
bind, xrefs: 100085F4

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: ErrorLast$memcpy$CriticalEnterSectiongds__log$Eventacceptbindgetservbynamesetsockopt$CreateSleepStartup_stricmpatoiconnectgds__thread_startgetsockopthtonslistensocketstrstr
String ID: %hu$INET/INET_connect: gethostbyname (%s) failed, error code = %d$INET/INET_connect: getservbyname failed, error code = %d$accept$bind$connect$gds_db$listen$setsockopt LINGER$setsockopt TCP_NODELAY$setsockopt: error setting SO_KEEPALIVE$socket$tcp
API String ID: 1686896216-2788063681
Opcode ID: 9a22b1d237f60bd0964363e72aa1c812ac05fc31b168943743d21c79c19f9c96
Instruction ID: aa724f8ed57f1829357a205ed8f3fd9d70021c0a921b79160e734fc161a3d8f8
Opcode Fuzzy Hash: 9a22b1d237f60bd0964363e72aa1c812ac05fc31b168943743d21c79c19f9c96
Instruction Fuzzy Hash: 5C52BE746083819FE320CB24DC85BEBB7E5FF88384F10491CF58987256EB75AA45CB66

Function 05D1E030 Relevance: 57.5, APIs: 38, Instructions: 473COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?), ref: 05D1E041
abort.MSVCR80 ref: 05D1E054
abort.MSVCR80 ref: 05D1E0A4
abort.MSVCR80 ref: 05D1E0B2
abort.MSVCR80 ref: 05D1E0CB
abort.MSVCR80 ref: 05D1E0D7
abort.MSVCR80 ref: 05D1E0E5
abort.MSVCR80 ref: 05D1E14E
abort.MSVCR80 ref: 05D1E157
abort.MSVCR80 ref: 05D1E17B
abort.MSVCR80 ref: 05D1E188
abort.MSVCR80 ref: 05D1E1A2
abort.MSVCR80 ref: 05D1E1C4
abort.MSVCR80 ref: 05D1E1DE
abort.MSVCR80 ref: 05D1E2AF
abort.MSVCR80 ref: 05D1E2C9
abort.MSVCR80 ref: 05D1E32B
abort.MSVCR80 ref: 05D1E344
abort.MSVCR80 ref: 05D1E369
abort.MSVCR80 ref: 05D1E3EA
abort.MSVCR80 ref: 05D1E3F7
abort.MSVCR80 ref: 05D1E3FE
abort.MSVCR80 ref: 05D1E40A
abort.MSVCR80 ref: 05D1E416
abort.MSVCR80 ref: 05D1E48D
abort.MSVCR80 ref: 05D1E495
abort.MSVCR80 ref: 05D1E4A6
LeaveCriticalSection.KERNEL32(?), ref: 05D1E4AC
EnterCriticalSection.KERNEL32(?), ref: 05D1E4C1
abort.MSVCR80 ref: 05D1E4EB
abort.MSVCR80 ref: 05D1E4FD
abort.MSVCR80 ref: 05D1E50B
abort.MSVCR80 ref: 05D1E51B
abort.MSVCR80 ref: 05D1E52A
abort.MSVCR80 ref: 05D1E567
abort.MSVCR80 ref: 05D1E577
LeaveCriticalSection.KERNEL32(?), ref: 05D1E580
abort.MSVCR80 ref: 05D1E5A0

Memory Dump Source

Source File: 00000012.00000002.2432177447.0000000005D01000.00000020.00000001.01000000.0000001D.sdmp, Offset: 05D00000, based on PE: true

Associated: 00000012.00000002.2432135585.0000000005D00000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2432748975.0000000005D2D000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2434993691.0000000005DDB000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2435043213.0000000005DDD000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5d00000_SISTEMA.jbxd

Similarity

API ID: abort$CriticalSection$EnterLeave
String ID:
API String ID: 2926255110-0
Opcode ID: 1845a0bfe06febbfe4a61b800f8ec1bf5a5da3394c497a9527406b68a74a6fcd
Instruction ID: 3d30eee50a6b709510964bdd43960310516a3c186151ac2d2472d4ecb346dcf4
Opcode Fuzzy Hash: 1845a0bfe06febbfe4a61b800f8ec1bf5a5da3394c497a9527406b68a74a6fcd
Instruction Fuzzy Hash: 6212CC31509201EBDB24DF28E184B69BFEAFF45714F18855FEC855B242D730E885CBAA

Function 05D22E50 Relevance: 42.1, APIs: 14, Strings: 10, Instructions: 148libraryCOMMON

Download Yara Rule

APIs

GetVersion.KERNEL32(521C82CE), ref: 05D22E77
LoadLibraryA.KERNEL32(advapi32.dll), ref: 05D22EAF
GetLastError.KERNEL32 ref: 05D22EC7

Part of subcall function 05D22580: lstrcmpA.KERNEL32(521C82CE,?), ref: 05D2264C
Part of subcall function 05D22580: lstrlenA.KERNEL32(521C82CE), ref: 05D22653

Strings

PrivilegeCheck, xrefs: 05D22EF8
OpenProcessToken failed. Error code: %lu, xrefs: 05D22F37
Terminal Server, xrefs: 05D22E89
LookupPrivilegeValueA, xrefs: 05D22EEE
LoadLibrary failed for advapi32.dll. Error code: %lu, xrefs: 05D22ECE
advapi32.dll, xrefs: 05D22EAA
PrivilegeCheck failed. Error code: %lu, xrefs: 05D22FC5
OpenProcessToken, xrefs: 05D22EE6
Cannot access privilege management API, xrefs: 05D22FF4
SeCreateGlobalPrivilege, xrefs: 05D22F50

Memory Dump Source

Source File: 00000012.00000002.2432177447.0000000005D01000.00000020.00000001.01000000.0000001D.sdmp, Offset: 05D00000, based on PE: true

Associated: 00000012.00000002.2432135585.0000000005D00000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2432748975.0000000005D2D000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2434993691.0000000005DDB000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2435043213.0000000005DDD000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5d00000_SISTEMA.jbxd

Similarity

API ID: ErrorLastLibraryLoadVersionlstrcmplstrlen
String ID: Cannot access privilege management API$LoadLibrary failed for advapi32.dll. Error code: %lu$LookupPrivilegeValueA$OpenProcessToken$OpenProcessToken failed. Error code: %lu$PrivilegeCheck$PrivilegeCheck failed. Error code: %lu$SeCreateGlobalPrivilege$Terminal Server$advapi32.dll
API String ID: 1610257900-945566528
Opcode ID: fa95e70dd1db6ccca6b2c2b53f368e5f7b83e2ffbcd0299ed7022e7b5baebe9d
Instruction ID: d88e3673f56c2499b22c80c92dd3969081b83df86d1d3b78eacd2c1fd401d0fc
Opcode Fuzzy Hash: fa95e70dd1db6ccca6b2c2b53f368e5f7b83e2ffbcd0299ed7022e7b5baebe9d
Instruction Fuzzy Hash: C741C5766083009FD310AF79AD45F6BBBE5FB94615F400A1BF94582240EB75D44A8B73

Function 05D13C10 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 158memoryCOMMON

Download Yara Rule

APIs

GetCurrentProcessId.KERNEL32 ref: 05D13C39
OpenProcess.KERNEL32(00060000,00000000,00000000), ref: 05D13C46
GetSecurityInfo.ADVAPI32(00000000,00000006,00000004,00000000,00000000,00000000,00000000,?), ref: 05D13C71
CloseHandle.KERNEL32(00000000), ref: 05D13C8C

Part of subcall function 05D20020: _CxxThrowException.MSVCR80(?,05DD85D0), ref: 05D20040

AllocateAndInitializeSid.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 05D13CDB
SetEntriesInAclA.ADVAPI32(00000001,00000000,?,00000000), ref: 05D13D40
SetSecurityInfo.ADVAPI32(00000000,00000006,00000004,00000000,00000000,00000000,00000000), ref: 05D13D53
FreeSid.ADVAPI32(?), ref: 05D13D62
LocalFree.KERNEL32(00000000), ref: 05D13D71
CloseHandle.KERNEL32(00000000), ref: 05D13D78
LocalFree.KERNEL32(?), ref: 05D13D87
InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,00000014), ref: 05D13DB0
SetSecurityDescriptorDacl.ADVAPI32(00000000,00000001,00000000,00000000), ref: 05D13DBF

Part of subcall function 05D20090: GetLastError.KERNEL32 ref: 05D20093
Part of subcall function 05D20090: _CxxThrowException.MSVCR80(00000000,05DD85D0), ref: 05D200B1

Strings

OpenProcess, xrefs: 05D13C52
GetSecurityInfo, xrefs: 05D13C93

Memory Dump Source

Source File: 00000012.00000002.2432177447.0000000005D01000.00000020.00000001.01000000.0000001D.sdmp, Offset: 05D00000, based on PE: true

Associated: 00000012.00000002.2432135585.0000000005D00000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2432748975.0000000005D2D000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2434993691.0000000005DDB000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2435043213.0000000005DDD000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5d00000_SISTEMA.jbxd

Similarity

API ID: Security$Free$CloseDescriptorExceptionHandleInfoInitializeLocalProcessThrow$AllocateCurrentDaclEntriesErrorLastOpen
String ID: GetSecurityInfo$OpenProcess
API String ID: 480098664-3733929587
Opcode ID: ddc7591d8760d0effa89007521b249d2c19d8b22b9e014a1c5550e9b09348279
Instruction ID: 43cb05a257d9d141bbe5d102c544b50492c35c507803ebad4864ee8cf20b8d5b
Opcode Fuzzy Hash: ddc7591d8760d0effa89007521b249d2c19d8b22b9e014a1c5550e9b09348279
Instruction Fuzzy Hash: 7E5149B1608340AFD320DF28D985A6FBBE9FB98744F40492EF685C7350D771894A8B67

Function 10006E50 Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 149networkCOMMON

Download Yara Rule

APIs

htons.WS2_32(00000000), ref: 10006E82
socket.WS2_32(00000002,00000001,00000000), ref: 10006E93
WSAGetLastError.WS2_32 ref: 10006EA0
bind.WS2_32(00000000,?,00000010), ref: 10006ED7
WSAGetLastError.WS2_32 ref: 10006EE1
getsockname.WS2_32(00000000,?,?), ref: 10006F08
WSAGetLastError.WS2_32 ref: 10006F0E

Part of subcall function 100078F0: EnterCriticalSection.KERNEL32(05BCE4A0,94BA138F,?,?,00000000), ref: 1000794D
Part of subcall function 100078F0: WSAStartup.WS2_32(00000002,1038F958), ref: 10007973

listen.WS2_32(00000000,00000001), ref: 10006F1E
WSAGetLastError.WS2_32 ref: 10006F28
getsockname.WS2_32(?,?,?), ref: 10006F99
WSAGetLastError.WS2_32 ref: 10006F9F

Part of subcall function 10005CA0: gds__log.FBCLIENT25(INET/inet_error: %s errno = %d,00000001), ref: 10005CDF

Strings

socket, xrefs: 10006EA6
getsockname, xrefs: 10006F14, 10006FA5
listen, xrefs: 10006F2E
bind, xrefs: 10006EE7

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: ErrorLast$getsockname$CriticalEnterSectionStartupbindgds__loghtonslistensocket
String ID: bind$getsockname$listen$socket
API String ID: 1847350882-1347358865
Opcode ID: 02dc87c31639ab83a6510d1f9bf4d92973fd8ec05b14eea4484b99214be28b63
Instruction ID: 13bc2bf8cefb596ca69f961ab11ae973f30c3e82f89183d65718497c24dd8ee7
Opcode Fuzzy Hash: 02dc87c31639ab83a6510d1f9bf4d92973fd8ec05b14eea4484b99214be28b63
Instruction Fuzzy Hash: 6451B8B57043019FD300CF75DC89AAAB7F5FF8C268F404929F44A87251EB31E9098B96

Function 10007320 Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 214COMMON

Download Yara Rule

Strings

invalid socket in packet_receive, xrefs: 1000738D
select in packet_receive, xrefs: 1000757B
G, xrefs: 10007506
read, xrefs: 100075AC

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID:
String ID: G$invalid socket in packet_receive$read$select in packet_receive
API String ID: 0-3984738768
Opcode ID: c106c9ddcebd70d7b30497677828de613f2642922ae4014a8c93b42795137f51
Instruction ID: 41a433836145d5ace62ba842fa329caee61247f2fb79c650d91838246fd081ba
Opcode Fuzzy Hash: c106c9ddcebd70d7b30497677828de613f2642922ae4014a8c93b42795137f51
Instruction Fuzzy Hash: 3371AE71D093919BF730DE54D888BDFB7E4FB803A4F604A1EE89C83284D778A9459792

Function 05D275E0 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 69libraryloaderwindowCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(00000000,?,?,05D27795,?,?,05D222F3,00000001,?,?), ref: 05D275E5
LoadLibraryA.KERNEL32(Advapi32,?,?,?,05D27795,?,?,05D222F3,00000001,?,?), ref: 05D275FB
GetProcAddress.KERNEL32(00000000,RegisterEventSourceA), ref: 05D27614
GetProcAddress.KERNEL32(00000000,ReportEventA), ref: 05D2761E
MessageBoxA.USER32(00000000,?,Firebird Error,00000010), ref: 05D2767C
LeaveCriticalSection.KERNEL32(00000000,?,?,05D27795,?,?,05D222F3,00000001,?,?), ref: 05D27683

Strings

Firebird Error, xrefs: 05D27674
ReportEventA, xrefs: 05D27616
Firebird SQL Server, xrefs: 05D27632
Advapi32, xrefs: 05D275F2
RegisterEventSourceA, xrefs: 05D2760E

Memory Dump Source

Source File: 00000012.00000002.2432177447.0000000005D01000.00000020.00000001.01000000.0000001D.sdmp, Offset: 05D00000, based on PE: true

Associated: 00000012.00000002.2432135585.0000000005D00000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2432748975.0000000005D2D000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2434993691.0000000005DDB000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2435043213.0000000005DDD000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5d00000_SISTEMA.jbxd

Similarity

API ID: AddressCriticalProcSection$EnterLeaveLibraryLoadMessage
String ID: Advapi32$Firebird Error$Firebird SQL Server$RegisterEventSourceA$ReportEventA
API String ID: 1546335396-134976949
Opcode ID: 12febd853c1d885f692c45000086116223e388aba89d4255271c1374c2937863
Instruction ID: 2214913893efa97591c5f08177cfe31d3ebfbb1a4db28dff1c31d4bcb91d9847
Opcode Fuzzy Hash: 12febd853c1d885f692c45000086116223e388aba89d4255271c1374c2937863
Instruction Fuzzy Hash: 5A11E2313483006FE3B09A6E9C46F2BBBE9FBA8B05F00851AF141D2180DBB0E545C6B9

Function 1001D540 Relevance: 12.7, APIs: 4, Strings: 3, Instructions: 449COMMON

Download Yara Rule

APIs

Part of subcall function 10005290: memset.MSVCR80 ref: 100052C0
Part of subcall function 10005290: InitializeCriticalSection.KERNEL32(?), ref: 100052E1

DeleteCriticalSection.KERNEL32(000002BC,?,00000004,?,?), ref: 1001D748
DeleteCriticalSection.KERNEL32(000002BC,?,?,?,?,?,00000004,?,?), ref: 1001D8A4
DeleteCriticalSection.KERNEL32(000002BC,?,?,?,?,?,00000004,?,?), ref: 1001D9D4
DeleteCriticalSection.KERNEL32(000002BC,00000020,?,00000004,?,?), ref: 1001DA60

Strings

, xrefs: 1001D5D8
, xrefs: 1001DAA2
%s/P%d, xrefs: 1001DAC7

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: CriticalSection$Delete$Initializememset
String ID: $ $%s/P%d
API String ID: 876822539-1855728948
Opcode ID: 6637f1bfc61731aaf9e061413f40bb7c61e689596cb4820c1b51705283e55e70
Instruction ID: 96f4497c1e3b398c0811512a4bd6c31f7fe8f02d1104919f274d1c89ab78f484
Opcode Fuzzy Hash: 6637f1bfc61731aaf9e061413f40bb7c61e689596cb4820c1b51705283e55e70
Instruction Fuzzy Hash: C3029F755087408FC320EF25C880B9AF7F1FF88344F148A1EE59A8B251EB75E985CB92

Function 100196B0 Relevance: 12.7, APIs: 4, Strings: 3, Instructions: 446COMMON

Download Yara Rule

APIs

Part of subcall function 10005290: memset.MSVCR80 ref: 100052C0
Part of subcall function 10005290: InitializeCriticalSection.KERNEL32(?), ref: 100052E1

DeleteCriticalSection.KERNEL32(000002BC,?,?,00000004,?,?,?,00000000,?,?), ref: 100198CD
DeleteCriticalSection.KERNEL32(000002BC,?,?,?,?,?,?,?,00000004,?,?,?,00000000,?,?), ref: 10019A29
DeleteCriticalSection.KERNEL32(000002BC,?,?,?,?,?,?,?,00000004,?,?,?,00000000,?,?), ref: 10019B59

Part of subcall function 10018400: FlushFileBuffers.KERNEL32(10244C8B,00000000,75730E30,10019606,00000000,?,?,00000000), ref: 10018431
Part of subcall function 10018400: DisconnectNamedPipe.KERNEL32(10244C8B,?,?,00000000), ref: 1001843E
Part of subcall function 10018400: CloseHandle.KERNEL32(544E8366,00000000,75730E30,10019606,00000000,?,?,00000000), ref: 10018456
Part of subcall function 10018400: CloseHandle.KERNEL32(10244C8B,00000000,75730E30,10019606,00000000,?,?,00000000), ref: 1001846E

DeleteCriticalSection.KERNEL32(000002BC,00000020,?,?,00000004,?,?,?,00000000,?,?), ref: 10019BB3

Strings

%s/P%d, xrefs: 10019C23
, xrefs: 10019753
, xrefs: 10019BFE

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: CriticalSection$Delete$CloseHandle$BuffersDisconnectFileFlushInitializeNamedPipememset
String ID: $ $%s/P%d
API String ID: 2105434832-1855728948
Opcode ID: 5845b79ab4ae68cd10b632069d819eade03fd9424d6746913c7de549881e7d14
Instruction ID: 096855147e13739e322e15cff9a9d7dae1b16828cafe4e7b278b027025b9f94d
Opcode Fuzzy Hash: 5845b79ab4ae68cd10b632069d819eade03fd9424d6746913c7de549881e7d14
Instruction Fuzzy Hash: 0D028B755087408FD320CF24C884B9AF7E5FF88354F14891DE59A8B362EB75E989CB92

Function 10019100 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 100pipeCOMMON

Download Yara Rule

APIs

InterlockedIncrement.KERNEL32(1038FB08), ref: 10019125
GetCurrentProcessId.KERNEL32 ref: 1001912D
CreateNamedPipeA.KERNEL32(?,40000003,00000000,000000FF,00000800,00000800,00000000,00000000), ref: 100191AB
GetLastError.KERNEL32 ref: 100191BC
memcpy.MSVCR80(?,?,?), ref: 10019222

Strings

CreateNamedPipe, xrefs: 100191C2

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: CreateCurrentErrorIncrementInterlockedLastNamedPipeProcessmemcpy
String ID: CreateNamedPipe
API String ID: 408951533-2489174969
Opcode ID: 3abb7e184f4755995a0c23b5743a198e62728bc42e640264a216f3e78e045d38
Instruction ID: e033aa9c0b276bee0e51b5f18ac3746372a070a79c4c87ce86be1430d77a330c
Opcode Fuzzy Hash: 3abb7e184f4755995a0c23b5743a198e62728bc42e640264a216f3e78e045d38
Instruction Fuzzy Hash: 5B3137756043526BC314DF64CC85BEBB3E5FF88248F504919F6468B240EB34FA88C7A5

Function 05D28EB4 Relevance: 10.6, APIs: 7, Instructions: 57COMMONLIBRARYCODE

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32 ref: 05D29833
_crt_debugger_hook.MSVCR80(00000001), ref: 05D29840
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 05D29848
UnhandledExceptionFilter.KERNEL32(05DD6600), ref: 05D29853
_crt_debugger_hook.MSVCR80(00000001), ref: 05D29864
GetCurrentProcess.KERNEL32(C0000409), ref: 05D2986F
TerminateProcess.KERNEL32(00000000), ref: 05D29876

Memory Dump Source

Source File: 00000012.00000002.2432177447.0000000005D01000.00000020.00000001.01000000.0000001D.sdmp, Offset: 05D00000, based on PE: true

Associated: 00000012.00000002.2432135585.0000000005D00000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2432748975.0000000005D2D000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2434993691.0000000005DDB000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2435043213.0000000005DDD000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5d00000_SISTEMA.jbxd

Similarity

API ID: ExceptionFilterProcessUnhandled_crt_debugger_hook$CurrentDebuggerPresentTerminate
String ID:
API String ID: 3369434319-0
Opcode ID: a737600bf80322e842e7c6e34faf6d48cbc29380592d84ee0a7382fdcc764bf5
Instruction ID: f760555d80a9aaee42471e0c8a017983895aa7a677be2eb112483b51e076e777
Opcode Fuzzy Hash: a737600bf80322e842e7c6e34faf6d48cbc29380592d84ee0a7382fdcc764bf5
Instruction Fuzzy Hash: 0521C0745222089FE710EF2CF547A543FB9BB1872AF42005BF60987341DFB598818F26

Function 05BE16C0 Relevance: 10.6, APIs: 7, Instructions: 57COMMON

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32 ref: 05BE178F
_crt_debugger_hook.MSVCR80(00000001), ref: 05BE179C
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 05BE17A4
UnhandledExceptionFilter.KERNEL32(05BE20E4), ref: 05BE17AF
_crt_debugger_hook.MSVCR80(00000001), ref: 05BE17C0
GetCurrentProcess.KERNEL32(C0000409), ref: 05BE17CB
TerminateProcess.KERNEL32(00000000), ref: 05BE17D2

Memory Dump Source

Source File: 00000012.00000002.2430579026.0000000005BE1000.00000020.00000001.01000000.0000001C.sdmp, Offset: 05BE0000, based on PE: true

Associated: 00000012.00000002.2430527061.0000000005BE0000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 00000012.00000002.2430651051.0000000005BE2000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 00000012.00000002.2430712139.0000000005BE4000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5be0000_SISTEMA.jbxd

Similarity

API ID: ExceptionFilterProcessUnhandled_crt_debugger_hook$CurrentDebuggerPresentTerminate
String ID:
API String ID: 3369434319-0
Opcode ID: 3c8d044faf63c2e4bdf2e563b9ec777ecd1010878ae269a38b81388c39be6636
Instruction ID: 1e270b0dc5837acd5621dfb2fc1e25d69bd8da81657f26d2ba6c21dd4676ae60
Opcode Fuzzy Hash: 3c8d044faf63c2e4bdf2e563b9ec777ecd1010878ae269a38b81388c39be6636
Instruction Fuzzy Hash: 6221BFB8821204DBDB42DF29E9866547FE4BB08711F28485DF50A8B242EFB07584CF56

Function 1002BC60 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 95fileCOMMON

Download Yara Rule

APIs

Part of subcall function 1002A250: memcpy.MSVCR80(?,?,?,?,94BA138F,?,1002CF7E,?,?,00000054,00001000), ref: 1002A278

memcpy.MSVCR80(00000000,?,?,?,?,0000005C), ref: 1002BD01

Part of subcall function 1002B3E0: _CxxThrowException.MSVCR80(00001000,102B4044), ref: 1002B3FB

FindFirstFileA.KERNEL32(?,?,00000003), ref: 1002BD4A

Strings

Firebird::string - pos out of range, xrefs: 1002BCBF
*.*, xrefs: 1002BD2E

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: memcpy$ExceptionFileFindFirstThrow
String ID: *.*$Firebird::string - pos out of range
API String ID: 3891904735-3184836929
Opcode ID: 27f70d7a4ac0710df835708133cc260aead80a5dcc09f65fe63b4c29540d74b1
Instruction ID: 6307e825ed7025e8b390af5704ad3d4c5bb23a7a920508587931780ebc5b8dd7
Opcode Fuzzy Hash: 27f70d7a4ac0710df835708133cc260aead80a5dcc09f65fe63b4c29540d74b1
Instruction Fuzzy Hash: 1331EEB55087809FC300CB24D885BABB7E5FF46714F80091DF48287691EB75F948CBA2

Function 05D256F0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 95fileCOMMON

Download Yara Rule

APIs

Part of subcall function 05D21530: memcpy.MSVCR80(?,?,00000001,00000001,521C82CE,?,05D22B1E,?,?,00000054,00001000), ref: 05D21558

memcpy.MSVCR80(00000000,?,?,?,?,0000005C), ref: 05D25791

Part of subcall function 05D20140: _CxxThrowException.MSVCR80(00001000,05DD8610), ref: 05D2015B

FindFirstFileA.KERNEL32(?,?,00000003), ref: 05D257DA

Strings

Firebird::string - pos out of range, xrefs: 05D2574F
*.*, xrefs: 05D257BE

Memory Dump Source

Source File: 00000012.00000002.2432177447.0000000005D01000.00000020.00000001.01000000.0000001D.sdmp, Offset: 05D00000, based on PE: true

Associated: 00000012.00000002.2432135585.0000000005D00000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2432748975.0000000005D2D000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2434993691.0000000005DDB000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2435043213.0000000005DDD000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5d00000_SISTEMA.jbxd

Similarity

API ID: memcpy$ExceptionFileFindFirstThrow
String ID: *.*$Firebird::string - pos out of range
API String ID: 3891904735-3184836929
Opcode ID: 177b7c6f9b68ac2d62f9ecb7990b3e8745ef47bfeda067f5468283f897b23c5c
Instruction ID: b7fc9a1218332401f20234ac6882d4981ff221e442fd3af94d7e7458b3596cc8
Opcode Fuzzy Hash: 177b7c6f9b68ac2d62f9ecb7990b3e8745ef47bfeda067f5468283f897b23c5c
Instruction Fuzzy Hash: B631F6711083909FC310DB24D985FABBBE5FF65718F00491EF48687690E775E848CBA2

Function 10011EB0 Relevance: 4.9, APIs: 2, Strings: 1, Instructions: 439COMMON

Download Yara Rule

Strings

, xrefs: 1001208E

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 622a396bd09e8778843197777c125bac7869dbb6b43d082cec5e5c0732fbd303
Instruction ID: 2f808e2c97b283c18bb791c86f81565a92bb95a4b77fb8e8f37028ecc2f70d7a
Opcode Fuzzy Hash: 622a396bd09e8778843197777c125bac7869dbb6b43d082cec5e5c0732fbd303
Instruction Fuzzy Hash: BC027BB46083809BC750DF64C881B6EB7E5FF88354F044A1DF9999B392DB34E985CB62

Function 05D14370 Relevance: 4.6, APIs: 3, Instructions: 54COMMON

Download Yara Rule

APIs

GetUserNameA.ADVAPI32(00000000,?), ref: 05D143B2
CharUpperBuffA.USER32(00000000,?,?,?,?,00000101), ref: 05D143CA
memcpy.MSVCR80(00000000,00000000,05DC3A28,00000000,?,?,?,00000101), ref: 05D143FB

Memory Dump Source

Source File: 00000012.00000002.2432177447.0000000005D01000.00000020.00000001.01000000.0000001D.sdmp, Offset: 05D00000, based on PE: true

Associated: 00000012.00000002.2432135585.0000000005D00000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2432748975.0000000005D2D000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2434993691.0000000005DDB000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2435043213.0000000005DDD000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5d00000_SISTEMA.jbxd

Similarity

API ID: BuffCharNameUpperUsermemcpy
String ID:
API String ID: 759266288-0
Opcode ID: 9af05b76a17935469a1f257b5011ac6251350aa108dcff658f62b0ed72496c11
Instruction ID: 2b62152da159301796e593c5475db20647e21110933eb4c785ca233b1c679d05
Opcode Fuzzy Hash: 9af05b76a17935469a1f257b5011ac6251350aa108dcff658f62b0ed72496c11
Instruction Fuzzy Hash: 2A11A1313483126BCB11DF68E844BABB7E9BFC2720F08864EF85587290D771D446C7A5

Function 05D0A570 Relevance: 4.2, Strings: 3, Instructions: 478COMMON

Download Yara Rule

Strings

DISABLE-EXPANSIONS, xrefs: 05D0A7E3
SPECIALS-FIRST, xrefs: 05D0AA11
DISABLE-COMPRESSIONS, xrefs: 05D0A74D

Memory Dump Source

Source File: 00000012.00000002.2432177447.0000000005D01000.00000020.00000001.01000000.0000001D.sdmp, Offset: 05D00000, based on PE: true

Associated: 00000012.00000002.2432135585.0000000005D00000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2432748975.0000000005D2D000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2434993691.0000000005DDB000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2435043213.0000000005DDD000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5d00000_SISTEMA.jbxd

Similarity

API ID: memcpy
String ID: DISABLE-COMPRESSIONS$DISABLE-EXPANSIONS$SPECIALS-FIRST
API String ID: 3510742995-2012189823
Opcode ID: cafb458abbb51c228d012798e412539e426ff518760a175c35fb1631fde27ed5
Instruction ID: f06ec5eefa187b8368019673f79a704a80342d34e52db305236608795ecddd5f
Opcode Fuzzy Hash: cafb458abbb51c228d012798e412539e426ff518760a175c35fb1631fde27ed5
Instruction Fuzzy Hash: 50129C71A0430A9BCB28CF68D994BED77B1FF15310F54922EE85A972D1E730DA48CB91

Function 1004A2F0 Relevance: 3.2, APIs: 2, Instructions: 153COMMON

Download Yara Rule

APIs

memcpy.MSVCR80(00000000,?,?,?), ref: 1004A41F
isc_dsql_sql_info.FBCLIENT25(?,?,0000000C,1026B0F4,?,?), ref: 1004A463

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: isc_dsql_sql_infomemcpy
String ID:
API String ID: 239020255-0
Opcode ID: b3093c6ddd2cdaa199f14471e71378752a6ddc318df91dc8d1aa75f0c583feaf
Instruction ID: af26e51d7788a6596fc3a6808d7d92fac92769640f9205e87f359d55404c966a
Opcode Fuzzy Hash: b3093c6ddd2cdaa199f14471e71378752a6ddc318df91dc8d1aa75f0c583feaf
Instruction Fuzzy Hash: 945161B5900148DFDB20CF94C985BEEB7B8FB88314F548129FA09AB341D774AE45CBA5

Function 101BE5A0 Relevance: 1.6, APIs: 1, Instructions: 51COMMON

Download Yara Rule

APIs

Part of subcall function 101BDE30: gds__alloc.FBCLIENT25(00000008,94BA138F), ref: 101BDE65
Part of subcall function 101BDE30: gds__register_cleanup.FBCLIENT25(101BDC30,00000000,00000008,94BA138F), ref: 101BDE85
Part of subcall function 101BDE30: InterlockedDecrement.KERNEL32(05BCB5A0), ref: 101BDECC
Part of subcall function 101BDE30: gds__alloc.FBCLIENT25(00000008), ref: 101BDEDF
Part of subcall function 101BDE30: InterlockedExchangeAdd.KERNEL32(05BCB5A0,0000C350), ref: 101BDF3D

isc_dsql_describe_bind.FBCLIENT25(?,-0000000C,?,?), ref: 101BE613

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: Interlockedgds__alloc$DecrementExchangegds__register_cleanupisc_dsql_describe_bind
String ID:
API String ID: 1477645862-0
Opcode ID: 28453f7a61b509a94bda0e6f1dd2caf8a6f61da22c600c2665a19b8796256746
Instruction ID: 79638f824a88477e454dab1d417ff2054c691c2a2a42215479437d417ecdc469
Opcode Fuzzy Hash: 28453f7a61b509a94bda0e6f1dd2caf8a6f61da22c600c2665a19b8796256746
Instruction Fuzzy Hash: 7B01ADB5A04218ABC701CF48CC81F9BB7BCEB45720F10422AFC0597780D776A9048BA1

Function 10051690 Relevance: 1.5, APIs: 1, Instructions: 294COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(05BCC000,94BA138F), ref: 100516D8

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: CriticalEnterSection
String ID:
API String ID: 1904992153-0
Opcode ID: 19b4be7734ff779a8701ffe553cbff3840cbf06837e2dc8d949115aad5a4e27f
Instruction ID: 67632ef98abbf6497760b90e7f7d9407468b44eae74b81501fa5193e184f77ea
Opcode Fuzzy Hash: 19b4be7734ff779a8701ffe553cbff3840cbf06837e2dc8d949115aad5a4e27f
Instruction Fuzzy Hash: 8EB13862A0C3D14AD306CB3988506B6BFF19F9A249F1D059EF4D5CB383E625D648D722

Function 101BEB30 Relevance: 1.5, APIs: 1, Instructions: 9COMMON

Download Yara Rule

APIs

isc_embed_dsql_describe_bind.FBCLIENT25(?,?,00000000,?), ref: 101BEB41

Part of subcall function 101BE5A0: isc_dsql_describe_bind.FBCLIENT25(?,-0000000C,?,?), ref: 101BE613

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: isc_dsql_describe_bindisc_embed_dsql_describe_bind
String ID:
API String ID: 686764453-0
Opcode ID: 240a53cce41e712fecda31d62fca1f5ec666126a9b5778a96bab0817cadcd508
Instruction ID: 365134e7211f4981a26e41bfc06a902a64df34f8ff0ef1b3717c4ece45b27dbb
Opcode Fuzzy Hash: 240a53cce41e712fecda31d62fca1f5ec666126a9b5778a96bab0817cadcd508
Instruction Fuzzy Hash: 8DC04C7D214300BFD114C710C881F2BB3A9EBD4710F50C90DB98542240E674FC009621

Function 05D08950 Relevance: .4, Instructions: 378COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.2432177447.0000000005D01000.00000020.00000001.01000000.0000001D.sdmp, Offset: 05D00000, based on PE: true

Associated: 00000012.00000002.2432135585.0000000005D00000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2432748975.0000000005D2D000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2434993691.0000000005DDB000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2435043213.0000000005DDD000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5d00000_SISTEMA.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8bff7124702e3af74210a845c7cebf87129949f5ec2c3e321d1ddeab90a92032
Instruction ID: 0af46faea98466258908c6db2a73e76cea4419ff85840ca8afd41d9ab3d27b5b
Opcode Fuzzy Hash: 8bff7124702e3af74210a845c7cebf87129949f5ec2c3e321d1ddeab90a92032
Instruction Fuzzy Hash: 04E101B580C3918BC725DF14C0903B6BBE1FF95258F48585FDAC65B382D3398446EB6A

Function 100509D0 Relevance: .3, Instructions: 258COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5f7517d7ab697b408434654cab2a7e86c13a9ab0c1a38f320db1464c3fbfdded
Instruction ID: 4c73f6ccb8e53c917798505016f0c0c5b788711d61121ac0d7a9c1290cad3bff
Opcode Fuzzy Hash: 5f7517d7ab697b408434654cab2a7e86c13a9ab0c1a38f320db1464c3fbfdded
Instruction Fuzzy Hash: 99B15F755083558FC308CF26C88041BFBE2FFC9254F498A9EF8859B786D774A589CB92

Function 10021900 Relevance: 39.0, APIs: 8, Strings: 14, Instructions: 462COMMON

Download Yara Rule

APIs

printf.MSVCR80 ref: 10021993
scanf.MSVCR80 ref: 100219A8
memcpy.MSVCR80(00000000,?,?,?), ref: 100219DE
_strnicmp.MSVCR80 ref: 100219FF
remove.MSVCR80 ref: 10021A24

Strings

Invalid incremental backup file: %s, xrefs: 10021BE6
Level 0 backup is not restored, xrefs: 10021A2F
Unsupported version %d of incremental backup file: %s, xrefs: 10021C08
Unexpected end of file when reading header of backup file: %s, xrefs: 10021B45
NBAK, xrefs: 10021B55
Wrong order of backup files or invalid incremental backup file detected, file: %s, xrefs: 10021CCC
Invalid level %d of incremental backup file: %s, expected %d, xrefs: 10021C29
Enter name of the backup file of level %d ("." - do not restore further): , xrefs: 1002198E
Unexpected end of file when reading header of restored database file (stage 2), xrefs: 10021E1D
%255s, xrefs: 100219A3
Cannot get backup guid clumplet from L0 backup, xrefs: 10021E81
Error (%d) creating database file: %s via copying from: %s, xrefs: 10021DA1
Unexpected end of backup file: %s, xrefs: 10021D65
Unexpected end of file when reading restored database header, xrefs: 10021DD9

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: _strnicmpmemcpyprintfremovescanf
String ID: %255s$Cannot get backup guid clumplet from L0 backup$Enter name of the backup file of level %d ("." - do not restore further): $Error (%d) creating database file: %s via copying from: %s$Invalid incremental backup file: %s$Invalid level %d of incremental backup file: %s, expected %d$Level 0 backup is not restored$NBAK$Unexpected end of backup file: %s$Unexpected end of file when reading header of backup file: %s$Unexpected end of file when reading header of restored database file (stage 2)$Unexpected end of file when reading restored database header$Unsupported version %d of incremental backup file: %s$Wrong order of backup files or invalid incremental backup file detected, file: %s
API String ID: 3354637004-3020114149
Opcode ID: fa7c4891dc2054dd7f305a8087a6901b60753608a1298fce32a6636298802f39
Instruction ID: 09e0e76dc824dc09f817b25da162365f1247a3302b74f3c7494a0aae25f7ec8c
Opcode Fuzzy Hash: fa7c4891dc2054dd7f305a8087a6901b60753608a1298fce32a6636298802f39
Instruction Fuzzy Hash: 1FF11379A002549BDB04CF24EC91BEB77FAEF5A344F954169FC459B242EB31E904C7A0

Function 05D14830 Relevance: 38.6, APIs: 12, Strings: 10, Instructions: 123libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(kernel32.dll,?,?,00000000,icuuc%s.dll), ref: 05D14859
GetProcAddress.KERNEL32(00000000,FindActCtxSectionStringA), ref: 05D1486B
GetModuleHandleA.KERNEL32(kernel32.dll), ref: 05D14877
GetProcAddress.KERNEL32(00000000,CreateActCtxA), ref: 05D14883
GetModuleHandleA.KERNEL32(kernel32.dll), ref: 05D14890
GetProcAddress.KERNEL32(00000000,ReleaseActCtx), ref: 05D1489C
GetModuleHandleA.KERNEL32(kernel32.dll), ref: 05D148A9
GetProcAddress.KERNEL32(00000000,ActivateActCtx), ref: 05D148B5
GetModuleHandleA.KERNEL32(kernel32.dll), ref: 05D148C2
GetProcAddress.KERNEL32(00000000,DeactivateActCtx), ref: 05D148CE
memset.MSVCR80 ref: 05D148F7
GetModuleFileNameA.KERNEL32(00000000,?,00000400), ref: 05D1496D

Strings

ReleaseActCtx, xrefs: 05D14896
FindActCtxSectionStringA, xrefs: 05D14865
DeactivateActCtx, xrefs: 05D148C8
msvcr80.dll, xrefs: 05D14906
icuuc%s.dll, xrefs: 05D14844
@, xrefs: 05D1490F
ActivateActCtx, xrefs: 05D148AF
kernel32.dll, xrefs: 05D14852, 05D1486F, 05D14888, 05D148A1, 05D148BA
CreateActCtxA, xrefs: 05D1487D
, xrefs: 05D14944

Memory Dump Source

Source File: 00000012.00000002.2432177447.0000000005D01000.00000020.00000001.01000000.0000001D.sdmp, Offset: 05D00000, based on PE: true

Associated: 00000012.00000002.2432135585.0000000005D00000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2432748975.0000000005D2D000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2434993691.0000000005DDB000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2435043213.0000000005DDD000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5d00000_SISTEMA.jbxd

Similarity

API ID: Module$AddressHandleProc$FileNamememset
String ID: $@$ActivateActCtx$CreateActCtxA$DeactivateActCtx$FindActCtxSectionStringA$ReleaseActCtx$icuuc%s.dll$kernel32.dll$msvcr80.dll
API String ID: 3235619015-656009687
Opcode ID: 137985739189eb8acc2f556aa3405300e8a1433594c98d563f996bcce822e5e4
Instruction ID: d7f681db92bbc6cb2110fc01569d8dbf88aad8119b5a7667f535242e29232187
Opcode Fuzzy Hash: 137985739189eb8acc2f556aa3405300e8a1433594c98d563f996bcce822e5e4
Instruction Fuzzy Hash: 93417BB1504345AFD720DF29EC81A2AFBE8FB84704F50492FB59AD7240DB74D5088B6A

Function 10019240 Relevance: 35.3, APIs: 13, Strings: 7, Instructions: 279filepipeCOMMON

Download Yara Rule

APIs

Part of subcall function 10018ED0: EnterCriticalSection.KERNEL32(05BCC320,94BA138F,?,?), ref: 10018F23
Part of subcall function 10018ED0: fb_shutdown_callback.FBCLIENT25(00000000,10018940,00000004,00000000), ref: 10018F50
Part of subcall function 10018ED0: sprintf.MSVCR80 ref: 10018FEE
Part of subcall function 10018ED0: CreateEventA.KERNEL32(00000000,00000001,00000001,00000000,?,?,?,?,0000010C,94BA138F,?,?), ref: 1001904D

CreateFileA.KERNEL32(-00000006,C0000000,00000000,00000000,00000003,40000000,00000000,?,?,00000000), ref: 10019304
GetLastError.KERNEL32(?,?,00000000), ref: 10019317
WaitNamedPipeA.KERNEL32(?,00000BB8), ref: 10019333
CreateFileA.KERNEL32(?,C0000000,00000000,00000000,00000003,40000000,00000000,?,?,00000000), ref: 1001934E

Part of subcall function 10029700: EnterCriticalSection.KERNEL32(?,05BC0014,00000002,?,05BC0014,100273D1,?,?,-000000F4,05BC0014,1002913C,-000000F4,00000001,05BC0014,00000000,10029570), ref: 10029726

Part of subcall function 100186D0: gds__log.FBCLIENT25(WNET/wnet_error: %s errno = %d,?,00000000,94BA138F,00000000,00000000,75732E90,000000FF,100189FB,ConnectNamedPipe,?,?,?,?,100193F7), ref: 1001870F

Part of subcall function 10018400: FlushFileBuffers.KERNEL32(10244C8B,00000000,75730E30,10019606,00000000,?,?,00000000), ref: 10018431
Part of subcall function 10018400: DisconnectNamedPipe.KERNEL32(10244C8B,?,?,00000000), ref: 1001843E
Part of subcall function 10018400: CloseHandle.KERNEL32(544E8366,00000000,75730E30,10019606,00000000,?,?,00000000), ref: 10018456
Part of subcall function 10018400: CloseHandle.KERNEL32(10244C8B,00000000,75730E30,10019606,00000000,?,?,00000000), ref: 1001846E

GetLastError.KERNEL32(?,?,00000000), ref: 100195F5

Strings

WNET/inet_error: fork/CreateProcess errno = %d, xrefs: 100194F5
D, xrefs: 100194A4
CreateNamedPipe, xrefs: 10019615
CreateFile, xrefs: 10019370
, xrefs: 1001943B
%s -w -h %ld@%lu, xrefs: 10019469
WNET, xrefs: 10019569

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: CreateFile$CloseCriticalEnterErrorHandleLastNamedPipeSection$BuffersDisconnectEventFlushWaitfb_shutdown_callbackgds__logsprintf
String ID: $%s -w -h %ld@%lu$CreateFile$CreateNamedPipe$D$WNET$WNET/inet_error: fork/CreateProcess errno = %d
API String ID: 2260550363-266077660
Opcode ID: 2729e04b64c2c73beabf5b4bb07aab71454fdaa5b0b25c7b95179206f5b54eb9
Instruction ID: ca29148c82f0228ce5c654698a65fdd544cbb21e7f10380cef020172741e2e28
Opcode Fuzzy Hash: 2729e04b64c2c73beabf5b4bb07aab71454fdaa5b0b25c7b95179206f5b54eb9
Instruction Fuzzy Hash: F7A1BDB0608741AFD314CF64CC91BABB7E9FB89348F50491CF6999B291DB34E944CB62

Function 1001C0D0 Relevance: 33.4, APIs: 11, Strings: 8, Instructions: 186filesynchronizationCOMMON

Download Yara Rule

APIs

CreateMutexA.KERNEL32(00000000,00000000,?,94BA138F,?,?,?,?,?,?,?,10230B60,000000FF), ref: 1001C1C8
GetLastError.KERNEL32(?,94BA138F,?,?,?,?,?,?,?,10230B60,000000FF), ref: 1001C1DD
CreateEventA.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,?,94BA138F), ref: 1001C220
GetLastError.KERNEL32(?,?,?,?,?,?,94BA138F,?,?,?,?,?,?,?,10230B60,000000FF), ref: 1001C22B
CreateEventA.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,94BA138F), ref: 1001C268
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,94BA138F), ref: 1001C273
CreateFileMappingA.KERNEL32(000000FF,00000000,00000004,00000000,00000018), ref: 1001C2B5

Part of subcall function 1002D680: strchr.MSVCR80 ref: 1002D6AB
Part of subcall function 1002D680: memmove.MSVCR80(?,?,?,102559A8,1038FB40,?,?,?,?,?,?,10230B60,000000FF), ref: 1002D6F9
Part of subcall function 1002D680: memcpy.MSVCR80(?,Global\,Global\,?,?,?,?,?,?,10230B60,000000FF), ref: 1002D706

GetLastError.KERNEL32 ref: 1001C2C4
MapViewOfFile.KERNEL32(00000000,00000002,00000000,00000000,00000018), ref: 1001C2E7
gds__register_cleanup.FBCLIENT25(Function_0001BFD0,00000000), ref: 1001C317
fb_shutdown_callback.FBCLIENT25(00000000,Function_0001B730,00000004,00000000), ref: 1001C325

Strings

%s_CONNECT_MAP, xrefs: 1001C28E
CreateFileMapping, xrefs: 1001C2CD
%s_RESPONSE_EVENT, xrefs: 1001C246
%s_CONNECT_MUTEX, xrefs: 1001C16C
%s_CONNECT_EVENT, xrefs: 1001C1F8
CreateMutex, xrefs: 1001C1E6
CreateEvent, xrefs: 1001C234, 1001C27C
MapViewOfFile, xrefs: 1001C2F6

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: CreateErrorLast$EventFile$MappingMutexViewfb_shutdown_callbackgds__register_cleanupmemcpymemmovestrchr
String ID: %s_CONNECT_EVENT$%s_CONNECT_MAP$%s_CONNECT_MUTEX$%s_RESPONSE_EVENT$CreateEvent$CreateFileMapping$CreateMutex$MapViewOfFile
API String ID: 4196203254-3848613889
Opcode ID: 88ffe24cf09765b8ed1ae95f3c3487e908781eee1cb3e24f6e4aef2f125b9761
Instruction ID: eda35f6dea86ce1bc799e0a7ad81d3add002a047acb6f724790554622302ecf4
Opcode Fuzzy Hash: 88ffe24cf09765b8ed1ae95f3c3487e908781eee1cb3e24f6e4aef2f125b9761
Instruction Fuzzy Hash: 425166B9800258BFD701DFA1DCA9FEFB6A8FBD1704F40461AF608DA181EB70E6048765

Function 10006450 Relevance: 31.7, APIs: 14, Strings: 4, Instructions: 189networkCOMMON

Download Yara Rule

APIs

memset.MSVCR80 ref: 100064B4
select.WS2_32(00000800,?,00000000,00000000,?), ref: 100064DD
WSAGetLastError.WS2_32 ref: 100064EF
select.WS2_32(00000800,?,00000000,00000000,?), ref: 10006515
WSAGetLastError.WS2_32 ref: 10006521
accept.WS2_32(00000000,?,?), ref: 1000653E
WSAGetLastError.WS2_32 ref: 10006546
socket.WS2_32(00000002,00000001,00000000), ref: 100065CC
WSAGetLastError.WS2_32 ref: 100065DD
getpeername.WS2_32(?,?,?), ref: 1000662F
WSAGetLastError.WS2_32 ref: 10006639
setsockopt.WS2_32(00000000,0000FFFF), ref: 10006695
connect.WS2_32(00000000,?,00000010), ref: 100066A6
WSAGetLastError.WS2_32 ref: 100066AE

Strings

connect, xrefs: 100066B8
select, xrefs: 1000657F
socket, xrefs: 100065E3, 1000663F
accept, xrefs: 1000654D

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: ErrorLast$select$acceptconnectgetpeernamememsetsetsockoptsocket
String ID: accept$connect$select$socket
API String ID: 1711631331-1939276783
Opcode ID: ea67610cabf35bd046495c4d1a94d46d03fe1ced5c69af78fd2974b319b05e7d
Instruction ID: bd5e5fc23fe950279d7bb09618d2844349aa2f7e70cc8782c17d42651de7b131
Opcode Fuzzy Hash: ea67610cabf35bd046495c4d1a94d46d03fe1ced5c69af78fd2974b319b05e7d
Instruction Fuzzy Hash: 0661C1B0604341AFE310DF64CC88AABB7E9FF88394F50492DF545D7295DB74A909CB92

Function 10005710 Relevance: 31.6, APIs: 13, Strings: 5, Instructions: 136processCOMMON

Download Yara Rule

APIs

GetModuleFileNameA.KERNEL32(00000000,?,00000104,94BA138F), ref: 10005760
GetCurrentProcess.KERNEL32(?,00000000,00000001,00000002), ref: 10005776
GetCurrentProcess.KERNEL32(?,00000000), ref: 1000577A
DuplicateHandle.KERNEL32(00000000,?,00000000), ref: 1000577D
GetLastError.KERNEL32(?,00000000), ref: 10005787
gds__log.FBCLIENT25(INET/inet_error: fork/DuplicateHandle errno = %d,00000000,?,00000000), ref: 10005793

Part of subcall function 1003AC40: _time64.MSVCR80 ref: 1003AC7B
Part of subcall function 1003AC40: WaitForSingleObject.KERNEL32 ref: 1003ACB1
Part of subcall function 1003AC40: fopen.MSVCR80 ref: 1003ACC1
Part of subcall function 1003AC40: _ctime64.MSVCR80 ref: 1003ACD5
Part of subcall function 1003AC40: fprintf.MSVCR80 ref: 1003AD03
Part of subcall function 1003AC40: vfprintf.MSVCR80 ref: 1003AD16
Part of subcall function 1003AC40: fprintf.MSVCR80 ref: 1003AD22
Part of subcall function 1003AC40: fclose.MSVCR80 ref: 1003AD25
Part of subcall function 1003AC40: ReleaseMutex.KERNEL32(00000388,00000388,000000FF), ref: 1003AD35

GetCurrentProcessId.KERNEL32 ref: 100057D2
CreateProcessA.KERNEL32 ref: 10005849
CloseHandle.KERNEL32(00000000), ref: 1000585E
CloseHandle.KERNEL32(00000000), ref: 10005865

Strings

INET/inet_error: fork/DuplicateHandle errno = %d, xrefs: 1000578E
%s -i -h %ld@%lu, xrefs: 100057EA
, xrefs: 100057BC
INET/inet_error: fork/CreateProcess errno = %d, xrefs: 1000588D
D, xrefs: 1000581E

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: Process$CurrentHandle$Closefprintf$CreateDuplicateErrorFileLastModuleMutexNameObjectReleaseSingleWait_ctime64_time64fclosefopengds__logvfprintf
String ID: $%s -i -h %ld@%lu$D$INET/inet_error: fork/CreateProcess errno = %d$INET/inet_error: fork/DuplicateHandle errno = %d
API String ID: 1800278170-962468250
Opcode ID: 6d743da4d09babfa09985a1b5259f0865d7ef05d0b4ec893fcf6fb3b280afcd0
Instruction ID: eee55a0a642c090c37671db9c9f885d7008e020e9950bacfd347bd1a8c99dbf5
Opcode Fuzzy Hash: 6d743da4d09babfa09985a1b5259f0865d7ef05d0b4ec893fcf6fb3b280afcd0
Instruction Fuzzy Hash: F7418CB1A08344AFD320DF65DC88F9BB7E8FB99344F50491DF68983250DF75A4048B66

Function 10022C20 Relevance: 30.2, APIs: 6, Strings: 11, Instructions: 464COMMON

Download Yara Rule

APIs

_strnicmp.MSVCR80 ref: 10022EAB
memcpy.MSVCR80(00000000,?,?,?), ref: 10022EF1
_strnicmp.MSVCR80 ref: 10022F3F

Part of subcall function 10020CB0: _errno.MSVCR80 ref: 10020CE1

__iob_func.MSVCR80 ref: 1002334F
fprintf.MSVCR80 ref: 10023359
exit.MSVCR80 ref: 100234F7

Strings

Unrecognized parameter %s, xrefs: 1002338D
None of -L, -N, -F, -B or -R specified, xrefs: 1002337A
TRUSTED_SVC, xrefs: 10022EA5
Wrong parameter %s for switch -D, need ON or OFF, xrefs: 100233E0
TRUSTED_ROLE, xrefs: 10022F39
WI-V2.5.6.27020 Firebird 2.5, xrefs: 10023345
Switch -S can be used only with -L, xrefs: 1002350D
Fetch password can't be used in service mode, xrefs: 100233EB
Physical Backup Manager version %s, xrefs: 1002334A
Unknown switch %s, xrefs: 100234BB, 100234D5, 100234EA
Error working with password file, xrefs: 10023404

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: _strnicmp$__iob_func_errnoexitfprintfmemcpy
String ID: Error working with password file$Fetch password can't be used in service mode$None of -L, -N, -F, -B or -R specified$Physical Backup Manager version %s$Switch -S can be used only with -L$TRUSTED_ROLE$TRUSTED_SVC$Unknown switch %s$Unrecognized parameter %s$WI-V2.5.6.27020 Firebird 2.5$Wrong parameter %s for switch -D, need ON or OFF
API String ID: 3298466808-2753074103
Opcode ID: 8c52c50bb2556835596d7e4890a3fa7321094495bc108ff207fbe9c355cdfeff
Instruction ID: 2ad70a4e1c8e409e0bf5b7d4ac0ac6ef15a7d0f8a3fe4c9dcf78817af829e5ab
Opcode Fuzzy Hash: 8c52c50bb2556835596d7e4890a3fa7321094495bc108ff207fbe9c355cdfeff
Instruction Fuzzy Hash: 66126D78508381ABD321CB64E885FDFB7E9EF99344F80891DF48987251DB35A909CB63

Function 1003B7F0 Relevance: 30.0, APIs: 12, Strings: 5, Instructions: 296COMMON

Download Yara Rule

Strings

2, xrefs: 1003B7F6
unknown dos error %ld, xrefs: 1003BADF
unknown ISC error %ld, xrefs: 1003B9FD
next/mach error %ld, xrefs: 1003BAE8
unknown Win32 error %ld, xrefs: 1003BB41

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID:
String ID: 2$next/mach error %ld$unknown ISC error %ld$unknown Win32 error %ld$unknown dos error %ld
API String ID: 0-3551060673
Opcode ID: 7d519538a927f50cae14219397a1f1b5d09d3cc2fe65778c729e046e2a7cf3a8
Instruction ID: 0c5047d3a10d29bbcea7c16e1dcda81ebfbb0748f2759e650789c4cb919ca036
Opcode Fuzzy Hash: 7d519538a927f50cae14219397a1f1b5d09d3cc2fe65778c729e046e2a7cf3a8
Instruction Fuzzy Hash: C3B1C5B56087429FD321CF14CC84BABBBE9EF85349F15451DFA898B251EB70E844CB62

Function 05D14E30 Relevance: 30.0, APIs: 12, Strings: 5, Instructions: 241memorystringCOMMON

Download Yara Rule

APIs

strchr.MSVCR80 ref: 05D14E9F
GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 05D14EE8
GetNamedSecurityInfoA.ADVAPI32(?,00000001,00000004,00000000,00000000,?,00000000), ref: 05D14F33
AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000221,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 05D14F7A
AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 05D14FA4
memset.MSVCR80 ref: 05D14FBE
SetEntriesInAclA.ADVAPI32(00000002,?,?,?), ref: 05D15007
SetNamedSecurityInfoA.ADVAPI32(?,00000001,00000004,00000000,00000000,?,00000000), ref: 05D1502C

Part of subcall function 05D1FF50: GetLastError.KERNEL32 ref: 05D1FF53
Part of subcall function 05D1FF50: _CxxThrowException.MSVCR80(00000000,05DD854C), ref: 05D1FF71

FreeSid.ADVAPI32(?), ref: 05D150B4
FreeSid.ADVAPI32(?), ref: 05D150C2
LocalFree.KERNEL32(?), ref: 05D150D0
LocalFree.KERNEL32(?), ref: 05D150DE

Strings

SetNamedSecurityInfo, xrefs: 05D15036
GetVolumeInformation, xrefs: 05D14EF2
AllocateAndInitializeSid, xrefs: 05D14F80, 05D14FAA
SetEntriesInAcl, xrefs: 05D15011
GetNamedSecurityInfo, xrefs: 05D14F3D

Memory Dump Source

Source File: 00000012.00000002.2432177447.0000000005D01000.00000020.00000001.01000000.0000001D.sdmp, Offset: 05D00000, based on PE: true

Associated: 00000012.00000002.2432135585.0000000005D00000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2432748975.0000000005D2D000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2434993691.0000000005DDB000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2435043213.0000000005DDD000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5d00000_SISTEMA.jbxd

Similarity

API ID: Free$AllocateInfoInitializeLocalNamedSecurity$EntriesErrorExceptionInformationLastThrowVolumememsetstrchr
String ID: AllocateAndInitializeSid$GetNamedSecurityInfo$GetVolumeInformation$SetEntriesInAcl$SetNamedSecurityInfo
API String ID: 1603834543-3179056192
Opcode ID: 85b70f76eaa340579d8d04df06dc8adbc72e494667af8cfc7d909de7757da6e1
Instruction ID: c1dab607a26e4c33558bd4efc7525fc5436b4415bec020a94feffbfae884bb66
Opcode Fuzzy Hash: 85b70f76eaa340579d8d04df06dc8adbc72e494667af8cfc7d909de7757da6e1
Instruction Fuzzy Hash: 468182B1A04249BFDF10DFA8EC85EAE7BA9FB54304F54842BF909D7240D670D948CBA5

Function 1001B360 Relevance: 30.0, APIs: 12, Strings: 5, Instructions: 229COMMON

Download Yara Rule

APIs

memset.MSVCR80 ref: 1001B3D6
GetCurrentProcess.KERNEL32(?,?,?,?,?,10230A50,000000FF), ref: 1001B3F7
GetCurrentProcess.KERNEL32(?,?,?,?,?,10230A50,000000FF), ref: 1001B400
DuplicateHandle.KERNEL32(00000000,?,?,00000014,00000000,00000000,00000002,?,?,?,?,?,10230A50,000000FF), ref: 1001B419
CreateEventA.KERNEL32(00000000,00000000,00000000), ref: 1001B474
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,10230A50,000000FF), ref: 1001B47D
CreateEventA.KERNEL32(00000000,00000000,00000001), ref: 1001B4CC
GetLastError.KERNEL32 ref: 1001B4D5
CreateEventA.KERNEL32(00000000,00000000,00000000), ref: 1001B524
GetLastError.KERNEL32 ref: 1001B52D
CreateEventA.KERNEL32(00000000,00000000,00000001), ref: 1001B57C
GetLastError.KERNEL32 ref: 1001B585

Strings

%s_E_S2C_EVNT_FILLED_%lu_%lu_%lu, xrefs: 1001B500
%s_E_S2C_EVNT_EMPTED_%lu_%lu_%lu, xrefs: 1001B558
CreateEvent, xrefs: 1001B48A, 1001B4E2, 1001B53A, 1001B592
%s_E_C2S_EVNT_EMPTED_%lu_%lu_%lu, xrefs: 1001B4A8
%s_E_C2S_EVNT_FILLED_%lu_%lu_%lu, xrefs: 1001B44A

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: CreateErrorEventLast$CurrentProcess$DuplicateHandlememset
String ID: %s_E_C2S_EVNT_EMPTED_%lu_%lu_%lu$%s_E_C2S_EVNT_FILLED_%lu_%lu_%lu$%s_E_S2C_EVNT_EMPTED_%lu_%lu_%lu$%s_E_S2C_EVNT_FILLED_%lu_%lu_%lu$CreateEvent
API String ID: 1029504326-3110033959
Opcode ID: 424cc481ac10203118f8dae6dc60e73fd491f2f3f038770a6739241b1cdb83b2
Instruction ID: b6b1956815110651f9d0a1018230b6606c5d53d89f56d6c83a52e404b1a1609c
Opcode Fuzzy Hash: 424cc481ac10203118f8dae6dc60e73fd491f2f3f038770a6739241b1cdb83b2
Instruction Fuzzy Hash: 48817AB5900605AFE724DF64CC85FAAB3B9FF48704F50856DE9099B281EB70F944CBA4

Function 05D0EF70 Relevance: 28.3, APIs: 10, Strings: 6, Instructions: 299COMMON

Download Yara Rule

APIs

memcpy.MSVCR80(00000000,00000000,-00000001,-00000001,521C82CE), ref: 05D0F00C
memcpy.MSVCR80(00000000,c:\Program Files\Firebird\,c:\Program Files\Firebird\,c:\Program Files\Firebird\), ref: 05D0F054
memcpy.MSVCR80(05DDB718,?,00000103), ref: 05D0F0A3
GetTempPathA.KERNEL32(00000104,05DDB820), ref: 05D0F101
memcpy.MSVCR80(05DDB820,?,00000103,00000008), ref: 05D0F16B

Strings

FIREBIRD_LOCK, xrefs: 05D0F197
c:\Program Files\Firebird\, xrefs: 05D0F02C, 05D0F041, 05D0F04D, 05D0F04E
c:\temp\, xrefs: 05D0F13B
FIREBIRD_MSG, xrefs: 05D0F2B2
firebird, xrefs: 05D0F1C6
FIREBIRD_TMP, xrefs: 05D0F0E2

Memory Dump Source

Source File: 00000012.00000002.2432177447.0000000005D01000.00000020.00000001.01000000.0000001D.sdmp, Offset: 05D00000, based on PE: true

Associated: 00000012.00000002.2432135585.0000000005D00000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2432748975.0000000005D2D000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2434993691.0000000005DDB000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2435043213.0000000005DDD000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5d00000_SISTEMA.jbxd

Similarity

API ID: memcpy$PathTemp
String ID: FIREBIRD_LOCK$FIREBIRD_MSG$FIREBIRD_TMP$c:\Program Files\Firebird\$c:\temp\$firebird
API String ID: 2547961022-1432337649
Opcode ID: d5af918c786cc71098c1092d3770f53e9a09f3163b7a58478aac73dfe5c35ce8
Instruction ID: 02928824bfb7d5f4063d46d1c6e5d2e2c35ab862cc26743d428d7318e1b32fc7
Opcode Fuzzy Hash: d5af918c786cc71098c1092d3770f53e9a09f3163b7a58478aac73dfe5c35ce8
Instruction Fuzzy Hash: 8AB1A271A04299ABDF20DF64D854BEE37A4EF14308F14855BEC49D7280EB719A48CBB6

Function 1003E090 Relevance: 28.3, APIs: 11, Strings: 5, Instructions: 265COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(05BCC1B0,94BA138F,?,?,?,?), ref: 1003E0E9
gds__prefix_msg.FBCLIENT25(00000000,?,00000000,-00000001,0000002F,FFFFFFFF,?,00000104), ref: 1003E226
gds__msg_open.FBCLIENT25(?,00000000,00000000,?,00000000,-00000001,0000002F,FFFFFFFF,?,00000104), ref: 1003E231
gds__prefix_msg.FBCLIENT25(00000000,firebird.msg,?,00000104), ref: 1003E242
gds__msg_open.FBCLIENT25(?,?), ref: 1003E15C

Part of subcall function 1003BD60: _open.MSVCR80 ref: 1003BD70

gds__alloc.FBCLIENT25(00000104), ref: 1003E16E
gds__msg_open.FBCLIENT25(?,00000000,00000000,firebird.msg,?,00000104), ref: 1003E24D
gds__free.FBCLIENT25(00000000,?,00000000,00000000,firebird.msg,?,00000104), ref: 1003E255
_lseek.MSVCR80 ref: 1003E2F5
_read.MSVCR80 ref: 1003E316
memcpy.MSVCR80(?,?,?), ref: 1003E3B4

Part of subcall function 1002C3E0: GetEnvironmentVariableA.KERNEL32(?,00000000,00000000,00000000,00000000,?,?,1003E14B), ref: 1002C3F3
Part of subcall function 1002C3E0: GetEnvironmentVariableA.KERNEL32(?,?,00000000,-00000001), ref: 1002C410

Strings

ISC_MSGS, xrefs: 1003E139
intl\%.10s.msg, xrefs: 1003E20C
, xrefs: 1003E128
firebird.msg, xrefs: 1003E23C
LC_MESSAGES, xrefs: 1003E1B0

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: gds__msg_open$EnvironmentVariablegds__prefix_msg$CriticalEnterSection_lseek_open_readgds__allocgds__freememcpy
String ID: $ISC_MSGS$LC_MESSAGES$firebird.msg$intl\%.10s.msg
API String ID: 2459356778-3041030200
Opcode ID: 5258dad979903880a6d26d8f56de8d60496d2ce373768f2b9de01695058f39a5
Instruction ID: ff43e2fdd2715d0189663d088c3bc5df0a6625b456fd075efb4c522b7933ce0f
Opcode Fuzzy Hash: 5258dad979903880a6d26d8f56de8d60496d2ce373768f2b9de01695058f39a5
Instruction Fuzzy Hash: 25A1ADB54087819FC321DB24C884AABB3E5FF85755F504B1DF8A58B2D1EB70AD44CBA2

Function 10005960 Relevance: 26.5, APIs: 11, Strings: 4, Instructions: 249networkCOMMON

Download Yara Rule

APIs

_time64.MSVCR80 ref: 100059A7
_time64.MSVCR80 ref: 100059D0
EnterCriticalSection.KERNEL32(05BCC420), ref: 100059E8
getsockopt.WS2_32 ref: 10005A7B
WSAGetLastError.WS2_32 ref: 10005A85

Strings

INET/select_wait: select failed, errno = %d, xrefs: 10005C71
INET/select_wait: found "not a socket" socket : %ld, xrefs: 10005B79
INET/select_wait: client rundown complete, server exiting, xrefs: 10005BDF
<, xrefs: 10005B30

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: _time64$CriticalEnterErrorLastSectiongetsockopt
String ID: <$INET/select_wait: client rundown complete, server exiting$INET/select_wait: found "not a socket" socket : %ld$INET/select_wait: select failed, errno = %d
API String ID: 4209766912-647069765
Opcode ID: c10c660b831b1b94ee48e3b07079ff19430b491f8334ad8924e99173fac77e2e
Instruction ID: e42d23becfdcf47375400ddb88b73de4dee113b7567f413b535cc333bd62847b
Opcode Fuzzy Hash: c10c660b831b1b94ee48e3b07079ff19430b491f8334ad8924e99173fac77e2e
Instruction Fuzzy Hash: B3A1E3B1A047819FE704CF24C8C4A5BFBE0FF453A5F518A2EE99583650D736E948CB92

Function 1002CDE0 Relevance: 26.5, APIs: 3, Strings: 12, Instructions: 211COMMON

Download Yara Rule

APIs

memcpy.MSVCR80(00000000,?,?,?), ref: 1002CFEF
gds__prefix.FBCLIENT25(?,?,?,00000054,00001000), ref: 1002D007
gds__prefix_msg.FBCLIENT25(?,?,misc,intl,help,examples/empbuild,examples,UDF,doc,include,lib,00000001,00000000,?,?,00000054), ref: 1002D0E9

Strings

, xrefs: 1002CE51
include, xrefs: 1002D090
misc, xrefs: 1002D0D6
UDF, xrefs: 1002D0A4
plugins, xrefs: 1002D086
lib, xrefs: 1002D07C
help, xrefs: 1002D0C2
examples, xrefs: 1002D0AE
intl, xrefs: 1002D0CC
doc, xrefs: 1002D09A
examples/empbuild, xrefs: 1002D0B8
bin, xrefs: 1002CF9F

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: gds__prefixgds__prefix_msgmemcpy
String ID: $UDF$bin$doc$examples$examples/empbuild$help$include$intl$lib$misc$plugins
API String ID: 355628883-460865629
Opcode ID: eab94e946b3dda5b0c86ef505074be034054f4aa7eed35e346b509a74a51ff58
Instruction ID: ccff6a82713146ccf7ee92edef40438fc5d3b66dfc0eef81ce1ee795ab40f473
Opcode Fuzzy Hash: eab94e946b3dda5b0c86ef505074be034054f4aa7eed35e346b509a74a51ff58
Instruction Fuzzy Hash: 5C816D7150C3859FD3A0CB68D950FDBBBEAEF85340F90492EE889C7241EB7195588B63

Function 10027120 Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 159COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(05BC0068,05BC0014,00000000,?,?,?,1002773F,00000000,?,?,?,?,?,94BA138F), ref: 10027131
fprintf.MSVCR80 ref: 1002714E
fprintf.MSVCR80 ref: 1002719C
fprintf.MSVCR80 ref: 1002720B
fprintf.MSVCR80 ref: 10027247
LeaveCriticalSection.KERNEL32(05BC0068), ref: 10027288
fprintf.MSVCR80 ref: 10027299

Strings

LARGE BLOCKS:, xrefs: 10027241
********* End of output for pool %p., xrefs: 100272DD
********* Printing contents of pool %p used=%ld mapped=%ld: parent %p , xrefs: 10027148
Blocks %lu min %lu max %lu size %lu , xrefs: 10027205
REDIRECTED TO PARENT %p:, xrefs: 10027293

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: fprintf$CriticalSection$EnterLeave
String ID: ********* End of output for pool %p.$********* Printing contents of pool %p used=%ld mapped=%ld: parent %p $Blocks %lu min %lu max %lu size %lu $LARGE BLOCKS:$REDIRECTED TO PARENT %p:
API String ID: 2502924276-129363586
Opcode ID: 41b550f6948638ed86589661239f635b3c5f8fff81c4e0fc09be91ab0c44d062
Instruction ID: ed4412df0df6fef35dcdbaf196929e5c1fb11c139c69be23034de9954bd9714f
Opcode Fuzzy Hash: 41b550f6948638ed86589661239f635b3c5f8fff81c4e0fc09be91ab0c44d062
Instruction Fuzzy Hash: 3F51BEB1904752ABC310CF24DC8496BB7E8FF88A58F51491DFC8AA3611D730E969CBE5

Function 05D1C860 Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 159COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(05C10068,05C10014,00000000,?,?,?,05D1CE7F,00000000,?,?,?,?,?,521C82CE), ref: 05D1C871
fprintf.MSVCR80 ref: 05D1C88E
fprintf.MSVCR80 ref: 05D1C8DC
fprintf.MSVCR80 ref: 05D1C94B
fprintf.MSVCR80 ref: 05D1C987
LeaveCriticalSection.KERNEL32(05C10068), ref: 05D1C9C8
fprintf.MSVCR80 ref: 05D1C9D9

Strings

********* Printing contents of pool %p used=%ld mapped=%ld: parent %p , xrefs: 05D1C888
********* End of output for pool %p., xrefs: 05D1CA1D
REDIRECTED TO PARENT %p:, xrefs: 05D1C9D3
Blocks %lu min %lu max %lu size %lu , xrefs: 05D1C945
LARGE BLOCKS:, xrefs: 05D1C981

Memory Dump Source

Source File: 00000012.00000002.2432177447.0000000005D01000.00000020.00000001.01000000.0000001D.sdmp, Offset: 05D00000, based on PE: true

Associated: 00000012.00000002.2432135585.0000000005D00000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2432748975.0000000005D2D000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2434993691.0000000005DDB000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2435043213.0000000005DDD000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5d00000_SISTEMA.jbxd

Similarity

API ID: fprintf$CriticalSection$EnterLeave
String ID: ********* End of output for pool %p.$********* Printing contents of pool %p used=%ld mapped=%ld: parent %p $Blocks %lu min %lu max %lu size %lu $LARGE BLOCKS:$REDIRECTED TO PARENT %p:
API String ID: 2502924276-129363586
Opcode ID: ea9e4072d5cc0f01e4b760202fee5ba6d8ad24ef01479bb3809d0d71984d5d89
Instruction ID: 7176e5f9c9ef5d286c25184571d03731c183daf455537fc2ce04fb8b9af44e88
Opcode Fuzzy Hash: ea9e4072d5cc0f01e4b760202fee5ba6d8ad24ef01479bb3809d0d71984d5d89
Instruction Fuzzy Hash: 2151BEB1954311ABC320DF24E88492BB7E9FF88619B04491AFC9667221D730ED15CBE6

Function 05D0C0F0 Relevance: 26.4, APIs: 12, Strings: 3, Instructions: 108synchronizationfileCOMMON

Download Yara Rule

APIs

_time64.MSVCR80 ref: 05D0C134
_umask.MSVCR80 ref: 05D0C166
WaitForSingleObject.KERNEL32(000003D8,000000FF,firebird.log), ref: 05D0C178
fopen.MSVCR80 ref: 05D0C188
_ctime64.MSVCR80 ref: 05D0C19C

Part of subcall function 05D13E50: GetComputerNameA.KERNEL32(?,00000104), ref: 05D13E64

fprintf.MSVCR80 ref: 05D0C1CA
vfprintf.MSVCR80 ref: 05D0C1DD
fprintf.MSVCR80 ref: 05D0C1E9

Part of subcall function 05D1C860: EnterCriticalSection.KERNEL32(05C10068,05C10014,00000000,?,?,?,05D1CE7F,00000000,?,?,?,?,?,521C82CE), ref: 05D1C871
Part of subcall function 05D1C860: fprintf.MSVCR80 ref: 05D1C88E
Part of subcall function 05D1C860: fprintf.MSVCR80 ref: 05D1C8DC
Part of subcall function 05D1C860: fprintf.MSVCR80 ref: 05D1C94B

fprintf.MSVCR80 ref: 05D0C200
fclose.MSVCR80 ref: 05D0C203
ReleaseMutex.KERNEL32(000003D8), ref: 05D0C213
_umask.MSVCR80 ref: 05D0C21E

Strings

(Client), xrefs: 05D0C1A6
%s%s%.25s, xrefs: 05D0C1C4
firebird.log, xrefs: 05D0C13A

Memory Dump Source

Source File: 00000012.00000002.2432177447.0000000005D01000.00000020.00000001.01000000.0000001D.sdmp, Offset: 05D00000, based on PE: true

Associated: 00000012.00000002.2432135585.0000000005D00000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2432748975.0000000005D2D000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2434993691.0000000005DDB000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2435043213.0000000005DDD000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5d00000_SISTEMA.jbxd

Similarity

API ID: fprintf$_umask$ComputerCriticalEnterMutexNameObjectReleaseSectionSingleWait_ctime64_time64fclosefopenvfprintf
String ID: %s%s%.25s$ (Client)$firebird.log
API String ID: 1533873717-2661498732
Opcode ID: 6d42dea22a61b14bea6a35dcf72f8a845486dcf74888f4715c3cad34206ebedd
Instruction ID: 34c318c9a590cfffecd32ca9726c6efb14ed10114d486e35991b38a3d9364a85
Opcode Fuzzy Hash: 6d42dea22a61b14bea6a35dcf72f8a845486dcf74888f4715c3cad34206ebedd
Instruction Fuzzy Hash: 9231C971618300ABD220EB68DC46F9BBBE9EF99714F00091BF50997380DB7595098FA6

Function 1002D440 Relevance: 26.3, APIs: 13, Strings: 2, Instructions: 78fileCOMMON

Download Yara Rule

APIs

_strnicmp.MSVCR80 ref: 1002D465
__iob_func.MSVCR80 ref: 1002D478
fopen.MSVCR80 ref: 1002D485
_fileno.MSVCR80 ref: 1002D49B
_isatty.MSVCR80 ref: 1002D49E
__iob_func.MSVCR80 ref: 1002D4B0
fprintf.MSVCR80 ref: 1002D4B6
__iob_func.MSVCR80 ref: 1002D4BC
fflush.MSVCR80 ref: 1002D4C2
_fileno.MSVCR80 ref: 1002D4CB
_get_osfhandle.MSVCR80 ref: 1002D4CE
GetConsoleMode.KERNEL32(00000000,?), ref: 1002D4DF
SetConsoleMode.KERNEL32(00000000,?), ref: 1002D507

Strings

Enter password: , xrefs: 1002D4AB
stdin, xrefs: 1002D45F

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: __iob_func$ConsoleMode_fileno$_get_osfhandle_isatty_strnicmpfflushfopenfprintf
String ID: Enter password: $stdin
API String ID: 1140414279-908668022
Opcode ID: 3d88d38d72cf275fadaf6b3f5d9f49e4035efcc3e0b59bfd19d3fb766fa52ad3
Instruction ID: 9f62e25130a9f385503beffa75988a1edc0d0aea5af43e02e797108cd255f43a
Opcode Fuzzy Hash: 3d88d38d72cf275fadaf6b3f5d9f49e4035efcc3e0b59bfd19d3fb766fa52ad3
Instruction Fuzzy Hash: 8321F0B1600212ABD700EBB8EC8CAABB7E8EF59259F55041AF945C3260DB74EC54C768

Function 05D23030 Relevance: 26.3, APIs: 13, Strings: 2, Instructions: 78fileCOMMON

Download Yara Rule

APIs

_strnicmp.MSVCR80 ref: 05D23055
__iob_func.MSVCR80 ref: 05D23068
fopen.MSVCR80 ref: 05D23075
_fileno.MSVCR80 ref: 05D2308B
_isatty.MSVCR80 ref: 05D2308E
__iob_func.MSVCR80 ref: 05D230A0
fprintf.MSVCR80 ref: 05D230A6
__iob_func.MSVCR80 ref: 05D230AC
fflush.MSVCR80 ref: 05D230B2
_fileno.MSVCR80 ref: 05D230BB
_get_osfhandle.MSVCR80 ref: 05D230BE
GetConsoleMode.KERNEL32(00000000,?), ref: 05D230CF
SetConsoleMode.KERNEL32(00000000,?), ref: 05D230F7

Strings

Enter password: , xrefs: 05D2309B
stdin, xrefs: 05D2304F

Memory Dump Source

Source File: 00000012.00000002.2432177447.0000000005D01000.00000020.00000001.01000000.0000001D.sdmp, Offset: 05D00000, based on PE: true

Associated: 00000012.00000002.2432135585.0000000005D00000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2432748975.0000000005D2D000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2434993691.0000000005DDB000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2435043213.0000000005DDD000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5d00000_SISTEMA.jbxd

Similarity

API ID: __iob_func$ConsoleMode_fileno$_get_osfhandle_isatty_strnicmpfflushfopenfprintf
String ID: Enter password: $stdin
API String ID: 1140414279-908668022
Opcode ID: 884a80f0a79d34b9782a9995d503dd1c0ec5dee6ab289af5ba65272cbfdc4700
Instruction ID: 08a69c6e62c4f6dd84f02abac3ad59e08ff48de1a92f57e044c1423077a1611c
Opcode Fuzzy Hash: 884a80f0a79d34b9782a9995d503dd1c0ec5dee6ab289af5ba65272cbfdc4700
Instruction Fuzzy Hash: E321C2B16042019BDB20AF79DD0AA26BBA9AF64655F04481BF946C3340DF39E446CB72

Function 101AC350 Relevance: 24.8, APIs: 9, Strings: 5, Instructions: 315COMMON

Download Yara Rule

APIs

isc_service_start.FBCLIENT25(?,?,00000000,?,00000004), ref: 101AC4AA
memset.MSVCR80 ref: 101AC52A
isc_service_query.FBCLIENT25 ref: 101AC57B

Strings

, xrefs: 101AC505
>, xrefs: 101AC572
D, xrefs: 101AC6C6
>, xrefs: 101AC590
@, xrefs: 101AC4B7

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: isc_service_queryisc_service_startmemset
String ID: $>$>$@$D
API String ID: 3126026249-3156718831
Opcode ID: 720e907f4f823753e9590adcb504f0c7b1bc5ef5deee58ff874743015f3a3d24
Instruction ID: e2df694ce4344f0a970aadfb28119b0136f5acf428e4dc80b1d7202fd05d1cb1
Opcode Fuzzy Hash: 720e907f4f823753e9590adcb504f0c7b1bc5ef5deee58ff874743015f3a3d24
Instruction Fuzzy Hash: DBD14AB55083C5DED730CB24C990BEBBBE9EB95344F40891DE58987241E778AA48CB93

Function 10025890 Relevance: 24.7, APIs: 1, Strings: 13, Instructions: 237COMMON

Download Yara Rule

APIs

Part of subcall function 100579D0: EnterCriticalSection.KERNEL32(05BCBF28,?,?,?,?,?,10235923,000000FF), ref: 10057A01

Part of subcall function 100562F0: GetCurrentThreadId.KERNEL32 ref: 100562F4

Part of subcall function 10056890: _lseek.MSVCR80 ref: 100568AE

_localtime64.MSVCR80 ref: 100259CB

Strings

Session ID: %d, xrefs: 1002597E
, system, xrefs: 10025ABC
, audit, xrefs: 10025AE2
, xrefs: 10025A16
date: %04d-%02d-%02d %02d:%02d:%02d, xrefs: 100259F1
active, xrefs: 10025A3E
flags: %s, xrefs: 10025B5F
name: %s, xrefs: 1002599B
user: %s, xrefs: 100259B7
, admin, xrefs: 10025A8B
, log full, xrefs: 10025B36
suspend, xrefs: 10025A5A
, trace, xrefs: 10025B05

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: CriticalCurrentEnterSectionThread_localtime64_lseek
String ID: Session ID: %d$ $ date: %04d-%02d-%02d %02d:%02d:%02d$ flags: %s$ name: %s$ user: %s$, admin$, audit$, log full$, system$, trace$active$suspend
API String ID: 1717167772-1310110209
Opcode ID: 7700c5d8d602d0121022653b6cf40d51976a25cd9a7e1718a431b8e976f6bdcc
Instruction ID: 6aae9905b38c0bbf433e23d0b1a54ed21a289e40cdf5ba1f6c49fc6a7cc7ad5e
Opcode Fuzzy Hash: 7700c5d8d602d0121022653b6cf40d51976a25cd9a7e1718a431b8e976f6bdcc
Instruction Fuzzy Hash: 71A192741083449FC314DF14E895EABB7E5FF89700F40855CF98A8B3A2DB71A944CBA6

Function 1001AE80 Relevance: 24.6, APIs: 6, Strings: 8, Instructions: 147fileCOMMON

Download Yara Rule

APIs

Part of subcall function 1002C460: _vsnprintf.MSVCR80 ref: 1002C476

OpenMutexA.KERNEL32(001F0001,00000001), ref: 1001AF0A
GetLastError.KERNEL32(?,94BA138F,?,?,?,?,?,102309F0,000000FF), ref: 1001AF19
OpenEventA.KERNEL32(001F0003,00000000,?,?,?,?,?,94BA138F,?,?,?,?,?,102309F0,000000FF), ref: 1001AFAB
OpenEventA.KERNEL32(001F0003,00000000,?,?,?,?,?,?,?,?,?,94BA138F), ref: 1001AFE8
OpenFileMappingA.KERNEL32(00000002,00000001,00000000), ref: 1001B023
MapViewOfFile.KERNEL32(00000000,00000002,00000000,00000000,00000018), ref: 1001B04B

Strings

OpenMutex, xrefs: 1001AF73
%s_CONNECT_MAP, xrefs: 1001B005
%s_RESPONSE_EVENT, xrefs: 1001AFC8
%s_CONNECT_MUTEX, xrefs: 1001AEC3
%s_CONNECT_EVENT, xrefs: 1001AF85
OpenFileMapping, xrefs: 1001B032
MapViewOfFile, xrefs: 1001B05A
OpenEvent, xrefs: 1001AFB6, 1001AFF3

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: Open$EventFile$ErrorLastMappingMutexView_vsnprintf
String ID: %s_CONNECT_EVENT$%s_CONNECT_MAP$%s_CONNECT_MUTEX$%s_RESPONSE_EVENT$MapViewOfFile$OpenEvent$OpenFileMapping$OpenMutex
API String ID: 1825724990-1496405921
Opcode ID: b1d0f186ecbb5fe2f2acc41d105597e68247adb03743013748bc60e9bc405c66
Instruction ID: bfe970b6e5e3d54160d759f88810783c27560b159a9511e13c68ac49ed768152
Opcode Fuzzy Hash: b1d0f186ecbb5fe2f2acc41d105597e68247adb03743013748bc60e9bc405c66
Instruction Fuzzy Hash: B45169B4900218AFD701DF94DCA6FEBB3ECFB94704F50425AF608C6291EB70A654CB91

Function 1003AD80 Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 108synchronizationfileCOMMON

Download Yara Rule

APIs

_time64.MSVCR80 ref: 1003ADC4
_umask.MSVCR80 ref: 1003ADF6
WaitForSingleObject.KERNEL32(00000388,000000FF,firebird.log), ref: 1003AE08
fopen.MSVCR80 ref: 1003AE18
_ctime64.MSVCR80 ref: 1003AE2C

Part of subcall function 1004E790: GetComputerNameA.KERNEL32(10264973,00000104), ref: 1004E7A4

fprintf.MSVCR80 ref: 1003AE5A
vfprintf.MSVCR80 ref: 1003AE6D
fprintf.MSVCR80 ref: 1003AE79

Part of subcall function 10027120: EnterCriticalSection.KERNEL32(05BC0068,05BC0014,00000000,?,?,?,1002773F,00000000,?,?,?,?,?,94BA138F), ref: 10027131
Part of subcall function 10027120: fprintf.MSVCR80 ref: 1002714E
Part of subcall function 10027120: fprintf.MSVCR80 ref: 1002719C
Part of subcall function 10027120: fprintf.MSVCR80 ref: 1002720B

fprintf.MSVCR80 ref: 1003AE90
fclose.MSVCR80 ref: 1003AE93
ReleaseMutex.KERNEL32(00000388), ref: 1003AEA3
_umask.MSVCR80 ref: 1003AEAE

Strings

%s%s%.25s, xrefs: 1003AE54
firebird.log, xrefs: 1003ADCA

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: fprintf$_umask$ComputerCriticalEnterMutexNameObjectReleaseSectionSingleWait_ctime64_time64fclosefopenvfprintf
String ID: %s%s%.25s$firebird.log
API String ID: 1533873717-895070797
Opcode ID: 52e23c804d81b8d81a8c91fb25cf6af7eb1c4daf58fc95a64c3e0150e28caaf3
Instruction ID: 63a211cf141dda77c431fb240c1123c51fad57b0a6a5ae282796e8a7b7c66022
Opcode Fuzzy Hash: 52e23c804d81b8d81a8c91fb25cf6af7eb1c4daf58fc95a64c3e0150e28caaf3
Instruction Fuzzy Hash: 72310871604310AFC310DB64DC89FEBB7E8EF89719F40091DF94997290DB39A558CB9A

Function 10020D50 Relevance: 24.6, APIs: 10, Strings: 4, Instructions: 93COMMON

Download Yara Rule

APIs

__iob_func.MSVCR80 ref: 10020D84
fprintf.MSVCR80 ref: 10020D90
__iob_func.MSVCR80 ref: 10020DD0
fprintf.MSVCR80 ref: 10020DD6
__iob_func.MSVCR80 ref: 10020DE0
fprintf.MSVCR80 ref: 10020DE6
isc_rollback_transaction.FBCLIENT25(?,00000000,Database error), ref: 10020E12
isc_detach_database.FBCLIENT25(?,?,Database error), ref: 10020E30

Part of subcall function 1002B590: _CxxThrowException.MSVCR80(?,102B40AC), ref: 1002B5AB

Strings

detach database, xrefs: 10020E39
Database error, xrefs: 10020DEE, 10020E0A
SQLCODE:%ld, xrefs: 10020DCB
rollback transaction, xrefs: 10020E1B

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: __iob_funcfprintf$ExceptionThrowisc_detach_databaseisc_rollback_transaction
String ID: Database error$SQLCODE:%ld$detach database$rollback transaction
API String ID: 625071758-498226055
Opcode ID: 447d1e06eb34a94d47554c61f6d0f5a304a2739c9d2ca43dddd685bb427c53b6
Instruction ID: 77741846cc35d8f05893ae3fcfd565a80c38c9624b76dd7ae89a639f7fab4972
Opcode Fuzzy Hash: 447d1e06eb34a94d47554c61f6d0f5a304a2739c9d2ca43dddd685bb427c53b6
Instruction Fuzzy Hash: AD21F4B66003046BD350EB64BC41FEB779CDF89605F400829F949E7142EA30F90886BA

Function 101BF140 Relevance: 24.3, APIs: 16, Instructions: 310COMMON

Download Yara Rule

APIs

memset.MSVCR80 ref: 101BF1C9
isc_compile_request.FBCLIENT25(?,?,?,00000123,10292950), ref: 101BF229
isc_start_and_send.FBCLIENT25(?,?,?,00000000,00000040,?,00000000,?,?,00000020,?,?,00000020), ref: 101BF276
isc_receive.FBCLIENT25(?,?,00000001,00000028,?,00000000,?,?,?,?,00000020,?,?,00000020), ref: 101BF29E
isc_receive.FBCLIENT25(?,?,00000001,00000028,?,00000000), ref: 101BF30B
isc_release_request.FBCLIENT25(?,00000000,?,?,?,?,00000020,?,?,00000020), ref: 101BF32F
isc_release_request.FBCLIENT25(00000000,00000000), ref: 101BF355
isc_compile_request.FBCLIENT25(?,?,?,0000012D,10292820), ref: 101BF383
isc_start_and_send.FBCLIENT25(?,00000000,?,00000000,00000040,?,00000000,?,?,00000020,?,?,00000020), ref: 101BF3CC
isc_receive.FBCLIENT25(?,?,00000001,00000028,?,00000000,?,?,00000020,?,?,00000020), ref: 101BF3F4
isc_receive.FBCLIENT25(?,?,00000001,00000028,?,00000000,?,?,00000020,?,?,00000020), ref: 101BF465
isc_release_request.FBCLIENT25(00000000,00000000,?,?,00000020,?,?,00000020), ref: 101BF48A

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: isc_receive$isc_release_request$isc_compile_requestisc_start_and_send$memset
String ID:
API String ID: 2285747270-0
Opcode ID: d4111b9bbf1d58b44979bf5a803c8c7f7574a21348a70610a858728f95ce1c6c
Instruction ID: 21648b76d98ffc2b1d25c4e0db0454a78e7ee315c5416432cb311aaddbddbe64
Opcode Fuzzy Hash: d4111b9bbf1d58b44979bf5a803c8c7f7574a21348a70610a858728f95ce1c6c
Instruction Fuzzy Hash: FCC12A751483419BE324DB54C981FEBB3F8EFC8704F40491DF68997290EB75A948CBA2

Function 05D0CDB0 Relevance: 23.0, APIs: 8, Strings: 5, Instructions: 296COMMON

Download Yara Rule

Strings

unknown Win32 error %ld, xrefs: 05D0D101
unknown ISC error %ld, xrefs: 05D0CFBD
unknown dos error %ld, xrefs: 05D0D09F
next/mach error %ld, xrefs: 05D0D0A8
2, xrefs: 05D0CDB6

Memory Dump Source

Source File: 00000012.00000002.2432177447.0000000005D01000.00000020.00000001.01000000.0000001D.sdmp, Offset: 05D00000, based on PE: true

Associated: 00000012.00000002.2432135585.0000000005D00000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2432748975.0000000005D2D000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2434993691.0000000005DDB000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2435043213.0000000005DDD000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5d00000_SISTEMA.jbxd

Similarity

API ID:
String ID: 2$next/mach error %ld$unknown ISC error %ld$unknown Win32 error %ld$unknown dos error %ld
API String ID: 0-3551060673
Opcode ID: b312c366478ad01b87069425788d959ab10153023458685cbd3ae3496febde11
Instruction ID: 00f3439eb6026dab436ed09b20b409c881e87ef97ba7368b86e5c7f97afe4ab5
Opcode Fuzzy Hash: b312c366478ad01b87069425788d959ab10153023458685cbd3ae3496febde11
Instruction Fuzzy Hash: 62B1B0B56083419FD720DB28C885BBBBBE6FF95304F04451BF58987390EA71E845CBA2

Function 10023201 Relevance: 23.0, APIs: 4, Strings: 9, Instructions: 287COMMON

Download Yara Rule

APIs

atoi.MSVCR80 ref: 1002321F

Part of subcall function 10001690: memcpy.MSVCR80(00000000,00000FFF,00001000,00000FFF,10046AE8,?,1002CFB0,bin), ref: 100016B6

__iob_func.MSVCR80 ref: 1002334F
fprintf.MSVCR80 ref: 10023359
exit.MSVCR80 ref: 100234F7

Strings

Unrecognized parameter %s, xrefs: 1002338D
None of -L, -N, -F, -B or -R specified, xrefs: 1002337A
Wrong parameter %s for switch -D, need ON or OFF, xrefs: 100233E0
WI-V2.5.6.27020 Firebird 2.5, xrefs: 10023345
Switch -S can be used only with -L, xrefs: 1002350D
Fetch password can't be used in service mode, xrefs: 100233EB
Physical Backup Manager version %s, xrefs: 1002334A
Unknown switch %s, xrefs: 100234BB, 100234D5, 100234EA
Error working with password file, xrefs: 10023404

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: __iob_funcatoiexitfprintfmemcpy
String ID: Error working with password file$Fetch password can't be used in service mode$None of -L, -N, -F, -B or -R specified$Physical Backup Manager version %s$Switch -S can be used only with -L$Unknown switch %s$Unrecognized parameter %s$WI-V2.5.6.27020 Firebird 2.5$Wrong parameter %s for switch -D, need ON or OFF
API String ID: 2446648-2898684966
Opcode ID: c929e709a86d22dece36a84a4ab5fa5b016a1a36f11b8e2e3b30fa4eaa7c82f2
Instruction ID: d0f24eedfcb66f04bff840641425be7184f31af7c93a4c8e30d6084063b8b6bc
Opcode Fuzzy Hash: c929e709a86d22dece36a84a4ab5fa5b016a1a36f11b8e2e3b30fa4eaa7c82f2
Instruction Fuzzy Hash: C6B171B9604241ABC624DF54E885DEFB3E9EFD8744F90890CF58657241DB31FD068BA2

Function 10023037 Relevance: 23.0, APIs: 3, Strings: 10, Instructions: 280COMMON

Download Yara Rule

APIs

Part of subcall function 10003BE0: memcpy.MSVCR80(00000000,?,?,?), ref: 10003C06

Part of subcall function 1002A010: CharUpperBuffA.USER32(00000000,?,10004270,?,00000000,?,00000000,00000010,?,?,?,?), ref: 1002A019

__iob_func.MSVCR80 ref: 1002334F
fprintf.MSVCR80 ref: 10023359
exit.MSVCR80 ref: 100234F7

Part of subcall function 10022170: printf.MSVCR80 ref: 100221EB

Strings

OFF, xrefs: 1002307F
Unrecognized parameter %s, xrefs: 1002338D
None of -L, -N, -F, -B or -R specified, xrefs: 1002337A
Wrong parameter %s for switch -D, need ON or OFF, xrefs: 100233E0
WI-V2.5.6.27020 Firebird 2.5, xrefs: 10023345
Switch -S can be used only with -L, xrefs: 1002350D
Fetch password can't be used in service mode, xrefs: 100233EB
Physical Backup Manager version %s, xrefs: 1002334A
Unknown switch %s, xrefs: 100234BB, 100234D5, 100234EA
Error working with password file, xrefs: 10023404

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: BuffCharUpper__iob_funcexitfprintfmemcpyprintf
String ID: Error working with password file$Fetch password can't be used in service mode$None of -L, -N, -F, -B or -R specified$OFF$Physical Backup Manager version %s$Switch -S can be used only with -L$Unknown switch %s$Unrecognized parameter %s$WI-V2.5.6.27020 Firebird 2.5$Wrong parameter %s for switch -D, need ON or OFF
API String ID: 655733894-4236478410
Opcode ID: 97f5148305d96ce2a8a7f8e69eb9953a744582eedf1fee48e93c2e527559d647
Instruction ID: 3cd3b00c3013bf531bef066f4b8443a188ff0416872ca1678f2c54c8f4012f3b
Opcode Fuzzy Hash: 97f5148305d96ce2a8a7f8e69eb9953a744582eedf1fee48e93c2e527559d647
Instruction Fuzzy Hash: 26A18079608241ABC624DB54E885EEFB3E9EFD8744F90881CF58657242DB31FD09CB62

Function 10036640 Relevance: 23.0, APIs: 6, Strings: 7, Instructions: 236stringCOMMON

Download Yara Rule

APIs

memset.MSVCR80 ref: 100366A4
gds__msg_lookup.FBCLIENT25(?,?,?,00000078,?,00000000), ref: 100366C9

Part of subcall function 1003E090: EnterCriticalSection.KERNEL32(05BCC1B0,94BA138F,?,?,?,?), ref: 1003E0E9
Part of subcall function 1003E090: gds__msg_open.FBCLIENT25(?,?), ref: 1003E15C
Part of subcall function 1003E090: gds__alloc.FBCLIENT25(00000104), ref: 1003E16E

strchr.MSVCR80 ref: 100366EC

Part of subcall function 1002C460: _vsnprintf.MSVCR80 ref: 1002C476

memcpy.MSVCR80(00000000,?,?,?), ref: 10036896
memcpy.MSVCR80(?,?,?,?,?,?,?,?,?,?,?,00000078,?,00000000), ref: 10036952

Strings

message text not found, xrefs: 100367D9
message file , xrefs: 1003682C
message system code %d, xrefs: 10036900
not found, xrefs: 100368E1
firebird.msg, xrefs: 1003684C
can't format message %d:%d -- , xrefs: 100367B1
, xrefs: 10036785

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: memcpy$CriticalEnterSection_vsnprintfgds__allocgds__msg_lookupgds__msg_openmemsetstrchr
String ID: $ not found$can't format message %d:%d -- $firebird.msg$message file $message system code %d$message text not found
API String ID: 205489448-2724754996
Opcode ID: 15a85a6b1cbb9e1afce7af95638b43531ccbc5097f4fe38d4f88dea667bce738
Instruction ID: 05e2a86c414c44339f7366a196fe40dcd767865d609e3dc452b94cef032a93f1
Opcode Fuzzy Hash: 15a85a6b1cbb9e1afce7af95638b43531ccbc5097f4fe38d4f88dea667bce738
Instruction Fuzzy Hash: 58919175508340AFC325CB14DC85FEBB7E8EB8A744F40895DF9898B291DB34A944C7A2

Function 1001CD00 Relevance: 23.0, APIs: 7, Strings: 6, Instructions: 228COMMON

Download Yara Rule

APIs

memset.MSVCR80 ref: 1001CD58

Part of subcall function 1002C460: _vsnprintf.MSVCR80 ref: 1002C476

memset.MSVCR80 ref: 1001CD85
OpenProcess.KERNEL32(00100000,00000000,?), ref: 1001CDB1
CreateEventA.KERNEL32(00000000,00000000,00000000,?), ref: 1001CE28
CreateEventA.KERNEL32(00000000,00000000,00000000,?), ref: 1001CE7D
CreateEventA.KERNEL32(00000000,00000000,00000000,?), ref: 1001CED2
CreateEventA.KERNEL32(00000000,00000000,00000000,?), ref: 1001CF27

Part of subcall function 1002B1F0: GetLastError.KERNEL32 ref: 1002B1F3
Part of subcall function 1002B1F0: _CxxThrowException.MSVCR80(00000000,102B3F80), ref: 1002B211

Strings

%s_E_C2S_DATA_FILLED_%lu_%lu_%lu, xrefs: 1001CDF1
CreateEvent, xrefs: 1001CE35, 1001CE8A, 1001CEDF, 1001CF34
%s_E_S2C_DATA_EMPTED_%lu_%lu_%lu, xrefs: 1001CEFD
%s_E_C2S_DATA_EMPTED_%lu_%lu_%lu, xrefs: 1001CE53
%s_E_S2C_DATA_FILLED_%lu_%lu_%lu, xrefs: 1001CEA8
OpenProcess, xrefs: 1001CDBE

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: CreateEvent$memset$ErrorExceptionLastOpenProcessThrow_vsnprintf
String ID: %s_E_C2S_DATA_EMPTED_%lu_%lu_%lu$%s_E_C2S_DATA_FILLED_%lu_%lu_%lu$%s_E_S2C_DATA_EMPTED_%lu_%lu_%lu$%s_E_S2C_DATA_FILLED_%lu_%lu_%lu$CreateEvent$OpenProcess
API String ID: 3059165855-4171042947
Opcode ID: fda28f89fa40147b216bb5102d23bca4ff8771eb66d41578d8ccd054eac4dab3
Instruction ID: 8c697f2c6f35b4f616cf47dde1201cb54baf69e01bdd1d51351090a252d06c87
Opcode Fuzzy Hash: fda28f89fa40147b216bb5102d23bca4ff8771eb66d41578d8ccd054eac4dab3
Instruction Fuzzy Hash: 47818CB4A00219AFE710CF64DC95FABB7B8FB48700F508569F90997281E770F954CBA5

Function 1001B090 Relevance: 23.0, APIs: 8, Strings: 5, Instructions: 206COMMON

Download Yara Rule

APIs

memset.MSVCR80 ref: 1001B10D
GetCurrentProcess.KERNEL32(?,?,?,?,10230A20,000000FF), ref: 1001B12E
GetCurrentProcess.KERNEL32(?,?,?,?,10230A20,000000FF), ref: 1001B137
DuplicateHandle.KERNEL32(00000000,?,?,00000014,00000000,00000000,00000002,?,?,?,?,10230A20,000000FF), ref: 1001B150
OpenEventA.KERNEL32(001F0003,00000000,?,?,?,?,?,?,?,?,?,?,?,?,10230A20,000000FF), ref: 1001B1A8
OpenEventA.KERNEL32(001F0003,00000000), ref: 1001B1F0

Strings

%s_E_S2C_EVNT_FILLED_%lu_%lu_%lu, xrefs: 1001B217
%s_E_S2C_EVNT_EMPTED_%lu_%lu_%lu, xrefs: 1001B25F
%s_E_C2S_EVNT_EMPTED_%lu_%lu_%lu, xrefs: 1001B1CF
%s_E_C2S_EVNT_FILLED_%lu_%lu_%lu, xrefs: 1001B181
OpenEvent, xrefs: 1001B1B1, 1001B1F9, 1001B241, 1001B289

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: CurrentEventOpenProcess$DuplicateHandlememset
String ID: %s_E_C2S_EVNT_EMPTED_%lu_%lu_%lu$%s_E_C2S_EVNT_FILLED_%lu_%lu_%lu$%s_E_S2C_EVNT_EMPTED_%lu_%lu_%lu$%s_E_S2C_EVNT_FILLED_%lu_%lu_%lu$OpenEvent
API String ID: 3694200859-3006427986
Opcode ID: 00ed0185c508d0ab1702509ae88536ecee9502803d73bd5f93e564f2166882cd
Instruction ID: 16907a55d125d410fef425b8473f189c7d3674766a89eadc35bd3caec6e6e5df
Opcode Fuzzy Hash: 00ed0185c508d0ab1702509ae88536ecee9502803d73bd5f93e564f2166882cd
Instruction Fuzzy Hash: E57168B5A00605AFE724DF54CC91FABB3A8FB48704F50865DF90A9B241E770F908CBA4

Function 10005D90 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 107networkCOMMON

Download Yara Rule

APIs

send.WS2_32(?,?,?,00000000), ref: 10005DBB
WSAGetLastError.WS2_32(?,00000000), ref: 10005DCB
WSAGetLastError.WS2_32(?,00000000), ref: 10005DD6
WSAGetLastError.WS2_32(?,00000000), ref: 10005DE3
send.WS2_32(?,?,00000001,00000001), ref: 10005E32
WSAGetLastError.WS2_32 ref: 10005E40
WSAGetLastError.WS2_32 ref: 10005E4A
WSAGetLastError.WS2_32 ref: 10005E55
WSAGetLastError.WS2_32 ref: 10005E62
SleepEx.KERNEL32(00000032,00000001), ref: 10005E7A
send.WS2_32(?,?,00000001,00000001), ref: 10005E8D

Strings

send, xrefs: 10005DE9
send/oob, xrefs: 10005EAA

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: ErrorLast$send$Sleep
String ID: send$send/oob
API String ID: 2446644961-3793127860
Opcode ID: 10dfb3c79bd8affc30d9a99ec1b8cd868a8a3677e063e77cf477922d14f8f3dd
Instruction ID: 03978678961f432c595ec4f4558b5e9feb4108dd095ca6f67ebd58aa66471cc7
Opcode Fuzzy Hash: 10dfb3c79bd8affc30d9a99ec1b8cd868a8a3677e063e77cf477922d14f8f3dd
Instruction Fuzzy Hash: 6A31293670029157FA18CB24CC8CAFBB3EAEB847D6F91051AF9C297194CB329C029325

Function 100230A2 Relevance: 21.3, APIs: 3, Strings: 9, Instructions: 320COMMON

Download Yara Rule

APIs

__iob_func.MSVCR80 ref: 1002334F
fprintf.MSVCR80 ref: 10023359
exit.MSVCR80 ref: 100234F7

Strings

Unrecognized parameter %s, xrefs: 1002338D
None of -L, -N, -F, -B or -R specified, xrefs: 1002337A
Wrong parameter %s for switch -D, need ON or OFF, xrefs: 100233E0
WI-V2.5.6.27020 Firebird 2.5, xrefs: 10023345
Switch -S can be used only with -L, xrefs: 1002350D
Fetch password can't be used in service mode, xrefs: 100233EB
Physical Backup Manager version %s, xrefs: 1002334A
Unknown switch %s, xrefs: 100234BB, 100234D5, 100234EA
Error working with password file, xrefs: 10023404

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: __iob_funcexitfprintf
String ID: Error working with password file$Fetch password can't be used in service mode$None of -L, -N, -F, -B or -R specified$Physical Backup Manager version %s$Switch -S can be used only with -L$Unknown switch %s$Unrecognized parameter %s$WI-V2.5.6.27020 Firebird 2.5$Wrong parameter %s for switch -D, need ON or OFF
API String ID: 1812070341-2898684966
Opcode ID: f58632b618aa88e6b7096ac4075bdfd1d6e7eae208c74c8c6b31450a34a50b10
Instruction ID: 32da90636b45fa696c0ba7b7a59a05b493e3c867ebfa3668e63ce9b1640e7d8c
Opcode Fuzzy Hash: f58632b618aa88e6b7096ac4075bdfd1d6e7eae208c74c8c6b31450a34a50b10
Instruction Fuzzy Hash: 66C19279608241ABD624DB54E885EEFB3E9EFD8744F90890CF58557202DB30FD0A8B63

Function 10023273 Relevance: 21.3, APIs: 3, Strings: 9, Instructions: 303COMMON

Download Yara Rule

APIs

exit.MSVCR80 ref: 100234F7

Part of subcall function 10001690: memcpy.MSVCR80(00000000,00000FFF,00001000,00000FFF,10046AE8,?,1002CFB0,bin), ref: 100016B6

__iob_func.MSVCR80 ref: 1002334F
fprintf.MSVCR80 ref: 10023359

Strings

Unrecognized parameter %s, xrefs: 1002338D
None of -L, -N, -F, -B or -R specified, xrefs: 1002337A
Wrong parameter %s for switch -D, need ON or OFF, xrefs: 100233E0
WI-V2.5.6.27020 Firebird 2.5, xrefs: 10023345
Switch -S can be used only with -L, xrefs: 1002350D
Fetch password can't be used in service mode, xrefs: 100233EB
Physical Backup Manager version %s, xrefs: 1002334A
Unknown switch %s, xrefs: 100234BB, 100234D5, 100234EA
Error working with password file, xrefs: 10023404

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: __iob_funcexitfprintfmemcpy
String ID: Error working with password file$Fetch password can't be used in service mode$None of -L, -N, -F, -B or -R specified$Physical Backup Manager version %s$Switch -S can be used only with -L$Unknown switch %s$Unrecognized parameter %s$WI-V2.5.6.27020 Firebird 2.5$Wrong parameter %s for switch -D, need ON or OFF
API String ID: 2742137465-2898684966
Opcode ID: 66cb548ec3430b4e78f48dda3055f5cfb2f2952af1e245b0ac6a9a195c37d005
Instruction ID: fc67fc9a6ad8dec462ff4fdad459c56633226eb513b0888edc47def243f0b5d3
Opcode Fuzzy Hash: 66cb548ec3430b4e78f48dda3055f5cfb2f2952af1e245b0ac6a9a195c37d005
Instruction Fuzzy Hash: 11B17179608241ABC624DF54E885EEFB3E9EBD8744F90890CF58657241DB31FD098B62

Function 10023197 Relevance: 21.3, APIs: 3, Strings: 9, Instructions: 268COMMON

Download Yara Rule

APIs

_strnicmp.MSVCR80 ref: 10022EAB
memcpy.MSVCR80(00000000,?,?,?), ref: 10022EF1
exit.MSVCR80 ref: 100234F7

Part of subcall function 10001690: memcpy.MSVCR80(00000000,00000FFF,00001000,00000FFF,10046AE8,?,1002CFB0,bin), ref: 100016B6

__iob_func.MSVCR80 ref: 1002334F
fprintf.MSVCR80 ref: 10023359

Part of subcall function 10021170: exit.MSVCR80 ref: 10021332

Part of subcall function 10022170: printf.MSVCR80 ref: 100221EB

Strings

Unrecognized parameter %s, xrefs: 1002338D
None of -L, -N, -F, -B or -R specified, xrefs: 1002337A
Wrong parameter %s for switch -D, need ON or OFF, xrefs: 100233E0
WI-V2.5.6.27020 Firebird 2.5, xrefs: 10023345
Switch -S can be used only with -L, xrefs: 1002350D
Fetch password can't be used in service mode, xrefs: 100233EB
Physical Backup Manager version %s, xrefs: 1002334A
Unknown switch %s, xrefs: 100234BB, 100234D5, 100234EA
Error working with password file, xrefs: 10023404

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: exitmemcpy$__iob_func_strnicmpfprintfprintf
String ID: Error working with password file$Fetch password can't be used in service mode$None of -L, -N, -F, -B or -R specified$Physical Backup Manager version %s$Switch -S can be used only with -L$Unknown switch %s$Unrecognized parameter %s$WI-V2.5.6.27020 Firebird 2.5$Wrong parameter %s for switch -D, need ON or OFF
API String ID: 162686583-2898684966
Opcode ID: d898dce9c050af9115b29165df82f58e3ef64451dda305d9530107aa889e4691
Instruction ID: 8f155d8a9a4b947bcf94f792f8f0e7240225d44da619e605738de076bc0266f9
Opcode Fuzzy Hash: d898dce9c050af9115b29165df82f58e3ef64451dda305d9530107aa889e4691
Instruction Fuzzy Hash: D6A181B9608241ABD624DF54E885EEFB3E9EFD8740F90890CF58657241DB30FD068B62

Function 100231CC Relevance: 21.3, APIs: 3, Strings: 9, Instructions: 268COMMON

Download Yara Rule

APIs

_strnicmp.MSVCR80 ref: 10022EAB
memcpy.MSVCR80(00000000,?,?,?), ref: 10022EF1
exit.MSVCR80 ref: 100234F7

Part of subcall function 10001690: memcpy.MSVCR80(00000000,00000FFF,00001000,00000FFF,10046AE8,?,1002CFB0,bin), ref: 100016B6

__iob_func.MSVCR80 ref: 1002334F
fprintf.MSVCR80 ref: 10023359

Part of subcall function 10021170: exit.MSVCR80 ref: 10021332

Strings

Unrecognized parameter %s, xrefs: 1002338D
None of -L, -N, -F, -B or -R specified, xrefs: 1002337A
Wrong parameter %s for switch -D, need ON or OFF, xrefs: 100233E0
WI-V2.5.6.27020 Firebird 2.5, xrefs: 10023345
Switch -S can be used only with -L, xrefs: 1002350D
Fetch password can't be used in service mode, xrefs: 100233EB
Physical Backup Manager version %s, xrefs: 1002334A
Unknown switch %s, xrefs: 100234BB, 100234D5, 100234EA
Error working with password file, xrefs: 10023404

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: exitmemcpy$__iob_func_strnicmpfprintf
String ID: Error working with password file$Fetch password can't be used in service mode$None of -L, -N, -F, -B or -R specified$Physical Backup Manager version %s$Switch -S can be used only with -L$Unknown switch %s$Unrecognized parameter %s$WI-V2.5.6.27020 Firebird 2.5$Wrong parameter %s for switch -D, need ON or OFF
API String ID: 3541442401-2898684966
Opcode ID: 4c0e8d276d08bba9cf14e5bb85bbf369b61665e090e10facfe215f24d1f8ab90
Instruction ID: bec490771278cb013ebda34254057005d5c8f74d7567698fe9853a7ee302a412
Opcode Fuzzy Hash: 4c0e8d276d08bba9cf14e5bb85bbf369b61665e090e10facfe215f24d1f8ab90
Instruction Fuzzy Hash: 91A180B9608241ABC624DF54E885EEFB3E9EBD8744F90890CF58657241DB30FD098B63

Function 10023317 Relevance: 21.3, APIs: 3, Strings: 9, Instructions: 265COMMON

Download Yara Rule

APIs

_strnicmp.MSVCR80 ref: 10022EAB
memcpy.MSVCR80(00000000,?,?,?), ref: 10022EF1
__iob_func.MSVCR80 ref: 1002334F
fprintf.MSVCR80 ref: 10023359

Part of subcall function 10021170: exit.MSVCR80 ref: 10021332

exit.MSVCR80 ref: 100234F7

Strings

Unrecognized parameter %s, xrefs: 1002338D
None of -L, -N, -F, -B or -R specified, xrefs: 1002337A
Wrong parameter %s for switch -D, need ON or OFF, xrefs: 100233E0
WI-V2.5.6.27020 Firebird 2.5, xrefs: 10023345
Switch -S can be used only with -L, xrefs: 1002350D
Fetch password can't be used in service mode, xrefs: 100233EB
Physical Backup Manager version %s, xrefs: 1002334A
Unknown switch %s, xrefs: 100234BB, 100234D5, 100234EA
Error working with password file, xrefs: 10023404

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: exit$__iob_func_strnicmpfprintfmemcpy
String ID: Error working with password file$Fetch password can't be used in service mode$None of -L, -N, -F, -B or -R specified$Physical Backup Manager version %s$Switch -S can be used only with -L$Unknown switch %s$Unrecognized parameter %s$WI-V2.5.6.27020 Firebird 2.5$Wrong parameter %s for switch -D, need ON or OFF
API String ID: 923349274-2898684966
Opcode ID: 8419013f5bad58295877888f81c4c6a77e54ecc279d7f612f6b846bf12ca798a
Instruction ID: a915e83105d0662e2becb35cdefdf1a6a323562bbaa9ed81f6d12774f0f4f231
Opcode Fuzzy Hash: 8419013f5bad58295877888f81c4c6a77e54ecc279d7f612f6b846bf12ca798a
Instruction Fuzzy Hash: A2A170B9604241ABC624DF64E885DEFB3E9EFD8740F90890CF58597241DB34FD058B62

Function 1002302D Relevance: 21.3, APIs: 3, Strings: 9, Instructions: 259COMMON

Download Yara Rule

APIs

_strnicmp.MSVCR80 ref: 10022EAB
memcpy.MSVCR80(00000000,?,?,?), ref: 10022EF1
__iob_func.MSVCR80 ref: 1002334F
fprintf.MSVCR80 ref: 10023359

Part of subcall function 10021170: exit.MSVCR80 ref: 10021332

exit.MSVCR80 ref: 100234F7

Part of subcall function 10022170: printf.MSVCR80 ref: 100221EB

Strings

Unrecognized parameter %s, xrefs: 1002338D
None of -L, -N, -F, -B or -R specified, xrefs: 1002337A
Wrong parameter %s for switch -D, need ON or OFF, xrefs: 100233E0
WI-V2.5.6.27020 Firebird 2.5, xrefs: 10023345
Switch -S can be used only with -L, xrefs: 1002350D
Fetch password can't be used in service mode, xrefs: 100233EB
Physical Backup Manager version %s, xrefs: 1002334A
Unknown switch %s, xrefs: 100234BB, 100234D5, 100234EA
Error working with password file, xrefs: 10023404

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: exit$__iob_func_strnicmpfprintfmemcpyprintf
String ID: Error working with password file$Fetch password can't be used in service mode$None of -L, -N, -F, -B or -R specified$Physical Backup Manager version %s$Switch -S can be used only with -L$Unknown switch %s$Unrecognized parameter %s$WI-V2.5.6.27020 Firebird 2.5$Wrong parameter %s for switch -D, need ON or OFF
API String ID: 2956408229-2898684966
Opcode ID: c248415ef26ac7b7ff1a420de147531c0d9f4eabdbb44c75cd64d7cd8b5695a9
Instruction ID: a648473fc68ca1be50f87ebb6af353728623c0c24689607c21888290a06caf43
Opcode Fuzzy Hash: c248415ef26ac7b7ff1a420de147531c0d9f4eabdbb44c75cd64d7cd8b5695a9
Instruction Fuzzy Hash: 40A171B9608241ABD624DB64E885EEFB3E9EFD8740F90890CF58657241DB34FD058B63

Function 10023310 Relevance: 21.3, APIs: 3, Strings: 9, Instructions: 259COMMON

Download Yara Rule

APIs

_strnicmp.MSVCR80 ref: 10022EAB
memcpy.MSVCR80(00000000,?,?,?), ref: 10022EF1
__iob_func.MSVCR80 ref: 1002334F
fprintf.MSVCR80 ref: 10023359

Part of subcall function 10021170: exit.MSVCR80 ref: 10021332

exit.MSVCR80 ref: 100234F7

Part of subcall function 10022170: printf.MSVCR80 ref: 100221EB

Strings

Unrecognized parameter %s, xrefs: 1002338D
None of -L, -N, -F, -B or -R specified, xrefs: 1002337A
Wrong parameter %s for switch -D, need ON or OFF, xrefs: 100233E0
WI-V2.5.6.27020 Firebird 2.5, xrefs: 10023345
Switch -S can be used only with -L, xrefs: 1002350D
Fetch password can't be used in service mode, xrefs: 100233EB
Physical Backup Manager version %s, xrefs: 1002334A
Unknown switch %s, xrefs: 100234BB, 100234D5, 100234EA
Error working with password file, xrefs: 10023404

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: exit$__iob_func_strnicmpfprintfmemcpyprintf
String ID: Error working with password file$Fetch password can't be used in service mode$None of -L, -N, -F, -B or -R specified$Physical Backup Manager version %s$Switch -S can be used only with -L$Unknown switch %s$Unrecognized parameter %s$WI-V2.5.6.27020 Firebird 2.5$Wrong parameter %s for switch -D, need ON or OFF
API String ID: 2956408229-2898684966
Opcode ID: c93c6f91155ea76b74ec256ab12667f5301d4dce16a5d2a23ef896d8dc2ad08b
Instruction ID: 6a3f903a990d555aa20f1dee6af9cdbf710f437bb01b108e758f8ecc42ca10a2
Opcode Fuzzy Hash: c93c6f91155ea76b74ec256ab12667f5301d4dce16a5d2a23ef896d8dc2ad08b
Instruction Fuzzy Hash: 0CA171B9608241ABD624DB64E885DEFB3E9EFD8740F90890CF58657241DB34FD058B63

Function 05D28970 Relevance: 21.3, APIs: 7, Strings: 5, Instructions: 256filestringCOMMON

Download Yara Rule

APIs

fopen.MSVCR80 ref: 05D289C4
memcpy.MSVCR80(00000000,0000001C,Missing configuration file: ,0000001C), ref: 05D289F8
memcpy.MSVCR80(00000000,?,?,?,?,?,0000001C), ref: 05D28A12
feof.MSVCR80 ref: 05D28A5B
strchr.MSVCR80 ref: 05D28AC2

Strings

, xrefs: 05D28A8C, 05D28B03
, xrefs: 05D28A41
Missing configuration file: , xrefs: 05D289E6
: illegal line ", xrefs: 05D28BE9
%d bad lines in %s, xrefs: 05D28CF0

Memory Dump Source

Source File: 00000012.00000002.2432177447.0000000005D01000.00000020.00000001.01000000.0000001D.sdmp, Offset: 05D00000, based on PE: true

Associated: 00000012.00000002.2432135585.0000000005D00000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2432748975.0000000005D2D000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2434993691.0000000005DDB000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2435043213.0000000005DDD000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5d00000_SISTEMA.jbxd

Similarity

API ID: memcpy$feoffopenstrchr
String ID: $ $%d bad lines in %s$: illegal line "$Missing configuration file:
API String ID: 474285890-75846262
Opcode ID: 03a325781c00d1a409e350b81dfcbc4e3ebd6f1a152bd6f9cf83e72262fa0662
Instruction ID: 9b997890c315e77858e89a03a8ed293422eeae4610266d9d13fff148477ab95a
Opcode Fuzzy Hash: 03a325781c00d1a409e350b81dfcbc4e3ebd6f1a152bd6f9cf83e72262fa0662
Instruction Fuzzy Hash: 39A172B16083909BD734DB64D855BDBB7E9EFA8308F04491EE589C3240EB71A548DBA3

Function 05D0F082 Relevance: 21.2, APIs: 7, Strings: 5, Instructions: 219COMMON

Download Yara Rule

APIs

memcpy.MSVCR80(05DDB718,?,00000103), ref: 05D0F0A3
GetTempPathA.KERNEL32(00000104,05DDB820), ref: 05D0F101
memcpy.MSVCR80(05DDB820,?,00000103,00000008), ref: 05D0F16B
SHGetSpecialFolderPathA.SHELL32(00000000,?,00000023,00000001,?,?,?,?,00000008), ref: 05D0F1BC

Part of subcall function 05D25960: memcpy.MSVCR80(00000000,?,?,?,521C82CE,521C82CE,?,00000000), ref: 05D259BA

memcpy.MSVCR80(05DDB610,?,00000103,?,?,?,?,00000008), ref: 05D0F27A
memcpy.MSVCR80(00000000,?,?,?,?,?,?,?,?,?,?,?,?,00000008), ref: 05D0F2E0
memcpy.MSVCR80(05DDB928,?,00000103,?,?,?,?,?,?,?,?,?,00000008), ref: 05D0F301

Strings

FIREBIRD_LOCK, xrefs: 05D0F197
c:\temp\, xrefs: 05D0F13B
FIREBIRD_MSG, xrefs: 05D0F2B2
firebird, xrefs: 05D0F1C6
FIREBIRD_TMP, xrefs: 05D0F0E2

Memory Dump Source

Source File: 00000012.00000002.2432177447.0000000005D01000.00000020.00000001.01000000.0000001D.sdmp, Offset: 05D00000, based on PE: true

Associated: 00000012.00000002.2432135585.0000000005D00000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2432748975.0000000005D2D000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2434993691.0000000005DDB000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2435043213.0000000005DDD000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5d00000_SISTEMA.jbxd

Similarity

API ID: memcpy$Path$FolderSpecialTemp
String ID: FIREBIRD_LOCK$FIREBIRD_MSG$FIREBIRD_TMP$c:\temp\$firebird
API String ID: 3626498042-2863822508
Opcode ID: 77f40e1403b646d210e01db29f93346020a077c24a5ef5516054c4722b1b8c86
Instruction ID: a9bb522fb7046669414c8783c5178fa4f29a1ae36afc71e6dcad5aa151fc9ec9
Opcode Fuzzy Hash: 77f40e1403b646d210e01db29f93346020a077c24a5ef5516054c4722b1b8c86
Instruction Fuzzy Hash: D281AF71A04289AADF20DFA4D844BED37A4EF14308F14946BFC49D7380E7749A49CBB6

Function 1003E410 Relevance: 21.2, APIs: 5, Strings: 7, Instructions: 214COMMON

Download Yara Rule

APIs

gds__alloc.FBCLIENT25(?,94BA138F), ref: 1003E4E3
gds__msg_lookup.FBCLIENT25(?,?,?,?,?,00000000,?,94BA138F), ref: 1003E517

Part of subcall function 1003E090: EnterCriticalSection.KERNEL32(05BCC1B0,94BA138F,?,?,?,?), ref: 1003E0E9
Part of subcall function 1003E090: gds__msg_open.FBCLIENT25(?,?), ref: 1003E15C
Part of subcall function 1003E090: gds__alloc.FBCLIENT25(00000104), ref: 1003E16E

gds__prefix_msg.FBCLIENT25(?,firebird.msg,message file ), ref: 1003E60A

Part of subcall function 1002C460: _vsnprintf.MSVCR80 ref: 1002C476

memcpy.MSVCR80(00000000,?,?,00000000), ref: 1003E653
gds__free.FBCLIENT25(00000000), ref: 1003E6B7

Strings

message text not found, xrefs: 1003E5B4
message file , xrefs: 1003E5F2
, xrefs: 1003E56A
message system code %d, xrefs: 1003E625
not found, xrefs: 1003E61D
firebird.msg, xrefs: 1003E600
can't format message %d:%d -- , xrefs: 1003E592

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: gds__alloc$CriticalEnterSection_vsnprintfgds__freegds__msg_lookupgds__msg_opengds__prefix_msgmemcpy
String ID: $ not found$can't format message %d:%d -- $firebird.msg$message file $message system code %d$message text not found
API String ID: 3164338313-2724754996
Opcode ID: 5f24b1b440254d533fd9cb43908f33432ecad72d1e03031bc939e58731f18094
Instruction ID: 0b7fa2e6407b89842bafe2c3e4a645ea5bb7a8a04b6197c91ad90137cab4dc02
Opcode Fuzzy Hash: 5f24b1b440254d533fd9cb43908f33432ecad72d1e03031bc939e58731f18094
Instruction Fuzzy Hash: C781BE755083819FC325CF28C881BABB7E4FBCA744F504A5DF4898B2D1EB34A944CB96

Function 10023CFE Relevance: 21.2, APIs: 4, Strings: 10, Instructions: 161COMMON

Download Yara Rule

APIs

memcpy.MSVCR80(?,?,?), ref: 10023D1E

Strings

Sweep interval:%ld, xrefs: 10023DA4
Backup difference file:%s, xrefs: 10023E0C
*END*, xrefs: 10023E83
Continuation file:%s, xrefs: 10023D66
Last logical page:%ld, xrefs: 10023D89
Replay logging file:%s, xrefs: 10023DD4
Database backup GUID:%s, xrefs: 10023E3B
Encoded option %d, length %d, xrefs: 10023E61
Unrecognized option %d, length %d, xrefs: 10023E5A
Root file name:%s, xrefs: 10023D2E

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: memcpy
String ID: *END*$Backup difference file:%s$Continuation file:%s$Database backup GUID:%s$Encoded option %d, length %d$Last logical page:%ld$Replay logging file:%s$Root file name:%s$Sweep interval:%ld$Unrecognized option %d, length %d
API String ID: 3510742995-3357329499
Opcode ID: ca1320a0c1a6820fb75e8150177310ab8677c842f81d27ba2696297a8a865786
Instruction ID: bc96991c17659d1d15887b4b6df1f945c2ef6e6545ed431d17ebc7cd5e40f86f
Opcode Fuzzy Hash: ca1320a0c1a6820fb75e8150177310ab8677c842f81d27ba2696297a8a865786
Instruction Fuzzy Hash: 5A51D371108152ABC725DB54DC51FEBB3BAEF9A600F10864DF6944B181D32AF91A8BE1

Function 05D0BFB0 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 86synchronizationfileCOMMON

Download Yara Rule

APIs

_time64.MSVCR80 ref: 05D0BFEB
WaitForSingleObject.KERNEL32 ref: 05D0C021
fopen.MSVCR80 ref: 05D0C031
_ctime64.MSVCR80 ref: 05D0C045

Part of subcall function 05D13E50: GetComputerNameA.KERNEL32(?,00000104), ref: 05D13E64

fprintf.MSVCR80 ref: 05D0C073
vfprintf.MSVCR80 ref: 05D0C086
fprintf.MSVCR80 ref: 05D0C092
fclose.MSVCR80 ref: 05D0C095
ReleaseMutex.KERNEL32(000003D8,000003D8,000000FF), ref: 05D0C0A5

Strings

(Client), xrefs: 05D0C04F
%s%s%.25s, xrefs: 05D0C06D
firebird.log, xrefs: 05D0BFF1

Memory Dump Source

Source File: 00000012.00000002.2432177447.0000000005D01000.00000020.00000001.01000000.0000001D.sdmp, Offset: 05D00000, based on PE: true

Associated: 00000012.00000002.2432135585.0000000005D00000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2432748975.0000000005D2D000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2434993691.0000000005DDB000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2435043213.0000000005DDD000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5d00000_SISTEMA.jbxd

Similarity

API ID: fprintf$ComputerMutexNameObjectReleaseSingleWait_ctime64_time64fclosefopenvfprintf
String ID: %s%s%.25s$ (Client)$firebird.log
API String ID: 2986222824-2661498732
Opcode ID: b3fcc5994484b2749b0c88958197760956cb4e0ce76b915c0b105c56eea0c1c9
Instruction ID: 1fd2bd2bff3093202ed7fb72545bfd2ccad440d50fb266a057b5a3f882a928e0
Opcode Fuzzy Hash: b3fcc5994484b2749b0c88958197760956cb4e0ce76b915c0b105c56eea0c1c9
Instruction Fuzzy Hash: 3B31C2B1518340ABD320EB28DC46F9BBBA9EF94714F400A1AF50987390DB749549CFA2

Function 05D22980 Relevance: 19.7, APIs: 1, Strings: 12, Instructions: 211COMMON

Download Yara Rule

APIs

memcpy.MSVCR80(00000000,?,?,?), ref: 05D22B8F

Strings

misc, xrefs: 05D22C76
bin, xrefs: 05D22B3F
plugins, xrefs: 05D22C26
examples/empbuild, xrefs: 05D22C58
examples, xrefs: 05D22C4E
doc, xrefs: 05D22C3A
help, xrefs: 05D22C62
include, xrefs: 05D22C30
intl, xrefs: 05D22C6C
UDF, xrefs: 05D22C44
lib, xrefs: 05D22C1C
, xrefs: 05D229F1

Memory Dump Source

Source File: 00000012.00000002.2432177447.0000000005D01000.00000020.00000001.01000000.0000001D.sdmp, Offset: 05D00000, based on PE: true

Associated: 00000012.00000002.2432135585.0000000005D00000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2432748975.0000000005D2D000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2434993691.0000000005DDB000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2435043213.0000000005DDD000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5d00000_SISTEMA.jbxd

Similarity

API ID: memcpy
String ID: $UDF$bin$doc$examples$examples/empbuild$help$include$intl$lib$misc$plugins
API String ID: 3510742995-460865629
Opcode ID: cc8531f0a609dc0c587a48cbbdb2b4e5bcd24e7f1ba542cb3e0ea24e06654e3d
Instruction ID: 54bd52a4697edb4be8fa877e19b9cff7769d194b73d6d4b31874bf982a07be7c
Opcode Fuzzy Hash: cc8531f0a609dc0c587a48cbbdb2b4e5bcd24e7f1ba542cb3e0ea24e06654e3d
Instruction Fuzzy Hash: 64813B756083919FD334DF249854FABB7E6EB95308F44892FE0CAC7254EA319508CB63

Function 10039450 Relevance: 19.6, APIs: 5, Strings: 6, Instructions: 363COMMON

Download Yara Rule

APIs

memcpy.MSVCR80(00000000,?,?,?,00000000,102559A8,-00000001,00000000,00000001,?), ref: 10039581
memcpy.MSVCR80(00000000,?,?,?), ref: 1003962A
memcpy.MSVCR80(00000000,?,?,?,00000000,102559A8,-00000001,00000000,00000001,?), ref: 10039707
memcpy.MSVCR80(00000000,?,?,?), ref: 100397BC
gds__log.FBCLIENT25(DirectoryList: unknown parameter '%s', defaulting to None,?,00000001,?), ref: 10039953

Strings

None, xrefs: 10039878
DirectoryList: unknown parameter '%s', defaulting to None, xrefs: 1003994E
, xrefs: 10039772
Restrict, xrefs: 10039916
Firebird::string - pos out of range, xrefs: 10039516
Full, xrefs: 100398C9

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: memcpy$gds__log
String ID: $DirectoryList: unknown parameter '%s', defaulting to None$Firebird::string - pos out of range$Full$None$Restrict
API String ID: 769635992-4133646969
Opcode ID: fcaa0f5337057a39bf5bf400a1128a9517746d2f930f0a96ac3483dfafb31d5a
Instruction ID: b5c9d30851a02dbdebde7e44a5fa8484605d07d686fb78d123659a7675a0bde5
Opcode Fuzzy Hash: fcaa0f5337057a39bf5bf400a1128a9517746d2f930f0a96ac3483dfafb31d5a
Instruction Fuzzy Hash: 0CD1B0B55083809FD725CB28D842BEFB7E8EF96744F40491DF58987242EB71A548C7A3

Function 10002CA0 Relevance: 19.5, APIs: 8, Strings: 3, Instructions: 228COMMON

Download Yara Rule

APIs

sprintf.MSVCR80 ref: 10002E10
sprintf.MSVCR80 ref: 10002E4A
__alldvrm.LIBCMT ref: 10002E76
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 10002E97
sprintf.MSVCR80 ref: 10002EAE
__alldvrm.LIBCMT ref: 10002ED0
sprintf.MSVCR80 ref: 10002EDF
memset.MSVCR80 ref: 10002F21

Strings

?%c?, xrefs: 10002E0A
%I64d.%.2I64d, xrefs: 10002EA8, 10002ED9
%I64d, xrefs: 10002E44

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: sprintf$__alldvrm$Unothrow_t@std@@@__ehfuncinfo$??2@memset
String ID: %I64d$%I64d.%.2I64d$?%c?
API String ID: 2225530478-957853717
Opcode ID: 7ca12a408307065d4fb20b08aa58b6849793fbcd68be1cfafb53c25952869e19
Instruction ID: 9040bc18ad0f91dbd12b94ee5398ab6989042e263048e9aea311e255d9a0dfdd
Opcode Fuzzy Hash: 7ca12a408307065d4fb20b08aa58b6849793fbcd68be1cfafb53c25952869e19
Instruction Fuzzy Hash: 8681B271548281DFE354CB18C880B2AB7E5FB8D298F2509ACF889A7356D631ED45CB62

Function 10002FB0 Relevance: 19.5, APIs: 8, Strings: 3, Instructions: 218COMMON

Download Yara Rule

APIs

sprintf.MSVCR80 ref: 10003122
sprintf.MSVCR80 ref: 1000315C
__alldvrm.LIBCMT ref: 10003187
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 100031A8
sprintf.MSVCR80 ref: 100031BF
__alldvrm.LIBCMT ref: 100031E1
sprintf.MSVCR80 ref: 100031F0
memset.MSVCR80 ref: 10003233

Strings

?%c?, xrefs: 1000311C
%I64d.%.2I64d, xrefs: 100031B9, 100031EA
%I64d, xrefs: 10003156

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: sprintf$__alldvrm$Unothrow_t@std@@@__ehfuncinfo$??2@memset
String ID: %I64d$%I64d.%.2I64d$?%c?
API String ID: 2225530478-957853717
Opcode ID: 5c3f39ad550b18f0cae1f2e8840a7dbcdff46bd1b2d0ffda67ba070936f47f4e
Instruction ID: 9873e126bfd32bd8586ea07acf5228528114a5838037adc3ff7b8f63f5072e8f
Opcode Fuzzy Hash: 5c3f39ad550b18f0cae1f2e8840a7dbcdff46bd1b2d0ffda67ba070936f47f4e
Instruction Fuzzy Hash: E38181315082849FE705CF18C854B5A7BF8FF88658F268688F8896B356C731FE46CB91

Function 100553E0 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 192COMMON

Download Yara Rule

APIs

isc_database_info.FBCLIENT25(?,?,00000003,1026BA8C,00000100,?), ref: 10055457
gds__vax_integer.FBCLIENT25(-00000001,00000002,?,?,00000003,1026BA8C,00000100,00000000,?,?,?,00000003,1026BA8C,00000100,?), ref: 10055482
gds__free.FBCLIENT25(?,?,?,00000003,1026BA8C,00000100,00000000,?,?,?,00000003,1026BA8C,00000100,?), ref: 100554D1
gds__alloc.FBCLIENT25(?,?,?,00000003,1026BA8C,00000100,?), ref: 100554E7
gds__free.FBCLIENT25(?,?,?,00000003,1026BA8C,00000100,?), ref: 1005550E
gds__free.FBCLIENT25(?,?,?,00000003,1026BA8C,00000100,00000000,?,?,?,00000003,1026BA8C,00000100,?), ref: 1005552D
gds__free.FBCLIENT25(?,?,?,00000003,1026BA8C,00000100,?), ref: 100555FA
sprintf.MSVCR80 ref: 10055637

Strings

on disk structure version %d.%d, xrefs: 10055631
**unknown**, xrefs: 10055593, 100555AC, 100555B3, 100555B4
%s (%s), version "%.*s", xrefs: 100555B5

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: gds__free$gds__allocgds__vax_integerisc_database_infosprintf
String ID: %s (%s), version "%.*s"$**unknown**$on disk structure version %d.%d
API String ID: 2316140747-3147664985
Opcode ID: 22ae7992e88890e2a16c050406e6129d7f311576ffb2fd22b2c45a5a3965d8b1
Instruction ID: 588d5f81a721ffbe388858051781a2e9ef12e260986111f1c121f6fd191dd109
Opcode Fuzzy Hash: 22ae7992e88890e2a16c050406e6129d7f311576ffb2fd22b2c45a5a3965d8b1
Instruction Fuzzy Hash: 6C61E1719083929BC721CE24C860BAF77E5EB85646F45491DF8C9C7241F736DA8CCBA2

Function 100078F0 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 180networkCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(05BCE4A0,94BA138F,?,?,00000000), ref: 1000794D
WSAStartup.WS2_32(00000002,1038F958), ref: 10007973
gds__log.FBCLIENT25(INET/alloc_port: WSAStartup failed, error code = %d,00000000), ref: 1000799F

Part of subcall function 10005CA0: gds__log.FBCLIENT25(INET/inet_error: %s errno = %d,00000001), ref: 10005CDF

gds__register_cleanup.FBCLIENT25(Function_00004A50,00000000), ref: 100079C9
fb_shutdown_callback.FBCLIENT25(00000000,Function_000056C0,00000004,00000000), ref: 100079FB
gethostname.WS2_32(?,00000100), ref: 10007A89
_snprintf.MSVCR80 ref: 10007AC8
EnterCriticalSection.KERNEL32(05BCC420), ref: 10007B8C

Strings

WSAStartup, xrefs: 10007981
tcp (%s), xrefs: 10007AB3
INET/alloc_port: WSAStartup failed, error code = %d, xrefs: 1000799A

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: CriticalEnterSectiongds__log$Startup_snprintffb_shutdown_callbackgds__register_cleanupgethostname
String ID: INET/alloc_port: WSAStartup failed, error code = %d$WSAStartup$tcp (%s)
API String ID: 1456171409-1374666321
Opcode ID: ecfa231daaba8d21dd79e08bfc9d96bb140032c9ed3cf06c19e7fe45a1436e84
Instruction ID: e70ea746d39bad27da4431248d2fc389c18e05f8a8b3b520022e2cbc6ecf1d08
Opcode Fuzzy Hash: ecfa231daaba8d21dd79e08bfc9d96bb140032c9ed3cf06c19e7fe45a1436e84
Instruction Fuzzy Hash: 037125B46047419FE320CF20DC85BDBB7E4FB88794F500A1DF69A87285DB78A544CBA6

Function 1003C2A0 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 177stringCOMMON

Download Yara Rule

APIs

Part of subcall function 1002C3E0: GetEnvironmentVariableA.KERNEL32(?,00000000,00000000,00000000,00000000,?,?,1003E14B), ref: 1002C3F3
Part of subcall function 1002C3E0: GetEnvironmentVariableA.KERNEL32(?,?,00000000,-00000001), ref: 1002C410

strncpy.MSVCR80 ref: 1003C336
_fullpath.MSVCR80 ref: 1003C36A
memset.MSVCR80 ref: 1003C3B2
strncpy.MSVCR80 ref: 1003C3CF
strtok.MSVCR80(?,1026AC30), ref: 1003C3E1
strncpy.MSVCR80 ref: 1003C3FE
_fullpath.MSVCR80 ref: 1003C456
_stricmp.MSVCR80(?,?), ref: 1003C473
strtok.MSVCR80(00000000,1026AC30), ref: 1003C486
strncpy.MSVCR80 ref: 1003C4E2

Strings

, xrefs: 1003C308

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: strncpy$EnvironmentVariable_fullpathstrtok$_stricmpmemset
String ID:
API String ID: 454896887-3916222277
Opcode ID: dbed37afabab7403b12791aec63def6f3e77f72c0727ba725b57e86ae1d45daa
Instruction ID: ef265c9fcdf5dc12bb372b99f1a770e354dd60a931029ba0b196e2c4dec7806b
Opcode Fuzzy Hash: dbed37afabab7403b12791aec63def6f3e77f72c0727ba725b57e86ae1d45daa
Instruction Fuzzy Hash: 3451B0715083889FC721CB29DC94FEBB7E9EF85345F04492DF589CB211E631A908CBA6

Function 05D0D860 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 177stringCOMMON

Download Yara Rule

APIs

Part of subcall function 05D21F10: GetEnvironmentVariableA.KERNEL32(?,00000000,00000000,00000000,00000000,?,?,05D0F90B), ref: 05D21F23
Part of subcall function 05D21F10: GetEnvironmentVariableA.KERNEL32(?,?,00000000,-00000001), ref: 05D21F40

strncpy.MSVCR80 ref: 05D0D8F6
_fullpath.MSVCR80 ref: 05D0D92A
memset.MSVCR80 ref: 05D0D972
strncpy.MSVCR80 ref: 05D0D98F
strtok.MSVCR80(?,05DD5060), ref: 05D0D9A1
strncpy.MSVCR80 ref: 05D0D9BE
_fullpath.MSVCR80 ref: 05D0DA16
_stricmp.MSVCR80(?,?), ref: 05D0DA33
strtok.MSVCR80(00000000,05DD5060), ref: 05D0DA46
strncpy.MSVCR80 ref: 05D0DAA2

Strings

, xrefs: 05D0D8C8

Memory Dump Source

Source File: 00000012.00000002.2432177447.0000000005D01000.00000020.00000001.01000000.0000001D.sdmp, Offset: 05D00000, based on PE: true

Associated: 00000012.00000002.2432135585.0000000005D00000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2432748975.0000000005D2D000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2434993691.0000000005DDB000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2435043213.0000000005DDD000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5d00000_SISTEMA.jbxd

Similarity

API ID: strncpy$EnvironmentVariable_fullpathstrtok$_stricmpmemset
String ID:
API String ID: 454896887-3916222277
Opcode ID: 635878cdd3c2ad3b9c33988192fe0343a5fecf74ab6d4790a8d7ef02fd143726
Instruction ID: ae1514140550ee4c3013685bc8789e285887b81804207d8560552de7b4466277
Opcode Fuzzy Hash: 635878cdd3c2ad3b9c33988192fe0343a5fecf74ab6d4790a8d7ef02fd143726
Instruction Fuzzy Hash: AE51B37150C3409BC730DB649895BEBB7EAAFD5304F08492FE58A87241E631A509CBA6

Function 1003AC40 Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 86synchronizationfileCOMMON

Download Yara Rule

APIs

_time64.MSVCR80 ref: 1003AC7B
WaitForSingleObject.KERNEL32 ref: 1003ACB1
fopen.MSVCR80 ref: 1003ACC1
_ctime64.MSVCR80 ref: 1003ACD5

Part of subcall function 1004E790: GetComputerNameA.KERNEL32(10264973,00000104), ref: 1004E7A4

fprintf.MSVCR80 ref: 1003AD03
vfprintf.MSVCR80 ref: 1003AD16
fprintf.MSVCR80 ref: 1003AD22
fclose.MSVCR80 ref: 1003AD25
ReleaseMutex.KERNEL32(00000388,00000388,000000FF), ref: 1003AD35

Strings

%s%s%.25s, xrefs: 1003ACFD
firebird.log, xrefs: 1003AC81

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: fprintf$ComputerMutexNameObjectReleaseSingleWait_ctime64_time64fclosefopenvfprintf
String ID: %s%s%.25s$firebird.log
API String ID: 2986222824-895070797
Opcode ID: 24debad9e7d7152156c5ef8e8e97354370d643ecafddfd67a8095d526fac4a29
Instruction ID: 467d7ae833999a71436aac8b9ffd0b4c28ad1df6ceaf2d080c88b8cc8cfe1f6f
Opcode Fuzzy Hash: 24debad9e7d7152156c5ef8e8e97354370d643ecafddfd67a8095d526fac4a29
Instruction Fuzzy Hash: EE31D1B5508350AFC310DB24DC89FEBB7E9EF89725F400919F949972A0DB38A584CB96

Function 1002B690 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 69libraryloaderwindowCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(00000000,?,?,1002B845,?,?,10002546,00000000,?,?), ref: 1002B695
LoadLibraryA.KERNEL32(Advapi32,00000000,?,?,1002B845,?,?,10002546,00000000,?,?), ref: 1002B6AB
GetProcAddress.KERNEL32(00000000,RegisterEventSourceA), ref: 1002B6C4
GetProcAddress.KERNEL32(00000000,ReportEventA), ref: 1002B6CE
MessageBoxA.USER32(00000000,?,Firebird Error,00000010), ref: 1002B72C
LeaveCriticalSection.KERNEL32(00000000,?,?,1002B845,?,?,10002546,00000000,?,?), ref: 1002B733

Strings

RegisterEventSourceA, xrefs: 1002B6BE
ReportEventA, xrefs: 1002B6C6
Advapi32, xrefs: 1002B6A2
Firebird Error, xrefs: 1002B724
Firebird SQL Server, xrefs: 1002B6E2

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: AddressCriticalProcSection$EnterLeaveLibraryLoadMessage
String ID: Advapi32$Firebird Error$Firebird SQL Server$RegisterEventSourceA$ReportEventA
API String ID: 1546335396-134976949
Opcode ID: 2d416fb0b63eb52bad17aa47c8bd0ff04f9feb7efbf7cca25a107cb80b1d2136
Instruction ID: 80ac242f532346c0716da557d8fac8723b4d81032db67ba22c3494710c09e697
Opcode Fuzzy Hash: 2d416fb0b63eb52bad17aa47c8bd0ff04f9feb7efbf7cca25a107cb80b1d2136
Instruction Fuzzy Hash: D511C131344B01BFE360DB65AC89FABB7E8EF95B40F500519F685E2180EBE4E8058769

Function 05D23C20 Relevance: 18.2, APIs: 5, Strings: 7, Instructions: 236stringCOMMON

Download Yara Rule

APIs

memset.MSVCR80 ref: 05D23C84

Part of subcall function 05D0F850: EnterCriticalSection.KERNEL32(05C1E4A0,521C82CE,?,?,?,?), ref: 05D0F8A9

strchr.MSVCR80 ref: 05D23CCC

Part of subcall function 05D21F90: _vsnprintf.MSVCR80 ref: 05D21FA6

memcpy.MSVCR80(00000000,?,?,?), ref: 05D23E76
memcpy.MSVCR80(?,?,?,?,?,?,?,?,?,?,?,00000078,?,00000000,?,?), ref: 05D23F32

Strings

message file , xrefs: 05D23E0C
message text not found, xrefs: 05D23DB9
firebird.msg, xrefs: 05D23E2C
message system code %d, xrefs: 05D23EE0
not found, xrefs: 05D23EC1
can't format message %d:%d -- , xrefs: 05D23D91
, xrefs: 05D23D65

Memory Dump Source

Source File: 00000012.00000002.2432177447.0000000005D01000.00000020.00000001.01000000.0000001D.sdmp, Offset: 05D00000, based on PE: true

Associated: 00000012.00000002.2432135585.0000000005D00000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2432748975.0000000005D2D000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2434993691.0000000005DDB000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2435043213.0000000005DDD000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5d00000_SISTEMA.jbxd

Similarity

API ID: memcpy$CriticalEnterSection_vsnprintfmemsetstrchr
String ID: $ not found$can't format message %d:%d -- $firebird.msg$message file $message system code %d$message text not found
API String ID: 3422777044-2724754996
Opcode ID: 22a8ebe5ee5f1334ea8b67bcfd8ce52a1a923d9701fd1185d3aa93f1971208dd
Instruction ID: df46a17282a91daeff13adbaf04f2b9bc033cdb68dab78ba12483eba3bc9479a
Opcode Fuzzy Hash: 22a8ebe5ee5f1334ea8b67bcfd8ce52a1a923d9701fd1185d3aa93f1971208dd
Instruction Fuzzy Hash: 399162716083509FD324DB58E845FBBB7E9EB98319F04891EE58D87351EA349904CBB3

Function 05D24D30 Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 207fileCOMMON

Download Yara Rule

APIs

memcpy.MSVCR80(00000000,00000000,?,00000000,521C82CE,?,?,?,?), ref: 05D24D98
memcpy.MSVCR80(00000000), ref: 05D24DD1
_ftime64.MSVCR80(?,?,?,?,?), ref: 05D24E04
__alldvrm.LIBCMT ref: 05D24EAA
memcpy.MSVCR80(00000000,00000000,?,00000000,?,?), ref: 05D24EF0
CreateFileA.KERNEL32(?,C0000000,00000000,00000000,00000001,00000180,00000000,?,000003E8,00000000), ref: 05D24F22

Part of subcall function 05D24AE0: getenv.MSVCR80 ref: 05D24B3D
Part of subcall function 05D24AE0: GetTempPathA.KERNEL32(00000104,?), ref: 05D24B8E
Part of subcall function 05D24AE0: memcpy.MSVCR80(00000000,05DCED43,05DCED44,05DCED43), ref: 05D24BD6

memcpy.MSVCR80(00000000,?,?,?), ref: 05D24F8C

Strings

XXXXXX, xrefs: 05D24E2F
Firebird::string - pos out of range, xrefs: 05D24E97
CreateFile, xrefs: 05D24FBA

Memory Dump Source

Source File: 00000012.00000002.2432177447.0000000005D01000.00000020.00000001.01000000.0000001D.sdmp, Offset: 05D00000, based on PE: true

Associated: 00000012.00000002.2432135585.0000000005D00000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2432748975.0000000005D2D000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2434993691.0000000005DDB000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2435043213.0000000005DDD000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5d00000_SISTEMA.jbxd

Similarity

API ID: memcpy$CreateFilePathTemp__alldvrm_ftime64getenv
String ID: CreateFile$Firebird::string - pos out of range$XXXXXX
API String ID: 541934492-1529190114
Opcode ID: 20251fb02c4c40c5113e3632e4727ce14df92f0370f92232237cd4b0f676ada1
Instruction ID: e7d7d3111e0def2aec5dbf89991f8c6d3291746bb534ac9b5834930a23c2351e
Opcode Fuzzy Hash: 20251fb02c4c40c5113e3632e4727ce14df92f0370f92232237cd4b0f676ada1
Instruction Fuzzy Hash: 1571A2B1A083509BE730DB68D844F6BB7E5FB98718F044A1EF88993281D775E844C776

Function 10055D70 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 187fileCOMMON

Download Yara Rule

APIs

fopen.MSVCR80 ref: 10055ECC
_unlink.MSVCR80(?), ref: 10055EDF

Strings

gds_edit, xrefs: 10055DC9

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: _unlinkfopen
String ID: gds_edit
API String ID: 711857716-1467037774
Opcode ID: 60a57202c9f886261ab4ad738fa0039daa9c41d5b00929d30755a530d70432d9
Instruction ID: 23bc09157be18987b0a61b557438cc8a2835f0112b2bd78d06bc4697d99cdc4c
Opcode Fuzzy Hash: 60a57202c9f886261ab4ad738fa0039daa9c41d5b00929d30755a530d70432d9
Instruction Fuzzy Hash: 0561F5766083809BD720CB24DC95B9BB3E9EF85245F54492CF889C7352DB36A94CC763

Function 100741D0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 125synchronizationCOMMON

Download Yara Rule

APIs

InterlockedExchange.KERNEL32(00000004,00000001), ref: 100741F4
InterlockedIncrement.KERNEL32(00000008), ref: 10074232
InterlockedExchange.KERNEL32(00000004,00000000), ref: 1007423E
WaitForSingleObject.KERNEL32(00000000,00001388), ref: 1007425A
InterlockedDecrement.KERNEL32(00000008), ref: 10074263
gds__log.FBCLIENT25(enterFastMutex: dead process detected, pid = %d,?), ref: 100742D3
InterlockedExchange.KERNEL32(00000004,00000000), ref: 100742EC
InterlockedExchange.KERNEL32(-00000004,00000000), ref: 1007430A

Strings

enterFastMutex: dead process detected, pid = %d, xrefs: 100742CE

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: Interlocked$Exchange$DecrementIncrementObjectSingleWaitgds__log
String ID: enterFastMutex: dead process detected, pid = %d
API String ID: 1128654709-2386559467
Opcode ID: 30b85feab73da2b2f2fe5567022d644732be3e4dfc4dbbe8051d7724c2817fc4
Instruction ID: 9679aba2dac2861c6abacdb0a82e28a33cf16e7df0c7269ca5519a520c2b3fca
Opcode Fuzzy Hash: 30b85feab73da2b2f2fe5567022d644732be3e4dfc4dbbe8051d7724c2817fc4
Instruction Fuzzy Hash: 634127766007118BD710DF64EC84B6BB3E4EF40365F418529F59583182DF39ED898799

Function 101B5C50 Relevance: 16.2, APIs: 4, Strings: 5, Instructions: 477COMMON

Download Yara Rule

APIs

Part of subcall function 10026A90: TlsGetValue.KERNEL32(0000002D,?,101B5CB1,05BC0014,94BA138F,?,?,?), ref: 10026A97
Part of subcall function 10026A90: GetLastError.KERNEL32 ref: 10026AA3
Part of subcall function 10026A90: TlsSetValue.KERNEL32(0000002D,?), ref: 10026AC6

atol.MSVCR80 ref: 101B5F82
isc_attach_database.FBCLIENT25(?,00000000,?,00000000,00000000,00000000,?,?,DATABASE,?,?,CREATE,?,?,?,?), ref: 101B6198
isc_create_database.FBCLIENT25(?,00000000,?,?,00000000,00000000,00000000,?,00000000,?,00000000,00000000,00000000,?,?,DATABASE), ref: 101B61DC
isc_detach_database.FBCLIENT25(?,00000000,?,00000000,?,00000000,00000000,00000000,?,?,DATABASE,?,?,CREATE), ref: 101B61FA

Strings

NAMES, xrefs: 101B6064
open, xrefs: 101B622D
DATABASE, xrefs: 101B5DCD
SCHEMA, xrefs: 101B5DDE
CREATE, xrefs: 101B5D83

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: Value$ErrorLastatolisc_attach_databaseisc_create_databaseisc_detach_database
String ID: CREATE$DATABASE$NAMES$SCHEMA$open
API String ID: 375354932-547768533
Opcode ID: 532bae9895d7baaf580c3abbf31564572d66869b905166301d09dd7ea34e5b64
Instruction ID: e0b29d71a7a8268909d20d2b0be6311aae1528ef0260f402ea54f06431accdb4
Opcode Fuzzy Hash: 532bae9895d7baaf580c3abbf31564572d66869b905166301d09dd7ea34e5b64
Instruction Fuzzy Hash: 6F02E274D0026A9BDB10DB54CD42BEEB3B4EF58340F504499F944A7281EB7CAF4ACBA1

Function 05D0F850 Relevance: 16.0, APIs: 4, Strings: 5, Instructions: 265COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(05C1E4A0,521C82CE,?,?,?,?), ref: 05D0F8A9
_lseek.MSVCR80 ref: 05D0FAB5
_read.MSVCR80 ref: 05D0FAD6
memcpy.MSVCR80(?,?,?), ref: 05D0FB74

Part of subcall function 05D21F10: GetEnvironmentVariableA.KERNEL32(?,00000000,00000000,00000000,00000000,?,?,05D0F90B), ref: 05D21F23
Part of subcall function 05D21F10: GetEnvironmentVariableA.KERNEL32(?,?,00000000,-00000001), ref: 05D21F40

Part of subcall function 05D0D320: _open.MSVCR80 ref: 05D0D330

Strings

ISC_MSGS, xrefs: 05D0F8F9
firebird.msg, xrefs: 05D0F9FC
intl\%.10s.msg, xrefs: 05D0F9CC
LC_MESSAGES, xrefs: 05D0F970
, xrefs: 05D0F8E8

Memory Dump Source

Source File: 00000012.00000002.2432177447.0000000005D01000.00000020.00000001.01000000.0000001D.sdmp, Offset: 05D00000, based on PE: true

Associated: 00000012.00000002.2432135585.0000000005D00000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2432748975.0000000005D2D000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2434993691.0000000005DDB000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2435043213.0000000005DDD000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5d00000_SISTEMA.jbxd

Similarity

API ID: EnvironmentVariable$CriticalEnterSection_lseek_open_readmemcpy
String ID: $ISC_MSGS$LC_MESSAGES$firebird.msg$intl\%.10s.msg
API String ID: 1099841196-3041030200
Opcode ID: 5a255620b33e71cc4d6886a9fbadd7b27a308b7bc5cdd4878cef8cd57061e198
Instruction ID: e37a6db8648c6ec615054aa7179b9d9ea14e02695f11d7ef62f75ce1c57ab46c
Opcode Fuzzy Hash: 5a255620b33e71cc4d6886a9fbadd7b27a308b7bc5cdd4878cef8cd57061e198
Instruction Fuzzy Hash: 08A18A716083429BC320EB64D854B7BB7E5FF94615F145A1FF8A6872C0EB70E944CBA2

Function 05D15110 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 130COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(?,521C82CE,?,?), ref: 05D1514D
GetLastError.KERNEL32(?,?), ref: 05D15158
CreateDirectoryA.KERNEL32(?,00000000,?,?), ref: 05D15168
GetLastError.KERNEL32(?,?), ref: 05D15185

Part of subcall function 05D14E30: strchr.MSVCR80 ref: 05D14E9F
Part of subcall function 05D14E30: GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 05D14EE8

GetFileAttributesA.KERNEL32(?), ref: 05D1517C

Strings

Can't create directory "%s". OS errno is %d, xrefs: 05D151BF
Can't create directory "%s". File with same name already exists, xrefs: 05D15201
Can't create directory "%s". Readonly directory with same name already exists, xrefs: 05D15243
, xrefs: 05D151A5

Memory Dump Source

Source File: 00000012.00000002.2432177447.0000000005D01000.00000020.00000001.01000000.0000001D.sdmp, Offset: 05D00000, based on PE: true

Associated: 00000012.00000002.2432135585.0000000005D00000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2432748975.0000000005D2D000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2434993691.0000000005DDB000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2435043213.0000000005DDD000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5d00000_SISTEMA.jbxd

Similarity

API ID: AttributesErrorFileLast$CreateDirectoryInformationVolumestrchr
String ID: $Can't create directory "%s". File with same name already exists$Can't create directory "%s". OS errno is %d$Can't create directory "%s". Readonly directory with same name already exists
API String ID: 653603667-2692142965
Opcode ID: 47485c39d07d9bff50c03c10be81b5770e7b50d6ce244a8a7844b8704087f7b6
Instruction ID: 03c0957b63691c8a0b6b2151f4bc9a4668d019069da9a7ea40e287c36d4828b0
Opcode Fuzzy Hash: 47485c39d07d9bff50c03c10be81b5770e7b50d6ce244a8a7844b8704087f7b6
Instruction Fuzzy Hash: A24124B2A093407FD711EB74B845F5BBBE8EFA4658F40091BF84583291EA35D0448BA7

Function 1001BDB0 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 107processthreadCOMMON

Download Yara Rule

APIs

GetModuleFileNameA.KERNEL32(00000000,?,00000104,94BA138F), ref: 1001BDFF
CreateProcessA.KERNEL32 ref: 1001BEA7
ResumeThread.KERNEL32(?), ref: 1001BEC1
CloseHandle.KERNEL32(?), ref: 1001BED2
CloseHandle.KERNEL32(00000000), ref: 1001BED9

Strings

%s -x -h %lu, xrefs: 1001BE44
CreateProcess() failed, xrefs: 1001BEDF
D, xrefs: 1001BE82
, xrefs: 1001BE21

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: CloseHandle$CreateFileModuleNameProcessResumeThread
String ID: $%s -x -h %lu$CreateProcess() failed$D
API String ID: 2784601264-896745839
Opcode ID: c81f4c5739c767970cfd74e2fe3abfc8fce80bf413e8d9f83e8e607821002899
Instruction ID: 05585a26f4c6540d1b4949baa291f03d110f185849646a2d68608db3455d27d1
Opcode Fuzzy Hash: c81f4c5739c767970cfd74e2fe3abfc8fce80bf413e8d9f83e8e607821002899
Instruction Fuzzy Hash: E5419EB6518350AFD324CF64D884BDBBBE8FF89754F40491EF18987250DB749848CBA2

Function 10003A20 Relevance: 15.8, APIs: 1, Strings: 8, Instructions: 87libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(secur32.dll,94BA138F,?,?,?,?,?,1022EFC0,000000FF), ref: 10003A59

Strings

DeleteSecurityContext, xrefs: 10003A89
FreeContextBuffer, xrefs: 10003ACD
AcquireCredentialsHandleA, xrefs: 10003A6C
secur32.dll, xrefs: 10003A54
AcceptSecurityContext, xrefs: 10003AFB
QueryContextAttributesA, xrefs: 10003AB7
InitializeSecurityContextA, xrefs: 10003AE4
FreeCredentialsHandle, xrefs: 10003AA0

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: LibraryLoad
String ID: AcceptSecurityContext$AcquireCredentialsHandleA$DeleteSecurityContext$FreeContextBuffer$FreeCredentialsHandle$InitializeSecurityContextA$QueryContextAttributesA$secur32.dll
API String ID: 1029625771-1785586939
Opcode ID: 8a025ba38ca6ca764c4ecc599ee463aa570877e497b29e68c5b156f746eedadc
Instruction ID: cd222201239992968525c79d0ec6929668703c5dbfdf459820d3ec0b2222d2de
Opcode Fuzzy Hash: 8a025ba38ca6ca764c4ecc599ee463aa570877e497b29e68c5b156f746eedadc
Instruction Fuzzy Hash: CF21D2B6E04200AFD311DF69EC81B9BB7ECF746258F004AAEF509D3711EB7AA5148B54

Function 10074100 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 53threadlibraryloaderCOMMON

Download Yara Rule

APIs

InterlockedExchange.KERNEL32(?,00000001), ref: 1007410B
GetModuleHandleA.KERNEL32(kernel32.dll,00000000,00000000,?,?,10074212,00000000,?,00000000,?,?,?,10074642,?,000000FF,10056319), ref: 1007414A
GetProcAddress.KERNEL32(00000000,SwitchToThread), ref: 1007415A
GetCurrentThread.KERNEL32 ref: 10074175
SetThreadPriority.KERNEL32(00000000,00000001,?,10074212,00000000,?,00000000,?,?,?,10074642,?,000000FF,10056319,?), ref: 1007417C
SetThreadPriority.KERNEL32(00000000,00000000,?,10074212,00000000,?,00000000,?,?,?,10074642,?,000000FF,10056319,?), ref: 10074187
InterlockedExchange.KERNEL32(?,00000001), ref: 1007418C

Strings

kernel32.dll, xrefs: 10074145
SwitchToThread, xrefs: 10074154

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: Thread$ExchangeInterlockedPriority$AddressCurrentHandleModuleProc
String ID: SwitchToThread$kernel32.dll
API String ID: 558739074-3960770376
Opcode ID: 5c07187916c4490ec3c1e9c2329f6ece879f900bfd137850445f53da160fe473
Instruction ID: c577827cd21908cf76bb06c075bd4a6730f776ab3e240469675eca50e725ad6b
Opcode Fuzzy Hash: 5c07187916c4490ec3c1e9c2329f6ece879f900bfd137850445f53da160fe473
Instruction Fuzzy Hash: 7D0184713417256AE700BB798CC8B97BBDCEB91759F838015F549E2190DF6998C0CA29

Function 1002C690 Relevance: 15.0, APIs: 10, Instructions: 49COMMON

Download Yara Rule

APIs

__iob_func.MSVCR80 ref: 1002C6A7
fprintf.MSVCR80 ref: 1002C6AD
__iob_func.MSVCR80 ref: 1002C6B3
fflush.MSVCR80 ref: 1002C6B9
_fileno.MSVCR80 ref: 1002C6C2
_get_osfhandle.MSVCR80 ref: 1002C6C9
GetConsoleMode.KERNEL32(00000000,?,?,?,?,?,?,?,?), ref: 1002C6DA
SetConsoleMode.KERNEL32(00000000,?,?,?,?,?,?,?,?), ref: 1002C6ED
__iob_func.MSVCR80 ref: 1002C6FB
fclose.MSVCR80 ref: 1002C702

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: __iob_func$ConsoleMode$_fileno_get_osfhandlefclosefflushfprintf
String ID:
API String ID: 1600179806-0
Opcode ID: 0704fb0fd68b999af098c1cbd458d4d7a6af0252148ba1b590b491a8cedff20f
Instruction ID: a7725fde1a95a0ae1bc55e22ca43b7ece04939c16262e857be9a39bb709c9336
Opcode Fuzzy Hash: 0704fb0fd68b999af098c1cbd458d4d7a6af0252148ba1b590b491a8cedff20f
Instruction Fuzzy Hash: 5D0121B1600120BFE7106B74DC8CA9AB7A8EF85259B554469F446D3560DF74E840CA68

Function 05D221C0 Relevance: 15.0, APIs: 10, Instructions: 49COMMON

Download Yara Rule

APIs

__iob_func.MSVCR80 ref: 05D221D7
fprintf.MSVCR80 ref: 05D221DD
__iob_func.MSVCR80 ref: 05D221E3
fflush.MSVCR80 ref: 05D221E9
_fileno.MSVCR80 ref: 05D221F2
_get_osfhandle.MSVCR80 ref: 05D221F9
GetConsoleMode.KERNEL32(00000000,?), ref: 05D2220A
SetConsoleMode.KERNEL32(00000000,?), ref: 05D2221D
__iob_func.MSVCR80 ref: 05D2222B
fclose.MSVCR80 ref: 05D22232

Memory Dump Source

Source File: 00000012.00000002.2432177447.0000000005D01000.00000020.00000001.01000000.0000001D.sdmp, Offset: 05D00000, based on PE: true

Associated: 00000012.00000002.2432135585.0000000005D00000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2432748975.0000000005D2D000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2434993691.0000000005DDB000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2435043213.0000000005DDD000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5d00000_SISTEMA.jbxd

Similarity

API ID: __iob_func$ConsoleMode$_fileno_get_osfhandlefclosefflushfprintf
String ID:
API String ID: 1600179806-0
Opcode ID: 3a9eda9942dde34cc9cc0e7cae3f8ba8b3319a11eb9f9376ce688658c93d6baf
Instruction ID: a3ae9f84c532f179c2f303176aacef2473b3fa510aa790f5b64e6bff544b4cd2
Opcode Fuzzy Hash: 3a9eda9942dde34cc9cc0e7cae3f8ba8b3319a11eb9f9376ce688658c93d6baf
Instruction Fuzzy Hash: 06018FB1514210AFE7217B79EC4AA6ABBADFFA0259B15442AF44397210DF71E842CE60

Function 10005320 Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 226COMMON

Download Yara Rule

APIs

Part of subcall function 1002A290: memcpy.MSVCR80(?,?,?,?,10046AE8,?,1002D031,?,?,?,?,?,00000054,00001000), ref: 1002A2B1

memcpy.MSVCR80(?,00000000,00000000,?,?), ref: 100054BA
htonl.WS2_32(?), ref: 100054C7
getpeername.WS2_32 ref: 10005599

Part of subcall function 10017320: memset.MSVCR80 ref: 10017356

Strings

guest, xrefs: 10005369
%d.%d.%d.%d, xrefs: 100055DE
, xrefs: 100053A7
TCPv4, xrefs: 10005558
%s.%ld.%ld, xrefs: 10005538

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: memcpy$getpeernamehtonlmemset
String ID: $%d.%d.%d.%d$%s.%ld.%ld$TCPv4$guest
API String ID: 603762926-3457494951
Opcode ID: daadff74b95cb4841391fe2ed51944a6a32ec84cb1d543402f74a5453226b159
Instruction ID: 19957589218dd13019f041f41bde25c4a2559a6fc9d782dc38524b69a1608b47
Opcode Fuzzy Hash: daadff74b95cb4841391fe2ed51944a6a32ec84cb1d543402f74a5453226b159
Instruction Fuzzy Hash: 6B918C755083819FD324DB24C885B9FB7E4FF95344F904A2EF59A83291EB31A948CB63

Function 101AC0B0 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 182stringCOMMON

Download Yara Rule

APIs

isc_service_query.FBCLIENT25(?,?,00000000,00000000,00000000,00000000,00000000,00000400,?), ref: 101AC1A5
memcpy.MSVCR80(00000000,00000000,?,00000000,?,00000002), ref: 101AC223
strchr.MSVCR80 ref: 101AC23C
isdigit.MSVCR80 ref: 101AC2A2
atof.MSVCR80 ref: 101AC324

Strings

Firebird::string - pos out of range, xrefs: 101AC289
, xrefs: 101AC1D5

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: atofisc_service_queryisdigitmemcpystrchr
String ID: $Firebird::string - pos out of range
API String ID: 4210905374-1623313202
Opcode ID: fae7f7b5ba75c6ac2721b9d54c1832a5baeb88cc5aee9076a00b4d2260dd3aa1
Instruction ID: f619fd6d229608c29f53f56a140650b1841f442d42aa150c0e22711891b99634
Opcode Fuzzy Hash: fae7f7b5ba75c6ac2721b9d54c1832a5baeb88cc5aee9076a00b4d2260dd3aa1
Instruction Fuzzy Hash: 89618A795083D4DAD730CB24C985BEBB7E4FB85784F40491DE889C7291EB38A948CB92

Function 100240C0 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 86COMMON

Download Yara Rule

APIs

__iob_func.MSVCR80 ref: 10024198
fprintf.MSVCR80 ref: 1002419E
__iob_func.MSVCR80 ref: 100241A8
fprintf.MSVCR80 ref: 100241AE
exit.MSVCR80 ref: 100241B5

Part of subcall function 1002A510: _vsnprintf.MSVCR80 ref: 1002A544
Part of subcall function 1002A510: _vsnprintf.MSVCR80 ref: 1002A57E

Strings

ERROR: %s., xrefs: 10024193
, xrefs: 1002410B
Firebird Trace utility.Usage: fbtracemgr <action> [<parameters>]Actions: -STA[RT] Start trace session -STO[P] Stop trace session -SU[SPEND] Suspend trace session , xrefs: 100241A3

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: __iob_func_vsnprintffprintf$exit
String ID: $ERROR: %s.$Firebird Trace utility.Usage: fbtracemgr <action> [<parameters>]Actions: -STA[RT] Start trace session -STO[P] Stop trace session -SU[SPEND] Suspend trace session
API String ID: 3142090790-3824428361
Opcode ID: c7bac145c2bb60de2f5231cf8f400dbff0f44c3493af7ed500857b26d31c85c7
Instruction ID: 6fe70320f6a23845bc448cf1a371781503453edb3a63081ec25adaaf56d61a57
Opcode Fuzzy Hash: c7bac145c2bb60de2f5231cf8f400dbff0f44c3493af7ed500857b26d31c85c7
Instruction Fuzzy Hash: D7318971604280AFC300DF68CC91A9BBBE9FF99784F91095CF585872A0DB70EC48CB92

Function 1003C6A0 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 69registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.ADVAPI32(80000002,SOFTWARE\Microsoft\Windows\CurrentVersion,00000000,00020019), ref: 1003C6B8
RegQueryValueExA.ADVAPI32 ref: 1003C6EE
RegQueryValueExA.ADVAPI32(00000001,ProgramFilesDir,00000000,?,00000000,?,?), ref: 1003C725
RegCloseKey.ADVAPI32(?), ref: 1003C72E

Strings

SOFTWARE\Microsoft\Windows\CurrentVersion, xrefs: 1003C6AE
ProgramFilesDir, xrefs: 1003C6E0, 1003C71F
\Firebird\, xrefs: 1003C73F

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: QueryValue$CloseOpen
String ID: ProgramFilesDir$SOFTWARE\Microsoft\Windows\CurrentVersion$\Firebird\
API String ID: 1586453840-2594597261
Opcode ID: 3b6cbb2c4c4555d239c65dadeae092095a847dd5cd9dc060499dce7acbcd127c
Instruction ID: e75e35d537f2b50ce306d629d5b9cfaf58fb9c06ac3b6df2c7837056fc45e5a9
Opcode Fuzzy Hash: 3b6cbb2c4c4555d239c65dadeae092095a847dd5cd9dc060499dce7acbcd127c
Instruction Fuzzy Hash: CA118E75208301AFD604DB65DC85FABB3E8EBC9A44F91441CF988D7180DB74E9498BA6

Function 05D0DC60 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 69registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.ADVAPI32(80000002,SOFTWARE\Microsoft\Windows\CurrentVersion,00000000,00020019), ref: 05D0DC78
RegQueryValueExA.ADVAPI32 ref: 05D0DCAE
RegQueryValueExA.ADVAPI32(00000001,ProgramFilesDir,00000000,?,00000000,?,?), ref: 05D0DCE5
RegCloseKey.ADVAPI32(?), ref: 05D0DCEE

Strings

\Firebird\, xrefs: 05D0DCFF
SOFTWARE\Microsoft\Windows\CurrentVersion, xrefs: 05D0DC6E
ProgramFilesDir, xrefs: 05D0DCA0, 05D0DCDF

Memory Dump Source

Source File: 00000012.00000002.2432177447.0000000005D01000.00000020.00000001.01000000.0000001D.sdmp, Offset: 05D00000, based on PE: true

Associated: 00000012.00000002.2432135585.0000000005D00000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2432748975.0000000005D2D000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2434993691.0000000005DDB000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2435043213.0000000005DDD000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5d00000_SISTEMA.jbxd

Similarity

API ID: QueryValue$CloseOpen
String ID: ProgramFilesDir$SOFTWARE\Microsoft\Windows\CurrentVersion$\Firebird\
API String ID: 1586453840-2594597261
Opcode ID: db60fe93ffb13245f1dd0b337fd9c15e2bb3d749000a57fd267c9f47f2ee5499
Instruction ID: 1adac6144c28265e8d95a265c902cbd984bd4d97476ff6614e47f645db6b0810
Opcode Fuzzy Hash: db60fe93ffb13245f1dd0b337fd9c15e2bb3d749000a57fd267c9f47f2ee5499
Instruction Fuzzy Hash: 9A118474344301BBD610EA64EC46F6EB7EAEFD4B00F90450EF588D7280DA70D54A9B76

Function 1003FB90 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 65synchronizationCOMMON

Download Yara Rule

APIs

InterlockedIncrement.KERNEL32(05BCC0EC), ref: 1003FB9D
InterlockedDecrement.KERNEL32(05BCC0EC), ref: 1003FBAC

Part of subcall function 1003FA60: SetEvent.KERNEL32(00000384,94BA138F,05BCC0EC,05BCC0EC,00000000,102330B8,000000FF,1003FC08), ref: 1003FA8F

EnterCriticalSection.KERNEL32(05BCC0F8,05BCC0EC,?,00000000,10233AE0,?,?), ref: 1003FBD0
InterlockedIncrement.KERNEL32(05BCC0EC), ref: 1003FBEC
InterlockedDecrement.KERNEL32(05BCC0EC), ref: 1003FBF7
WaitForSingleObject.KERNEL32(000003B0,000000FF,?,00000000,10233AE0,?,?), ref: 1003FC0E
EnterCriticalSection.KERNEL32(05BCC0F8), ref: 1003FC2A

Strings

WaitForSingleObject, xrefs: 1003FC14

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: Interlocked$CriticalDecrementEnterIncrementSection$EventObjectSingleWait
String ID: WaitForSingleObject
API String ID: 101240530-3763911493
Opcode ID: a4ab751c38b88e114fccc12b54da1ea125513d020a7aed60e8679c2937684b4a
Instruction ID: 91f8b0a1815f7843d8ac62d835a55f3fe5cff2821fade9b52d3457c73fca79a3
Opcode Fuzzy Hash: a4ab751c38b88e114fccc12b54da1ea125513d020a7aed60e8679c2937684b4a
Instruction Fuzzy Hash: 601104753007165FC215DF24ED889ABB3D8EF80666B10052CF995C6190EF20ED05C6AA

Function 05D15630 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 65synchronizationCOMMON

Download Yara Rule

APIs

InterlockedIncrement.KERNEL32(05C1E2D4), ref: 05D1563D
InterlockedDecrement.KERNEL32(05C1E2D4), ref: 05D1564C

Part of subcall function 05D15500: SetEvent.KERNEL32(00000000,521C82CE,05C1E2D4,05C1E2D4,00000000,05D2AD68,000000FF,05D156A8,?,?,05D1A682), ref: 05D1552F

EnterCriticalSection.KERNEL32(05C1E2E0,00000020,00000000,00000000,05C1E2D4,?,05D1A682), ref: 05D15670
InterlockedIncrement.KERNEL32(05C1E2D4), ref: 05D1568C
InterlockedDecrement.KERNEL32(05C1E2D4), ref: 05D15697
WaitForSingleObject.KERNEL32(00000000,000000FF,?,05D1A682), ref: 05D156AE
EnterCriticalSection.KERNEL32(05C1E2E0,?,?,05D1A682), ref: 05D156CA

Strings

WaitForSingleObject, xrefs: 05D156B4

Memory Dump Source

Source File: 00000012.00000002.2432177447.0000000005D01000.00000020.00000001.01000000.0000001D.sdmp, Offset: 05D00000, based on PE: true

Associated: 00000012.00000002.2432135585.0000000005D00000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2432748975.0000000005D2D000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2434993691.0000000005DDB000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2435043213.0000000005DDD000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5d00000_SISTEMA.jbxd

Similarity

API ID: Interlocked$CriticalDecrementEnterIncrementSection$EventObjectSingleWait
String ID: WaitForSingleObject
API String ID: 101240530-3763911493
Opcode ID: 48f579bb94d439b62b4f5d466863f892a39047a0ab52c24e3bb797e7240b7482
Instruction ID: e619fb3be330a4415620eabc761fc7f59409ffa6217bae26139150c887bb55b2
Opcode Fuzzy Hash: 48f579bb94d439b62b4f5d466863f892a39047a0ab52c24e3bb797e7240b7482
Instruction Fuzzy Hash: 4711B230305701ABD220AF29FD0995F77A9EED1610B40461BFC56D3290EF28DA468ABE

Function 1003FC50 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 57synchronizationCOMMON

Download Yara Rule

APIs

InterlockedExchangeAdd.KERNEL32(05BCC0EC,FFFF3CB0), ref: 1003FC66
InterlockedExchangeAdd.KERNEL32(05BCC0EC,0000C350), ref: 1003FC72

Part of subcall function 1003FA60: SetEvent.KERNEL32(00000384,94BA138F,05BCC0EC,05BCC0EC,00000000,102330B8,000000FF,1003FC08), ref: 1003FA8F

InterlockedIncrement.KERNEL32(05BCC0F4), ref: 1003FC88
InterlockedExchangeAdd.KERNEL32(05BCC0EC,FFFF3CB0), ref: 1003FCA0
InterlockedExchangeAdd.KERNEL32(05BCC0EC,0000C350), ref: 1003FCAC
WaitForSingleObject.KERNEL32(00000384,000000FF), ref: 1003FCC2
InterlockedDecrement.KERNEL32(05BCC0F4), ref: 1003FCD8

Strings

WaitForSingleObject, xrefs: 1003FCC8

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: Interlocked$Exchange$DecrementEventIncrementObjectSingleWait
String ID: WaitForSingleObject
API String ID: 452185256-3763911493
Opcode ID: 78369c77fd4899aa862fed4707e699f19cf90320222560e91ce1acc37424d2dc
Instruction ID: 8b1bb9c0bebdb86c5aaedf842ea4acb66705553709a351a1e5a86145407e11bd
Opcode Fuzzy Hash: 78369c77fd4899aa862fed4707e699f19cf90320222560e91ce1acc37424d2dc
Instruction Fuzzy Hash: 16012836350A3D6FD506E7289E40DBF73D8DF40692B12021CFD85E91A0CF10FE0145AA

Function 05D156F0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 57synchronizationCOMMON

Download Yara Rule

APIs

InterlockedExchangeAdd.KERNEL32(05C1E2D4,FFFF3CB0), ref: 05D15706
InterlockedExchangeAdd.KERNEL32(05C1E2D4,0000C350), ref: 05D15712

Part of subcall function 05D15500: SetEvent.KERNEL32(00000000,521C82CE,05C1E2D4,05C1E2D4,00000000,05D2AD68,000000FF,05D156A8,?,?,05D1A682), ref: 05D1552F

InterlockedIncrement.KERNEL32(05C1E2DC), ref: 05D15728
InterlockedExchangeAdd.KERNEL32(05C1E2D4,FFFF3CB0), ref: 05D15740
InterlockedExchangeAdd.KERNEL32(05C1E2D4,0000C350), ref: 05D1574C
WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 05D15762
InterlockedDecrement.KERNEL32(05C1E2DC), ref: 05D15778

Strings

WaitForSingleObject, xrefs: 05D15768

Memory Dump Source

Source File: 00000012.00000002.2432177447.0000000005D01000.00000020.00000001.01000000.0000001D.sdmp, Offset: 05D00000, based on PE: true

Associated: 00000012.00000002.2432135585.0000000005D00000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2432748975.0000000005D2D000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2434993691.0000000005DDB000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2435043213.0000000005DDD000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5d00000_SISTEMA.jbxd

Similarity

API ID: Interlocked$Exchange$DecrementEventIncrementObjectSingleWait
String ID: WaitForSingleObject
API String ID: 452185256-3763911493
Opcode ID: cc2aff1ff756bdeef1292b5686cde1460a8fd55f35959911cf4abe671c4c9089
Instruction ID: a565b03ea1d7d833339c9ae55f0bba7ab533fc07973958f84d60f1ea738ab8e9
Opcode Fuzzy Hash: cc2aff1ff756bdeef1292b5686cde1460a8fd55f35959911cf4abe671c4c9089
Instruction Fuzzy Hash: 8301B531204525BB96207728BCC6E3E729EAEC46103510217FC46E61A0DB19E5478EBE

Function 10035080 Relevance: 13.9, APIs: 7, Strings: 2, Instructions: 402COMMON

Download Yara Rule

APIs

memcpy.MSVCR80(?,?,?,94BA138F,?,?), ref: 100350F0
memcpy.MSVCR80(?,?,?,94BA138F,?,?), ref: 10035148

Strings

, xrefs: 10035608
move, xrefs: 1003528A

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: memcpy
String ID: $move
API String ID: 3510742995-1280689461
Opcode ID: 77fa3e769cb55ea370ed380d697c25f9b753e4f40f46251ad0d70202bbda2fc5
Instruction ID: 19d7755e12104f6b9dda600ece2a8704fc462c233dc3f29e910c47fac88d9655
Opcode Fuzzy Hash: 77fa3e769cb55ea370ed380d697c25f9b753e4f40f46251ad0d70202bbda2fc5
Instruction Fuzzy Hash: 73E1DF756083409FC305CF29D881A6BB7E5FF89752F144A1DF9858B3A1DB36E805CBA2

Function 101BF6C0 Relevance: 13.7, APIs: 9, Instructions: 224COMMON

Download Yara Rule

APIs

memset.MSVCR80 ref: 101BF73B
isc_compile_request.FBCLIENT25(?,?,?,00000130,10292A90), ref: 101BF79B
isc_start_and_send.FBCLIENT25(?,?,?,00000000,00000040,?,00000000,?,?,00000020,?,?,00000020), ref: 101BF7E4
isc_receive.FBCLIENT25(?,?,00000001,0000002A,?,00000000,?,?,?,?,00000020,?,?,00000020), ref: 101BF80C
isc_receive.FBCLIENT25(?,?,00000001,0000002A,?,00000000), ref: 101BF881
isc_release_request.FBCLIENT25(?,00000000,?,?,?,?,00000020,?,?,00000020), ref: 101BF8A5
isc_release_request.FBCLIENT25(00000000,00000000), ref: 101BF8CB

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: isc_receiveisc_release_request$isc_compile_requestisc_start_and_sendmemset
String ID:
API String ID: 1159209358-0
Opcode ID: 8c8b66cfde1818d3af526db03ddc16bc2b423a945c85d668eee348b997d03b38
Instruction ID: b1e759be9e3e9d780042b5cec91fadc16a2ec77d641f274495597160c6ac04f6
Opcode Fuzzy Hash: 8c8b66cfde1818d3af526db03ddc16bc2b423a945c85d668eee348b997d03b38
Instruction Fuzzy Hash: BE916C75248341AFD364DB64C981BDBB3F8EFC9704F00491DF68987291DB75A948CBA2

Function 1004DD20 Relevance: 13.7, APIs: 9, Instructions: 212COMMON

Download Yara Rule

APIs

isc_start_transaction.FBCLIENT25(?,?,00000001,?,?,?), ref: 1004DDEA
isc_database_info.FBCLIENT25(?,?,00000001,?,00000010,?), ref: 1004DE25
isc_dsql_exec_immed3_m.FBCLIENT25(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 1004DEAF
isc_rollback_transaction.FBCLIENT25(?,?), ref: 1004DECB
isc_drop_database.FBCLIENT25(?,?), ref: 1004DEE2
isc_commit_transaction.FBCLIENT25(?,?), ref: 1004DEFF
isc_rollback_transaction.FBCLIENT25(?,?), ref: 1004DF15
isc_drop_database.FBCLIENT25(?,?), ref: 1004DF2C

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: isc_drop_databaseisc_rollback_transaction$isc_commit_transactionisc_database_infoisc_dsql_exec_immed3_misc_start_transaction
String ID:
API String ID: 3489039183-0
Opcode ID: f3050fffda7851fe6e2cdee9aff2c9b67c9e47c70695257b99ad0278e4a26eb3
Instruction ID: b4fa5f7b7a8739600c924e8001393d51468f1b2c32970bda33c7fc7f4a9940a0
Opcode Fuzzy Hash: f3050fffda7851fe6e2cdee9aff2c9b67c9e47c70695257b99ad0278e4a26eb3
Instruction Fuzzy Hash: BE81FAB5208385AFD364DB55C881FEBB7E9EFC8340F10891DF689C7251D630A945CBA6

Function 1000A1A0 Relevance: 13.6, APIs: 9, Instructions: 141COMMON

Download Yara Rule

APIs

memset.MSVCR80 ref: 1000A1D9

Part of subcall function 10009910: memset.MSVCR80 ref: 10009918

InterlockedIncrement.KERNEL32(?), ref: 1000A202
EnterCriticalSection.KERNEL32 ref: 1000A21D
LeaveCriticalSection.KERNEL32(?,?), ref: 1000A269

Part of subcall function 10008FD0: InterlockedDecrement.KERNEL32(?), ref: 10009006

InterlockedIncrement.KERNEL32(?), ref: 1000A297
EnterCriticalSection.KERNEL32(?), ref: 1000A2AC
LeaveCriticalSection.KERNEL32(?), ref: 1000A2CA
InterlockedIncrement.KERNEL32(?), ref: 1000A335
EnterCriticalSection.KERNEL32 ref: 1000A350

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: CriticalSection$Interlocked$EnterIncrement$Leavememset$Decrement
String ID:
API String ID: 1222977459-0
Opcode ID: 0c18484de62da7b96eb0f2d6afa1540c83ca4be27a824b7563554ff34e1086ee
Instruction ID: 70e5929bfc7ba606422f0a4185870f31eb20098b16fe187ed0312f07079cadb4
Opcode Fuzzy Hash: 0c18484de62da7b96eb0f2d6afa1540c83ca4be27a824b7563554ff34e1086ee
Instruction Fuzzy Hash: 3C5191755083419BE320DF54CC85BAFB7E8FF88754F000A1DF99993280EB34AA44CBA6

Function 10021610 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 193COMMON

Download Yara Rule

APIs

Part of subcall function 1002A250: memcpy.MSVCR80(?,?,?,?,94BA138F,?,1002CF7E,?,?,00000054,00001000), ref: 1002A278

memcpy.MSVCR80(00000000,?,?,?), ref: 1002185E
fb_shutdown_callback.FBCLIENT25(?,Function_000207D0,00000001,00000000), ref: 1002187E

Part of subcall function 1002B3E0: _CxxThrowException.MSVCR80(00001000,102B4044), ref: 1002B3FB

Strings

Firebird::string - pos out of range, xrefs: 100217EB
, xrefs: 10021793
nbackup needs local access to database file, xrefs: 10021894
setting shutdown callback, xrefs: 10021887
localhost, xrefs: 10021806

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: memcpy$ExceptionThrowfb_shutdown_callback
String ID: $Firebird::string - pos out of range$localhost$nbackup needs local access to database file$setting shutdown callback
API String ID: 1693475594-3274863233
Opcode ID: 4e6d1fc5cb0bbcf5e20ff5c75aac67456a73ad65297798c756070d0335dc9851
Instruction ID: e59508e73c6a818816d9fefc7ee14d1b92d6e7641cdb0dea4616775eff0aa71b
Opcode Fuzzy Hash: 4e6d1fc5cb0bbcf5e20ff5c75aac67456a73ad65297798c756070d0335dc9851
Instruction Fuzzy Hash: AC816D795087809FC320CB24D880BDBBBE9FFA9744F40492DF59983252EB75A548CB63

Function 1001D1B0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 175synchronizationCOMMON

Download Yara Rule

APIs

_getpid.MSVCR80(94BA138F), ref: 1001D1DD

Part of subcall function 1001C0D0: CreateMutexA.KERNEL32(00000000,00000000,?,94BA138F,?,?,?,?,?,?,?,10230B60,000000FF), ref: 1001C1C8
Part of subcall function 1001C0D0: GetLastError.KERNEL32(?,94BA138F,?,?,?,?,?,?,?,10230B60,000000FF), ref: 1001C1DD
Part of subcall function 1001C0D0: CreateEventA.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,?,94BA138F), ref: 1001C220
Part of subcall function 1001C0D0: GetLastError.KERNEL32(?,?,?,?,?,?,94BA138F,?,?,?,?,?,?,?,10230B60,000000FF), ref: 1001C22B

WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 1001D217
_time64.MSVCR80 ref: 1001D31E
SetEvent.KERNEL32(00000000), ref: 1001D376

Part of subcall function 1001ADC0: memcpy.MSVCR80(00000000), ref: 1001AE2D

Strings

WaitForSingleObject() failed, xrefs: 1001D227
XNET, xrefs: 1001D24B

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: CreateErrorEventLast$MutexObjectSingleWait_getpid_time64memcpy
String ID: WaitForSingleObject() failed$XNET
API String ID: 11699611-2164349760
Opcode ID: 785f509ef5abe7fb632be48bb788640a69d752d77b1877150868daaadfde41c1
Instruction ID: 9b8e7fbb679ae83ce20312d6e1cb8444bdd8c01dcc68480febf0e2a40437bbaf
Opcode Fuzzy Hash: 785f509ef5abe7fb632be48bb788640a69d752d77b1877150868daaadfde41c1
Instruction Fuzzy Hash: 51618175A002149FCB04EFA8D890A9EB7F5FF89750F20865EE919AB391D731ED41CB90

Function 1003A8E0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 112filesynchronizationCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32(00000388,000000FF,94BA138F), ref: 1003A93A
CreateFileA.KERNEL32 ref: 1003A98F
SetFilePointer.KERNEL32(FFFFFFFF,00000000,00000000,00000002), ref: 1003A9C2
WriteFile.KERNEL32(FFFFFFFF,?,?,?,00000000), ref: 1003A9D8
CloseHandle.KERNEL32(FFFFFFFF), ref: 1003A9E6
ReleaseMutex.KERNEL32(00000388), ref: 1003AA15

Strings

firebird.log, xrefs: 1003A95C

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: File$CloseCreateHandleMutexObjectPointerReleaseSingleWaitWrite
String ID: firebird.log
API String ID: 1364638396-3846212633
Opcode ID: 78820245d44cce56649e8822d4668c884e209777453e449948149a58362b38be
Instruction ID: 7f6938e143bd48f9c43d6da7a9dfbcbd977b192e282388fdcf3dd97fc9d4d6ea
Opcode Fuzzy Hash: 78820245d44cce56649e8822d4668c884e209777453e449948149a58362b38be
Instruction Fuzzy Hash: F441CEB5A04350AFD314CF28DC89F1AB7E5FB8A764F504A1AFA459B2D0DB34E844CB51

Function 05D0BC50 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 112filesynchronizationCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32(000003D8,000000FF,521C82CE), ref: 05D0BCAA
CreateFileA.KERNEL32 ref: 05D0BCFF
SetFilePointer.KERNEL32(FFFFFFFF,00000000,00000000,00000002), ref: 05D0BD32
WriteFile.KERNEL32(FFFFFFFF,?,?,?,00000000), ref: 05D0BD48
CloseHandle.KERNEL32(FFFFFFFF), ref: 05D0BD56
ReleaseMutex.KERNEL32(000003D8), ref: 05D0BD85

Strings

firebird.log, xrefs: 05D0BCCC

Memory Dump Source

Source File: 00000012.00000002.2432177447.0000000005D01000.00000020.00000001.01000000.0000001D.sdmp, Offset: 05D00000, based on PE: true

Associated: 00000012.00000002.2432135585.0000000005D00000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2432748975.0000000005D2D000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2434993691.0000000005DDB000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2435043213.0000000005DDD000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5d00000_SISTEMA.jbxd

Similarity

API ID: File$CloseCreateHandleMutexObjectPointerReleaseSingleWaitWrite
String ID: firebird.log
API String ID: 1364638396-3846212633
Opcode ID: 714a3aa370c863ced9daa6bea0d830d7363209190e669d9c8a1d39a0842bd89f
Instruction ID: 3793db60c2fff1b37be7b8e95ab375bc4bac7e14e14e59bb431703213d921ec3
Opcode Fuzzy Hash: 714a3aa370c863ced9daa6bea0d830d7363209190e669d9c8a1d39a0842bd89f
Instruction Fuzzy Hash: 0341A2716193409BE210DB28DD42F2ABBE5FB98B24F504A1BF555973C0DB74E8058B62

Function 10026FB0 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 109COMMON

Download Yara Rule

APIs

fprintf.MSVCR80 ref: 100270F9

Strings

PARENT, xrefs: 1002708C
DELAYED, xrefs: 100270BA
%p%s: size=%d, xrefs: 100270F3
LAST, xrefs: 1002702B
LARGE, xrefs: 1002705A
USED, xrefs: 10027002

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: fprintf
String ID: DELAYED$ LARGE$ LAST$ PARENT$ USED$%p%s: size=%d
API String ID: 383729395-1987685648
Opcode ID: a689ab966de8f57f6ed58cfb216dcf057e10d9f50a5aeb31bcd9112d03617e0d
Instruction ID: a95723d67628861292fcca94c49d44258645323d4e8b39b5f74388a071b2aac8
Opcode Fuzzy Hash: a689ab966de8f57f6ed58cfb216dcf057e10d9f50a5aeb31bcd9112d03617e0d
Instruction Fuzzy Hash: E84170344087508FC304CB28D9AABA7BBE1FF46354F55C659E89D873A2D7B2D848C745

Function 05D1C6F0 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 109COMMON

Download Yara Rule

APIs

fprintf.MSVCR80 ref: 05D1C839

Strings

PARENT, xrefs: 05D1C7CC
LARGE, xrefs: 05D1C79A
DELAYED, xrefs: 05D1C7FA
%p%s: size=%d, xrefs: 05D1C833
USED, xrefs: 05D1C742
LAST, xrefs: 05D1C76B

Memory Dump Source

Source File: 00000012.00000002.2432177447.0000000005D01000.00000020.00000001.01000000.0000001D.sdmp, Offset: 05D00000, based on PE: true

Associated: 00000012.00000002.2432135585.0000000005D00000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2432748975.0000000005D2D000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2434993691.0000000005DDB000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2435043213.0000000005DDD000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5d00000_SISTEMA.jbxd

Similarity

API ID: fprintf
String ID: DELAYED$ LARGE$ LAST$ PARENT$ USED$%p%s: size=%d
API String ID: 383729395-1987685648
Opcode ID: 0e418810703b80d62924fd057c9e557b08eec6541d2d418a632115c59fa3360d
Instruction ID: 8b0f39982d464f20f74eb4f53bb11545a4db48c9b9efb0d25b2c56e42a8eb8b0
Opcode Fuzzy Hash: 0e418810703b80d62924fd057c9e557b08eec6541d2d418a632115c59fa3360d
Instruction Fuzzy Hash: 3F41B1340583519FC310CB18F4A6B72BBE1BF45364F19C54AEC9A4B3A2EB75E804C759

Function 10055A60 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 91processCOMMON

Download Yara Rule

APIs

Part of subcall function 1002C3E0: GetEnvironmentVariableA.KERNEL32(?,00000000,00000000,00000000,00000000,?,?,1003E14B), ref: 1002C3F3
Part of subcall function 1002C3E0: GetEnvironmentVariableA.KERNEL32(?,?,00000000,-00000001), ref: 1002C410

_stat64i32.MSVCR80(?,?), ref: 10055B21
system.MSVCR80 ref: 10055B4B
_stat64i32.MSVCR80(?,?), ref: 10055B57

Strings

EDITOR, xrefs: 10055AD2
, xrefs: 10055ABE
Notepad, xrefs: 10055AF9
%s "%s", xrefs: 10055B2C

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: EnvironmentVariable_stat64i32$system
String ID: $%s "%s"$EDITOR$Notepad
API String ID: 4140859329-2269974572
Opcode ID: e6af55e5a157772b673564cf6eaf62d6dc9ad2f53fed24be7b18d108b0340f90
Instruction ID: 33a7d0eeca0c8ed5a2124fa524c3cea8c42de1c1d52dea2310c07449a0acc713
Opcode Fuzzy Hash: e6af55e5a157772b673564cf6eaf62d6dc9ad2f53fed24be7b18d108b0340f90
Instruction Fuzzy Hash: 5B318D715183809FD320CB64C899F9BB3E8FF95314F10891DF489872A1DB75A908CB93

Function 1000869E Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 66networkCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(05BCE4E0,?,?,?,00000000), ref: 100086B7
CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 100086DB
gds__thread_start.FBCLIENT25(Function_000066E0,?,00000003,00000000,00000000), ref: 10008720
SetEvent.KERNEL32(FFFFFFFF), ref: 1000873C
accept.WS2_32(?,?,?), ref: 1000876B
WSAGetLastError.WS2_32(?,?,?), ref: 10008777

Strings

accept, xrefs: 10008790

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: Event$CreateCriticalEnterErrorLastSectionacceptgds__thread_start
String ID: accept
API String ID: 693902846-3005279540
Opcode ID: afb5dcb951dfc8fc9126d25e0887927c9e724953a56ce1252b96e1bd45494b62
Instruction ID: 444454a3b6b572748a06f0556a080368795aad08a03c09b9d665a7d588be6f82
Opcode Fuzzy Hash: afb5dcb951dfc8fc9126d25e0887927c9e724953a56ce1252b96e1bd45494b62
Instruction Fuzzy Hash: 6C21AE70509290AFD311CF25DC88B9BBBE9FBC5784F11494EF58883265DB709904CB22

Function 10027259 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 54COMMON

Download Yara Rule

APIs

LeaveCriticalSection.KERNEL32(05BC0068), ref: 10027288
fprintf.MSVCR80 ref: 10027299
EnterCriticalSection.KERNEL32(-00000054,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 100272A9
LeaveCriticalSection.KERNEL32(-00000054,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 100272DA
fprintf.MSVCR80 ref: 100272E3

Strings

********* End of output for pool %p., xrefs: 100272DD
REDIRECTED TO PARENT %p:, xrefs: 10027293

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: CriticalSection$Leavefprintf$Enter
String ID: ********* End of output for pool %p.$REDIRECTED TO PARENT %p:
API String ID: 2967114210-2569093279
Opcode ID: fbd73da7be5a73938d54e4c728320862b9e3153f8e89563b166788f2bef24f9a
Instruction ID: 6d29b456539336dcc0475037ae8560619fc1185c851d63c8484f07880331fe61
Opcode Fuzzy Hash: fbd73da7be5a73938d54e4c728320862b9e3153f8e89563b166788f2bef24f9a
Instruction Fuzzy Hash: C5112576900B21AFC210CB60DD84A57F3A4FF88A1CB068518FE5923711D730F829CBD5

Function 1003C500 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 54COMMON

Download Yara Rule

APIs

sprintf.MSVCR80 ref: 1003C533
isc_sql_interprete.FBCLIENT25(?,00000000,?), ref: 1003C55C
gds__put_error.FBCLIENT25(00000000), ref: 1003C57A
gds__put_error.FBCLIENT25(ISC STATUS: ), ref: 1003C58E
gds__print_status.FBCLIENT25(?), ref: 1003C594

Strings

SQLCODE: %dSQL ERROR:, xrefs: 1003C52D
ISC STATUS: , xrefs: 1003C589

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: gds__put_error$gds__print_statusisc_sql_interpretesprintf
String ID: ISC STATUS: $SQLCODE: %dSQL ERROR:
API String ID: 809118058-684214000
Opcode ID: 5be9c34d8dc4bcadcf376b80fe1298d141163114c455a18ab29f41828e545e41
Instruction ID: ea9ac1918d4af88e880e89be55169ca78fa068cfab6b1ec8163714f9932207d6
Opcode Fuzzy Hash: 5be9c34d8dc4bcadcf376b80fe1298d141163114c455a18ab29f41828e545e41
Instruction Fuzzy Hash: 2111A3B1808385AFE332CB668C40FABBBD8EF55252F04895EE58D87141D7756484C762

Function 05D1C999 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 54COMMON

Download Yara Rule

APIs

LeaveCriticalSection.KERNEL32(05C10068), ref: 05D1C9C8
fprintf.MSVCR80 ref: 05D1C9D9
EnterCriticalSection.KERNEL32(-00000054,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 05D1C9E9
LeaveCriticalSection.KERNEL32(-00000054,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 05D1CA1A
fprintf.MSVCR80 ref: 05D1CA23

Strings

********* End of output for pool %p., xrefs: 05D1CA1D
REDIRECTED TO PARENT %p:, xrefs: 05D1C9D3

Memory Dump Source

Source File: 00000012.00000002.2432177447.0000000005D01000.00000020.00000001.01000000.0000001D.sdmp, Offset: 05D00000, based on PE: true

Associated: 00000012.00000002.2432135585.0000000005D00000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2432748975.0000000005D2D000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2434993691.0000000005DDB000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2435043213.0000000005DDD000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5d00000_SISTEMA.jbxd

Similarity

API ID: CriticalSection$Leavefprintf$Enter
String ID: ********* End of output for pool %p.$REDIRECTED TO PARENT %p:
API String ID: 2967114210-2569093279
Opcode ID: 9f3665ed429be6142831ae7763952d8690ab1a208433340e453a89952eb943cc
Instruction ID: feba292d0a0dc5099030a3b1ac57043bf94f02032942b490a423c24f519c5c3c
Opcode Fuzzy Hash: 9f3665ed429be6142831ae7763952d8690ab1a208433340e453a89952eb943cc
Instruction Fuzzy Hash: 3F112576950711ABC220DB24E841E2BF7A5FF84A18B05451AFD5627321C734FC26CBE5

Function 10020E50 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 50COMMON

Download Yara Rule

APIs

isc_start_transaction.FBCLIENT25(?,?,00000001,?,00000000,00000000), ref: 10020E68

Part of subcall function 1004C960: memcpy.MSVCR80(00000000,?,?,?,94BA138F), ref: 1004CA0A
Part of subcall function 1004C960: isc_start_multiple.FBCLIENT25(?,?,?,?,94BA138F), ref: 1004CA73

isc_dsql_execute_immediate.FBCLIENT25(?,?,?,00000000,ALTER DATABASE BEGIN BACKUP,00000001,00000000), ref: 10020E8F
isc_commit_transaction.FBCLIENT25(?,?), ref: 10020EA7

Part of subcall function 10020D50: __iob_func.MSVCR80 ref: 10020D84
Part of subcall function 10020D50: fprintf.MSVCR80 ref: 10020D90
Part of subcall function 10020D50: __iob_func.MSVCR80 ref: 10020DD0
Part of subcall function 10020D50: fprintf.MSVCR80 ref: 10020DD6
Part of subcall function 10020D50: __iob_func.MSVCR80 ref: 10020DE0
Part of subcall function 10020D50: fprintf.MSVCR80 ref: 10020DE6
Part of subcall function 10020D50: isc_rollback_transaction.FBCLIENT25(?,00000000,Database error), ref: 10020E12
Part of subcall function 10020D50: isc_detach_database.FBCLIENT25(?,?,Database error), ref: 10020E30

Strings

begin backup: commit, xrefs: 10020EB0
begin backup, xrefs: 10020E98
ALTER DATABASE BEGIN BACKUP, xrefs: 10020E85
start transaction, xrefs: 10020E74

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: __iob_funcfprintf$isc_commit_transactionisc_detach_databaseisc_dsql_execute_immediateisc_rollback_transactionisc_start_multipleisc_start_transactionmemcpy
String ID: ALTER DATABASE BEGIN BACKUP$begin backup$begin backup: commit$start transaction
API String ID: 1436175989-2035398740
Opcode ID: f597bafef1c8d0757dc852d5177572307afbbc5bf49e0a885cb714b629f80e0a
Instruction ID: a31412cbf42a0d8676614653c5113927231a1516eaf2e6eab97c177cc380fbe6
Opcode Fuzzy Hash: f597bafef1c8d0757dc852d5177572307afbbc5bf49e0a885cb714b629f80e0a
Instruction Fuzzy Hash: D9F090353803083AE920D1526D86FBF6A9DCF82E89FC10519FA00B60D2EBC1BE0941B9

Function 10020F70 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 50COMMON

Download Yara Rule

APIs

isc_start_transaction.FBCLIENT25(?,?,00000001,?,00000000,00000000), ref: 10020F88

Part of subcall function 1004C960: memcpy.MSVCR80(00000000,?,?,?,94BA138F), ref: 1004CA0A
Part of subcall function 1004C960: isc_start_multiple.FBCLIENT25(?,?,?,?,94BA138F), ref: 1004CA73

isc_dsql_execute_immediate.FBCLIENT25(?,?,?,00000000,ALTER DATABASE END BACKUP,00000001,00000000), ref: 10020FAF
isc_commit_transaction.FBCLIENT25(?,?), ref: 10020FC7

Part of subcall function 10020D50: __iob_func.MSVCR80 ref: 10020D84
Part of subcall function 10020D50: fprintf.MSVCR80 ref: 10020D90
Part of subcall function 10020D50: __iob_func.MSVCR80 ref: 10020DD0
Part of subcall function 10020D50: fprintf.MSVCR80 ref: 10020DD6
Part of subcall function 10020D50: __iob_func.MSVCR80 ref: 10020DE0
Part of subcall function 10020D50: fprintf.MSVCR80 ref: 10020DE6
Part of subcall function 10020D50: isc_rollback_transaction.FBCLIENT25(?,00000000,Database error), ref: 10020E12
Part of subcall function 10020D50: isc_detach_database.FBCLIENT25(?,?,Database error), ref: 10020E30

Strings

end backup: commit, xrefs: 10020FD0
ALTER DATABASE END BACKUP, xrefs: 10020FA5
end backup, xrefs: 10020FB8
start transaction, xrefs: 10020F94

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: __iob_funcfprintf$isc_commit_transactionisc_detach_databaseisc_dsql_execute_immediateisc_rollback_transactionisc_start_multipleisc_start_transactionmemcpy
String ID: ALTER DATABASE END BACKUP$end backup$end backup: commit$start transaction
API String ID: 1436175989-3288812989
Opcode ID: ce72ba864b686a55b6930a5a2e5b054359a6380b21f73ae472a7a59a5e0f5a03
Instruction ID: a982dd9a436342f2187a9bca9df492567ad42d45d0a87f93613cacf25be94389
Opcode Fuzzy Hash: ce72ba864b686a55b6930a5a2e5b054359a6380b21f73ae472a7a59a5e0f5a03
Instruction Fuzzy Hash: 55F0963538030836E561D2526D86FBF5B9DCF82E88FC10129F600B64D2EBC1BE194179

Function 10031C70 Relevance: 12.3, APIs: 5, Strings: 3, Instructions: 257stringCOMMON

Download Yara Rule

APIs

sprintf.MSVCR80 ref: 10031D57
sprintf.MSVCR80 ref: 10031DA4
sprintf.MSVCR80 ref: 10031E61
sprintf.MSVCR80 ref: 10031F20
strchr.MSVCR80 ref: 10031F36

Strings

%- #*.*f, xrefs: 10031D51
-1.234567890123456E-300, xrefs: 10031CB2
%- #*.*g, xrefs: 10031D75

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: sprintf$strchr
String ID: %- #*.*f$%- #*.*g$-1.234567890123456E-300
API String ID: 1221780243-3824286158
Opcode ID: 1685e7fac93c853a1db41426fc73a224b4bb4f4b27c3d272814ffcb73ed4900b
Instruction ID: 270868405fb954fcc0bf5d77733abce0c7e90c6f5db36b0bc5382b1609dd4ec2
Opcode Fuzzy Hash: 1685e7fac93c853a1db41426fc73a224b4bb4f4b27c3d272814ffcb73ed4900b
Instruction Fuzzy Hash: 18A19B756087409FD320DB68C884B9ABBF1FF8D354F504A5CF9A9873A1DB319805CB92

Function 05D0FBD0 Relevance: 12.2, APIs: 1, Strings: 7, Instructions: 214COMMON

Download Yara Rule

APIs

Part of subcall function 05D0F850: EnterCriticalSection.KERNEL32(05C1E4A0,521C82CE,?,?,?,?), ref: 05D0F8A9

memcpy.MSVCR80(00000000,?,?), ref: 05D0FE13

Part of subcall function 05D21F90: _vsnprintf.MSVCR80 ref: 05D21FA6

Strings

message file , xrefs: 05D0FDB2
message text not found, xrefs: 05D0FD74
firebird.msg, xrefs: 05D0FDC0
message system code %d, xrefs: 05D0FDE5
not found, xrefs: 05D0FDDD
can't format message %d:%d -- , xrefs: 05D0FD52
, xrefs: 05D0FD2A

Memory Dump Source

Source File: 00000012.00000002.2432177447.0000000005D01000.00000020.00000001.01000000.0000001D.sdmp, Offset: 05D00000, based on PE: true

Associated: 00000012.00000002.2432135585.0000000005D00000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2432748975.0000000005D2D000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2434993691.0000000005DDB000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2435043213.0000000005DDD000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5d00000_SISTEMA.jbxd

Similarity

API ID: CriticalEnterSection_vsnprintfmemcpy
String ID: $ not found$can't format message %d:%d -- $firebird.msg$message file $message system code %d$message text not found
API String ID: 788735492-2724754996
Opcode ID: dcb9ea513e0c58b8925fa1f36536600d41cd2287811aeec078363b20bc3c9534
Instruction ID: 7e0f3dc53e5265ca34d28384e7b301310a034ee3591b781b65e6f45de6f13014
Opcode Fuzzy Hash: dcb9ea513e0c58b8925fa1f36536600d41cd2287811aeec078363b20bc3c9534
Instruction Fuzzy Hash: 08818B756183419FD324DB28D880BBBB7E5FF88714F105A1EF48987391EB35A90487A2

Function 05D26740 Relevance: 12.2, APIs: 5, Strings: 3, Instructions: 203COMMON

Download Yara Rule

APIs

memcpy.MSVCR80(00000000,?,?,?,00000000,00000008,05D2686B), ref: 05D26762
memcpy.MSVCR80(00000000), ref: 05D27B64
memcpy.MSVCR80(00000000), ref: 05D27BD5

Strings

, xrefs: 05D27B1B
c:\Program Files\Firebird\, xrefs: 05D27C79
FIREBIRD, xrefs: 05D267A3, 05D27AEE

Memory Dump Source

Source File: 00000012.00000002.2432177447.0000000005D01000.00000020.00000001.01000000.0000001D.sdmp, Offset: 05D00000, based on PE: true

Associated: 00000012.00000002.2432135585.0000000005D00000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2432748975.0000000005D2D000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2434993691.0000000005DDB000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2435043213.0000000005DDD000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5d00000_SISTEMA.jbxd

Similarity

API ID: memcpy
String ID: $FIREBIRD$c:\Program Files\Firebird\
API String ID: 3510742995-495391613
Opcode ID: 0b06c7699fa5fc68777db420d8a2a2b46f45b5ed47f9fd3b8a0d82f290a964fc
Instruction ID: c081ba13e982f3a77eaf6378b978645f34308365cb2fbc5ba28c69bbf38d8a35
Opcode Fuzzy Hash: 0b06c7699fa5fc68777db420d8a2a2b46f45b5ed47f9fd3b8a0d82f290a964fc
Instruction Fuzzy Hash: CC61E2B16083A09BC714DB68D854E7B7BE8FFA9608F04491FF58587251EA21D948C7B3

Function 101BFC60 Relevance: 12.1, APIs: 8, Instructions: 131COMMON

Download Yara Rule

APIs

Part of subcall function 101BF6C0: memset.MSVCR80 ref: 101BF73B
Part of subcall function 101BF6C0: isc_compile_request.FBCLIENT25(?,?,?,00000130,10292A90), ref: 101BF79B
Part of subcall function 101BF6C0: isc_start_and_send.FBCLIENT25(?,?,?,00000000,00000040,?,00000000,?,?,00000020,?,?,00000020), ref: 101BF7E4
Part of subcall function 101BF6C0: isc_receive.FBCLIENT25(?,?,00000001,0000002A,?,00000000,?,?,?,?,00000020,?,?,00000020), ref: 101BF80C

memset.MSVCR80 ref: 101BFCD6
isc_compile_request.FBCLIENT25(?,?,?,000000AA,10292BC0), ref: 101BFD04
isc_start_and_send.FBCLIENT25(?,?,?,00000000,00000020,?,00000000,?,?,00000020), ref: 101BFD3D
isc_receive.FBCLIENT25(?,?,00000001,0000000A,?,00000000,?,?,00000020), ref: 101BFD5C
isc_receive.FBCLIENT25(?,?,00000001,0000000A,?,00000000,?,?,00000020), ref: 101BFD96
isc_release_request.FBCLIENT25(?,?,?,?,00000020), ref: 101BFDB2

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: isc_receive$isc_compile_requestisc_start_and_sendmemset$isc_release_request
String ID:
API String ID: 3231030235-0
Opcode ID: 3bed42fc64126388f129c0419cd2e742ea4c800b8a34d16778826fc1a5e2a72e
Instruction ID: f80af7f0d621d1d227a56251df3ae6ef07ef731e28648c7737c015854461cf75
Opcode Fuzzy Hash: 3bed42fc64126388f129c0419cd2e742ea4c800b8a34d16778826fc1a5e2a72e
Instruction Fuzzy Hash: E3411776508345ABD320DF94D881EEBB3F8FB88700F048E1EF69997140E775A648CB66

Function 10031FD0 Relevance: 10.7, APIs: 3, Strings: 4, Instructions: 244COMMON

Download Yara Rule

APIs

sprintf.MSVCR80 ref: 10032161
sprintf.MSVCR80 ref: 100321CC
sprintf.MSVCR80 ref: 1003224B

Strings

%d-%.3s-%d, xrefs: 10032135
%d:%.2d:%.2d.%.4d, xrefs: 100321C6
%2.2d:%2.2d:%2.2d.%4.4d, xrefs: 10032245
%4.4d-%2.2d-%2.2d, xrefs: 10032157

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: sprintf
String ID: %d:%.2d:%.2d.%.4d$%2.2d:%2.2d:%2.2d.%4.4d$%4.4d-%2.2d-%2.2d$%d-%.3s-%d
API String ID: 590974362-2626974596
Opcode ID: 7c951c9802cbb519fdadf8bb87db07d736ccf5f551f2dc16a64a2119cc93c305
Instruction ID: 4021789c88127557e8fff1c4e6ae9027d10e117d9fa34e167eb9974f6e3156ad
Opcode Fuzzy Hash: 7c951c9802cbb519fdadf8bb87db07d736ccf5f551f2dc16a64a2119cc93c305
Instruction Fuzzy Hash: 8691AEB1908341AFD355CF28C980BABBBE5FB89740F40491DF9898B251E334ED49CB92

Function 1004A960 Relevance: 10.7, APIs: 7, Instructions: 232COMMON

Download Yara Rule

APIs

memcpy.MSVCR80(00000000,00000000,00000000,?), ref: 1004AA0B
isc_dsql_prepare_m.FBCLIENT25(?,?,?,?,?,?,00000019,1026B100,?,00000000), ref: 1004AA40
memset.MSVCR80 ref: 1004AA61
gds__vax_integer.FBCLIENT25(00000001,00000002), ref: 1004AA82
gds__vax_integer.FBCLIENT25(00000003,00000000), ref: 1004AA8F
memmove.MSVCR80(00000000,?,00000000), ref: 1004AAFB
memmove.MSVCR80(00000000,?,?), ref: 1004AB56

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: gds__vax_integermemmove$isc_dsql_prepare_mmemcpymemset
String ID:
API String ID: 3520456394-0
Opcode ID: 71dbacc69f77b10a01cd4de61557193589f5d69fc9f3a78916c81833a7cc2163
Instruction ID: a520db8644b2668383b3e1add013c5a0e0be856eeb59fe45863b4b4277a5ece6
Opcode Fuzzy Hash: 71dbacc69f77b10a01cd4de61557193589f5d69fc9f3a78916c81833a7cc2163
Instruction Fuzzy Hash: 3C917DB5900249AFCB04CF68D881AAEBBF5EF88350F25416AF809DB341D774E950CBA5

Function 1003B0B0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 149COMMON

Download Yara Rule

APIs

gds__log.FBCLIENT25(fb_sqlstate: NULL status vector), ref: 1003B0BF

Part of subcall function 1003AC40: _time64.MSVCR80 ref: 1003AC7B
Part of subcall function 1003AC40: WaitForSingleObject.KERNEL32 ref: 1003ACB1
Part of subcall function 1003AC40: fopen.MSVCR80 ref: 1003ACC1
Part of subcall function 1003AC40: _ctime64.MSVCR80 ref: 1003ACD5
Part of subcall function 1003AC40: fprintf.MSVCR80 ref: 1003AD03
Part of subcall function 1003AC40: vfprintf.MSVCR80 ref: 1003AD16
Part of subcall function 1003AC40: fprintf.MSVCR80 ref: 1003AD22
Part of subcall function 1003AC40: fclose.MSVCR80 ref: 1003AD25
Part of subcall function 1003AC40: ReleaseMutex.KERNEL32(00000388,00000388,000000FF), ref: 1003AD35

Strings

42000, xrefs: 1003B230
00000, xrefs: 1003B0D2, 1003B1FC
fb_sqlstate: NULL status vector, xrefs: 1003B0BA
HY000, xrefs: 1003B0EE, 1003B242
22000, xrefs: 1003B21E

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: fprintf$MutexObjectReleaseSingleWait_ctime64_time64fclosefopengds__logvfprintf
String ID: 00000$22000$42000$HY000$fb_sqlstate: NULL status vector
API String ID: 3228221607-4192636339
Opcode ID: f01b01788d5f97064dd50cdc520a4183063d12f0cae16980789ef21063a77b6e
Instruction ID: 0326d889c172690e85585326555d267bf8f9f8ac99680a7bdffd1b81da9ba0e0
Opcode Fuzzy Hash: f01b01788d5f97064dd50cdc520a4183063d12f0cae16980789ef21063a77b6e
Instruction Fuzzy Hash: 3D518E72804B898FD722CE04D88871BB3D5F7C235EF86852AEE854F250EB719C998751

Function 1003DE10 Relevance: 10.6, APIs: 3, Strings: 4, Instructions: 141COMMON

Download Yara Rule

APIs

memcpy.MSVCR80(C:\Program Files (x86)\SISTEMA 2.1.1\,?,00000103,00000104,FFFFFFFF,?,?,94BA138F), ref: 1003DF33
memcpy.MSVCR80(C:\ProgramData\firebird,?,00000103,00000104,FFFFFFFF,?,?,94BA138F), ref: 1003DF5B
memcpy.MSVCR80(C:\Program Files (x86)\SISTEMA 2.1.1\,?,00000103,00000104,FFFFFFFF,?,?,94BA138F), ref: 1003DF83

Strings

C:\Program Files (x86)\SISTEMA 2.1.1\, xrefs: 1003DF7E
Firebird::string - pos out of range, xrefs: 1003DE91
C:\Program Files (x86)\SISTEMA 2.1.1\, xrefs: 1003DF2E
C:\ProgramData\firebird, xrefs: 1003DF56

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: memcpy
String ID: C:\Program Files (x86)\SISTEMA 2.1.1\$C:\Program Files (x86)\SISTEMA 2.1.1\$C:\ProgramData\firebird$Firebird::string - pos out of range
API String ID: 3510742995-3001010695
Opcode ID: f02458f01267c4ed5d3aa49b0cbbca9588a82b0778286fbf162021d80c987950
Instruction ID: 11a0accb453eab2415e4e2ddd2f50d603acc1b6539a63e5968fd5d3d59f18814
Opcode Fuzzy Hash: f02458f01267c4ed5d3aa49b0cbbca9588a82b0778286fbf162021d80c987950
Instruction Fuzzy Hash: 96415A765082915FC711EB24A8818ABBBE5EF85794F90092FF486CF240D734EC49C393

Function 10018B40 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 127filepipeCOMMON

Download Yara Rule

APIs

memcpy.MSVCR80(?,?), ref: 10018BBB
CreateFileA.KERNEL32(-00000006,80000000,00000000,00000000,00000003,40000000,00000000), ref: 10018C23
GetLastError.KERNEL32 ref: 10018C40
WaitNamedPipeA.KERNEL32(?,00000BB8), ref: 10018C58
CreateFileA.KERNEL32(?,80000000,00000000,00000000,00000003,40000000,00000000), ref: 10018C76

Part of subcall function 10018960: ConnectNamedPipe.KERNEL32(?,75730E30,75730E30,00000000,?,?,?,?,100193F7,?,?,00000000), ref: 10018991
Part of subcall function 10018960: GetLastError.KERNEL32(?,?,?,?,100193F7,?,?,00000000), ref: 100189A1
Part of subcall function 10018960: WaitForSingleObject.KERNEL32(?,000000FF,?,?,?,?,100193F7,?,?,00000000), ref: 100189BE

Strings

CreateFile, xrefs: 10018C98

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: CreateErrorFileLastNamedPipeWait$ConnectObjectSinglememcpy
String ID: CreateFile
API String ID: 1341172837-823142352
Opcode ID: fd14673339fcce4a64a738f614b1d7b9be2ade7af3eba87d27a6af4f8b917ee8
Instruction ID: 08e201050554f359f8664136f43a6111eb6dc11cdbdde36eff1039e46c136861
Opcode Fuzzy Hash: fd14673339fcce4a64a738f614b1d7b9be2ade7af3eba87d27a6af4f8b917ee8
Instruction Fuzzy Hash: F24127B1B043415BC214DB64DC82BABB3E0FF84258F50092DF64AAB2C0D735FA84C7A5

Function 100202F0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 115COMMON

Download Yara Rule

APIs

fb_interpret.FBCLIENT25(?,00000400,?), ref: 1002032E
fb_interpret.FBCLIENT25 ref: 1002036A
fb_interpret.FBCLIENT25(?,000003FF,?,?,?,000003FF,?), ref: 1002039F
isc_detach_database.FBCLIENT25(00000000,00000000), ref: 100203B4

Strings

%s, xrefs: 10020343, 1002037F
-, xrefs: 10020363

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: fb_interpret$isc_detach_database
String ID: %s$-
API String ID: 1833099085-254369822
Opcode ID: 96a6b093ca9ab9559b0ad165697f3ed729ba5ffa68a87a096599c2251ebf4c32
Instruction ID: 4bdb1737790af716f291ffa971927ba23fde87dc9091b9125f63a6c26eea423d
Opcode Fuzzy Hash: 96a6b093ca9ab9559b0ad165697f3ed729ba5ffa68a87a096599c2251ebf4c32
Instruction Fuzzy Hash: 96416DB55007059FD760CB94D881BAAB3FAFF88304F90851CF9499B652EB70FA85CB91

Function 10056F70 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 114COMMON

Download Yara Rule

APIs

Part of subcall function 10056890: _lseek.MSVCR80 ref: 100568AE

Part of subcall function 100569B0: _read.MSVCR80 ref: 100569C9

_read.MSVCR80 ref: 10056FCB
_lseek.MSVCR80 ref: 10057024
_write.MSVCR80 ref: 1005705A
_lseek.MSVCR80 ref: 10057096

Strings

write, xrefs: 10057077
lseek, xrefs: 1005703B, 100570AD

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: _lseek$_read$_write
String ID: lseek$write
API String ID: 888627778-202191809
Opcode ID: 0ac47dde6803c1514e28a9f9418fba160ad28296b840759fa86caf10aee4a406
Instruction ID: 08f634489c01cd823b587f387b7df6a2c2083d4f05333f842cad988fa52ccc11
Opcode Fuzzy Hash: 0ac47dde6803c1514e28a9f9418fba160ad28296b840759fa86caf10aee4a406
Instruction Fuzzy Hash: D83172B66043019BD305DF14EC81AEBB3E9FB98344F04492DF99987242E631F95D8BA6

Function 100073D9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 86networkCOMMON

Download Yara Rule

APIs

memset.MSVCR80 ref: 10007416
select.WS2_32(00000800,?,00000000,00000000,?), ref: 1000747F
WSAGetLastError.WS2_32 ref: 1000748E
select.WS2_32(00000800,?,00000000,00000000,?), ref: 100074C2
WSAGetLastError.WS2_32 ref: 100074D1
recv.WS2_32(?,?,?,00000000), ref: 1000754A
WSAGetLastError.WS2_32 ref: 10007552

Strings

G, xrefs: 10007506

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: ErrorLast$select$memsetrecv
String ID: G
API String ID: 1964909713-985283518
Opcode ID: dc769da169eeae43fc310dbf8043465e52f489bc88304e7afe75d227b384806c
Instruction ID: bf47fa4d067101723a237b2511f90e685b0f240c5132284ce9e16691dabda982
Opcode Fuzzy Hash: dc769da169eeae43fc310dbf8043465e52f489bc88304e7afe75d227b384806c
Instruction Fuzzy Hash: 3D317C709093918BE774DF148888B9FBBE5FB84794F214A1DE98C83284C7789945CBA3

Function 10020880 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 85threadCOMMON

Download Yara Rule

APIs

_vsnprintf.MSVCR80 ref: 100208B9
__iob_func.MSVCR80 ref: 100208E4
fprintf.MSVCR80 ref: 100208EE
_CxxThrowException.MSVCR80(?,102B34D4), ref: 10020912
GetCurrentThreadId.KERNEL32 ref: 10020961

Strings

Failure: %s, xrefs: 100208DF

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: CurrentExceptionThreadThrow__iob_func_vsnprintffprintf
String ID: Failure: %s
API String ID: 431962570-4108863659
Opcode ID: 19e211cb0180ac224240e0f779e615078e2fb417cfba86504625fff32c23d29c
Instruction ID: f2c3f649e333b8e108c83c6979f76767c68b815b174c3abe0ab3773ac7ea7629
Opcode Fuzzy Hash: 19e211cb0180ac224240e0f779e615078e2fb417cfba86504625fff32c23d29c
Instruction Fuzzy Hash: 43217C75204210AFD324EB58DC85EEBB3E9EF89604F54885CF68987261DB70B805CBD6

Function 1001ACA0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 81fileCOMMON

Download Yara Rule

APIs

Part of subcall function 1002C460: _vsnprintf.MSVCR80 ref: 1002C476

CreateFileMappingA.KERNEL32(000000FF,00000000,00000004,00000000,00000008,?), ref: 1001AD23
GetLastError.KERNEL32(?,?,94BA138F), ref: 1001AD36
MapViewOfFile.KERNEL32(00000000,00000002,00000000,00000000,00000008,?,?,?,94BA138F), ref: 1001AD6A

Strings

CreateFileMapping, xrefs: 1001AD43
%s_MAP_%lu_%lu, xrefs: 1001ACE0
MapViewOfFile, xrefs: 1001AD76

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: File$CreateErrorLastMappingView_vsnprintf
String ID: %s_MAP_%lu_%lu$CreateFileMapping$MapViewOfFile
API String ID: 3512951815-2680246778
Opcode ID: f8836e0fde4634e8b32a2a55106e944f45ea301fc421594e98e0af09223ba13f
Instruction ID: 4094ca7e6ddac56b129f2c4c8a83b658f492c819165d3b6ff35f2308ddb0a67b
Opcode Fuzzy Hash: f8836e0fde4634e8b32a2a55106e944f45ea301fc421594e98e0af09223ba13f
Instruction Fuzzy Hash: CA21F4B1A00218AFE710CF54DC8AFAAB7B8EB55710F104219F919DB290DB307D54CBA4

Function 100187B0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 73fileCOMMON

Download Yara Rule

APIs

ReadFile.KERNEL32 ref: 100187FD
GetLastError.KERNEL32 ref: 1001880B
GetOverlappedResult.KERNEL32(?,?,?,00000001), ref: 1001882B
GetLastError.KERNEL32 ref: 10018833

Strings

ReadFile end-of-file, xrefs: 10018872
ReadFile, xrefs: 1001883E

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: ErrorLast$FileOverlappedReadResult
String ID: ReadFile$ReadFile end-of-file
API String ID: 1381625491-3167144506
Opcode ID: 9a5a5f8611509f9b202b1b328dac9989059556a87ed4147d6b4d398095607ea1
Instruction ID: be6f8ff667b5481d28e58269784d7617744eb1757d9a770fd719d3188a3c916b
Opcode Fuzzy Hash: 9a5a5f8611509f9b202b1b328dac9989059556a87ed4147d6b4d398095607ea1
Instruction Fuzzy Hash: DA214F75604702DFD700DF68D884A9BB3E4FBC8264F90891DE989C7250EB74DB4A8B92

Function 05D02970 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 73COMMON

Download Yara Rule

APIs

ucnv_open_3_0.ICUUC30 ref: 05D02987
ucnv_getMinCharSize_3_0.ICUUC30(00000000), ref: 05D029DD
ucnv_getMaxCharSize_3_0.ICUUC30(00000000,00000000), ref: 05D029E6
ucnv_fromUChars_3_0.ICUUC30(00000000,00000000,?,?,00000001,?), ref: 05D02A29
ucnv_close_3_0.ICUUC30(00000000,00000000,00000000,?,?,00000001,?), ref: 05D02A32

Strings

, xrefs: 05D02A06

Memory Dump Source

Source File: 00000012.00000002.2432177447.0000000005D01000.00000020.00000001.01000000.0000001D.sdmp, Offset: 05D00000, based on PE: true

Associated: 00000012.00000002.2432135585.0000000005D00000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2432748975.0000000005D2D000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2434993691.0000000005DDB000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2435043213.0000000005DDD000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5d00000_SISTEMA.jbxd

Similarity

API ID: CharSize_3_0ucnv_get$Chars_3_0ucnv_close_3_0ucnv_fromucnv_open_3_0
String ID:
API String ID: 1166926930-3916222277
Opcode ID: d408b001b7f0e6e80f080a323e24809b380e4aaedabb85d521aa7607c0a220e7
Instruction ID: 40953e41e8201b93418ade84e98db5c91de993390d962f6d4c8d7911db05c7ea
Opcode Fuzzy Hash: d408b001b7f0e6e80f080a323e24809b380e4aaedabb85d521aa7607c0a220e7
Instruction Fuzzy Hash: AE21F270508301AED7109F69E808BA7FBE8AF81704F08891FE8C547251EB78A14C8BB6

Function 10002830 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 65registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.ADVAPI32(80000002,SOFTWARE\Firebird Project\Firebird Server\Instances,00000000,00000001,?), ref: 1000285F
RegQueryValueExA.ADVAPI32 ref: 10002891
RegCloseKey.ADVAPI32(?), ref: 1000289E
memcpy.MSVCR80(00000000,?,?,?), ref: 100028CA

Strings

DefaultInstance, xrefs: 10002883
SOFTWARE\Firebird Project\Firebird Server\Instances, xrefs: 10002855

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: CloseOpenQueryValuememcpy
String ID: DefaultInstance$SOFTWARE\Firebird Project\Firebird Server\Instances
API String ID: 943182703-689274669
Opcode ID: df3aae503762d773a77f12ed81e683138ba4269960c0b05efa62767066b4144c
Instruction ID: c0795db52e3a2a2444ada47c67f14b5a75eeeca12ed630dd985dcc9425fee81d
Opcode Fuzzy Hash: df3aae503762d773a77f12ed81e683138ba4269960c0b05efa62767066b4144c
Instruction Fuzzy Hash: 4011D3766042056BD718CB14DC96FEBB3F8EFD9B44F00891DF64593240EB74A90D87A6

Function 05D279F0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 65registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.ADVAPI32(80000002,SOFTWARE\Firebird Project\Firebird Server\Instances,00000000,00000001,?), ref: 05D27A1F
RegQueryValueExA.ADVAPI32 ref: 05D27A51
RegCloseKey.ADVAPI32(?), ref: 05D27A5E
memcpy.MSVCR80(00000000,?,?,?), ref: 05D27A8A

Strings

SOFTWARE\Firebird Project\Firebird Server\Instances, xrefs: 05D27A15
DefaultInstance, xrefs: 05D27A43

Memory Dump Source

Source File: 00000012.00000002.2432177447.0000000005D01000.00000020.00000001.01000000.0000001D.sdmp, Offset: 05D00000, based on PE: true

Associated: 00000012.00000002.2432135585.0000000005D00000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2432748975.0000000005D2D000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2434993691.0000000005DDB000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2435043213.0000000005DDD000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5d00000_SISTEMA.jbxd

Similarity

API ID: CloseOpenQueryValuememcpy
String ID: DefaultInstance$SOFTWARE\Firebird Project\Firebird Server\Instances
API String ID: 943182703-689274669
Opcode ID: cc447a4e714d58c728b65759f22bff3a378a4ec554a62067995974808280a555
Instruction ID: 614aa016963275f711be9f4c3bffb2c60d3cdd6ba1f19cac5d177d4d7ce71e18
Opcode Fuzzy Hash: cc447a4e714d58c728b65759f22bff3a378a4ec554a62067995974808280a555
Instruction Fuzzy Hash: 9011B471A043146FD724DF14D84AFEBB7E9EFE8714F00491EF64983240E670A50987A6

Function 10018890 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 63fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNEL32(?,?,?,?,?), ref: 100188D0
GetLastError.KERNEL32(?,?,?), ref: 100188DE
GetOverlappedResult.KERNEL32(?,?,?,00000001,?,?,?), ref: 100188FE
GetLastError.KERNEL32(?,?,?), ref: 10018906

Strings

WriteFile truncated, xrefs: 1001892F
WriteFile, xrefs: 1001890C

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: ErrorLast$FileOverlappedResultWrite
String ID: WriteFile$WriteFile truncated
API String ID: 723699375-569647909
Opcode ID: 5e5626f04df14db6464e7eb2aa3c1a35eeb705bba66175cb6e8bc1176ccdade4
Instruction ID: 1cd209a666f365d09be488da61d44207b6e27155cf083796a08ac5de7a19a98c
Opcode Fuzzy Hash: 5e5626f04df14db6464e7eb2aa3c1a35eeb705bba66175cb6e8bc1176ccdade4
Instruction Fuzzy Hash: 4111EBB65043019FC300CF68DC809ABB7E9EBC82A4F45492DF589C7250EA34DB498B67

Function 1001E000 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 59windowCOMMON

Download Yara Rule

APIs

Part of subcall function 100533E0: TlsGetValue.KERNEL32(0000002E), ref: 100533E7
Part of subcall function 100533E0: GetLastError.KERNEL32 ref: 100533F3

GetUserDefaultLangID.KERNEL32(00000080,00000080,00000000), ref: 1001E030
FormatMessageA.KERNEL32(000010FF,00000000), ref: 1001E048
FormatMessageA.KERNEL32(000010FF,00000000,?,00000000,?,00000080,00000000), ref: 1001E061
sprintf.MSVCR80 ref: 1001E072

Strings

unknown Windows NT error %ld, xrefs: 1001E06C
%s, xrefs: 1001E085

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: FormatMessage$DefaultErrorLangLastUserValuesprintf
String ID: %s$unknown Windows NT error %ld
API String ID: 3698173387-2402821815
Opcode ID: 49a8887df1c679b65ac0e9604495ad6ffc4790b4edbe6ed7ced7f7b7e4fb5eaa
Instruction ID: 0b504e353e1579c51a3c4e958a0b7d0d07cbfdcf196ec591a8f92261d346a919
Opcode Fuzzy Hash: 49a8887df1c679b65ac0e9604495ad6ffc4790b4edbe6ed7ced7f7b7e4fb5eaa
Instruction Fuzzy Hash: 0311A071200742AFE360DB54CC86FB777ECEB88750F00891CF599CA191DBB0AD8887A6

Function 10020ED0 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 45COMMON

Download Yara Rule

APIs

isc_database_info.FBCLIENT25 ref: 10020F10

Part of subcall function 10020D50: __iob_func.MSVCR80 ref: 10020D84
Part of subcall function 10020D50: fprintf.MSVCR80 ref: 10020D90
Part of subcall function 10020D50: __iob_func.MSVCR80 ref: 10020DD0
Part of subcall function 10020D50: fprintf.MSVCR80 ref: 10020DD6
Part of subcall function 10020D50: __iob_func.MSVCR80 ref: 10020DE0
Part of subcall function 10020D50: fprintf.MSVCR80 ref: 10020DE6
Part of subcall function 10020D50: isc_rollback_transaction.FBCLIENT25(?,00000000,Database error), ref: 10020E12
Part of subcall function 10020D50: isc_detach_database.FBCLIENT25(?,?,Database error), ref: 10020E30

Strings

p, xrefs: 10020F0B
size info, xrefs: 10020F19
p, xrefs: 10020F26

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: __iob_funcfprintf$isc_database_infoisc_detach_databaseisc_rollback_transaction
String ID: p$p$size info
API String ID: 4138295296-730120091
Opcode ID: edcdaceb23e23a67f9ba032cbb86d6b895bbca9fe2204c2c5e0ca1d64baba300
Instruction ID: 60931ecaefd386d584a80c79e2168a0233a3faa40fb2e0514da00b540a9786f3
Opcode Fuzzy Hash: edcdaceb23e23a67f9ba032cbb86d6b895bbca9fe2204c2c5e0ca1d64baba300
Instruction Fuzzy Hash: D2015275508341ADD361DB64D805FEBB7E9EB89740F808D1EF58A86181DB78B90C87A2

Function 100214A0 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 40fileCOMMON

Download Yara Rule

APIs

_strnicmp.MSVCR80 ref: 100214BB
GetStdHandle.KERNEL32(000000F5), ref: 100214D0
CreateFileA.KERNEL32(?,40000000,00000004,00000000,00000001,08000080,00000000), ref: 100214F1
GetLastError.KERNEL32(?), ref: 10021509

Strings

stdout, xrefs: 100214B5
Error (%d) creating backup file: %s, xrefs: 10021512

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: CreateErrorFileHandleLast_strnicmp
String ID: Error (%d) creating backup file: %s$stdout
API String ID: 3106809570-3388150335
Opcode ID: d89fe58258c676e86e727ba3b0378fb9cb88b775f76b5db9ea88166b169ac8cd
Instruction ID: d8ed2430ac08a9807296c6d412a4f55a9242ea20d761591827d2e140f32ff92b
Opcode Fuzzy Hash: d89fe58258c676e86e727ba3b0378fb9cb88b775f76b5db9ea88166b169ac8cd
Instruction Fuzzy Hash: F4F0C871A40711A7C730DBB8AC49FD772D9AB19724F500608F365D71C0C665A8448B14

Function 1003F980 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 37COMMON

Download Yara Rule

APIs

InterlockedExchange.KERNEL32(?,00000000), ref: 1003F98D
InterlockedExchange.KERNEL32(?,00000000), ref: 1003F99C
CreateSemaphoreA.KERNEL32(00000000,00000000,7FFFFFFF,00000000), ref: 1003F9A9
CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000), ref: 1003F9CB

Part of subcall function 1002B330: GetLastError.KERNEL32(1002ECEF,00000001,?,10233AE0,10045CBE,14000004,94BA138F,?,?,?,00000100,10254A18), ref: 1002B333
Part of subcall function 1002B330: _CxxThrowException.MSVCR80(00000000,102B4004), ref: 1002B351

Strings

CreateEvent, xrefs: 1003F9DA
CreateSemaphore, xrefs: 1003F9B6

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: CreateExchangeInterlocked$ErrorEventExceptionLastSemaphoreThrow
String ID: CreateEvent$CreateSemaphore
API String ID: 2762606086-653707491
Opcode ID: f6bc8f448685540197043b597df653b05c534100ad4a2cd73a90b14b27b526c7
Instruction ID: e4db59e1206a6e1645023aacd05bf447856ec28e5e5d91c376bb249651b60797
Opcode Fuzzy Hash: f6bc8f448685540197043b597df653b05c534100ad4a2cd73a90b14b27b526c7
Instruction Fuzzy Hash: F8F0A7717407107AF330DB629C0BF8BB6D8DF45B25F20412AF649EA1D0EBA0B440866D

Function 05D15380 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 37COMMON

Download Yara Rule

APIs

InterlockedExchange.KERNEL32(?,00000000), ref: 05D1538D
InterlockedExchange.KERNEL32(?,00000000), ref: 05D1539C
CreateSemaphoreA.KERNEL32(00000000,00000000,7FFFFFFF,00000000), ref: 05D153A9
CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000), ref: 05D153CB

Part of subcall function 05D20090: GetLastError.KERNEL32 ref: 05D20093
Part of subcall function 05D20090: _CxxThrowException.MSVCR80(00000000,05DD85D0), ref: 05D200B1

Strings

CreateSemaphore, xrefs: 05D153B6
CreateEvent, xrefs: 05D153DA

Memory Dump Source

Source File: 00000012.00000002.2432177447.0000000005D01000.00000020.00000001.01000000.0000001D.sdmp, Offset: 05D00000, based on PE: true

Associated: 00000012.00000002.2432135585.0000000005D00000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2432748975.0000000005D2D000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2434993691.0000000005DDB000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2435043213.0000000005DDD000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5d00000_SISTEMA.jbxd

Similarity

API ID: CreateExchangeInterlocked$ErrorEventExceptionLastSemaphoreThrow
String ID: CreateEvent$CreateSemaphore
API String ID: 2762606086-653707491
Opcode ID: 6dbc95afe42309304171dbbb5f9ef3e4df3db07b302587fccaaa96522c088592
Instruction ID: 395e5ac4329ce163dd500b5d6f0aa485a5f866e673fa8524ec4f18ac5dea3b3e
Opcode Fuzzy Hash: 6dbc95afe42309304171dbbb5f9ef3e4df3db07b302587fccaaa96522c088592
Instruction Fuzzy Hash: A9F054713843007AF230AA65BD0AF467AD4DF54F21F10411BF549AA2D0EAF0A041866A

Function 05D1A000 Relevance: 9.2, APIs: 2, Strings: 4, Instructions: 223stringCOMMON

Download Yara Rule

APIs

Part of subcall function 05D21570: memcpy.MSVCR80(?,?,?,?,?,?,05D22BD1,?,?,?,?,?,00000054,00001000), ref: 05D21591

Part of subcall function 05D0A500: memcpy.MSVCR80(00000000,?,?,?,00000000,?,?,?,00000000,?,?,?), ref: 05D0A54D

strchr.MSVCR80 ref: 05D1A198
strchr.MSVCR80 ref: 05D1A23A

Part of subcall function 05D1EE40: EnterCriticalSection.KERNEL32(?,05C10014,00000002,?,05C10014,05D1CB11,?,-00000014,?,05C10014,05D1E87C,?,00000001,05C10014,?,05D1ECB0), ref: 05D1EE66

Strings

default, xrefs: 05D1A169
, xrefs: 05D1A26F
, xrefs: 05D1A0DF
icu_versions, xrefs: 05D1A0F0

Memory Dump Source

Source File: 00000012.00000002.2432177447.0000000005D01000.00000020.00000001.01000000.0000001D.sdmp, Offset: 05D00000, based on PE: true

Associated: 00000012.00000002.2432135585.0000000005D00000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2432748975.0000000005D2D000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2434993691.0000000005DDB000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2435043213.0000000005DDD000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5d00000_SISTEMA.jbxd

Similarity

API ID: memcpystrchr$CriticalEnterSection
String ID: $ $default$icu_versions
API String ID: 1391593109-3830687998
Opcode ID: d3fcc911a0f3ca524b88d0cec1c75adfb897f45c3d4a77a20ba3e8c34927ed68
Instruction ID: edbb8075d9c9a56bfd72d8d078e888a0eda310f2fbf47277b823c486e13577b5
Opcode Fuzzy Hash: d3fcc911a0f3ca524b88d0cec1c75adfb897f45c3d4a77a20ba3e8c34927ed68
Instruction Fuzzy Hash: 63916E71609380AFC321DB28E899BDFBBE5FFD9314F44491EE58987240DB319544CBA6

Function 05D11FD0 Relevance: 9.2, APIs: 4, Strings: 2, Instructions: 217COMMON

Download Yara Rule

APIs

memcpy.MSVCR80(00000000), ref: 05D120C3
memcpy.MSVCR80(00000000), ref: 05D1215D
memcpy.MSVCR80(00000000), ref: 05D121B0
memcpy.MSVCR80(00000000), ref: 05D12279

Strings

=, xrefs: 05D120EC
;, xrefs: 05D12202

Memory Dump Source

Source File: 00000012.00000002.2432177447.0000000005D01000.00000020.00000001.01000000.0000001D.sdmp, Offset: 05D00000, based on PE: true

Associated: 00000012.00000002.2432135585.0000000005D00000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2432748975.0000000005D2D000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2434993691.0000000005DDB000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2435043213.0000000005DDD000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5d00000_SISTEMA.jbxd

Similarity

API ID: memcpy
String ID: ;$=
API String ID: 3510742995-2130673364
Opcode ID: 3bf2a6629b3b5868f48155ba1ed9bcac95ba8547168d9f549a5e76e75a74bc0a
Instruction ID: 6590935dff5c0ca5a209de7d0735bb3bc725ff4e81fc1ef391a732e9a80d0018
Opcode Fuzzy Hash: 3bf2a6629b3b5868f48155ba1ed9bcac95ba8547168d9f549a5e76e75a74bc0a
Instruction Fuzzy Hash: 748151B1608340AFD324DF69D895B6BB7E8FF88304F404A1EF58AC7251E7359948CB66

Function 101BEC70 Relevance: 9.2, APIs: 6, Instructions: 168COMMON

Download Yara Rule

APIs

Part of subcall function 101BDE30: gds__alloc.FBCLIENT25(00000008,94BA138F), ref: 101BDE65
Part of subcall function 101BDE30: gds__register_cleanup.FBCLIENT25(101BDC30,00000000,00000008,94BA138F), ref: 101BDE85
Part of subcall function 101BDE30: InterlockedDecrement.KERNEL32(05BCB5A0), ref: 101BDECC
Part of subcall function 101BDE30: gds__alloc.FBCLIENT25(00000008), ref: 101BDEDF
Part of subcall function 101BDE30: InterlockedExchangeAdd.KERNEL32(05BCB5A0,0000C350), ref: 101BDF3D

isc_embed_dsql_release.FBCLIENT25(?,?), ref: 101BECF1

Part of subcall function 101BE9B0: isc_dsql_free_statement.FBCLIENT25(?,0000000C,00000002), ref: 101BEA1C
Part of subcall function 101BE9B0: gds__free.FBCLIENT25(00000000), ref: 101BEA7F
Part of subcall function 101BE9B0: InterlockedExchangeAdd.KERNEL32(05BCB5A0,0000C350), ref: 101BEA91

isc_dsql_allocate_statement.FBCLIENT25(?,?,?), ref: 101BED04

Part of subcall function 1003FC50: InterlockedExchangeAdd.KERNEL32(05BCC0EC,FFFF3CB0), ref: 1003FC66
Part of subcall function 1003FC50: InterlockedExchangeAdd.KERNEL32(05BCC0EC,0000C350), ref: 1003FC72
Part of subcall function 1003FC50: InterlockedIncrement.KERNEL32(05BCC0F4), ref: 1003FC88
Part of subcall function 1003FC50: InterlockedExchangeAdd.KERNEL32(05BCC0EC,FFFF3CB0), ref: 1003FCA0
Part of subcall function 1003FC50: InterlockedExchangeAdd.KERNEL32(05BCC0EC,0000C350), ref: 1003FCAC
Part of subcall function 1003FC50: WaitForSingleObject.KERNEL32(00000384,000000FF), ref: 1003FCC2
Part of subcall function 1003FC50: InterlockedDecrement.KERNEL32(05BCC0F4), ref: 1003FCD8

isc_dsql_prepare.FBCLIENT25(?,?,?,?,?,?,?), ref: 101BED2A
isc_dsql_free_statement.FBCLIENT25(?,?,00000002), ref: 101BED44
gds__alloc.FBCLIENT25(00000014), ref: 101BED80
InterlockedExchangeAdd.KERNEL32(05BCB5A0,0000C350), ref: 101BEE0F

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: Interlocked$Exchange$gds__alloc$Decrementisc_dsql_free_statement$IncrementObjectSingleWaitgds__freegds__register_cleanupisc_dsql_allocate_statementisc_dsql_prepareisc_embed_dsql_release
String ID:
API String ID: 1855473230-0
Opcode ID: c78e8866d7102caef9856519bfd850a250b39cedbd24c49ffde761f16db48913
Instruction ID: 6ece1871687906e990be58f068b08cc20093b7521401c4369d9b33cbcb8583c7
Opcode Fuzzy Hash: c78e8866d7102caef9856519bfd850a250b39cedbd24c49ffde761f16db48913
Instruction Fuzzy Hash: E5519F76A002599FD705CF54D981BAFB7F8EF88350F10816AF8059B380EB75AD01CBA1

Function 05D27CD0 Relevance: 9.2, APIs: 4, Strings: 2, Instructions: 151COMMON

Download Yara Rule

APIs

memcpy.MSVCR80(00000000), ref: 05D27D64
memcpy.MSVCR80(00000000), ref: 05D27DD5
memcpy.MSVCR80(00000000), ref: 05D27E39

Part of subcall function 05D226E0: GetModuleFileNameA.KERNEL32(00000000,?,00000104,00000000,00000000), ref: 05D2270E

memcpy.MSVCR80(00000000,0000001A,c:\Program Files\Firebird\,0000001A,00000000), ref: 05D27E74

Strings

, xrefs: 05D27D1B
c:\Program Files\Firebird\, xrefs: 05D27E64

Memory Dump Source

Source File: 00000012.00000002.2432177447.0000000005D01000.00000020.00000001.01000000.0000001D.sdmp, Offset: 05D00000, based on PE: true

Associated: 00000012.00000002.2432135585.0000000005D00000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2432748975.0000000005D2D000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2434993691.0000000005DDB000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2435043213.0000000005DDD000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5d00000_SISTEMA.jbxd

Similarity

API ID: memcpy$FileModuleName
String ID: $c:\Program Files\Firebird\
API String ID: 1955653913-3426720421
Opcode ID: 753de35e1f8da495ac224871a0d0e261d4e5b7fdc838b6fe0ad5d092971cd378
Instruction ID: 3e11dce55915062481dbd711b6e7de3a011a366bb89f97cd6be77a45182b5327
Opcode Fuzzy Hash: 753de35e1f8da495ac224871a0d0e261d4e5b7fdc838b6fe0ad5d092971cd378
Instruction Fuzzy Hash: 1951A2B16083619FC714DB68D854EABB7E8FFA8708F04491EF58687251EA35E908C773

Function 101BDE30 Relevance: 9.1, APIs: 6, Instructions: 97COMMON

Download Yara Rule

APIs

gds__alloc.FBCLIENT25(00000008,94BA138F), ref: 101BDE65
gds__register_cleanup.FBCLIENT25(101BDC30,00000000,00000008,94BA138F), ref: 101BDE85

Part of subcall function 1003C920: gds__alloc.FBCLIENT25(0000000C), ref: 1003C930
Part of subcall function 1003C920: EnterCriticalSection.KERNEL32(05BCC1F0,0000000C), ref: 1003C94F

InterlockedDecrement.KERNEL32(05BCB5A0), ref: 101BDECC
gds__alloc.FBCLIENT25(00000008), ref: 101BDEDF
InterlockedExchangeAdd.KERNEL32(05BCB5A0,0000C350), ref: 101BDF3D
InterlockedDecrement.KERNEL32(05BCB5A0), ref: 101BDF71

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: Interlockedgds__alloc$Decrement$CriticalEnterExchangeSectiongds__register_cleanup
String ID:
API String ID: 2309717371-0
Opcode ID: 19b4f7cdb274ac84a1e687c221421a4bb869fb7f94e137821a6b641a6064602f
Instruction ID: 02d9b3f681ae30388f487734db8b75f50855095ac286ffd533778c41732d0a50
Opcode Fuzzy Hash: 19b4f7cdb274ac84a1e687c221421a4bb869fb7f94e137821a6b641a6064602f
Instruction Fuzzy Hash: 503114316087148BC319EF248D84B2A77F8FB80754F85021DF95ACB2E0EB39F8418B86

Function 100089E0 Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 339COMMON

Download Yara Rule

APIs

htonl.WS2_32(?), ref: 10008B38

Part of subcall function 10005290: memset.MSVCR80 ref: 100052C0
Part of subcall function 10005290: InitializeCriticalSection.KERNEL32(?), ref: 100052E1

DeleteCriticalSection.KERNEL32(000002BC,?,?,?,00000004,?,?), ref: 10008DAC

Part of subcall function 10007020: setsockopt.WS2_32(?,0000FFFF,00000080,?,00000004), ref: 10007062
Part of subcall function 10007020: shutdown.WS2_32(?,00000002), ref: 10007076
Part of subcall function 10007020: EnterCriticalSection.KERNEL32(05BCC420,94BA138F,?,?,?,?,1022F3B8,000000FF), ref: 10007086

Part of subcall function 10008910: DeleteCriticalSection.KERNEL32(?), ref: 10008969

Strings

, xrefs: 10008ABA
, xrefs: 10008E17
%s/P%d, xrefs: 10008E3F

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: CriticalSection$Delete$EnterInitializehtonlmemsetsetsockoptshutdown
String ID: $ $%s/P%d
API String ID: 909992504-1855728948
Opcode ID: 2b9ef91abf293e3973b09c90388b3f3f8c5cb4c140f35dc7029cfff30ae7cdf4
Instruction ID: af272f8ace09b28a447e947a4ea5ffe595b3c73f85002db1843ce400c56458b8
Opcode Fuzzy Hash: 2b9ef91abf293e3973b09c90388b3f3f8c5cb4c140f35dc7029cfff30ae7cdf4
Instruction Fuzzy Hash: 93D1AF755083819BE320DF64C885B9BB7E5FF88384F404A2CE5DA87295EB74A648CB53

Function 10054C30 Relevance: 9.1, APIs: 6, Instructions: 78fileCOMMON

Download Yara Rule

APIs

isc_open_blob2.FBCLIENT25 ref: 10054C74
isc_get_segment.FBCLIENT25 ref: 10054CC6
fwrite.MSVCR80 ref: 10054CEF
isc_close_blob.FBCLIENT25(?,?), ref: 10054D11

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: fwriteisc_close_blobisc_get_segmentisc_open_blob2
String ID:
API String ID: 2272143854-0
Opcode ID: ce53aa347dea9c593300fa366a31e917a343cafbd22f2153529ba03a69d91cc6
Instruction ID: 344f5f1a7d1df45074addc0f636f48d8d68f7c68af55b4b0b80ff3181c141edc
Opcode Fuzzy Hash: ce53aa347dea9c593300fa366a31e917a343cafbd22f2153529ba03a69d91cc6
Instruction Fuzzy Hash: 472128B6218341ABD354CF54CC81BEBB7E8EBC8744F414D1DB19586181EB75E60C8BA2

Function 1003BD60 Relevance: 9.1, APIs: 6, Instructions: 68COMMON

Download Yara Rule

APIs

_open.MSVCR80 ref: 1003BD70
_read.MSVCR80 ref: 1003BD93
_close.MSVCR80 ref: 1003BDA1

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: _close_open_read
String ID:
API String ID: 2332195497-0
Opcode ID: f7fc65553ef196399693c1b205f16f60a20a9354c519a4629f6aa5a753bdb7c4
Instruction ID: 931e7e85c6e5e34b17fa80a3081a7bed07405eeb892c6b1395d5d6dd8e25b75a
Opcode Fuzzy Hash: f7fc65553ef196399693c1b205f16f60a20a9354c519a4629f6aa5a753bdb7c4
Instruction Fuzzy Hash: 7811E471504A205BD300EB2C8C49BDBBBA4EF51329F048515F8A88F3A3F631D569C3A7

Function 10073670 Relevance: 9.1, APIs: 6, Instructions: 55timefileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(?,80000100,00000003,00000000,00000003,00000080,00000000,?,?,?,?,100562DF,?,100576CF), ref: 1007368F
GetSystemTime.KERNEL32(?,00000000,?,?,?,100562DF,?,100576CF), ref: 100736A9
SystemTimeToFileTime.KERNEL32(?,?,?,?,?,100562DF,?,100576CF), ref: 100736B9
SetFileTime.KERNEL32(00000000,00000000,?,?,?,?,?,100562DF,?,100576CF), ref: 100736CE
CloseHandle.KERNEL32(00000000,?,?,?,100562DF,?,100576CF), ref: 100736DB

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: Time$File$System$CloseCreateHandle
String ID:
API String ID: 1892540690-0
Opcode ID: dcd07e0df1127893ec941fd14ac2bae4c1c2d0aecdbd9822354a12bdf9ab2050
Instruction ID: a0e18f7f1493d919710734fe66dddaa5e50a320de885b7e3f0b71e7a1d47361a
Opcode Fuzzy Hash: dcd07e0df1127893ec941fd14ac2bae4c1c2d0aecdbd9822354a12bdf9ab2050
Instruction Fuzzy Hash: 3001D4392812207BE600EB689C8EFC7779CFF55314F908909F695931D0EA25954887A9

Function 05D14DA0 Relevance: 9.1, APIs: 6, Instructions: 55timefileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(?,80000100,00000003,00000000,00000003,00000080,00000000), ref: 05D14DBF
GetSystemTime.KERNEL32(?), ref: 05D14DD9
SystemTimeToFileTime.KERNEL32(?,?), ref: 05D14DE9
SetFileTime.KERNEL32(00000000,00000000,?,?), ref: 05D14DFE
CloseHandle.KERNEL32(00000000), ref: 05D14E0B

Memory Dump Source

Source File: 00000012.00000002.2432177447.0000000005D01000.00000020.00000001.01000000.0000001D.sdmp, Offset: 05D00000, based on PE: true

Associated: 00000012.00000002.2432135585.0000000005D00000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2432748975.0000000005D2D000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2434993691.0000000005DDB000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2435043213.0000000005DDD000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5d00000_SISTEMA.jbxd

Similarity

API ID: Time$File$System$CloseCreateHandle
String ID:
API String ID: 1892540690-0
Opcode ID: 74ae2ab3b89cdb0663c60f3e1e2bae28c32cff28c944d4625d17983a9ee812cd
Instruction ID: 4ad8921be8b0abfda1268cd4eefaf71af0bddac96871a35e41decf2a1277bbac
Opcode Fuzzy Hash: 74ae2ab3b89cdb0663c60f3e1e2bae28c32cff28c944d4625d17983a9ee812cd
Instruction Fuzzy Hash: 0F014C751843107BEA20BA6CAD4AFD73B9DBB55710F80050AFD4593290EA20814EC6F7

Function 1003F8D0 Relevance: 9.0, APIs: 6, Instructions: 43COMMON

Download Yara Rule

APIs

gds__free.FBCLIENT25(?,00000000,00000000,1004AA5D), ref: 1003F8DE
gds__free.FBCLIENT25(?,00000000,00000000,1004AA5D), ref: 1003F8ED
gds__free.FBCLIENT25(?,00000000,00000000,1004AA5D), ref: 1003F8FC
gds__free.FBCLIENT25(00000002,00000000,00000000,1004AA5D), ref: 1003F90C
gds__free.FBCLIENT25(?,00000000,00000000,1004AA5D), ref: 1003F91C
gds__free.FBCLIENT25(?,00000000,00000000,1004AA5D), ref: 1003F92C

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: gds__free
String ID:
API String ID: 2094751960-0
Opcode ID: 0c8f6c72d7c76f8140f7825e16493e091178187dcaca0f6d81121b5f3bc28b6a
Instruction ID: 1265990d145fab5025c1ceed28b2ed92731906647355776a7262a0b7e76d09f4
Opcode Fuzzy Hash: 0c8f6c72d7c76f8140f7825e16493e091178187dcaca0f6d81121b5f3bc28b6a
Instruction Fuzzy Hash: 1E013175A00F04AFC222CF2ED880927F3E9EE91A46B604E1EF0C1CB521D770F8854B90

Function 1003AF70 Relevance: 9.0, APIs: 6, Instructions: 20COMMON

Download Yara Rule

APIs

__iob_func.MSVCR80 ref: 1003AF77
fputs.MSVCR80 ref: 1003AF82
__iob_func.MSVCR80 ref: 1003AF88
fputc.MSVCR80 ref: 1003AF90
__iob_func.MSVCR80 ref: 1003AF96
fflush.MSVCR80 ref: 1003AF9C

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: __iob_func$fflushfputcfputs
String ID:
API String ID: 1718917562-0
Opcode ID: 00b58ae2b53e9ef06b7c68a697d0b792686353e9486497ea5311af1685933aeb
Instruction ID: d0372bd87df02f63066af7d611829062c23f7c2ea3bd004f1afe989ff708c070
Opcode Fuzzy Hash: 00b58ae2b53e9ef06b7c68a697d0b792686353e9486497ea5311af1685933aeb
Instruction Fuzzy Hash: 11D012B2A041707BE300A768CC8EBCB766C5F14209B544495F546D7170DD30DC008AA9

Function 05D0C2E0 Relevance: 9.0, APIs: 6, Instructions: 20COMMON

Download Yara Rule

APIs

__iob_func.MSVCR80 ref: 05D0C2E7
fputs.MSVCR80 ref: 05D0C2F2
__iob_func.MSVCR80 ref: 05D0C2F8
fputc.MSVCR80 ref: 05D0C300
__iob_func.MSVCR80 ref: 05D0C306
fflush.MSVCR80 ref: 05D0C30C

Memory Dump Source

Source File: 00000012.00000002.2432177447.0000000005D01000.00000020.00000001.01000000.0000001D.sdmp, Offset: 05D00000, based on PE: true

Associated: 00000012.00000002.2432135585.0000000005D00000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2432748975.0000000005D2D000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2434993691.0000000005DDB000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2435043213.0000000005DDD000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5d00000_SISTEMA.jbxd

Similarity

API ID: __iob_func$fflushfputcfputs
String ID:
API String ID: 1718917562-0
Opcode ID: 39e653903a0bdcaabcfbb6bf25c6bb53b3fcd27736e0c4192571e3e5bf9e2c08
Instruction ID: 8de687b274d9408a2ad8f87b11cf39bace052a095e1be90584dc4d73c23a1f9b
Opcode Fuzzy Hash: 39e653903a0bdcaabcfbb6bf25c6bb53b3fcd27736e0c4192571e3e5bf9e2c08
Instruction Fuzzy Hash: 7CD0ECB28112105BE311B76EEC4AA4B3F595F20204B048413B046D7650D920DC028AA5

Function 10037320 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 209COMMON

Download Yara Rule

APIs

memcpy.MSVCR80(00000000,?,?,?), ref: 100373BE

Part of subcall function 1002A250: memcpy.MSVCR80(?,?,?,?,94BA138F,?,1002CF7E,?,?,00000054,00001000), ref: 1002A278

memcpy.MSVCR80(00000000), ref: 10037415
gds__log.FBCLIENT25(Value %s configured for alias %s is not a fully qualified path name, ignored,?,?,?,?,?,?,?,?,?,?,00000001,94BA138F,?,?), ref: 10037461

Part of subcall function 1002BDA0: memcpy.MSVCR80(00000000,00000000,102559A8,00000000,0000002F,FFFFFFFF,0000005C,FFFFFFFF,00000020,?,?,?,?,?,?,?), ref: 1002BDEB
Part of subcall function 1002BDA0: memcpy.MSVCR80(00000000,00000000,?,00000000,FFFFFFFF,00000020,?,?,?,?,?,?,?,?,?,00000001), ref: 1002BE07

Part of subcall function 10037280: EnterCriticalSection.KERNEL32(1038FDC4,94BA138F,?,1038FEC8,00000000,102325A8,000000FF,1003755C,?,?), ref: 100372B5

Part of subcall function 10038D80: memcpy.MSVCR80(00000000,00000000,?,00000000,94BA138F,00000020,?,?,00000000), ref: 10038E2D

Strings

Value %s configured for alias %s is not a fully qualified path name, ignored, xrefs: 1003745C
aliases.conf, xrefs: 10037367

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: memcpy$CriticalEnterSectiongds__log
String ID: Value %s configured for alias %s is not a fully qualified path name, ignored$aliases.conf
API String ID: 2310069048-3077267077
Opcode ID: 5cecb575d55fbadb93ded9748df8e510dd4a2d3eef895ab1b0540e907c27ba8c
Instruction ID: 2dd3f4e8ff1bb9dda805a6cdeee0cd7374d22caa502397de5ed9431b6a910f43
Opcode Fuzzy Hash: 5cecb575d55fbadb93ded9748df8e510dd4a2d3eef895ab1b0540e907c27ba8c
Instruction Fuzzy Hash: 3381AE75808381AED735DB24D845BAFB7E9EF95244F40482DF48D87242EB74B548C7A3

Function 1003AA40 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 173threadCOMMON

Download Yara Rule

APIs

_time64.MSVCR80 ref: 1003AA59
__alldvrm.LIBCMT ref: 1003AA6B
GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000002,00000030,?,?,00000002,00000030), ref: 1003AB76
GetCurrentThreadId.KERNEL32 ref: 1003AB97

Strings

T, xrefs: 1003AB2A

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: Current$ProcessThread__alldvrm_time64
String ID: T
API String ID: 1306031081-3187964512
Opcode ID: 70a1981b737834c86dbe7750b424cfb5c27189f8d0b4aad5e12dccc21c614c85
Instruction ID: 5fa904c951648d39e0216125e4483e34be1bd78d6b85ef430dfcb5e09a8d6fae
Opcode Fuzzy Hash: 70a1981b737834c86dbe7750b424cfb5c27189f8d0b4aad5e12dccc21c614c85
Instruction Fuzzy Hash: 47510572A483406FD315CB688C56B9BBBE9DFD9744F08891CF6848B392E534E908C792

Function 05D0BDB0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 173threadCOMMON

Download Yara Rule

APIs

_time64.MSVCR80 ref: 05D0BDC9
__alldvrm.LIBCMT ref: 05D0BDDB
GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000002,00000030,?,?,00000002,00000030), ref: 05D0BEE6
GetCurrentThreadId.KERNEL32 ref: 05D0BF07

Strings

T, xrefs: 05D0BE9A

Memory Dump Source

Source File: 00000012.00000002.2432177447.0000000005D01000.00000020.00000001.01000000.0000001D.sdmp, Offset: 05D00000, based on PE: true

Associated: 00000012.00000002.2432135585.0000000005D00000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2432748975.0000000005D2D000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2434993691.0000000005DDB000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2435043213.0000000005DDD000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5d00000_SISTEMA.jbxd

Similarity

API ID: Current$ProcessThread__alldvrm_time64
String ID: T
API String ID: 1306031081-3187964512
Opcode ID: 2e57d1f189751cf65a43c804d7b5fd4b8c670228af820f9a76deb61a491b8f9b
Instruction ID: a13ac8b51bc1fc49a0dc0debb0044b9f04c14b0418ebe280ca93de943d83d754
Opcode Fuzzy Hash: 2e57d1f189751cf65a43c804d7b5fd4b8c670228af820f9a76deb61a491b8f9b
Instruction Fuzzy Hash: AF5115727483406FE314DB698C15FABBBD59FD8304F08851EF6848B3D2E935D90887A2

Function 10018ED0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 132COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(05BCC320,94BA138F,?,?), ref: 10018F23
fb_shutdown_callback.FBCLIENT25(00000000,10018940,00000004,00000000), ref: 10018F50
sprintf.MSVCR80 ref: 10018FEE
CreateEventA.KERNEL32(00000000,00000001,00000001,00000000,?,?,?,?,0000010C,94BA138F,?,?), ref: 1001904D

Strings

WNet (%s), xrefs: 10018FE8

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: CreateCriticalEnterEventSectionfb_shutdown_callbacksprintf
String ID: WNet (%s)
API String ID: 3459816946-1500601052
Opcode ID: 48754782e88aab4e54c51a43ac6cb62b8f8abd78b83c45722f51f6de335e73d1
Instruction ID: 6fe924f0855e89ede352a2e066d4afb255ea937dfab7cbd4a8ecf79021066e2e
Opcode Fuzzy Hash: 48754782e88aab4e54c51a43ac6cb62b8f8abd78b83c45722f51f6de335e73d1
Instruction Fuzzy Hash: 9D51ADB46047409FD320CF60C855B97B7E6FF88710F404A1DF69A8B281EBB4E685CB91

Function 10003490 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 123COMMON

Download Yara Rule

APIs

memset.MSVCR80 ref: 100034B0

Part of subcall function 10002C50: isc_portable_integer.FBCLIENT25(?,?,?,?,10003372,?,?,00000008,10254A18,00000100,?), ref: 10002C80

_ftime64.MSVCR80(?), ref: 100034C5
isc_database_info.FBCLIENT25(?,?,00000008,10254A18,00000100,?), ref: 10003514

Strings

gfff, xrefs: 100034D0

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: _ftime64isc_database_infoisc_portable_integermemset
String ID: gfff
API String ID: 2513481933-1553575800
Opcode ID: b33ebe896e13a2ee2af2bc060714e54b96c366861cc2195f7a56a5831a376bbf
Instruction ID: fe2dcc59a784fe0668129ca3760718d20b3d40bcab2eda3538c484546400a151
Opcode Fuzzy Hash: b33ebe896e13a2ee2af2bc060714e54b96c366861cc2195f7a56a5831a376bbf
Instruction Fuzzy Hash: 684197B1808B16AFE319CF20C84155BBBE8FB84380F51CA2DE55997A58E731F565CBC2

Function 100032C0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 113COMMON

Download Yara Rule

APIs

memset.MSVCR80 ref: 100032E0

Part of subcall function 10002C50: isc_portable_integer.FBCLIENT25(?,?,?,?,10003372,?,?,00000008,10254A18,00000100,?), ref: 10002C80

_ftime64.MSVCR80(?), ref: 100032F5
isc_database_info.FBCLIENT25(?,?,00000008,10254A18,00000100,?), ref: 10003344

Strings

gfff, xrefs: 10003300

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: _ftime64isc_database_infoisc_portable_integermemset
String ID: gfff
API String ID: 2513481933-1553575800
Opcode ID: 77794aafff61b61f73b7a486da7d63bebc457c332627e21255bf76db15683427
Instruction ID: 5c3701828eec49bf8d4403a5e54537a48f28b3e67a445e009df83b0dc95c8e24
Opcode Fuzzy Hash: 77794aafff61b61f73b7a486da7d63bebc457c332627e21255bf76db15683427
Instruction Fuzzy Hash: 21417CB1808A22AFE312DF20CC4255FBBA8FB44380F50C929E5999B559D734B695CBD2

Function 100570E0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 99COMMON

Download Yara Rule

APIs

Part of subcall function 10056890: _lseek.MSVCR80 ref: 100568AE

Part of subcall function 100569B0: _read.MSVCR80 ref: 100569C9

_write.MSVCR80 ref: 10057198
_lseek.MSVCR80 ref: 100571D4
_read.MSVCR80 ref: 10057209

Strings

write, xrefs: 100571B5
lseek, xrefs: 100571EB

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: _lseek_read$_write
String ID: lseek$write
API String ID: 944893962-202191809
Opcode ID: 051c44a5a8f95d386b5e6760e2e77da95b45ebbfeaf9fb2285785d874b040be8
Instruction ID: fc72477125e81ee1a853fde7f3f61a782b2c78d2470988f4b236646582c20e10
Opcode Fuzzy Hash: 051c44a5a8f95d386b5e6760e2e77da95b45ebbfeaf9fb2285785d874b040be8
Instruction Fuzzy Hash: 7E316975204601ABD315CB68E880FABB3E9FF88344F04890DF99E87242D731F81D9B66

Function 1005A2E0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 69COMMON

Download Yara Rule

APIs

_read.MSVCR80 ref: 1005A309
_lseek.MSVCR80 ref: 1005A31C
_close.MSVCR80 ref: 1005A333

Part of subcall function 1005A220: _unlink.MSVCR80(?,?,%s.%07ld,?,?), ref: 1005A298

_errno.MSVCR80 ref: 1005A382

Part of subcall function 1002B2C0: _CxxThrowException.MSVCR80(?,102B4004), ref: 1002B2E0

Strings

read, xrefs: 1005A38B

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: ExceptionThrow_close_errno_lseek_read_unlink
String ID: read
API String ID: 269179381-2555855207
Opcode ID: 94fd850a31d8d15d1a573f1fb89014c7f68f227ca377f69b59eb2dc29fb387c4
Instruction ID: 275177b7006f1473fa86225386cd3c0f0d69162029503e70605f520d078890d9
Opcode Fuzzy Hash: 94fd850a31d8d15d1a573f1fb89014c7f68f227ca377f69b59eb2dc29fb387c4
Instruction Fuzzy Hash: 71118E767007019BC310CB69EC88A9BB7E8EFC6759F004429F98AC7210DA31B9588BA5

Function 10018960 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 58synchronizationpipeCOMMON

Download Yara Rule

APIs

ConnectNamedPipe.KERNEL32(?,75730E30,75730E30,00000000,?,?,?,?,100193F7,?,?,00000000), ref: 10018991
GetLastError.KERNEL32(?,?,?,?,100193F7,?,?,00000000), ref: 100189A1
WaitForSingleObject.KERNEL32(?,000000FF,?,?,?,?,100193F7,?,?,00000000), ref: 100189BE
GetLastError.KERNEL32(?,?,?,?,100193F7,?,?,00000000), ref: 100189DA

Strings

ConnectNamedPipe, xrefs: 100189E8

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: ErrorLast$ConnectNamedObjectPipeSingleWait
String ID: ConnectNamedPipe
API String ID: 4191928419-2191148154
Opcode ID: 36040f6c5f3e21bea42b5cdaa5c152b213f87ab892b0cb8552720d7dd3bbed90
Instruction ID: 3a8591aae95929fdcf5033473d9289c4ea4ec16e4d0976f8e7a8700c1cda61f7
Opcode Fuzzy Hash: 36040f6c5f3e21bea42b5cdaa5c152b213f87ab892b0cb8552720d7dd3bbed90
Instruction Fuzzy Hash: 8111E771A042529FC304DF789CC06EBB7E4FB84164F55866AE48CC7211F634DF888796

Function 1003FA60 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 58COMMON

Download Yara Rule

APIs

SetEvent.KERNEL32(00000384,94BA138F,05BCC0EC,05BCC0EC,00000000,102330B8,000000FF,1003FC08), ref: 1003FA8F

Part of subcall function 1002B330: GetLastError.KERNEL32(1002ECEF,00000001,?,10233AE0,10045CBE,14000004,94BA138F,?,?,?,00000100,10254A18), ref: 1002B333
Part of subcall function 1002B330: _CxxThrowException.MSVCR80(00000000,102B4004), ref: 1002B351

EnterCriticalSection.KERNEL32(05BCC0F8,94BA138F,05BCC0EC,05BCC0EC,00000000,102330B8,000000FF,1003FC08), ref: 1003FAC5
ReleaseSemaphore.KERNEL32(000003B0,00000000,00000000), ref: 1003FAE1

Strings

SetEvent, xrefs: 1003FA99
ReleaseSemaphore, xrefs: 1003FAEB

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: CriticalEnterErrorEventExceptionLastReleaseSectionSemaphoreThrow
String ID: ReleaseSemaphore$SetEvent
API String ID: 1190097715-1535549197
Opcode ID: 6ba61bb8f2aedc8d9636b8f93645e7699c5c1694e1988b8159e74aeb149b1045
Instruction ID: 3d9d873ea87032ee65c427480e266c1a8aae337205f43daaff1ad445c896d11a
Opcode Fuzzy Hash: 6ba61bb8f2aedc8d9636b8f93645e7699c5c1694e1988b8159e74aeb149b1045
Instruction Fuzzy Hash: 5111D3B5604B40AFD310CF24DC85B67B3E4EB45660F40891DF4AAC6790EB34E404CB52

Function 05D15500 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 58COMMON

Download Yara Rule

APIs

SetEvent.KERNEL32(00000000,521C82CE,05C1E2D4,05C1E2D4,00000000,05D2AD68,000000FF,05D156A8,?,?,05D1A682), ref: 05D1552F

Part of subcall function 05D20090: GetLastError.KERNEL32 ref: 05D20093
Part of subcall function 05D20090: _CxxThrowException.MSVCR80(00000000,05DD85D0), ref: 05D200B1

EnterCriticalSection.KERNEL32(05C1E2E0,521C82CE,05C1E2D4,05C1E2D4,00000000,05D2AD68,000000FF,05D156A8,?,?,05D1A682), ref: 05D15565
ReleaseSemaphore.KERNEL32(00000000,05C10014,00000000), ref: 05D15581

Strings

ReleaseSemaphore, xrefs: 05D1558B
SetEvent, xrefs: 05D15539

Memory Dump Source

Source File: 00000012.00000002.2432177447.0000000005D01000.00000020.00000001.01000000.0000001D.sdmp, Offset: 05D00000, based on PE: true

Associated: 00000012.00000002.2432135585.0000000005D00000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2432748975.0000000005D2D000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2434993691.0000000005DDB000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2435043213.0000000005DDD000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5d00000_SISTEMA.jbxd

Similarity

API ID: CriticalEnterErrorEventExceptionLastReleaseSectionSemaphoreThrow
String ID: ReleaseSemaphore$SetEvent
API String ID: 1190097715-1535549197
Opcode ID: f3a0b136fc7ef894fdee2ff2696d06069bfd12239b11d0a7d8cc3951a872f65d
Instruction ID: 761b825405c76bee9ad2f6f092c0b767e182ff5c1dbdf2cf5b84523bcfba45c5
Opcode Fuzzy Hash: f3a0b136fc7ef894fdee2ff2696d06069bfd12239b11d0a7d8cc3951a872f65d
Instruction Fuzzy Hash: F0115475608740AFE324DF18E945F57B7E5FB58A24F40891FF86AC2690E738E504CB52

Function 10022170 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 52COMMON

Download Yara Rule

APIs

Part of subcall function 10022170: isc_attach_database.FBCLIENT25(?,00000000,?,?,00000000,00000000), ref: 10022104

Part of subcall function 10020E50: isc_start_transaction.FBCLIENT25(?,?,00000001,?,00000000,00000000), ref: 10020E68
Part of subcall function 10020E50: isc_dsql_execute_immediate.FBCLIENT25(?,?,?,00000000,ALTER DATABASE BEGIN BACKUP,00000001,00000000), ref: 10020E8F
Part of subcall function 10020E50: isc_commit_transaction.FBCLIENT25(?,?), ref: 10020EA7

Part of subcall function 10020ED0: isc_database_info.FBCLIENT25 ref: 10020F10

printf.MSVCR80 ref: 100221EB

Strings

%d, xrefs: 100221E6
RDB$ADMIN, xrefs: 100220B9
Username or password is too long, xrefs: 10022157
attach database, xrefs: 1002210D

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: isc_attach_databaseisc_commit_transactionisc_database_infoisc_dsql_execute_immediateisc_start_transactionprintf
String ID: %d$RDB$ADMIN$Username or password is too long$attach database
API String ID: 133599538-2313099117
Opcode ID: c83999cf4ad471ed4c63eb5a9d613e2c0893b1b936f49af736b696c21105400e
Instruction ID: 2b3a294e1140e56c4f7ae5dd259022b947cf645f15037fdbc9c7a7723e5d3535
Opcode Fuzzy Hash: c83999cf4ad471ed4c63eb5a9d613e2c0893b1b936f49af736b696c21105400e
Instruction Fuzzy Hash: D7110E71A04744ABDB10CF68E841B9ABBF9FB0A714F40062AF52593380CB352904CB91

Function 10008810 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 43COMMON

Download Yara Rule

APIs

Part of subcall function 100078F0: EnterCriticalSection.KERNEL32(05BCE4A0,94BA138F,?,?,00000000), ref: 1000794D
Part of subcall function 100078F0: WSAStartup.WS2_32(00000002,1038F958), ref: 10007973

setsockopt.WS2_32(?,0000FFFF,00000008,?,00000004), ref: 10008863
gds__log.FBCLIENT25(inet server err: setting KEEPALIVE socket option ), ref: 10008873

Part of subcall function 1003AC40: _time64.MSVCR80 ref: 1003AC7B
Part of subcall function 1003AC40: WaitForSingleObject.KERNEL32 ref: 1003ACB1
Part of subcall function 1003AC40: fopen.MSVCR80 ref: 1003ACC1
Part of subcall function 1003AC40: _ctime64.MSVCR80 ref: 1003ACD5
Part of subcall function 1003AC40: fprintf.MSVCR80 ref: 1003AD03
Part of subcall function 1003AC40: vfprintf.MSVCR80 ref: 1003AD16
Part of subcall function 1003AC40: fprintf.MSVCR80 ref: 1003AD22
Part of subcall function 1003AC40: fclose.MSVCR80 ref: 1003AD25
Part of subcall function 1003AC40: ReleaseMutex.KERNEL32(00000388,00000388,000000FF), ref: 1003AD35

gds__log.FBCLIENT25(inet server err: setting NODELAY socket option ), ref: 1000888D

Strings

inet server err: setting KEEPALIVE socket option , xrefs: 1000886E
inet server err: setting NODELAY socket option , xrefs: 10008888

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: fprintfgds__log$CriticalEnterMutexObjectReleaseSectionSingleStartupWait_ctime64_time64fclosefopensetsockoptvfprintf
String ID: inet server err: setting KEEPALIVE socket option $inet server err: setting NODELAY socket option
API String ID: 2445143748-4153090861
Opcode ID: 6fca9811fe7a959689431bc515f009ca4dde68d84fc71cc055251a1afc00033c
Instruction ID: 436c4c2218b1cd909a0ac98a7ad333d9b90823067c7cc0a8825c6f4f2f54e4c2
Opcode Fuzzy Hash: 6fca9811fe7a959689431bc515f009ca4dde68d84fc71cc055251a1afc00033c
Instruction Fuzzy Hash: 7201BCF4A403019FF200CB24E84AB47BAE0EF41758F11882CF5899B3D2EB74A808C796

Function 100088A0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 37COMMON

Download Yara Rule

APIs

Part of subcall function 100078F0: EnterCriticalSection.KERNEL32(05BCE4A0,94BA138F,?,?,00000000), ref: 1000794D
Part of subcall function 100078F0: WSAStartup.WS2_32(00000002,1038F958), ref: 10007973

setsockopt.WS2_32(?,0000FFFF,00000008,?,00000004), ref: 100088D9
gds__log.FBCLIENT25(inet server err: setting KEEPALIVE socket option ), ref: 100088E9

Part of subcall function 1003AC40: _time64.MSVCR80 ref: 1003AC7B
Part of subcall function 1003AC40: WaitForSingleObject.KERNEL32 ref: 1003ACB1
Part of subcall function 1003AC40: fopen.MSVCR80 ref: 1003ACC1
Part of subcall function 1003AC40: _ctime64.MSVCR80 ref: 1003ACD5
Part of subcall function 1003AC40: fprintf.MSVCR80 ref: 1003AD03
Part of subcall function 1003AC40: vfprintf.MSVCR80 ref: 1003AD16
Part of subcall function 1003AC40: fprintf.MSVCR80 ref: 1003AD22
Part of subcall function 1003AC40: fclose.MSVCR80 ref: 1003AD25
Part of subcall function 1003AC40: ReleaseMutex.KERNEL32(00000388,00000388,000000FF), ref: 1003AD35

gds__log.FBCLIENT25(inet server err: setting NODELAY socket option ), ref: 10008903

Strings

inet server err: setting KEEPALIVE socket option , xrefs: 100088E4
inet server err: setting NODELAY socket option , xrefs: 100088FE

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: fprintfgds__log$CriticalEnterMutexObjectReleaseSectionSingleStartupWait_ctime64_time64fclosefopensetsockoptvfprintf
String ID: inet server err: setting KEEPALIVE socket option $inet server err: setting NODELAY socket option
API String ID: 2445143748-4153090861
Opcode ID: 2547ecc02b6c76e5bb7483c52244770c31a4d54634e3fa874de1ccb365cac04d
Instruction ID: a248bc0236acaf26c9d57a75f0113ceff17cc37728286af4992deca765fa2ca7
Opcode Fuzzy Hash: 2547ecc02b6c76e5bb7483c52244770c31a4d54634e3fa874de1ccb365cac04d
Instruction Fuzzy Hash: 00F024F5F403016AF211D724AC0AB877690EF417A9F010538F2869A6C2EF64B818836A

Function 100058F0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

htonl.WS2_32(7F000001), ref: 10005918
gds__log.FBCLIENT25(Wrong RemoteBindAddress '%s' in firebird.conf - binding to loopback interface,00000000), ref: 1000592D

Part of subcall function 1003AC40: _time64.MSVCR80 ref: 1003AC7B
Part of subcall function 1003AC40: WaitForSingleObject.KERNEL32 ref: 1003ACB1
Part of subcall function 1003AC40: fopen.MSVCR80 ref: 1003ACC1
Part of subcall function 1003AC40: _ctime64.MSVCR80 ref: 1003ACD5
Part of subcall function 1003AC40: fprintf.MSVCR80 ref: 1003AD03
Part of subcall function 1003AC40: vfprintf.MSVCR80 ref: 1003AD16
Part of subcall function 1003AC40: fprintf.MSVCR80 ref: 1003AD22
Part of subcall function 1003AC40: fclose.MSVCR80 ref: 1003AD25
Part of subcall function 1003AC40: ReleaseMutex.KERNEL32(00000388,00000388,000000FF), ref: 1003AD35

gds__log.FBCLIENT25(Host '%s' resolves to multiple interfaces - binding to loopback interface,00000000), ref: 1000593D

Strings

Wrong RemoteBindAddress '%s' in firebird.conf - binding to loopback interface, xrefs: 10005928
Host '%s' resolves to multiple interfaces - binding to loopback interface, xrefs: 10005938

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: fprintfgds__log$MutexObjectReleaseSingleWait_ctime64_time64fclosefopenhtonlvfprintf
String ID: Host '%s' resolves to multiple interfaces - binding to loopback interface$Wrong RemoteBindAddress '%s' in firebird.conf - binding to loopback interface
API String ID: 2095959426-3720042486
Opcode ID: 80e09e8740afe22a1cb19bd218425ee8c13164c929e2a1700f7fa8454b216e00
Instruction ID: df81d1044705abb428c69861d5f2c8567e21e7a37a3fb826d069687e8956ddc2
Opcode Fuzzy Hash: 80e09e8740afe22a1cb19bd218425ee8c13164c929e2a1700f7fa8454b216e00
Instruction Fuzzy Hash: 90E02B36F821206AD793E76C7C457DF3288C7C25F7F0203A7F80859219EF22588501EA

Function 10012D10 Relevance: 7.7, APIs: 1, Strings: 4, Instructions: 170COMMON

Download Yara Rule

APIs

memcpy.MSVCR80(00000000,?,?,?,94BA138F), ref: 10012DFF

Part of subcall function 10009070: LeaveCriticalSection.KERNEL32(?,94BA138F,?,?,?,1022F5A8,000000FF), ref: 100090A7

Part of subcall function 10029700: EnterCriticalSection.KERNEL32(?,05BC0014,00000002,?,05BC0014,100273D1,?,?,-000000F4,05BC0014,1002913C,-000000F4,00000001,05BC0014,00000000,10029570), ref: 10029726

Strings

%s/%s, xrefs: 10012E9F
GDS_DATABASE_INFO, xrefs: 10012DA6
WI-V2.5.6.27020 Firebird 2.5, xrefs: 10012E97
, xrefs: 10012E7E

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: CriticalSection$EnterLeavememcpy
String ID: $%s/%s$GDS_DATABASE_INFO$WI-V2.5.6.27020 Firebird 2.5
API String ID: 2020518640-2861174859
Opcode ID: cbf1207b4447402d067f4c3c37f8fb66a85374a138831138893af716b43e6421
Instruction ID: 75fc4d4fca9bc6c2bfd60c1d603ffced668550b03817b45e625095edfe13db7b
Opcode Fuzzy Hash: cbf1207b4447402d067f4c3c37f8fb66a85374a138831138893af716b43e6421
Instruction Fuzzy Hash: FA615BB5D002099FDB24CF94DC81BAEB7B5EF48344F1045A9E909A7341EB30AE95CB55

Function 1004F7E0 Relevance: 7.7, APIs: 3, Strings: 2, Instructions: 155stringCOMMON

Download Yara Rule

APIs

_strnicmp.MSVCR80 ref: 1004F855
strchr.MSVCR80 ref: 1004F86C
strchr.MSVCR80 ref: 1004F94A

Strings

Microsoft Windows Network, xrefs: 1004F82D, 1004F84B, 1004F84F
Firebird::string - pos out of range, xrefs: 1004F915, 1004F931

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: strchr$_strnicmp
String ID: Firebird::string - pos out of range$Microsoft Windows Network
API String ID: 2612609099-2769111924
Opcode ID: 983e372fdb1499ec9e49a495efe0f54c719e2724439fde83d6713f8e2eef3c6e
Instruction ID: f0e5151d7731182011555bfae46e01db45e73057687cbfcdbcc1ae4edc0a4ddf
Opcode Fuzzy Hash: 983e372fdb1499ec9e49a495efe0f54c719e2724439fde83d6713f8e2eef3c6e
Instruction Fuzzy Hash: 7751DE70208381AFD704DB24CC99B7BB7E5EB89744F604A2DF882CB292DB71E944C756

Function 10002910 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 123COMMON

Download Yara Rule

APIs

memcpy.MSVCR80(00000000), ref: 10002A0E

Part of subcall function 1002CB40: GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,00000000), ref: 1002CB6E

memcpy.MSVCR80(00000000), ref: 100029A0
memcpy.MSVCR80(00000000,0000001A,c:\Program Files\Firebird\,0000001A), ref: 10002A61

Strings

c:\Program Files\Firebird\, xrefs: 10002A51
, xrefs: 1000295A

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: memcpy$FileModuleName
String ID: $c:\Program Files\Firebird\
API String ID: 1955653913-3426720421
Opcode ID: 6fe1b4990d624ed65bbd469647798173cce4d0c9b632b58136a38414e7674f95
Instruction ID: 372a9f3eb421a61428232ff1a42bf5965741009af3f3bfe0779dcd297bd3ef55
Opcode Fuzzy Hash: 6fe1b4990d624ed65bbd469647798173cce4d0c9b632b58136a38414e7674f95
Instruction Fuzzy Hash: 9341E3B5508380AFC704CB68D892DABB7F8EF95744F40091DF49587252EB74E948CBA7

Function 1003BEF0 Relevance: 7.6, APIs: 5, Instructions: 123COMMON

Download Yara Rule

APIs

gds__vax_integer.FBCLIENT25(?,?,?,?,?,?,?,1003C915,?,?,?,?,00000000,00000000,00000000,00000000), ref: 1003BFB8
gds__vax_integer.FBCLIENT25(?,?,00000000), ref: 1003BFD3
gds__vax_integer.FBCLIENT25(?,?,00000000), ref: 1003BFEB
gds__vax_integer.FBCLIENT25(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 1003BFFF
gds__vax_integer.FBCLIENT25(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 1003C017

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: gds__vax_integer
String ID:
API String ID: 1056353452-0
Opcode ID: 98fc0f2b6a2d71d10890a6c06f29e4dc56806c94d5c6e2e2ce3c447c6b8b9928
Instruction ID: edc37e6ba7f8618e9d6f4480acefda208c3ba36b8c3c740019beae8bd2731a2f
Opcode Fuzzy Hash: 98fc0f2b6a2d71d10890a6c06f29e4dc56806c94d5c6e2e2ce3c447c6b8b9928
Instruction Fuzzy Hash: E941BC39208399CED356DE26C840B6BB7E4EF8634AF115A59F894CF290D776D900CB62

Function 1001BA10 Relevance: 7.6, APIs: 5, Instructions: 120synchronizationCOMMON

Download Yara Rule

APIs

SetEvent.KERNEL32(?), ref: 1001BA45
GetLastError.KERNEL32 ref: 1001BA4F
WaitForSingleObject.KERNEL32(?,000001F4), ref: 1001BA9F
WaitForSingleObject.KERNEL32(?,00000001), ref: 1001BAB5

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: ObjectSingleWait$ErrorEventLast
String ID:
API String ID: 3117263442-0
Opcode ID: 44c3da7bf645904dc1b4f0ab6092d66b10a26b9f6f15c51241892e22c8295b76
Instruction ID: b98ad5b7bfe19d51a23fc8871f4497216011e97247b2b91a57c1fb54790b2155
Opcode Fuzzy Hash: 44c3da7bf645904dc1b4f0ab6092d66b10a26b9f6f15c51241892e22c8295b76
Instruction Fuzzy Hash: B731B0B57087444FD300CF24AC91BA7B7E5FF84664F55882DE8498B742E731E948CB92

Function 10002AA0 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 115COMMON

Download Yara Rule

APIs

memcpy.MSVCR80(00000000), ref: 10002B98

Part of subcall function 1002CB40: GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,00000000), ref: 1002CB6E

memcpy.MSVCR80(00000000), ref: 10002B30
memcpy.MSVCR80(00000000,0000001A,c:\Program Files\Firebird\,0000001A), ref: 10002BD3

Strings

c:\Program Files\Firebird\, xrefs: 10002BC3
, xrefs: 10002AEA

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: memcpy$FileModuleName
String ID: $c:\Program Files\Firebird\
API String ID: 1955653913-3426720421
Opcode ID: 1744f569e4f949f3b92e9bee50c683ba37eb616c7e7d6b197c060bc4cb8b5076
Instruction ID: 91dbe7e9d14d705d708dd5eca30a4dc7b3aa9ac1d2ba5141611eaf06d063e28f
Opcode Fuzzy Hash: 1744f569e4f949f3b92e9bee50c683ba37eb616c7e7d6b197c060bc4cb8b5076
Instruction Fuzzy Hash: F741BDB5508340AFD704CB68D882EABB7E8EF85744F40491DF89687252EB74E908CB63

Function 10074700 Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 100COMMON

Download Yara Rule

APIs

Part of subcall function 1004E790: GetComputerNameA.KERNEL32(10264973,00000104), ref: 1004E7A4

_snprintf.MSVCR80 ref: 10074726
_strlwr.MSVCR80 ref: 1007479D
SetLastError.KERNEL32(000000CE,7572E010), ref: 100747CA
SetLastError.KERNEL32(000000CE), ref: 100747E9

Strings

.su, xrefs: 10074714, 1007471A

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: ErrorLast$ComputerName_snprintf_strlwr
String ID: .su
API String ID: 1748202213-1039254810
Opcode ID: 202b3a9222b7672c569806904614cc3c104f9ec7fa4217ac0171e136e5548ce4
Instruction ID: 32ad28f49696381fb9df34c6a8d7ceed9af029db8cffb038fce695f729b5828f
Opcode Fuzzy Hash: 202b3a9222b7672c569806904614cc3c104f9ec7fa4217ac0171e136e5548ce4
Instruction Fuzzy Hash: 58218B755083905BCB08DB289C957FBBBE5EF47188F424589F88287302EF2B940DC76A

Function 05D0D320 Relevance: 7.6, APIs: 5, Instructions: 68COMMON

Download Yara Rule

APIs

_open.MSVCR80 ref: 05D0D330
_read.MSVCR80 ref: 05D0D353
_close.MSVCR80 ref: 05D0D361

Memory Dump Source

Source File: 00000012.00000002.2432177447.0000000005D01000.00000020.00000001.01000000.0000001D.sdmp, Offset: 05D00000, based on PE: true

Associated: 00000012.00000002.2432135585.0000000005D00000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2432748975.0000000005D2D000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2434993691.0000000005DDB000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2435043213.0000000005DDD000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5d00000_SISTEMA.jbxd

Similarity

API ID: _close_open_read
String ID:
API String ID: 2332195497-0
Opcode ID: 0782c5ee8385c19a32ed5d4424ed53af1d33b317d01380f1859aeae476c4dfa3
Instruction ID: 4d7b8395810c79c368275c52bdd5b91da16fed42591d26d2a000c5947816943a
Opcode Fuzzy Hash: 0782c5ee8385c19a32ed5d4424ed53af1d33b317d01380f1859aeae476c4dfa3
Instruction Fuzzy Hash: A911B7719087115BD310FF2C9805A9BBA92BF61210F448517F8A8873E2F731D555C7E7

Function 1003BE30 Relevance: 7.6, APIs: 5, Instructions: 66COMMON

Download Yara Rule

APIs

gds__alloc.FBCLIENT25(00000400), ref: 1003BE53
gds__free.FBCLIENT25(00000000), ref: 1003BE7C
gds__put_error.FBCLIENT25(00000000), ref: 1003BE8B

Part of subcall function 1003AF70: __iob_func.MSVCR80 ref: 1003AF77
Part of subcall function 1003AF70: fputs.MSVCR80 ref: 1003AF82
Part of subcall function 1003AF70: __iob_func.MSVCR80 ref: 1003AF88
Part of subcall function 1003AF70: fputc.MSVCR80 ref: 1003AF90
Part of subcall function 1003AF70: __iob_func.MSVCR80 ref: 1003AF96
Part of subcall function 1003AF70: fflush.MSVCR80 ref: 1003AF9C

gds__put_error.FBCLIENT25(00000000), ref: 1003BEB1
gds__free.FBCLIENT25(00000000), ref: 1003BED0

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: __iob_func$gds__freegds__put_error$fflushfputcfputsgds__alloc
String ID:
API String ID: 1471608230-0
Opcode ID: 00119a6737b6c70f6756c91163b2e6f0718fea59f87919c3a54e0445ba8f177e
Instruction ID: 7dab3ee24857150f4b56790d1439478228459bbca271bfbd0df99f75f72b5b9f
Opcode Fuzzy Hash: 00119a6737b6c70f6756c91163b2e6f0718fea59f87919c3a54e0445ba8f177e
Instruction Fuzzy Hash: 1E11A776A05A065FE702DA558C81FDB62DCDF91A4AF008429FB009E142E770E54486B6

Function 1001A850 Relevance: 7.5, APIs: 5, Instructions: 37fileCOMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32(00000000), ref: 1001A864
CloseHandle.KERNEL32(00000000), ref: 1001A876
CloseHandle.KERNEL32(00000000), ref: 1001A888
UnmapViewOfFile.KERNEL32(00000000), ref: 1001A89A
CloseHandle.KERNEL32(00000000), ref: 1001A8B0

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: CloseHandle$FileUnmapView
String ID:
API String ID: 260491571-0
Opcode ID: 9c648fbd80dc09585dfa7046df06ef1c768841da4a56ef5c6e4ae334e9bcdef1
Instruction ID: d7b9c30ae9b069c617b2ebb1a88ceafa6db191e25d9ad8ffae2b0cff7fe0b839
Opcode Fuzzy Hash: 9c648fbd80dc09585dfa7046df06ef1c768841da4a56ef5c6e4ae334e9bcdef1
Instruction Fuzzy Hash: 88F0BDF1A501309FC643DFADDCE48167BEEEBD56643244697E608D3164CAB1DC828F50

Function 1001B2E1 Relevance: 7.5, APIs: 4, Strings: 1, Instructions: 32COMMON

Download Yara Rule

APIs

Part of subcall function 1001ADC0: memcpy.MSVCR80(00000000), ref: 1001AE2D

CloseHandle.KERNEL32(?), ref: 1001B302
CloseHandle.KERNEL32(?), ref: 1001B30C
CloseHandle.KERNEL32(?), ref: 1001B316
CloseHandle.KERNEL32(?), ref: 1001B320

Strings

aux_connect() failed, xrefs: 1001B2E3

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: CloseHandle$memcpy
String ID: aux_connect() failed
API String ID: 2397262393-1572050499
Opcode ID: af8016ea54f532f21bf4451478e789a1f09e98ce5d7ed1a6787fc035876a9959
Instruction ID: 01c0097bc751f88ae623c5b6de1e68c355a8e9482d687a132019036b2eb83693
Opcode Fuzzy Hash: af8016ea54f532f21bf4451478e789a1f09e98ce5d7ed1a6787fc035876a9959
Instruction Fuzzy Hash: 95F06D71B00F2457DB60EE7A9C44A1FF2ECEF54A903820918F855EB611DB34FE90CAA0

Function 1001B600 Relevance: 7.5, APIs: 4, Strings: 1, Instructions: 32COMMON

Download Yara Rule

APIs

Part of subcall function 1001ADC0: memcpy.MSVCR80(00000000), ref: 1001AE2D

CloseHandle.KERNEL32(?), ref: 1001B621
CloseHandle.KERNEL32(?), ref: 1001B62B
CloseHandle.KERNEL32(?), ref: 1001B635
CloseHandle.KERNEL32(?), ref: 1001B63F

Strings

aux_request() failed, xrefs: 1001B602

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: CloseHandle$memcpy
String ID: aux_request() failed
API String ID: 2397262393-3219984754
Opcode ID: 8e6ea9f1cb5f87c091f7c2994c510900cb286a052845d6974c7c8fcc8fa1b6bd
Instruction ID: cc6a5d7aa07e1748cdc20b87c0237b7772bb23566c2c9e7b094df493792660f1
Opcode Fuzzy Hash: 8e6ea9f1cb5f87c091f7c2994c510900cb286a052845d6974c7c8fcc8fa1b6bd
Instruction Fuzzy Hash: 0AF03071B00E145BDA60EE7A9C44E2BB2DCEF646907420518E445EB210DB38FC808AA4

Function 10053410 Relevance: 7.5, APIs: 3, Strings: 2, Instructions: 28COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(0000002E), ref: 1005341A
GetLastError.KERNEL32 ref: 10053426

Part of subcall function 1002B330: GetLastError.KERNEL32(1002ECEF,00000001,?,10233AE0,10045CBE,14000004,94BA138F,?,?,?,00000100,10254A18), ref: 1002B333
Part of subcall function 1002B330: _CxxThrowException.MSVCR80(00000000,102B4004), ref: 1002B351

TlsSetValue.KERNEL32(0000002E,?), ref: 10053447

Strings

TlsGetValue, xrefs: 10053430
TlsSetValue, xrefs: 10053453

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: ErrorLastValue$ExceptionThrow
String ID: TlsGetValue$TlsSetValue
API String ID: 1956836430-2561324643
Opcode ID: 7bf7958eb1acc9c5be3ee6e191c43f31aca9af2cd1d1213fa459c31942d28060
Instruction ID: 3c11520d69c9abd3fd15a8a3c77a87587062335cc974ad5b87e49afa2fd9b2ac
Opcode Fuzzy Hash: 7bf7958eb1acc9c5be3ee6e191c43f31aca9af2cd1d1213fa459c31942d28060
Instruction Fuzzy Hash: 72E092B670056167C325DB76AC489C77BECEB912B0311C429F44DC3110DF71E8948B64

Function 10026A90 Relevance: 7.5, APIs: 3, Strings: 2, Instructions: 26COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(0000002D,?,101B5CB1,05BC0014,94BA138F,?,?,?), ref: 10026A97
GetLastError.KERNEL32 ref: 10026AA3

Part of subcall function 1002B330: GetLastError.KERNEL32(1002ECEF,00000001,?,10233AE0,10045CBE,14000004,94BA138F,?,?,?,00000100,10254A18), ref: 1002B333
Part of subcall function 1002B330: _CxxThrowException.MSVCR80(00000000,102B4004), ref: 1002B351

TlsSetValue.KERNEL32(0000002D,?), ref: 10026AC6

Strings

TlsGetValue, xrefs: 10026AAD
TlsSetValue, xrefs: 10026AD0

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: ErrorLastValue$ExceptionThrow
String ID: TlsGetValue$TlsSetValue
API String ID: 1956836430-2561324643
Opcode ID: dcdcf2cbfc71c8f64c31dbfbef5b3346d6e7b4dc5026735a40f97eefa47de937
Instruction ID: 102804ffe6ccb8faab9bc7e73af217c55a942e260cf706a839a8dc00edee082f
Opcode Fuzzy Hash: dcdcf2cbfc71c8f64c31dbfbef5b3346d6e7b4dc5026735a40f97eefa47de937
Instruction Fuzzy Hash: D6E092B5B005315BDB00DB70FC8999736A8FB542983018164FD0AA2210EE30E9508BE2

Function 05D1C1D0 Relevance: 7.5, APIs: 3, Strings: 2, Instructions: 26COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(0000002F), ref: 05D1C1D7
GetLastError.KERNEL32 ref: 05D1C1E3

Part of subcall function 05D20090: GetLastError.KERNEL32 ref: 05D20093
Part of subcall function 05D20090: _CxxThrowException.MSVCR80(00000000,05DD85D0), ref: 05D200B1

TlsSetValue.KERNEL32(0000002F,?), ref: 05D1C206

Strings

TlsSetValue, xrefs: 05D1C210
TlsGetValue, xrefs: 05D1C1ED

Memory Dump Source

Source File: 00000012.00000002.2432177447.0000000005D01000.00000020.00000001.01000000.0000001D.sdmp, Offset: 05D00000, based on PE: true

Associated: 00000012.00000002.2432135585.0000000005D00000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2432748975.0000000005D2D000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2434993691.0000000005DDB000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2435043213.0000000005DDD000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5d00000_SISTEMA.jbxd

Similarity

API ID: ErrorLastValue$ExceptionThrow
String ID: TlsGetValue$TlsSetValue
API String ID: 1956836430-2561324643
Opcode ID: 0487d892506563283820849cb303e6bb0db3af73de7872b15f0b9679d27bc22d
Instruction ID: de49b0f8b5cc43c2eccf471a08e7a8e5b1c265e7dfb72d10aefa0e64037fe750
Opcode Fuzzy Hash: 0487d892506563283820849cb303e6bb0db3af73de7872b15f0b9679d27bc22d
Instruction Fuzzy Hash: 46E0E5B67551216BE620A6A5B84FD263B65BB10955701401BF806DA310ED34DC448672

Function 10056B80 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 201COMMON

Download Yara Rule

APIs

_time64.MSVCR80 ref: 10056C01
_lseek.MSVCR80 ref: 10056C12
_errno.MSVCR80 ref: 10056C2C

Strings

lseek, xrefs: 10056C68

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: _errno_lseek_time64
String ID: lseek
API String ID: 1871400926-1872514266
Opcode ID: 6586feb25adf06cc92f9102d9f22b551038bb2a3a2cf86563c13854034c63006
Instruction ID: da3bb5b210dd35a751bfe841ab6a742e64465cee8176b7d2a4c1f93c878b8fea
Opcode Fuzzy Hash: 6586feb25adf06cc92f9102d9f22b551038bb2a3a2cf86563c13854034c63006
Instruction Fuzzy Hash: E2714B742042409FD314DB24D881FAA77E5FF88B54F504A0CF9898B392CB75ED45CB51

Function 1000AEC0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 190COMMON

Download Yara Rule

APIs

TryEnterCriticalSection.KERNEL32(?,94BA138F), ref: 1000AFA5

Part of subcall function 10016D70: GetCurrentThreadId.KERNEL32 ref: 10016D7D

memset.MSVCR80 ref: 1000AFD4

Part of subcall function 1000A4D0: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,1022F7C0,000000FF), ref: 1000A598

Part of subcall function 1000A7E0: LeaveCriticalSection.KERNEL32 ref: 1000A7F3

Strings

[, xrefs: 1000AFE8
_, xrefs: 1000AEFC

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: CriticalSection$Leave$CurrentEnterThreadmemset
String ID: [$_
API String ID: 1775411312-2509550976
Opcode ID: 08b53d155d3b91a768841c6e50d1498e38e3dce95e22087b19c021452a289db6
Instruction ID: 13abf993c6d91ef25f0f93eb73940613a0c4de9659c6430f7ef8deb18698ee54
Opcode Fuzzy Hash: 08b53d155d3b91a768841c6e50d1498e38e3dce95e22087b19c021452a289db6
Instruction Fuzzy Hash: DD61B175A04649DFDB00CF98D480A9DFBF5FF89364F1082AEE81997381D771AA41CB90

Function 101BF9E0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 179COMMON

Download Yara Rule

APIs

gds__alloc.FBCLIENT25(?,94BA138F,?,?,?,?), ref: 101BFACF
memcpy.MSVCR80(00000000,?,?,?,94BA138F,?,?,?,?), ref: 101BFB88
gds__free.FBCLIENT25(00000000,?,?,?), ref: 101BFBA6

Strings

SDL buffer overflow, xrefs: 101BFA26, 101BFAEE

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: gds__allocgds__freememcpy
String ID: SDL buffer overflow
API String ID: 4086493661-3679400507
Opcode ID: 3ecb522b7baad7c903921513d5382f41c6472273f449974d0df9587a60ead503
Instruction ID: 9c2a3a2ee7ece15848823c6a4ced254e2810e58ff3aa3e7fac42813dc7c4fe13
Opcode Fuzzy Hash: 3ecb522b7baad7c903921513d5382f41c6472273f449974d0df9587a60ead503
Instruction Fuzzy Hash: 9361AA352086418FC344DF28C990B6BB7E1FF88754F50895CF99A87392DB7AE905CB92

Function 10021170 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 154COMMON

Download Yara Rule

APIs

exit.MSVCR80 ref: 10021332

Part of subcall function 1002A510: _vsnprintf.MSVCR80 ref: 1002A544
Part of subcall function 1002A510: _vsnprintf.MSVCR80 ref: 1002A57E

Strings

, xrefs: 100211D4
Only one of -L, -N, -F, -B or -R should be specified, xrefs: 10021364
Missing parameter for switch %s, xrefs: 10021349

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: _vsnprintf$exit
String ID: $Missing parameter for switch %s$Only one of -L, -N, -F, -B or -R should be specified
API String ID: 2810919790-2968887101
Opcode ID: d341d39095e5967f209029c110b10dc775493ce746a5aefb63b1a8fd43a317f3
Instruction ID: 17b199dbf94e9efca86aff4627c81a0604156382a8bfe8762c9e65e405e6b5db
Opcode Fuzzy Hash: d341d39095e5967f209029c110b10dc775493ce746a5aefb63b1a8fd43a317f3
Instruction Fuzzy Hash: 61413378648341ABE320DB65DC96F9E73A5EF55700F80491CB24DDB2C3DAB0B4448BA7

Function 1000D5C0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 134COMMON

Download Yara Rule

Strings

REMOTE INTERFACE/gds__detach: Unsuccesful detach from database. Uncommitted work may have been lost, xrefs: 1000D6F0
GDS_DETACH, xrefs: 1000D625

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID:
String ID: GDS_DETACH$REMOTE INTERFACE/gds__detach: Unsuccesful detach from database. Uncommitted work may have been lost
API String ID: 0-2414063693
Opcode ID: f726416d99035239270086ce1ab1442dd1be3a978650d5b4d2516cc954d1608c
Instruction ID: c2be0b119a518ce8bf83e67f67c346e651aa4a229bb42c3ec8576db0efec01c2
Opcode Fuzzy Hash: f726416d99035239270086ce1ab1442dd1be3a978650d5b4d2516cc954d1608c
Instruction Fuzzy Hash: 9041D276A00649DFEB10EF98D49169EF7F5FB443A0F11812AE85A57384DB32BD40CBA1

Function 10056E00 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 114COMMON

Download Yara Rule

Strings

lseek, xrefs: 10056F0E
read, xrefs: 10056EEB

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: memcpy$_read
String ID: lseek$read
API String ID: 3885049467-1335580195
Opcode ID: c9a80948b4d51663e179cd3f591fdcc35f7f9de3f58381c1a8b1ced69aac9600
Instruction ID: 385244fc30a76ba51c4ec183c80f68b80e08ab27f5647e465b93e28f791e7579
Opcode Fuzzy Hash: c9a80948b4d51663e179cd3f591fdcc35f7f9de3f58381c1a8b1ced69aac9600
Instruction Fuzzy Hash: A93160796052019BD625CF54FC82BEAF3E9EB9C340F10492DF59283591EB70A88DCB62

Function 10054450 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90COMMON

Download Yara Rule

APIs

gds__alloc.FBCLIENT25(?), ref: 100544A5
gds__log.FBCLIENT25(isc_extend_dpb: out of memory,?), ref: 100544B5
memcpy.MSVCR80(00000000,?,00000000,?), ref: 100544D2

Strings

isc_extend_dpb: out of memory, xrefs: 100544B0

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: gds__allocgds__logmemcpy
String ID: isc_extend_dpb: out of memory
API String ID: 3403640703-1283669051
Opcode ID: 85911fdbacc12c6c64326b6a25c28343277a1e12574934584d9b77f4eee67bd1
Instruction ID: fe1f89cc5a94b04093d3ffe404f94dd19e4854c2d5ab959d5c24fd528ee3ee62
Opcode Fuzzy Hash: 85911fdbacc12c6c64326b6a25c28343277a1e12574934584d9b77f4eee67bd1
Instruction Fuzzy Hash: 703101766042A68BC301CF1898806BA73E4FFC5758F0B805AF9C48B202EA35ED89C770

Function 1004AC00 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 80synchronizationCOMMON

Download Yara Rule

APIs

gds__register_cleanup.FBCLIENT25(10040230,00000000,94BA138F), ref: 1004AC57
isc_que_events.FBCLIENT25(?,?,?,?,?,100414A0,?,94BA138F), ref: 1004AC80
WaitForSingleObject.KERNEL32(?,000000FF,94BA138F), ref: 1004ACAE

Part of subcall function 1002B330: GetLastError.KERNEL32(1002ECEF,00000001,?,10233AE0,10045CBE,14000004,94BA138F,?,?,?,00000100,10254A18), ref: 1002B333
Part of subcall function 1002B330: _CxxThrowException.MSVCR80(00000000,102B4004), ref: 1002B351

Strings

WaitForSingleObject, xrefs: 1004ACB9

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: ErrorExceptionLastObjectSingleThrowWaitgds__register_cleanupisc_que_events
String ID: WaitForSingleObject
API String ID: 241389504-3763911493
Opcode ID: 889ba046137d5f70ce22e19064e53f32fa19baf8439dec67c5b5987cfcbc21b7
Instruction ID: 2851c74bb2600a2d2ae6af4700005228590920caa3665108d127f282a73c3f2a
Opcode Fuzzy Hash: 889ba046137d5f70ce22e19064e53f32fa19baf8439dec67c5b5987cfcbc21b7
Instruction Fuzzy Hash: 7A2196B5A04149AFC704CF55D8C1EAABBF8FB45364F20826AFA15D7351D731A844CBA4

Function 10008911 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 70networkCOMMON

Download Yara Rule

APIs

Part of subcall function 10007CD0: memcpy.MSVCR80(00000000,?,?,?), ref: 10007DF3
Part of subcall function 10007CD0: strstr.MSVCR80 ref: 10007E05
Part of subcall function 10007CD0: memcpy.MSVCR80(00000000), ref: 10007E61

DeleteCriticalSection.KERNEL32(?), ref: 10008969

Part of subcall function 10029700: EnterCriticalSection.KERNEL32(?,05BC0014,00000002,?,05BC0014,100273D1,?,?,-000000F4,05BC0014,1002913C,-000000F4,00000001,05BC0014,00000000,10029570), ref: 10029726

WSAGetLastError.WS2_32 ref: 10008993
DeleteCriticalSection.KERNEL32(?), ref: 100089BC

Strings

receive in try_connect, xrefs: 10008999

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: CriticalSection$Deletememcpy$EnterErrorLaststrstr
String ID: receive in try_connect
API String ID: 2256786692-170310303
Opcode ID: 454cb00d7fbbac2aac10af3d83fa339e80a1b68d3fd31e155e4f868144b05120
Instruction ID: 312c46229daf797809a14f338fc4edec7627a3aad29ebeed897a2c3e46a76aa4
Opcode Fuzzy Hash: 454cb00d7fbbac2aac10af3d83fa339e80a1b68d3fd31e155e4f868144b05120
Instruction Fuzzy Hash: CF218C752043049FD310DF65EC84AABB7E9EFC83A4F10851AF949C7212EB74E905CB61

Function 100568E0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64COMMON

Download Yara Rule

APIs

_write.MSVCR80 ref: 10056901
_write.MSVCR80 ref: 1005693A
_write.MSVCR80 ref: 10056975

Part of subcall function 10056450: _errno.MSVCR80 ref: 1005647D
Part of subcall function 10056450: _errno.MSVCR80 ref: 10056488
Part of subcall function 10056450: strerror.MSVCR80 ref: 1005648D

Strings

write, xrefs: 10056919, 10056952, 1005698E

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: _write$_errno$strerror
String ID: write
API String ID: 3127803158-2104195679
Opcode ID: 979c7de70f1fb4c2641658096ff77f93e51117436dcf964929a247e743d60d30
Instruction ID: fe20119b0e8919dbf85eba6a08414ab2c564f1dc8ed32e9e6724b8146b9fea3a
Opcode Fuzzy Hash: 979c7de70f1fb4c2641658096ff77f93e51117436dcf964929a247e743d60d30
Instruction Fuzzy Hash: F71191B66002006BE211CA24EC90EFF73D8EBDC744F05491CFA8A97211D231F8588BA6

Function 10007140 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62networkCOMMON

Download Yara Rule

APIs

Part of subcall function 100078F0: EnterCriticalSection.KERNEL32(05BCE4A0,94BA138F,?,?,00000000), ref: 1000794D
Part of subcall function 100078F0: WSAStartup.WS2_32(00000002,1038F958), ref: 10007973

Part of subcall function 10017810: EnterCriticalSection.KERNEL32(05BCC3E0,94BA138F,?,00000000,?,?,00000000), ref: 10017840

accept.WS2_32(?,?,?), ref: 1000717E
WSAGetLastError.WS2_32 ref: 1000718D

Part of subcall function 10005CA0: gds__log.FBCLIENT25(INET/inet_error: %s errno = %d,00000001), ref: 10005CDF

Part of subcall function 10007020: setsockopt.WS2_32(?,0000FFFF,00000080,?,00000004), ref: 10007062
Part of subcall function 10007020: shutdown.WS2_32(?,00000002), ref: 10007076
Part of subcall function 10007020: EnterCriticalSection.KERNEL32(05BCC420,94BA138F,?,?,?,?,1022F3B8,000000FF), ref: 10007086

setsockopt.WS2_32(?,0000FFFF,00000008,?,00000004), ref: 100071DC

Strings

accept, xrefs: 10007193

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: CriticalEnterSection$setsockopt$ErrorLastStartupacceptgds__logshutdown
String ID: accept
API String ID: 3195853088-3005279540
Opcode ID: 121dee05bd36fed673c3d620615b776279f588806ce42f52b37685c3510c9b00
Instruction ID: 39ffd6b57f22d936ac76f36d89e735a4f6c848f2439171d101338990e84ddb17
Opcode Fuzzy Hash: 121dee05bd36fed673c3d620615b776279f588806ce42f52b37685c3510c9b00
Instruction Fuzzy Hash: E5118675710711AFE200DF24CC8ABABB7E9FF84344F80491DF58587291EB78A509C7A6

Function 1001ADC0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 61COMMON

Download Yara Rule

APIs

gds__log.FBCLIENT25(XNET error: %s,?,94BA138F), ref: 1001AE5D

Part of subcall function 1002A290: memcpy.MSVCR80(?,?,?,?,10046AE8,?,1002D031,?,?,?,?,?,00000054,00001000), ref: 1002A2B1

memcpy.MSVCR80(00000000), ref: 1001AE2D

Strings

XNET error: %s, xrefs: 1001AE58
XNET error: , xrefs: 1001ADF8

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: memcpy$gds__log
String ID: XNET error: $XNET error: %s
API String ID: 769635992-1690756349
Opcode ID: 3bf558270ffd9363996a36dd043808f7fab3667e51679dbb5ba8da217a1864eb
Instruction ID: 342d393f3c2141c23e2a50aeb606da32117f07c909ca332bfb5c92c30b615515
Opcode Fuzzy Hash: 3bf558270ffd9363996a36dd043808f7fab3667e51679dbb5ba8da217a1864eb
Instruction Fuzzy Hash: 1B11B275908241AFC700CB24DC59F5B77E8EB86B04F804E1CF445CB291DB38E988CBA2

Function 10022B94 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 51COMMON

Download Yara Rule

APIs

remove.MSVCR80 ref: 10022BA4
isc_rollback_transaction.FBCLIENT25(?,00000000), ref: 10022BBB
_CxxThrowException.MSVCR80(00000000,00000000), ref: 10022BFC

Strings

rollback transaction, xrefs: 10022BC4

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: ExceptionThrowisc_rollback_transactionremove
String ID: rollback transaction
API String ID: 3475486823-1646699243
Opcode ID: 75d42efaa9e2cd9d506ba5cce481e7d29dc35e61ba582d00b092b9f76df83f02
Instruction ID: cc3337aaf585abc922493fa89c3cb2cd3a345a448a0e564c4bb33d570c91ed6d
Opcode Fuzzy Hash: 75d42efaa9e2cd9d506ba5cce481e7d29dc35e61ba582d00b092b9f76df83f02
Instruction Fuzzy Hash: 79F0C834600744A7DF62CBA0AD457EFB3E5EF44748FD0041DF40222991CBB87945C396

Function 100409C0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47COMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32(?,94BA138F,?,?,?,?,1023311B,000000FF), ref: 100409FF

Part of subcall function 1002B330: GetLastError.KERNEL32(1002ECEF,00000001,?,10233AE0,10045CBE,14000004,94BA138F,?,?,?,00000100,10254A18), ref: 1002B333
Part of subcall function 1002B330: _CxxThrowException.MSVCR80(00000000,102B4004), ref: 1002B351

CloseHandle.KERNEL32(?,94BA138F,?,?,?,?,1023311B,000000FF), ref: 10040A1A
DeleteCriticalSection.KERNEL32(?,94BA138F,?,?,?,?,1023311B,000000FF), ref: 10040A39

Strings

CloseHandle, xrefs: 10040A05, 10040A20

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: CloseHandle$CriticalDeleteErrorExceptionLastSectionThrow
String ID: CloseHandle
API String ID: 2820609349-2962429428
Opcode ID: 5a12cf27b9a8044f5af90bd32936b0e7558b96a5af01385d77063f1882a548a0
Instruction ID: c2f111b8b0230296aa88a4acc854f07b722d711e30ce44fa4713fc9dff9c55bb
Opcode Fuzzy Hash: 5a12cf27b9a8044f5af90bd32936b0e7558b96a5af01385d77063f1882a548a0
Instruction Fuzzy Hash: 0C01D4F6A04751ABD300CF29DC44F8777E8EB49664F514A3DF829D3381E734E8148AA2

Function 05D15460 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47COMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32(?,521C82CE,?,?,?,?,05D2AD3B,000000FF), ref: 05D1549F

Part of subcall function 05D20090: GetLastError.KERNEL32 ref: 05D20093
Part of subcall function 05D20090: _CxxThrowException.MSVCR80(00000000,05DD85D0), ref: 05D200B1

CloseHandle.KERNEL32(?,521C82CE,?,?,?,?,05D2AD3B,000000FF), ref: 05D154BA
DeleteCriticalSection.KERNEL32(?,521C82CE,?,?,?,?,05D2AD3B,000000FF), ref: 05D154D9

Strings

CloseHandle, xrefs: 05D154A5, 05D154C0

Memory Dump Source

Source File: 00000012.00000002.2432177447.0000000005D01000.00000020.00000001.01000000.0000001D.sdmp, Offset: 05D00000, based on PE: true

Associated: 00000012.00000002.2432135585.0000000005D00000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2432748975.0000000005D2D000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2434993691.0000000005DDB000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2435043213.0000000005DDD000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5d00000_SISTEMA.jbxd

Similarity

API ID: CloseHandle$CriticalDeleteErrorExceptionLastSectionThrow
String ID: CloseHandle
API String ID: 2820609349-2962429428
Opcode ID: 8521d51622b1c354271999036733d0c5e85fc593c67b5fe89eeb50a7c3c70368
Instruction ID: 5b43ff654caa5cfc93d116575b16c8f6d989f17bfd21e53439351e84490aad41
Opcode Fuzzy Hash: 8521d51622b1c354271999036733d0c5e85fc593c67b5fe89eeb50a7c3c70368
Instruction Fuzzy Hash: 130180B2A08751AFD320DB29BC05F177BD8EB94A20F444A2AF855C2340E638D4458AA2

Function 10020AD0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 42COMMON

Download Yara Rule

APIs

SetFilePointer.KERNEL32(?,?,?,00000000), ref: 10020AFC
GetLastError.KERNEL32 ref: 10020B07

Strings

unknown, xrefs: 10020B33, 10020B38
IO error (%d) seeking file: %s, xrefs: 10020B3C

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: ErrorFileLastPointer
String ID: IO error (%d) seeking file: %s$unknown
API String ID: 2976181284-1734547081
Opcode ID: 67f21e013ea5c08935b231b171f22e996caa3f9224ef21ef74d903705ad217de
Instruction ID: 83cd1bef30e94486f28ff424eaac0b99e931ef6e75ccbc1252a10748c5b75fa9
Opcode Fuzzy Hash: 67f21e013ea5c08935b231b171f22e996caa3f9224ef21ef74d903705ad217de
Instruction Fuzzy Hash: D20121706043419BC769CF64EC94EEBB7F6EBC4718FA04A1CF49997181D730A909CB61

Function 10020A50 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 41fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNEL32(?,?,?,?,00000000), ref: 10020A6D
GetLastError.KERNEL32(unknown,?,?,?,?,00000000), ref: 10020AA7

Strings

IO error (%d) writing file: %s, xrefs: 10020AB0
unknown, xrefs: 10020AA1, 10020AA6

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: ErrorFileLastWrite
String ID: IO error (%d) writing file: %s$unknown
API String ID: 442123175-2612903670
Opcode ID: ed87587e2898532662217d8995bf95163292f78396cedbf9dea21e2ea4d6d1f1
Instruction ID: 4521098108157af03d18abf0d875ee1c353c4362cd96dbf06e1105ab99eb48f9
Opcode Fuzzy Hash: ed87587e2898532662217d8995bf95163292f78396cedbf9dea21e2ea4d6d1f1
Instruction Fuzzy Hash: 32011D712043029BC324CA54DCC4EABB3FAEB98355FD1891EF59587141DB30AC45CB65

Function 100209E0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38fileCOMMON

Download Yara Rule

APIs

ReadFile.KERNEL32(?,?,?,?,00000000), ref: 100209FC
GetLastError.KERNEL32(unknown), ref: 10020A30

Strings

unknown, xrefs: 10020A2A, 10020A2F
IO error (%d) reading file: %s, xrefs: 10020A39

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: ErrorFileLastRead
String ID: IO error (%d) reading file: %s$unknown
API String ID: 1948546556-4143083392
Opcode ID: 42e1ad9b2e7c56742531e5b083ad331f54af8cd4d16c0d46ec4d7f78b80be7d1
Instruction ID: 07f8aadc2580d7a5e71bc1e54c2e8df722325ee3721fb0d8a059cdfb3d865fb7
Opcode Fuzzy Hash: 42e1ad9b2e7c56742531e5b083ad331f54af8cd4d16c0d46ec4d7f78b80be7d1
Instruction Fuzzy Hash: 8EF03C31204301AFC364CB58EC88EDBB3EAEB98350F918819F599D7141DB30FC058BA1

Function 05D15880 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 38COMMON

Download Yara Rule

APIs

ucnv_open_3_0.ICUUC30(?,?,BOCU-1,?), ref: 05D158B3
ucnv_fromUChars_3_0.ICUUC30(00000000,?,?,?,?,00000000,?,?,BOCU-1,?), ref: 05D158CC
ucnv_close_3_0.ICUUC30(00000000,00000000,?,?,?,?,00000000,?,?,BOCU-1,?), ref: 05D158D4

Strings

BOCU-1, xrefs: 05D158A6

Memory Dump Source

Source File: 00000012.00000002.2432177447.0000000005D01000.00000020.00000001.01000000.0000001D.sdmp, Offset: 05D00000, based on PE: true

Associated: 00000012.00000002.2432135585.0000000005D00000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2432748975.0000000005D2D000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2434993691.0000000005DDB000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2435043213.0000000005DDD000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5d00000_SISTEMA.jbxd

Similarity

API ID: Chars_3_0ucnv_close_3_0ucnv_fromucnv_open_3_0
String ID: BOCU-1
API String ID: 761701733-3151201281
Opcode ID: d53db1f97a88ef061dd853046976788a27cbf715ec59022b1ad999688269db63
Instruction ID: e4b862478610af9c490443360b49052b1d287dfa0e229f8001225f34ce294cd8
Opcode Fuzzy Hash: d53db1f97a88ef061dd853046976788a27cbf715ec59022b1ad999688269db63
Instruction Fuzzy Hash: EAF054B26043527AD300DB59E884EBFB3DDEFD9A11F44092FF54482140E774994997B6

Function 10037A20 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 23COMMON

Download Yara Rule

APIs

__iob_func.MSVCR80 ref: 10037A31
__iob_func.MSVCR80 ref: 10037A3C
vfprintf.MSVCR80 ref: 10037A50

Strings

StandaloneUtilityInterface::printf()/vfprintf(), xrefs: 10037A5D

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: __iob_func$vfprintf
String ID: StandaloneUtilityInterface::printf()/vfprintf()
API String ID: 2404379131-1082243411
Opcode ID: 707083c8e7cae3c7fb13c007d5820e3690a045e02cd04e61ee69b5ececac726a
Instruction ID: 98e180dbf4d59863ecdf087e4bcb37287110babebd591e0d8bce8f2aa747d4ce
Opcode Fuzzy Hash: 707083c8e7cae3c7fb13c007d5820e3690a045e02cd04e61ee69b5ececac726a
Instruction Fuzzy Hash: 94E06DB06086856FF711CB60CC4974E7BD4EB8020AF24448CF88985162DB30C9549757

Function 1003F490 Relevance: 6.5, APIs: 5, Instructions: 288stringCOMMON

Download Yara Rule

APIs

memset.MSVCR80 ref: 1003F4C5
strncpy.MSVCR80 ref: 1003F6B9
strncpy.MSVCR80 ref: 1003F728
strncpy.MSVCR80 ref: 1003F797
strncpy.MSVCR80 ref: 1003F807

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: strncpy$memset
String ID:
API String ID: 2148828965-0
Opcode ID: 0197e83d9de385b7e5d8cb1736e49b92965d5703408347140e4bba438cd77e76
Instruction ID: 4aed69fd79e494b7836492debe5f8138f7ee9454deb39393c9a28d718b7ac376
Opcode Fuzzy Hash: 0197e83d9de385b7e5d8cb1736e49b92965d5703408347140e4bba438cd77e76
Instruction Fuzzy Hash: 2DB1CF3660C3C18FD332CA2898587EBBBD1AF96349F18499DD8C98F352D376A449C752

Function 100184A0 Relevance: 6.5, APIs: 5, Instructions: 201COMMON

Download Yara Rule

APIs

Part of subcall function 1002A290: memcpy.MSVCR80(?,?,?,?,10046AE8,?,1002D031,?,?,?,?,?,00000054,00001000), ref: 1002A2B1

memcpy.MSVCR80(00000000,102554EF,102554F0,102554EF,00000001), ref: 1001859E
memcpy.MSVCR80(00000000,-00000001,00000000,-00000001,00000001,?,?,00000000,?,?,?,?,?,?,?,?), ref: 100185D8
memcpy.MSVCR80(00000000,?,?,?,00000001,?,-00000001,00000001,?,?,00000000), ref: 1001860B
memcpy.MSVCR80(00000000,-00000001,00000000,-00000001,00000001,?,?,00000001,?,-00000001,00000001,?,?,00000000), ref: 1001863E
memcpy.MSVCR80(00000000,?,?,?,00000001,?,-00000001,00000001,?,?,00000001,?,-00000001,00000001,?,?), ref: 10018679

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: memcpy
String ID:
API String ID: 3510742995-0
Opcode ID: 583388eadc1f3fb90eebaad89bfaa11549e04251ecd01b0cae9ff6f8727e602d
Instruction ID: 768ecc45778f05ca0b00f1efbde5f967fd89aa86f73c4d026fed3185ccdf5fec
Opcode Fuzzy Hash: 583388eadc1f3fb90eebaad89bfaa11549e04251ecd01b0cae9ff6f8727e602d
Instruction Fuzzy Hash: 156123768043819FD301CB24DC56BAB7BE6EF83244F550958F8868B241EA72EF49C792

Function 10075600 Relevance: 6.4, APIs: 5, Instructions: 195COMMON

Download Yara Rule

APIs

Part of subcall function 100533E0: TlsGetValue.KERNEL32(0000002E), ref: 100533E7
Part of subcall function 100533E0: GetLastError.KERNEL32 ref: 100533F3

memset.MSVCR80 ref: 1007578B
memcpy.MSVCR80(?,00000000,00000014,?,00000000,00000050), ref: 100757A6
memcpy.MSVCR80(?,?), ref: 100757E0
memcpy.MSVCR80(?,?,?,?,?,00000000,?,?,?,00000000,?,?), ref: 10075808
memcpy.MSVCR80(?,?,?,00000000,?,?), ref: 10075826

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: memcpy$ErrorLastValuememset
String ID:
API String ID: 3786398206-0
Opcode ID: 68ea171efe41058415611c136bfc14bd237d88ac0de9182e00d234963c96ca11
Instruction ID: 750f049573728c7e3c16b23d3472be7bf12f3e546ae150904f0f9f5586f8e45f
Opcode Fuzzy Hash: 68ea171efe41058415611c136bfc14bd237d88ac0de9182e00d234963c96ca11
Instruction Fuzzy Hash: F65136B29043D18BD304CE28D8406EF77E8EB90255F46CA1DE8D197145F77BEA09C7A6

Function 1001BF30 Relevance: 6.3, APIs: 5, Instructions: 42COMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32(?), ref: 1001BF4B
CloseHandle.KERNEL32(?), ref: 1001BF55
CloseHandle.KERNEL32(?), ref: 1001BF5F
CloseHandle.KERNEL32(?), ref: 1001BF69
CloseHandle.KERNEL32(?), ref: 1001BF73

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: 6ab7c495deacaeeb12d01bf677859175effc429d8bc111c17f813697d9da05ca
Instruction ID: bcece642a0c6ef48cbca1b1bb116f195ebad19a79475c871c2a9139a79b449a8
Opcode Fuzzy Hash: 6ab7c495deacaeeb12d01bf677859175effc429d8bc111c17f813697d9da05ca
Instruction Fuzzy Hash: D7F0E760B14A26A7DA40DE79DD44B66B7ECFF04680706056AA804DB941DB74FCA2CFE0

Function 101ABE00 Relevance: 6.2, APIs: 4, Instructions: 190COMMON

Download Yara Rule

APIs

memmove.MSVCR80(00000000,-00000003,-00000001,-00000001,00000002,94BA138F,00000000,?,00000000,?,?,?,?,10249B18,000000FF,?), ref: 101ABE94

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: memmove
String ID:
API String ID: 2162964266-0
Opcode ID: b955aa2aa9c40e27466415e2982ef41bf162110ab89c1d20212b404430b9436a
Instruction ID: 044d30d3f66e54dd1da8eae7c78693fc3db16f2b0ce98adf717a97945bab6aee
Opcode Fuzzy Hash: b955aa2aa9c40e27466415e2982ef41bf162110ab89c1d20212b404430b9436a
Instruction Fuzzy Hash: 8161AF7590028ADFCF10CF54DC85BDE7774FB01324F144A69ED28AB282E775AA15CBA1

Function 1001B830 Relevance: 6.2, APIs: 4, Instructions: 153synchronizationCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32(?,000001F4), ref: 1001B8D8
WaitForSingleObject.KERNEL32(?,00000001), ref: 1001B8EF
memcpy.MSVCR80(?,?,?), ref: 1001B936
GetLastError.KERNEL32 ref: 1001B9DF

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: ObjectSingleWait$ErrorLastmemcpy
String ID:
API String ID: 3915244499-0
Opcode ID: 0ed7f35640e14a9f1000cf6f4ce2d2c2b59ca2b72a276f7bd069f9e349d4e7d7
Instruction ID: 7e3ed5f2347ce3673c9412e9c973910a4221dd239fd6c7ce32042d75bf270023
Opcode Fuzzy Hash: 0ed7f35640e14a9f1000cf6f4ce2d2c2b59ca2b72a276f7bd069f9e349d4e7d7
Instruction Fuzzy Hash: B051F474708B424BD304CF25E480B6BB7E5FFC4764F15896EE9888B641D731E98ACB92

Function 10001E80 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 145stringCOMMON

Download Yara Rule

APIs

strchr.MSVCR80 ref: 10001EBF
memcpy.MSVCR80(00000000), ref: 10001F03
memcpy.MSVCR80(00000000), ref: 10001F89

Strings

, xrefs: 10001FE2

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: memcpy$strchr
String ID:
API String ID: 921174694-1753176070
Opcode ID: 868356b7b4af1669859a6bd9924a368e2b4b080df0bf22a7c10146dd08ef0d6b
Instruction ID: a6b669683c59f38d45952290df3130289b88021bef1799af0843f44034e2a2d2
Opcode Fuzzy Hash: 868356b7b4af1669859a6bd9924a368e2b4b080df0bf22a7c10146dd08ef0d6b
Instruction Fuzzy Hash: CE41F4B5604252AFE720CB24C985BFB77E9EF852D4F000528F889D7689DB75B804C7A2

Function 05D285E0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 145stringCOMMON

Download Yara Rule

APIs

strchr.MSVCR80 ref: 05D2861F
memcpy.MSVCR80(00000000), ref: 05D28663
memcpy.MSVCR80(00000000), ref: 05D286E9

Strings

, xrefs: 05D28742

Memory Dump Source

Source File: 00000012.00000002.2432177447.0000000005D01000.00000020.00000001.01000000.0000001D.sdmp, Offset: 05D00000, based on PE: true

Associated: 00000012.00000002.2432135585.0000000005D00000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2432748975.0000000005D2D000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2434993691.0000000005DDB000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2435043213.0000000005DDD000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5d00000_SISTEMA.jbxd

Similarity

API ID: memcpy$strchr
String ID:
API String ID: 921174694-1753176070
Opcode ID: dab7c68090defc60fe72b171d4c934a730479addd879d5caa91d8645b25fdaf6
Instruction ID: a56269ab8d1caed77a5de1d653f3f8faa1bfe5b1033b426ce19c8123f75bada5
Opcode Fuzzy Hash: dab7c68090defc60fe72b171d4c934a730479addd879d5caa91d8645b25fdaf6
Instruction Fuzzy Hash: 2141E7B1604361AFDB20DB28C985F7B77E9FFA5209F04490BE48A97680D775E804D7B2

Function 05D06FF0 Relevance: 6.1, APIs: 4, Instructions: 144COMMON

Download Yara Rule

APIs

memset.MSVCR80 ref: 05D0705C
LD_lookup_charset.FBINTL(00000000,?,?,00000000,00000000,000000EC,000000EC,521C82CE,00000000,05DC3A28,?,?,?,05D29FF0,000000FF,05D07265), ref: 05D07064
memcpy.MSVCR80(00000000,?,?,?), ref: 05D070DC
memcpy.MSVCR80(?,?,?), ref: 05D07111

Memory Dump Source

Source File: 00000012.00000002.2432177447.0000000005D01000.00000020.00000001.01000000.0000001D.sdmp, Offset: 05D00000, based on PE: true

Associated: 00000012.00000002.2432135585.0000000005D00000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2432748975.0000000005D2D000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2434993691.0000000005DDB000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2435043213.0000000005DDD000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5d00000_SISTEMA.jbxd

Similarity

API ID: memcpy$D_lookup_charsetmemset
String ID:
API String ID: 2490371941-0
Opcode ID: 1812ef0739aa8f4511da58de15ef6accb14cb46923f9ddda654a5aed09a169f7
Instruction ID: 032a9460f2c233acff00de4b5fd5f2feafcb866556e500999a4f1909c97674cd
Opcode Fuzzy Hash: 1812ef0739aa8f4511da58de15ef6accb14cb46923f9ddda654a5aed09a169f7
Instruction Fuzzy Hash: 10518DB16083419FD314DF68D885B6FBBE9FF89304F00491EF49587390EA71A905CBA6

Function 05D0F5D0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 141COMMON

Download Yara Rule

APIs

memcpy.MSVCR80(05DDB928,?,00000103,00000104,FFFFFFFF,?,?,521C82CE), ref: 05D0F6F3
memcpy.MSVCR80(05DDB610,?,00000103,00000104,FFFFFFFF,?,?,521C82CE), ref: 05D0F71B
memcpy.MSVCR80(05DDB718,?,00000103,00000104,FFFFFFFF,?,?,521C82CE), ref: 05D0F743

Strings

Firebird::string - pos out of range, xrefs: 05D0F651

Memory Dump Source

Source File: 00000012.00000002.2432177447.0000000005D01000.00000020.00000001.01000000.0000001D.sdmp, Offset: 05D00000, based on PE: true

Associated: 00000012.00000002.2432135585.0000000005D00000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2432748975.0000000005D2D000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2434993691.0000000005DDB000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2435043213.0000000005DDD000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5d00000_SISTEMA.jbxd

Similarity

API ID: memcpy
String ID: Firebird::string - pos out of range
API String ID: 3510742995-2821963893
Opcode ID: 0a40e71749533ac51b6a0b58a9a2df7c84bd40f4df626834035e8385d8daa5b8
Instruction ID: 574673d689402aa1d6e632d05bb69065f248f0fd31e9ee54defa20c38cbbaf8b
Opcode Fuzzy Hash: 0a40e71749533ac51b6a0b58a9a2df7c84bd40f4df626834035e8385d8daa5b8
Instruction Fuzzy Hash: 3C415772A08352ABC720DB248844A7BBBD5FFD5658FA4192FF48687290D621D845C7B3

Function 10025E30 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 122COMMON

Download Yara Rule

APIs

memcpy.MSVCR80(00000000), ref: 10025EB5

Strings

Can not start trace session. There are no trace plugins loaded, xrefs: 10025E6D
fb_trace., xrefs: 10025F08
Trace session ID %ld started, xrefs: 10025F53

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: memcpy
String ID: Can not start trace session. There are no trace plugins loaded$Trace session ID %ld started$fb_trace.
API String ID: 3510742995-3444181141
Opcode ID: c55383ad04f336eaa628ef69c16321b888595eeed2dbd4f294d50bd15fa3f679
Instruction ID: 80bc0c3d2d12dce4d9f580531f31f9ee7ec496b143129e41d8588b75adebfd7c
Opcode Fuzzy Hash: c55383ad04f336eaa628ef69c16321b888595eeed2dbd4f294d50bd15fa3f679
Instruction Fuzzy Hash: 9E41BBB4604240AFC754DF28DC82BABB7E9EF88610F44452DF84A87292DB75F908CB95

Function 1001E480 Relevance: 6.1, APIs: 4, Instructions: 112fileCOMMON

Download Yara Rule

APIs

Part of subcall function 100533E0: TlsGetValue.KERNEL32(0000002E), ref: 100533E7
Part of subcall function 100533E0: GetLastError.KERNEL32 ref: 100533F3

SetFilePointer.KERNEL32(?,?,?,00000000), ref: 1001E4EF
GetLastError.KERNEL32 ref: 1001E4FA
ReadFile.KERNEL32(?,?,?,00000000,00000000), ref: 1001E53C
GetLastError.KERNEL32 ref: 1001E564

Part of subcall function 1002AA90: _CxxThrowException.MSVCR80(?,102B3E34), ref: 1002AAA3

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: ErrorLast$File$ExceptionPointerReadThrowValue
String ID:
API String ID: 868633806-0
Opcode ID: f3d9e69f858bdd9c60800277396f35bf948ee48952cb211b2175b93ace7dac94
Instruction ID: 8b756877ce810668486c65607ee7e71039f1364a15e5652d551b1354b9167b41
Opcode Fuzzy Hash: f3d9e69f858bdd9c60800277396f35bf948ee48952cb211b2175b93ace7dac94
Instruction Fuzzy Hash: DE417B71600345CFC710DF64D884A6BB7EAFF88754F108A5EEA499B295D730EC84CBA1

Function 1002C9E0 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 101stringCOMMON

Download Yara Rule

APIs

Part of subcall function 1002C530: RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00000001,?,1002CA27,System\CurrentControlSet\Control\ProductOptions,94BA138F,102559A8,1038FB40,?,?,10231900,000000FF,1002D2A3,Terminal Server), ref: 1002C53F

Part of subcall function 1002C550: RegQueryValueExA.ADVAPI32(?,?,00000000,?,00000000,?,1002CA3D,ProductSuite,System\CurrentControlSet\Control\ProductOptions,94BA138F,102559A8,1038FB40,?,?,10231900,000000FF), ref: 1002C567

Part of subcall function 1002C5F0: LocalAlloc.KERNEL32(00000040,?,1038FB40,1002CA5C,?,ProductSuite,System\CurrentControlSet\Control\ProductOptions,94BA138F,102559A8,1038FB40,?,?,10231900,000000FF,1002D2A3,Terminal Server), ref: 1002C5FA

Part of subcall function 1002C580: RegQueryValueExA.ADVAPI32(?,?,00000000,?,?,?,1002CA77,94BA138F), ref: 1002C596

Part of subcall function 1002C5B0: RegCloseKey.ADVAPI32(00000000,1038FB40,1002CB1C), ref: 1002C5BA

lstrcmpA.KERNEL32(94BA138F,?,94BA138F), ref: 1002CAAC
lstrlenA.KERNEL32(94BA138F), ref: 1002CAB3

Strings

System\CurrentControlSet\Control\ProductOptions, xrefs: 1002CA15
ProductSuite, xrefs: 1002CA33

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: QueryValue$AllocCloseLocalOpenlstrcmplstrlen
String ID: ProductSuite$System\CurrentControlSet\Control\ProductOptions
API String ID: 44574329-588814233
Opcode ID: d39e3ed6836aef3349504dd95a7b75b90f6060d84f59992a7d6382f3d4df9cf7
Instruction ID: ee0c3f44e07ecbc395e876623085759240c93d973d3666da10249dfc75aae5ac
Opcode Fuzzy Hash: d39e3ed6836aef3349504dd95a7b75b90f6060d84f59992a7d6382f3d4df9cf7
Instruction Fuzzy Hash: DC31A3754087459BC311CF54E485E9BBBD4FF912A8F840A0DF89163291DB34A949CBA3

Function 05D22580 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 101stringCOMMON

Download Yara Rule

APIs

Part of subcall function 05D22060: RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00000001), ref: 05D2206F

Part of subcall function 05D22080: RegQueryValueExA.ADVAPI32(?,?,00000000,?,00000000,?), ref: 05D22097

Part of subcall function 05D22120: LocalAlloc.KERNEL32(00000040,?), ref: 05D2212A

Part of subcall function 05D220B0: RegQueryValueExA.ADVAPI32(?,?,00000000,?,?,?), ref: 05D220C6

Part of subcall function 05D220E0: RegCloseKey.ADVAPI32 ref: 05D220EA

lstrcmpA.KERNEL32(521C82CE,?), ref: 05D2264C
lstrlenA.KERNEL32(521C82CE), ref: 05D22653

Strings

ProductSuite, xrefs: 05D225D3
System\CurrentControlSet\Control\ProductOptions, xrefs: 05D225B5

Memory Dump Source

Source File: 00000012.00000002.2432177447.0000000005D01000.00000020.00000001.01000000.0000001D.sdmp, Offset: 05D00000, based on PE: true

Associated: 00000012.00000002.2432135585.0000000005D00000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2432748975.0000000005D2D000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2434993691.0000000005DDB000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2435043213.0000000005DDD000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5d00000_SISTEMA.jbxd

Similarity

API ID: QueryValue$AllocCloseLocalOpenlstrcmplstrlen
String ID: ProductSuite$System\CurrentControlSet\Control\ProductOptions
API String ID: 44574329-588814233
Opcode ID: 4a82117b651ea58e9d268750fd1161bc8263b7b7a90a0a311b2390d3ea6b6d98
Instruction ID: 44df4983efaf46d95d483153d7090b8c30216dae598863697cea570b2aa27392
Opcode Fuzzy Hash: 4a82117b651ea58e9d268750fd1161bc8263b7b7a90a0a311b2390d3ea6b6d98
Instruction Fuzzy Hash: C631AF7A10C3519FC311EF15C844EABBBE5FFA1368F444A0FF89253290DB34A549CA62

Function 05D03AA0 Relevance: 6.1, APIs: 4, Instructions: 100COMMON

Download Yara Rule

APIs

ucnv_fromUnicode_3_0.ICUUC30(00000000,?,00000000,?,?,00000000,00000001,00000000), ref: 05D03B23

Memory Dump Source

Source File: 00000012.00000002.2432177447.0000000005D01000.00000020.00000001.01000000.0000001D.sdmp, Offset: 05D00000, based on PE: true

Associated: 00000012.00000002.2432135585.0000000005D00000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2432748975.0000000005D2D000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2434993691.0000000005DDB000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2435043213.0000000005DDD000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5d00000_SISTEMA.jbxd

Similarity

API ID: Unicode_3_0ucnv_from
String ID:
API String ID: 1224165631-0
Opcode ID: 47c40cf2da808aea85e8de63725ac62845721f4d8e1eba9ad417d9a6a1df6d5e
Instruction ID: c32c27b44f723795b280b74b9efc748620935b350a6538f2b7c0b8698304fe96
Opcode Fuzzy Hash: 47c40cf2da808aea85e8de63725ac62845721f4d8e1eba9ad417d9a6a1df6d5e
Instruction Fuzzy Hash: 563139726083419FD300DF58E880A9AF7E4FFC4625F144A2EF58587290D771E9498B62

Function 10054160 Relevance: 6.1, APIs: 4, Instructions: 83COMMON

Download Yara Rule

APIs

isc_blob_info.FBCLIENT25(?,?,00000003,1026BA88,00000040,?), ref: 100541AD
gds__vax_integer.FBCLIENT25(?,00000002), ref: 100541F6
gds__vax_integer.FBCLIENT25(?), ref: 10054203

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: gds__vax_integer$isc_blob_info
String ID:
API String ID: 4288012912-0
Opcode ID: 7353d2158ce6aef33f9312df0beee0f2b2e1bef938b9de767e06060bc0abd01e
Instruction ID: 2f0b6a0c381befc353e8b0f9e2ca78dd083030858cd73b80f9bc482bed247b00
Opcode Fuzzy Hash: 7353d2158ce6aef33f9312df0beee0f2b2e1bef938b9de767e06060bc0abd01e
Instruction Fuzzy Hash: 5521F375B083549ED364CE248851BFB77E4EB95344F82491DF98A47281DF79A8088762

Function 10004A80 Relevance: 6.1, APIs: 4, Instructions: 62networkCOMMON

Download Yara Rule

APIs

Part of subcall function 10004A60: inet_addr.WS2_32(?), ref: 10004A65

gethostbyname.WS2_32 ref: 10004AA3
WSAGetLastError.WS2_32 ref: 10004AB1
gethostbyname.WS2_32 ref: 10004AC6
WSAGetLastError.WS2_32 ref: 10004ACF

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: ErrorLastgethostbyname$inet_addr
String ID:
API String ID: 2392642016-0
Opcode ID: 3a193db63f79c94076b2504baa8b240106b079912075f3394ceaf69e700005af
Instruction ID: 3d66b8c999e5ed975dcbfb8abd3ec3966c5cf3e43355e288a6d3829678f66534
Opcode Fuzzy Hash: 3a193db63f79c94076b2504baa8b240106b079912075f3394ceaf69e700005af
Instruction Fuzzy Hash: E711A5B1B412158FE700DF60D8C0BAAB3E4EB462D5F534468D5068B546EF26EC86C75E

Function 1002D680 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 60stringCOMMON

Download Yara Rule

APIs

strchr.MSVCR80 ref: 1002D6AB
memmove.MSVCR80(?,?,?,102559A8,1038FB40,?,?,?,?,?,?,10230B60,000000FF), ref: 1002D6F9
memcpy.MSVCR80(?,Global\,Global\,?,?,?,?,?,?,10230B60,000000FF), ref: 1002D706

Part of subcall function 1002D260: GetVersion.KERNEL32(94BA138F,102559A8,1038FB40,?,?,00000080,1038FB40,00000000,00000080,94BA138F), ref: 1002D287

Strings

Global\, xrefs: 1002D6B8, 1002D6FF, 1002D700

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: Versionmemcpymemmovestrchr
String ID: Global\
API String ID: 1397133239-188423391
Opcode ID: 9624b7dee3f7c92154496ed816d9127b949c8e3fbbc78bdd1a9c96feeb269ce1
Instruction ID: 51a2e2aff51690b02baa6be6003eec73db7e20c50d8f86903b7a024507530a4f
Opcode Fuzzy Hash: 9624b7dee3f7c92154496ed816d9127b949c8e3fbbc78bdd1a9c96feeb269ce1
Instruction Fuzzy Hash: 8C1188361042A05FC300EB78ACCCBC73FD9CF85284F694A86F58A8B221D664EC1CC3A1

Function 05D23271 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 60stringCOMMON

Download Yara Rule

APIs

Part of subcall function 05D22E50: GetVersion.KERNEL32(521C82CE), ref: 05D22E77

strchr.MSVCR80 ref: 05D2329B
memmove.MSVCR80(?,?,?), ref: 05D232E9
memcpy.MSVCR80(?,Global\,Global\), ref: 05D232F6

Strings

Global\, xrefs: 05D232A8, 05D232EF, 05D232F0

Memory Dump Source

Source File: 00000012.00000002.2432177447.0000000005D01000.00000020.00000001.01000000.0000001D.sdmp, Offset: 05D00000, based on PE: true

Associated: 00000012.00000002.2432135585.0000000005D00000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2432748975.0000000005D2D000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2434993691.0000000005DDB000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2435043213.0000000005DDD000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5d00000_SISTEMA.jbxd

Similarity

API ID: Versionmemcpymemmovestrchr
String ID: Global\
API String ID: 1397133239-188423391
Opcode ID: 6537c3dc8320aea1f1dde1891e4c4d525c255981b713250c3982013531a1b863
Instruction ID: 02c27ad6888f8db95a54084208c0f11dd49dd8f5d53a87704db946eb48637f78
Opcode Fuzzy Hash: 6537c3dc8320aea1f1dde1891e4c4d525c255981b713250c3982013531a1b863
Instruction Fuzzy Hash: 0D1155336042605FD7208A7C9C89F9B7F969FA521AB2A8D57F485CB301DA26D4088BB0

Function 10018400 Relevance: 6.0, APIs: 4, Instructions: 42pipeCOMMON

Download Yara Rule

APIs

FlushFileBuffers.KERNEL32(10244C8B,00000000,75730E30,10019606,00000000,?,?,00000000), ref: 10018431
DisconnectNamedPipe.KERNEL32(10244C8B,?,?,00000000), ref: 1001843E
CloseHandle.KERNEL32(544E8366,00000000,75730E30,10019606,00000000,?,?,00000000), ref: 10018456
CloseHandle.KERNEL32(10244C8B,00000000,75730E30,10019606,00000000,?,?,00000000), ref: 1001846E

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: CloseHandle$BuffersDisconnectFileFlushNamedPipe
String ID:
API String ID: 1828168726-0
Opcode ID: dfc0e7711fe878c6942ea298172e1b3759f3829d0fb9e5ef86c18aa9544088a3
Instruction ID: a9f2713a65d19e5c4b144f91a34210d5e8c35e3575d3bd50d7b294111c2fccba
Opcode Fuzzy Hash: dfc0e7711fe878c6942ea298172e1b3759f3829d0fb9e5ef86c18aa9544088a3
Instruction Fuzzy Hash: 26010075600B119BC661DB78C884B9AF7E9EF45224F208B08F6E6C72E1DF74F9818B50

Function 10054A30 Relevance: 6.0, APIs: 4, Instructions: 40COMMON

Download Yara Rule

APIs

isc_put_segment.FBCLIENT25(?,?,?,?), ref: 10054A67
isc_close_blob.FBCLIENT25(?,?), ref: 10054A76
gds__free.FBCLIENT25(?), ref: 10054A85
gds__free.FBCLIENT25(?), ref: 10054A8B

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: gds__free$isc_close_blobisc_put_segment
String ID:
API String ID: 3006832684-0
Opcode ID: b1ed222250594a419479e5671c42bbc6f00e3737fd817a096d65b3ebad188cc5
Instruction ID: e39a3b88e277072f7ad967edcb8534b29ae28d588d575991f972abdc545d3b3c
Opcode Fuzzy Hash: b1ed222250594a419479e5671c42bbc6f00e3737fd817a096d65b3ebad188cc5
Instruction Fuzzy Hash: 80F0C27A5047515AE360EB24C851BE7B3E8EF81648F014D1CFD9286051FBB4F988C3A9

Function 10074330 Relevance: 6.0, APIs: 4, Instructions: 36COMMON

Download Yara Rule

APIs

Part of subcall function 10074100: InterlockedExchange.KERNEL32(?,00000001), ref: 1007410B
Part of subcall function 10074100: GetModuleHandleA.KERNEL32(kernel32.dll,00000000,00000000,?,?,10074212,00000000,?,00000000,?,?,?,10074642,?,000000FF,10056319), ref: 1007414A
Part of subcall function 10074100: GetProcAddress.KERNEL32(00000000,SwitchToThread), ref: 1007415A
Part of subcall function 10074100: GetCurrentThread.KERNEL32 ref: 10074175
Part of subcall function 10074100: SetThreadPriority.KERNEL32(00000000,00000001,?,10074212,00000000,?,00000000,?,?,?,10074642,?,000000FF,10056319,?), ref: 1007417C
Part of subcall function 10074100: SetThreadPriority.KERNEL32(00000000,00000000,?,10074212,00000000,?,00000000,?,?,?,10074642,?,000000FF,10056319,?), ref: 10074187
Part of subcall function 10074100: InterlockedExchange.KERNEL32(?,00000001), ref: 1007418C

InterlockedExchange.KERNEL32(-00000004,00000000), ref: 1007434F
SetLastError.KERNEL32(00000057), ref: 10074357
SetEvent.KERNEL32(00000000), ref: 1007436F
InterlockedExchange.KERNEL32(-00000004,00000000), ref: 10074386

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: ExchangeInterlocked$Thread$Priority$AddressCurrentErrorEventHandleLastModuleProc
String ID:
API String ID: 1829329005-0
Opcode ID: ad49c2853d3b8ea7e4ac73b14b79be0425c2835bc82421f53bba22c049e17c72
Instruction ID: ac2a990a1aef826eb87b697bd403a8fcd72584dfbf6f864761678cd61ff4b178
Opcode Fuzzy Hash: ad49c2853d3b8ea7e4ac73b14b79be0425c2835bc82421f53bba22c049e17c72
Instruction Fuzzy Hash: B2F09075A04A20AFDA049B54EC89E86B3A4FF55329B02C109F94A97650CF25B8819F98

Function 05D16BC0 Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 36COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,?,00000000,?,05D191BF,521C82CE,?,00000000,?,?), ref: 05D16BC9
LeaveCriticalSection.KERNEL32(?,?,05D191BF,521C82CE,?,00000000,?,?), ref: 05D16BE3
LeaveCriticalSection.KERNEL32(?,?,05D191BF,521C82CE,?,00000000,?,?), ref: 05D16BEF

Strings

NFD; [:Nonspacing Mark:] Remove; NFC, xrefs: 05D16C05

Memory Dump Source

Source File: 00000012.00000002.2432177447.0000000005D01000.00000020.00000001.01000000.0000001D.sdmp, Offset: 05D00000, based on PE: true

Associated: 00000012.00000002.2432135585.0000000005D00000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2432748975.0000000005D2D000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2434993691.0000000005DDB000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2435043213.0000000005DDD000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5d00000_SISTEMA.jbxd

Similarity

API ID: CriticalSection$Leave$Enter
String ID: NFD; [:Nonspacing Mark:] Remove; NFC
API String ID: 2978645861-4110250704
Opcode ID: 5551b2b3c7ec8463790f6818acf9d8e0d5ed5b265ea49868349915b644b84730
Instruction ID: 7021d2b71cbf3059c41e14d727f8c236f56cd7cffdd1a476fe979e8bdcd30d16
Opcode Fuzzy Hash: 5551b2b3c7ec8463790f6818acf9d8e0d5ed5b265ea49868349915b644b84730
Instruction Fuzzy Hash: 9EF06232240701ABD3309A58DD05B56B7A5FB84722F60061EF55297A90C7B4B8468B55

Function 05D150AA Relevance: 6.0, APIs: 4, Instructions: 34COMMON

Download Yara Rule

APIs

FreeSid.ADVAPI32(?), ref: 05D150B4
FreeSid.ADVAPI32(?), ref: 05D150C2
LocalFree.KERNEL32(?), ref: 05D150D0
LocalFree.KERNEL32(?), ref: 05D150DE

Memory Dump Source

Source File: 00000012.00000002.2432177447.0000000005D01000.00000020.00000001.01000000.0000001D.sdmp, Offset: 05D00000, based on PE: true

Associated: 00000012.00000002.2432135585.0000000005D00000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2432748975.0000000005D2D000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2434993691.0000000005DDB000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2435043213.0000000005DDD000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5d00000_SISTEMA.jbxd

Similarity

API ID: Free$Local
String ID:
API String ID: 4294323854-0
Opcode ID: 399627c05357a23716fc2a18c6fb6eee5d0af5d5d2f7670a4ffaa59673ec21c3
Instruction ID: f5e2bbfd6d1c647bd4d0367d6318dc86cc6ae248230db0758fd9897f5565427c
Opcode Fuzzy Hash: 399627c05357a23716fc2a18c6fb6eee5d0af5d5d2f7670a4ffaa59673ec21c3
Instruction Fuzzy Hash: 9FF03075A04244ABCF30AFA8F8C955D77A6FB54211B60442BFD0AC7340DB34D9C98A55

Function 100556A0 Relevance: 6.0, APIs: 4, Instructions: 33fileCOMMON

Download Yara Rule

APIs

fopen.MSVCR80 ref: 100556AC

Part of subcall function 10054C30: isc_open_blob2.FBCLIENT25 ref: 10054C74

fclose.MSVCR80 ref: 100556D5
_unlink.MSVCR80(?), ref: 100556DC
fclose.MSVCR80 ref: 100556EC

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: fclose$_unlinkfopenisc_open_blob2
String ID:
API String ID: 225457387-0
Opcode ID: 27d93b2e34664dd4be0f9bd44f6967a428914c0d88abf239c24c691b830961df
Instruction ID: c458bb9d13aeeed87fc8c679a93f1d333726a25a1cabbc5edb372c66177eccfc
Opcode Fuzzy Hash: 27d93b2e34664dd4be0f9bd44f6967a428914c0d88abf239c24c691b830961df
Instruction Fuzzy Hash: 6BF082366051216BD301DF95AC899DFB7E8EF94225F05482AFC41C3221DB35A8AAC6A2

Function 10055700 Relevance: 6.0, APIs: 4, Instructions: 33fileCOMMON

Download Yara Rule

APIs

fopen.MSVCR80 ref: 1005570C

Part of subcall function 10054C30: isc_open_blob2.FBCLIENT25 ref: 10054C74

fclose.MSVCR80 ref: 10055735
_unlink.MSVCR80(?), ref: 1005573C
fclose.MSVCR80 ref: 1005574C

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: fclose$_unlinkfopenisc_open_blob2
String ID:
API String ID: 225457387-0
Opcode ID: ea4460efed88635840d62a0641799cc62616bb7023b1f4335cf9d4fb43112627
Instruction ID: 1075672b3bd74d5ca0a9906b186b0dbbca63df6c2d94833fba030efacc6f2b26
Opcode Fuzzy Hash: ea4460efed88635840d62a0641799cc62616bb7023b1f4335cf9d4fb43112627
Instruction Fuzzy Hash: 11F08936605111ABC301DB94BC889DFB7E8EF94225F05482AFC41C2221DB75985586A2

Function 1004E740 Relevance: 6.0, APIs: 4, Instructions: 28synchronizationCOMMON

Download Yara Rule

APIs

OpenProcess.KERNEL32(00100000,00000000,?,00000000,100742C3,?), ref: 1004E74D
GetLastError.KERNEL32 ref: 1004E759
WaitForSingleObject.KERNEL32(00000000,00000000,00001388), ref: 1004E76F
CloseHandle.KERNEL32(00000000), ref: 1004E77B

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: CloseErrorHandleLastObjectOpenProcessSingleWait
String ID:
API String ID: 3571036255-0
Opcode ID: b7a6fd7e86a031e62d6c26dab6866a562e91ef27daf8782cdb50e32cd3e7aed8
Instruction ID: b0c956def57f96c24971f004e9a6336a27a4ded7c74a90bf70c168c0206af4ab
Opcode Fuzzy Hash: b7a6fd7e86a031e62d6c26dab6866a562e91ef27daf8782cdb50e32cd3e7aed8
Instruction Fuzzy Hash: 7CE0DF36289231AFD2141B307C8DBDAA7A8EF05AA9F220001F905C61D0CA208C409AA9

Function 05D13E00 Relevance: 6.0, APIs: 4, Instructions: 28synchronizationCOMMON

Download Yara Rule

APIs

OpenProcess.KERNEL32(00100000,00000000,?), ref: 05D13E0D
GetLastError.KERNEL32 ref: 05D13E19
WaitForSingleObject.KERNEL32(00000000,00000000), ref: 05D13E2F
CloseHandle.KERNEL32(00000000), ref: 05D13E3B

Memory Dump Source

Source File: 00000012.00000002.2432177447.0000000005D01000.00000020.00000001.01000000.0000001D.sdmp, Offset: 05D00000, based on PE: true

Associated: 00000012.00000002.2432135585.0000000005D00000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2432748975.0000000005D2D000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2434993691.0000000005DDB000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2435043213.0000000005DDD000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5d00000_SISTEMA.jbxd

Similarity

API ID: CloseErrorHandleLastObjectOpenProcessSingleWait
String ID:
API String ID: 3571036255-0
Opcode ID: e866954836082d7225dcda60758bbe5d79df8c7b428aa91404e6f7410c90d1fc
Instruction ID: 99a01afcaab4c433bb280c0bbc026daa8ddec550c7ed13443efc0da804037618
Opcode Fuzzy Hash: e866954836082d7225dcda60758bbe5d79df8c7b428aa91404e6f7410c90d1fc
Instruction Fuzzy Hash: 62E04F361992316FD6312A287D4BFEA2B59AF05A51F520102FC45C6294CB108CC79AAA

Function 1000F580 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 179COMMON

Download Yara Rule

APIs

gds__free.FBCLIENT25(?,?,?,?,94BA138F), ref: 1000F78D
gds__free.FBCLIENT25(?,?,?,?,94BA138F), ref: 1000F79D

Strings

GDS_GET_SLICE, xrefs: 1000F604

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: gds__free
String ID: GDS_GET_SLICE
API String ID: 2094751960-2830672855
Opcode ID: d9068eeaac827be90cb2dc4e5cd9417cf9fd117f6cbcd1353dd3993f2dfbdc61
Instruction ID: 9222555d5b4e8fc2dcad4870ac090ff328582d35e3d6fc97899111b6e4c4902d
Opcode Fuzzy Hash: d9068eeaac827be90cb2dc4e5cd9417cf9fd117f6cbcd1353dd3993f2dfbdc61
Instruction Fuzzy Hash: 8A717CB49042488FEF20CF54C890BEEB7B4FF49384F148169EC499B35ADB31A905CBA1

Function 10033390 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 162COMMON

Download Yara Rule

Strings

4333, xrefs: 1003367F

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID:
String ID: 4333
API String ID: 0-865857285
Opcode ID: 634ece32491fdd84249f6cab31050a6a01334d92caa5d5d16bfda948edcafb05
Instruction ID: 719648860a581cb1021711abc414a17805a7eadcf467b702499210e768d3ae57
Opcode Fuzzy Hash: 634ece32491fdd84249f6cab31050a6a01334d92caa5d5d16bfda948edcafb05
Instruction Fuzzy Hash: 81510571A087809FD361CB29C8C2B5AB7E0FF89764F59C60CF5998B391DB74A8448B43

Function 1000FDD0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 161COMMON

Download Yara Rule

APIs

gds__free.FBCLIENT25(?,?,94BA138F,?,?,?,?,?,?,?,?,?,?,?,1022FDE8,000000FF), ref: 1000FFA2
gds__free.FBCLIENT25(?,?,94BA138F,?,?,?,?,?,?,?,?,?,?,?,1022FDE8,000000FF), ref: 1000FFB2

Strings

GDS_PUT_SLICE, xrefs: 1000FE54

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: gds__free
String ID: GDS_PUT_SLICE
API String ID: 2094751960-480427332
Opcode ID: c688d7424f1ad2957f9b0f0a05a7029e9fc0fe98a07b9fa78da9a94ffc7f889a
Instruction ID: ed05ea5d371397883415526b48eab1c3cc7bddd13edfb1419471f1c871b90c44
Opcode Fuzzy Hash: c688d7424f1ad2957f9b0f0a05a7029e9fc0fe98a07b9fa78da9a94ffc7f889a
Instruction Fuzzy Hash: 98614975A00249CFEB24CF58C881BEEB7B4FF49350F14816AEC49AB356DB35A944CB61

Function 1002CC40 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 146COMMON

Download Yara Rule

APIs

__aulldvrm.LIBCMT ref: 1002CD19

Strings

., xrefs: 1002CD72
-, xrefs: 1002CD8F

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: __aulldvrm
String ID: -$.
API String ID: 1302938615-3807043784
Opcode ID: eb9b5f0564b0e76633f30968ed15b542f6c48c6b8b33e64082497972812bacd1
Instruction ID: 08a16a773d3643fcc0f6db9f831744f0084b4ce2a7b1f58448d8520470ae6572
Opcode Fuzzy Hash: eb9b5f0564b0e76633f30968ed15b542f6c48c6b8b33e64082497972812bacd1
Instruction Fuzzy Hash: A8417976A0C3C40ED325D67CA405B5FBFE29BD2244FD5483DE48A07642DA75AA4CC393

Function 05D227E0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 146COMMON

Download Yara Rule

APIs

__aulldvrm.LIBCMT ref: 05D228B9

Strings

-, xrefs: 05D2292F
., xrefs: 05D22912

Memory Dump Source

Source File: 00000012.00000002.2432177447.0000000005D01000.00000020.00000001.01000000.0000001D.sdmp, Offset: 05D00000, based on PE: true

Associated: 00000012.00000002.2432135585.0000000005D00000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2432748975.0000000005D2D000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2434993691.0000000005DDB000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2435043213.0000000005DDD000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5d00000_SISTEMA.jbxd

Similarity

API ID: __aulldvrm
String ID: -$.
API String ID: 1302938615-3807043784
Opcode ID: 9ce1263d1d5daaab7c16916c6a82abe38607918593ef9304dd0a28ca40365b6f
Instruction ID: 69b583301f53499a6576c4dc5de9f0d300333ac17b2c06fb9b52c0b3b3fd3025
Opcode Fuzzy Hash: 9ce1263d1d5daaab7c16916c6a82abe38607918593ef9304dd0a28ca40365b6f
Instruction Fuzzy Hash: 6C41083AB0D3A04ED725A638840577FBFE26BE530CF88882FF48647641D965D6488763

Function 10034399 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 145COMMON

Download Yara Rule

APIs

__allrem.LIBCMT ref: 100343B1
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 100343BE

Strings

4333, xrefs: 10034426

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
String ID: 4333
API String ID: 1992179935-865857285
Opcode ID: c804527eb9bbaf1a205116da7890261e2e760555c0e299d8cae6fc1efe4eae18
Instruction ID: eba0fdd89de343d1f4d2d6c02465ab6b5a3736840e415eef7b0734e050567360
Opcode Fuzzy Hash: c804527eb9bbaf1a205116da7890261e2e760555c0e299d8cae6fc1efe4eae18
Instruction Fuzzy Hash: 8A510239A443404FE361DB248882B5AB6D0EF95765F16462CFA6D8F2D2DA71B8448783

Function 10025BF0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 144synchronizationCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32(?,000000FA,?,00000400), ref: 10025D0F

Strings

WaitForSingleObject, xrefs: 10025D69
Can't open trace data log file, xrefs: 10025C4F

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: ObjectSingleWait
String ID: Can't open trace data log file$WaitForSingleObject
API String ID: 24740636-3339179403
Opcode ID: 644ba7c190d6ee4ee34a37b127184ef92409699ac4e4f86071a8681a8eef3f5a
Instruction ID: 3c760a39515eab9a265a492670e28e4d3ccdb40919297c8474c788f6aac9b0b8
Opcode Fuzzy Hash: 644ba7c190d6ee4ee34a37b127184ef92409699ac4e4f86071a8681a8eef3f5a
Instruction Fuzzy Hash: 5A51F2752007018FC720CF24D885BAAB3E5EF8A754F90461DF61A8B391EB31EC45CB9A

Function 10054270 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 138COMMON

Download Yara Rule

APIs

gds__alloc.FBCLIENT25 ref: 100542F5
gds__log.FBCLIENT25(isc_extend_dpb: out of memory), ref: 10054309

Strings

isc_extend_dpb: out of memory, xrefs: 10054304

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: gds__allocgds__log
String ID: isc_extend_dpb: out of memory
API String ID: 2901454500-1283669051
Opcode ID: 677358231e71213f94cbb74fbff59cf05e7a4d83e7fca9904c30f5e11d6a4450
Instruction ID: 9b9bc67aa90301cf7fec3dd81798463f67ae322242bcaaa29621b53875e7befe
Opcode Fuzzy Hash: 677358231e71213f94cbb74fbff59cf05e7a4d83e7fca9904c30f5e11d6a4450
Instruction Fuzzy Hash: EE4124716083A28BD300CF2588402EA77F1FF9528DF0B8269ECC58B315EB36EA08D351

Function 05D06D30 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 126COMMON

Download Yara Rule

APIs

memset.MSVCR80 ref: 05D06DB2
LD_lookup_charset.FBINTL(00000000,?,?), ref: 05D06DC2

Strings

_UNICODE, xrefs: 05D06D78

Memory Dump Source

Source File: 00000012.00000002.2432177447.0000000005D01000.00000020.00000001.01000000.0000001D.sdmp, Offset: 05D00000, based on PE: true

Associated: 00000012.00000002.2432135585.0000000005D00000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2432748975.0000000005D2D000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2434993691.0000000005DDB000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2435043213.0000000005DDD000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5d00000_SISTEMA.jbxd

Similarity

API ID: D_lookup_charsetmemset
String ID: _UNICODE
API String ID: 2666714769-2562501383
Opcode ID: 72bed118d3b23a31b8cf4700f9cbd146eb0e84a2e916413cc83a4974a870f521
Instruction ID: 34f0c4501d774544ab3d2c35497d19c31e600dc91d94fd689761e355d160e868
Opcode Fuzzy Hash: 72bed118d3b23a31b8cf4700f9cbd146eb0e84a2e916413cc83a4974a870f521
Instruction Fuzzy Hash: D841F0766083409FE310DB68DC45FAB77E9FB82324F04492EF84583380E766E50AC7A2

Function 1003C0B0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 115fileCOMMON

Download Yara Rule

APIs

Part of subcall function 1002A290: memcpy.MSVCR80(?,?,?,?,10046AE8,?,1002D031,?,?,?,?,?,00000054,00001000), ref: 1002A2B1

fopen.MSVCR80 ref: 1003C18A
_open.MSVCR80 ref: 1003C1BB

Strings

w+b, xrefs: 1003C184

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: _openfopenmemcpy
String ID: w+b
API String ID: 3477164079-2066963162
Opcode ID: 7a81b62fde7fc0c02e1ef23416390469433508c35851eb9321276726c848699c
Instruction ID: c9d38ba48a49e2d7e92ceef161c85e096ffabf9bbf6a4c5d5cd6e688c99f3d1e
Opcode Fuzzy Hash: 7a81b62fde7fc0c02e1ef23416390469433508c35851eb9321276726c848699c
Instruction Fuzzy Hash: CD41CE76900248AFCB01CFA8DC45FDEB7A5EF46355F144159FC06DB252EB30AA08C7A1

Function 05D0D670 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 115fileCOMMON

Download Yara Rule

APIs

Part of subcall function 05D21570: memcpy.MSVCR80(?,?,?,?,?,?,05D22BD1,?,?,?,?,?,00000054,00001000), ref: 05D21591

fopen.MSVCR80 ref: 05D0D74A
_open.MSVCR80 ref: 05D0D77B

Strings

w+b, xrefs: 05D0D744

Memory Dump Source

Source File: 00000012.00000002.2432177447.0000000005D01000.00000020.00000001.01000000.0000001D.sdmp, Offset: 05D00000, based on PE: true

Associated: 00000012.00000002.2432135585.0000000005D00000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2432748975.0000000005D2D000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2434993691.0000000005DDB000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2435043213.0000000005DDD000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5d00000_SISTEMA.jbxd

Similarity

API ID: _openfopenmemcpy
String ID: w+b
API String ID: 3477164079-2066963162
Opcode ID: 8cbae20a53adbdfac440d8edbce614649d91f382bb4299127fc906e930150f86
Instruction ID: 048c86aafed07ca9965135e9b8e0712846e1baceb55c38ea417a9b79b9a79be9
Opcode Fuzzy Hash: 8cbae20a53adbdfac440d8edbce614649d91f382bb4299127fc906e930150f86
Instruction Fuzzy Hash: 6041A375A04248ABCB11EFA8DC45BEE7BA6FF55304F14455BFC0A97280E7709A04C7E1

Function 1002D520 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 99COMMON

Download Yara Rule

APIs

Part of subcall function 1002D440: _strnicmp.MSVCR80 ref: 1002D465
Part of subcall function 1002D440: __iob_func.MSVCR80 ref: 1002D478
Part of subcall function 1002D440: _fileno.MSVCR80 ref: 1002D49B
Part of subcall function 1002D440: _isatty.MSVCR80 ref: 1002D49E
Part of subcall function 1002D440: __iob_func.MSVCR80 ref: 1002D4B0
Part of subcall function 1002D440: fprintf.MSVCR80 ref: 1002D4B6
Part of subcall function 1002D440: __iob_func.MSVCR80 ref: 1002D4BC
Part of subcall function 1002D440: fflush.MSVCR80 ref: 1002D4C2
Part of subcall function 1002D440: _fileno.MSVCR80 ref: 1002D4CB
Part of subcall function 1002D440: _get_osfhandle.MSVCR80 ref: 1002D4CE
Part of subcall function 1002D440: GetConsoleMode.KERNEL32(00000000,?), ref: 1002D4DF
Part of subcall function 1002D440: SetConsoleMode.KERNEL32(00000000,?), ref: 1002D507

ferror.MSVCR80 ref: 1002D5C6

Part of subcall function 1002C690: __iob_func.MSVCR80 ref: 1002C6A7
Part of subcall function 1002C690: fprintf.MSVCR80 ref: 1002C6AD
Part of subcall function 1002C690: __iob_func.MSVCR80 ref: 1002C6B3
Part of subcall function 1002C690: fflush.MSVCR80 ref: 1002C6B9
Part of subcall function 1002C690: _fileno.MSVCR80 ref: 1002C6C2
Part of subcall function 1002C690: _get_osfhandle.MSVCR80 ref: 1002C6C9
Part of subcall function 1002C690: GetConsoleMode.KERNEL32(00000000,?,?,?,?,?,?,?,?), ref: 1002C6DA
Part of subcall function 1002C690: SetConsoleMode.KERNEL32(00000000,?,?,?,?,?,?,?,?), ref: 1002C6ED
Part of subcall function 1002C690: __iob_func.MSVCR80 ref: 1002C6FB
Part of subcall function 1002C690: fclose.MSVCR80 ref: 1002C702

Strings

, xrefs: 1002D5A6

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: __iob_func$ConsoleMode$_fileno$_get_osfhandlefflushfprintf$_isatty_strnicmpfcloseferror
String ID:
API String ID: 3222935165-3916222277
Opcode ID: 3e02bacfaa69936371d70dd291f44f12e5553019d9dd149b32564906d2f9c682
Instruction ID: 04dbe3b62030838ab6cc8a91a2a8cbe34730c7d44fcf1bafc2a16819625b57ef
Opcode Fuzzy Hash: 3e02bacfaa69936371d70dd291f44f12e5553019d9dd149b32564906d2f9c682
Instruction Fuzzy Hash: 99315CB55083919BC300DF68D845A5BB7F4FF89764F800A1EF89583291D775E948CB93

Function 05D23110 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 99COMMON

Download Yara Rule

APIs

Part of subcall function 05D23030: _strnicmp.MSVCR80 ref: 05D23055
Part of subcall function 05D23030: __iob_func.MSVCR80 ref: 05D23068
Part of subcall function 05D23030: _fileno.MSVCR80 ref: 05D2308B
Part of subcall function 05D23030: _isatty.MSVCR80 ref: 05D2308E
Part of subcall function 05D23030: __iob_func.MSVCR80 ref: 05D230A0
Part of subcall function 05D23030: fprintf.MSVCR80 ref: 05D230A6
Part of subcall function 05D23030: __iob_func.MSVCR80 ref: 05D230AC
Part of subcall function 05D23030: fflush.MSVCR80 ref: 05D230B2
Part of subcall function 05D23030: _fileno.MSVCR80 ref: 05D230BB
Part of subcall function 05D23030: _get_osfhandle.MSVCR80 ref: 05D230BE
Part of subcall function 05D23030: GetConsoleMode.KERNEL32(00000000,?), ref: 05D230CF
Part of subcall function 05D23030: SetConsoleMode.KERNEL32(00000000,?), ref: 05D230F7

ferror.MSVCR80 ref: 05D231B6

Part of subcall function 05D221C0: __iob_func.MSVCR80 ref: 05D221D7
Part of subcall function 05D221C0: fprintf.MSVCR80 ref: 05D221DD
Part of subcall function 05D221C0: __iob_func.MSVCR80 ref: 05D221E3
Part of subcall function 05D221C0: fflush.MSVCR80 ref: 05D221E9
Part of subcall function 05D221C0: _fileno.MSVCR80 ref: 05D221F2
Part of subcall function 05D221C0: _get_osfhandle.MSVCR80 ref: 05D221F9
Part of subcall function 05D221C0: GetConsoleMode.KERNEL32(00000000,?), ref: 05D2220A
Part of subcall function 05D221C0: SetConsoleMode.KERNEL32(00000000,?), ref: 05D2221D
Part of subcall function 05D221C0: __iob_func.MSVCR80 ref: 05D2222B
Part of subcall function 05D221C0: fclose.MSVCR80 ref: 05D22232

Strings

, xrefs: 05D23196

Memory Dump Source

Source File: 00000012.00000002.2432177447.0000000005D01000.00000020.00000001.01000000.0000001D.sdmp, Offset: 05D00000, based on PE: true

Associated: 00000012.00000002.2432135585.0000000005D00000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2432748975.0000000005D2D000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2434993691.0000000005DDB000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2435043213.0000000005DDD000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5d00000_SISTEMA.jbxd

Similarity

API ID: __iob_func$ConsoleMode$_fileno$_get_osfhandlefflushfprintf$_isatty_strnicmpfcloseferror
String ID:
API String ID: 3222935165-3916222277
Opcode ID: 1510e7cfbb5b032aa7bcafb569798580b88e40e8f476520334226a0ca4e969fa
Instruction ID: 938f0af17174f390249a96e6442af0579f3d6e108de3c21fde4e5f37073fd0b5
Opcode Fuzzy Hash: 1510e7cfbb5b032aa7bcafb569798580b88e40e8f476520334226a0ca4e969fa
Instruction Fuzzy Hash: 1D316D756093A09BC310DF68D845B6BB7E4FFA5718F000A1EF89183290D775D808CBA3

Function 100142B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 88COMMON

Download Yara Rule

Strings

Unexpected BLR in PARSE_prepare_messages(), xrefs: 10014397

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID:
String ID: Unexpected BLR in PARSE_prepare_messages()
API String ID: 0-181337127
Opcode ID: e0692a7188ac8848398b41ca50d63147217d23e9a9fc41332bc55bc7c3611d47
Instruction ID: 78bd53218c4c51dd372cd7652499da72cef70b9f3339e2185e6f96a5e7162e15
Opcode Fuzzy Hash: e0692a7188ac8848398b41ca50d63147217d23e9a9fc41332bc55bc7c3611d47
Instruction Fuzzy Hash: 88216BE2D082B24BD321DA185C402B6B7D4CF42162F17047BEDD897261DB77DDC892A2

Function 100302E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON

Download Yara Rule

APIs

Part of subcall function 10005F90: InitializeCriticalSection.KERNEL32(00000000,00000018,94BA138F,?,?,?,?,1022F20B,000000FF), ref: 10005FCE

EnterCriticalSection.KERNEL32(00000000,94BA138F,?,?,?,?,10231CB4,000000FF), ref: 1003037C

Part of subcall function 1002FDC0: EnterCriticalSection.KERNEL32(1038FDC4,94BA138F,?,1038FD94,?,10231C68,000000FF,1002FFBA,10004DD6), ref: 1002FDF5

_stricmp.MSVCR80(?,Restrict UDF,?,?,?,?,10231CB4,000000FF), ref: 100303B0

Strings

Restrict UDF, xrefs: 100303AA

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: CriticalSection$Enter$Initialize_stricmp
String ID: Restrict UDF
API String ID: 3247260730-2309037349
Opcode ID: d96800cc0e51de002728a7e8aebd7980adeae612280a0124eedd2852c250d7e8
Instruction ID: 5b746d70d64fe501e5ea2c3d18274d03d2fe00e5f2b2cb18c3615b9b4057c237
Opcode Fuzzy Hash: d96800cc0e51de002728a7e8aebd7980adeae612280a0124eedd2852c250d7e8
Instruction Fuzzy Hash: F321BC742083529FC305CF18C88575A7BE8FBC5654F600B9FFA09C73A6C734A9088B95

Function 05D272B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON

Download Yara Rule

APIs

Part of subcall function 05D0DDA0: InitializeCriticalSection.KERNEL32(00000000,00000018,521C82CE,?,?,?,?,05D2A45B,000000FF), ref: 05D0DDDE

EnterCriticalSection.KERNEL32(00000000,521C82CE,?,?,?,?,05D2BFE4,000000FF), ref: 05D2734C

Part of subcall function 05D26D90: EnterCriticalSection.KERNEL32(05DDBCF0,521C82CE,?,05DDBD1C,00000000,05D2BF98,000000FF,05D26E87,05D0EFEA,521C82CE), ref: 05D26DC5

_stricmp.MSVCR80(?,Restrict UDF,?,?,?,?,05D2BFE4,000000FF), ref: 05D27380

Strings

Restrict UDF, xrefs: 05D2737A

Memory Dump Source

Source File: 00000012.00000002.2432177447.0000000005D01000.00000020.00000001.01000000.0000001D.sdmp, Offset: 05D00000, based on PE: true

Associated: 00000012.00000002.2432135585.0000000005D00000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2432748975.0000000005D2D000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2434993691.0000000005DDB000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2435043213.0000000005DDD000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5d00000_SISTEMA.jbxd

Similarity

API ID: CriticalSection$Enter$Initialize_stricmp
String ID: Restrict UDF
API String ID: 3247260730-2309037349
Opcode ID: 9453e9de7aac8f68a4b26f52d830b0d8750dffc6a1987a473d0fa2a9aeddf478
Instruction ID: 28a91a4f858bbc5d7d858d3656e86df9a0ed086f6c80abbaa8380c2fed364874
Opcode Fuzzy Hash: 9453e9de7aac8f68a4b26f52d830b0d8750dffc6a1987a473d0fa2a9aeddf478
Instruction Fuzzy Hash: CE218B716193958BE314DF18D886B6ABFE5FB98728F55091FF85283381CB789408CFA1

Function 100569B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 60COMMON

Download Yara Rule

APIs

_read.MSVCR80 ref: 100569C9

Strings

read, xrefs: 100569EA, 10056A40

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: _read
String ID: read
API String ID: 3312595324-2555855207
Opcode ID: 1ba4c322f1b9344ac0e46db8ec63597c67e9991de5de5329d41d78f587096853
Instruction ID: e70e2f3fadcbeee5dcb4b5ca510177cedc07f8e73b8ec693eb4bcb2d1f6419ac
Opcode Fuzzy Hash: 1ba4c322f1b9344ac0e46db8ec63597c67e9991de5de5329d41d78f587096853
Instruction Fuzzy Hash: CC11C87660120057D301DA54FC40FEFF3A8EBD9359F15851EF58597242D631F8698B61

Function 1005A220 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 54COMMON

Download Yara Rule

APIs

_unlink.MSVCR80(?,?,%s.%07ld,?,?), ref: 1005A298

Strings

%s.%07ld, xrefs: 1005A288
, xrefs: 1005A269

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: _unlink
String ID: $%s.%07ld
API String ID: 586438035-2042843361
Opcode ID: 98481b54d7e4f008e0790ca24f2a7c2cf9a5ed9c974d3a0e25c31cf5e3482583
Instruction ID: 11d15b30d915818108fd7353e0dc5fb5a04668b8412d5f21964211a3b0d364c6
Opcode Fuzzy Hash: 98481b54d7e4f008e0790ca24f2a7c2cf9a5ed9c974d3a0e25c31cf5e3482583
Instruction Fuzzy Hash: D61119B6518340AFC304DF28C885A5BBBF5FB89254F448E2EF85AC3250EB35E5548B92

Function 10020CB0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 54COMMON

Download Yara Rule

APIs

Part of subcall function 10020B50: CreateFileA.KERNEL32(?,C0000000,00000007,00000000,00000003,00000080,00000000), ref: 10020B6C
Part of subcall function 10020B50: GetLastError.KERNEL32(?), ref: 10020B84

Part of subcall function 100209E0: ReadFile.KERNEL32(?,?,?,?,00000000), ref: 100209FC
Part of subcall function 100209E0: GetLastError.KERNEL32(unknown), ref: 10020A30

_errno.MSVCR80 ref: 10020CE1

Part of subcall function 10020880: _vsnprintf.MSVCR80 ref: 100208B9
Part of subcall function 10020880: __iob_func.MSVCR80 ref: 100208E4
Part of subcall function 10020880: fprintf.MSVCR80 ref: 100208EE
Part of subcall function 10020880: _CxxThrowException.MSVCR80(?,102B34D4), ref: 10020912
Part of subcall function 10020880: GetCurrentThreadId.KERNEL32 ref: 10020961

Strings

Unexpected end of database file, xrefs: 10020CEC
Database is not in state (%d) to be safely fixed up, xrefs: 10020D0A

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: ErrorFileLast$CreateCurrentExceptionReadThreadThrow__iob_func_errno_vsnprintffprintf
String ID: Database is not in state (%d) to be safely fixed up$Unexpected end of database file
API String ID: 3737279073-1247666989
Opcode ID: 868fe13c8b7a53ca837946facfd053a0009181997e712038427754e8bd478088
Instruction ID: 6ed7ecf3001b2af4c57093c94b5d10a74ffd20fcdc3ed29af968179f2cc8de2c
Opcode Fuzzy Hash: 868fe13c8b7a53ca837946facfd053a0009181997e712038427754e8bd478088
Instruction Fuzzy Hash: 6A019675600300AFD628D724DC57F9FB3AAEF85B10FD0491EF54297292DF78B8048696

Function 10038120 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON

Download Yara Rule

APIs

_ftime64.MSVCR80(?,?,?,?,?,?,?,1003267C), ref: 1003813B
_localtime64.MSVCR80 ref: 10038172

Strings

localtime, xrefs: 1003817F

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: _ftime64_localtime64
String ID: localtime
API String ID: 2144133556-1047626651
Opcode ID: ea659058fb696cc01066a7965d2952b8f5a37a76c66c30672b4d2d6c6ef7bd56
Instruction ID: 211285d8a0299ef92a019b2227d4e3be3518a26b1e108041f5ac0774eadf0c52
Opcode Fuzzy Hash: ea659058fb696cc01066a7965d2952b8f5a37a76c66c30672b4d2d6c6ef7bd56
Instruction Fuzzy Hash: 5401D4B96002125FC308EF0D9C4449BB7E9EFC0221F444669F86987291E734991987E2

Function 05D21D20 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON

Download Yara Rule

APIs

_ftime64.MSVCR80(?), ref: 05D21D3B
_localtime64.MSVCR80 ref: 05D21D72

Strings

localtime, xrefs: 05D21D7F

Memory Dump Source

Source File: 00000012.00000002.2432177447.0000000005D01000.00000020.00000001.01000000.0000001D.sdmp, Offset: 05D00000, based on PE: true

Associated: 00000012.00000002.2432135585.0000000005D00000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2432748975.0000000005D2D000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2434993691.0000000005DDB000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2435043213.0000000005DDD000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5d00000_SISTEMA.jbxd

Similarity

API ID: _ftime64_localtime64
String ID: localtime
API String ID: 2144133556-1047626651
Opcode ID: ef0c15adc1c9cde6ddac040bd723ac6c238d3551ccee7e79ddabc983447cf905
Instruction ID: ebba1ba896ee846e61e0a5afd2184d4707ffff8140635e800cf43df2403f8ff0
Opcode Fuzzy Hash: ef0c15adc1c9cde6ddac040bd723ac6c238d3551ccee7e79ddabc983447cf905
Instruction Fuzzy Hash: E10184756042119B8318EE1E984549BBBD9EFD0225F48862AF86997381E7349419CBF2

Function 10039AC0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMON

Download Yara Rule

APIs

SetFilePointer.KERNEL32(?,?,?,00000000), ref: 10039AEF
GetLastError.KERNEL32 ref: 10039AFA

Strings

SetFilePointer, xrefs: 10039B04

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: ErrorFileLastPointer
String ID: SetFilePointer
API String ID: 2976181284-4022856308
Opcode ID: ffb4522a5a50e82c419c58ae463414c04cd8e1512700e722a30120a5ee291207
Instruction ID: cc8bf14649e35f6b439a83d3d0a86e7508427e3695df5c753e04536a2eeda408
Opcode Fuzzy Hash: ffb4522a5a50e82c419c58ae463414c04cd8e1512700e722a30120a5ee291207
Instruction Fuzzy Hash: BA014471600B108FC261CF9AEAC484BF7F8FF94661B504A1EE28A86A50C370F8008B61

Function 05D247F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMON

Download Yara Rule

APIs

SetFilePointer.KERNEL32(?,?,?,00000000), ref: 05D2481F
GetLastError.KERNEL32 ref: 05D2482A

Strings

SetFilePointer, xrefs: 05D24834

Memory Dump Source

Source File: 00000012.00000002.2432177447.0000000005D01000.00000020.00000001.01000000.0000001D.sdmp, Offset: 05D00000, based on PE: true

Associated: 00000012.00000002.2432135585.0000000005D00000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2432748975.0000000005D2D000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2434993691.0000000005DDB000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2435043213.0000000005DDD000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5d00000_SISTEMA.jbxd

Similarity

API ID: ErrorFileLastPointer
String ID: SetFilePointer
API String ID: 2976181284-4022856308
Opcode ID: 21d2bca8d1af855b5e213b13b07f759ab76fccb611d61359c5f46d499774577e
Instruction ID: 53a421f699c04db0f2b83bd4664e8120a3289b077b6fb9d9f7aa98ea4293c67d
Opcode Fuzzy Hash: 21d2bca8d1af855b5e213b13b07f759ab76fccb611d61359c5f46d499774577e
Instruction Fuzzy Hash: 34015A716147A09BCA20CF5AD5C091AF7F9FFA4614B50491FE6A793A50C370F4448B62

Function 10020BA0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 29fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(?,80000000,00000003,00000000,00000003,?,00000000), ref: 10020BCE
GetLastError.KERNEL32(?), ref: 10020BE6

Part of subcall function 10020880: _vsnprintf.MSVCR80 ref: 100208B9
Part of subcall function 10020880: __iob_func.MSVCR80 ref: 100208E4
Part of subcall function 10020880: fprintf.MSVCR80 ref: 100208EE
Part of subcall function 10020880: _CxxThrowException.MSVCR80(?,102B34D4), ref: 10020912
Part of subcall function 10020880: GetCurrentThreadId.KERNEL32 ref: 10020961

Strings

Error (%d) opening database file: %s, xrefs: 10020BEF

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: CreateCurrentErrorExceptionFileLastThreadThrow__iob_func_vsnprintffprintf
String ID: Error (%d) opening database file: %s
API String ID: 1651570513-2580554855
Opcode ID: 2135ffb9c341d135a30987a0e8ffbbcf5c17a7ea54bc631f25ed3d2c89a501ab
Instruction ID: 8fb0912cfbcdbeda49f99acf384c19cb977e080ae877b37bdebb324dfc79a33a
Opcode Fuzzy Hash: 2135ffb9c341d135a30987a0e8ffbbcf5c17a7ea54bc631f25ed3d2c89a501ab
Instruction Fuzzy Hash: DDF0E5702407006BE2389B78EC5AFD372D9DB04711F304B0DF696DB1C0CAB479408728

Function 100206D0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28COMMON

Download Yara Rule

APIs

Part of subcall function 10036640: memset.MSVCR80 ref: 100366A4
Part of subcall function 10036640: gds__msg_lookup.FBCLIENT25(?,?,?,00000078,?,00000000), ref: 100366C9
Part of subcall function 10036640: strchr.MSVCR80 ref: 100366EC

__iob_func.MSVCR80 ref: 10020713
fprintf.MSVCR80 ref: 1002071D

Strings

%s, xrefs: 1002070E

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: __iob_funcfprintfgds__msg_lookupmemsetstrchr
String ID: %s
API String ID: 644711938-620797490
Opcode ID: e52bc4d862a5427329aabc0e75e7a159e81f4f5292239942afc1376c308bd716
Instruction ID: 7f4ee7ca6659a28bd922ddb60cb1dcedab05a41a092b4e2473537eb1d4bc742c
Opcode Fuzzy Hash: e52bc4d862a5427329aabc0e75e7a159e81f4f5292239942afc1376c308bd716
Instruction Fuzzy Hash: 68F037B56043406FE364DB54CC8BFEA73A4EB99704F404908F5C986291DFB465588B96

Function 10020B50 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(?,C0000000,00000007,00000000,00000003,00000080,00000000), ref: 10020B6C
GetLastError.KERNEL32(?), ref: 10020B84

Part of subcall function 10020880: _vsnprintf.MSVCR80 ref: 100208B9
Part of subcall function 10020880: __iob_func.MSVCR80 ref: 100208E4
Part of subcall function 10020880: fprintf.MSVCR80 ref: 100208EE
Part of subcall function 10020880: _CxxThrowException.MSVCR80(?,102B34D4), ref: 10020912
Part of subcall function 10020880: GetCurrentThreadId.KERNEL32 ref: 10020961

Strings

Error (%d) opening database file: %s, xrefs: 10020B8D

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: CreateCurrentErrorExceptionFileLastThreadThrow__iob_func_vsnprintffprintf
String ID: Error (%d) opening database file: %s
API String ID: 1651570513-2580554855
Opcode ID: dea28e8850cf93e29825b8cc8396f439bac9767ff07a57a01c17604ce1a02e48
Instruction ID: 729b89483db8bdc1ad349f5b2ffc38057c83c541d22f5c0cfbd535b92788d0ad
Opcode Fuzzy Hash: dea28e8850cf93e29825b8cc8396f439bac9767ff07a57a01c17604ce1a02e48
Instruction Fuzzy Hash: F9E04F71640310ABD6B0EBB8EC49FC777999B04725F604A04F399EB1C0CA70B840CB18

Function 10020C00 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(?,C0000000,00000004,00000000,00000001,08000080,00000000), ref: 10020C1C
GetLastError.KERNEL32(?), ref: 10020C34

Part of subcall function 10020880: _vsnprintf.MSVCR80 ref: 100208B9
Part of subcall function 10020880: __iob_func.MSVCR80 ref: 100208E4
Part of subcall function 10020880: fprintf.MSVCR80 ref: 100208EE
Part of subcall function 10020880: _CxxThrowException.MSVCR80(?,102B34D4), ref: 10020912
Part of subcall function 10020880: GetCurrentThreadId.KERNEL32 ref: 10020961

Strings

Error (%d) creating database file: %s, xrefs: 10020C3D

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: CreateCurrentErrorExceptionFileLastThreadThrow__iob_func_vsnprintffprintf
String ID: Error (%d) creating database file: %s
API String ID: 1651570513-1137740295
Opcode ID: 55daa20ee27f880197a72412327ef0f4a096fc07fea475e3051eab67e439ea6b
Instruction ID: c8ab1c962d9faa75ee41ed9738d0f69ccc6fb255c904ad4e589f3d4e2adc7c42
Opcode Fuzzy Hash: 55daa20ee27f880197a72412327ef0f4a096fc07fea475e3051eab67e439ea6b
Instruction Fuzzy Hash: 2CE04FB1640710ABD674DBB8AC89FCB76A9AB04724F604A04F399EB1C0CA707840CB18

Function 10020C60 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(?,80000000,00000000,00000000,00000003,08000080,00000000), ref: 10020C7C
GetLastError.KERNEL32(?), ref: 10020C94

Part of subcall function 10020880: _vsnprintf.MSVCR80 ref: 100208B9
Part of subcall function 10020880: __iob_func.MSVCR80 ref: 100208E4
Part of subcall function 10020880: fprintf.MSVCR80 ref: 100208EE
Part of subcall function 10020880: _CxxThrowException.MSVCR80(?,102B34D4), ref: 10020912
Part of subcall function 10020880: GetCurrentThreadId.KERNEL32 ref: 10020961

Strings

Error (%d) opening backup file: %s, xrefs: 10020C9D

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: CreateCurrentErrorExceptionFileLastThreadThrow__iob_func_vsnprintffprintf
String ID: Error (%d) opening backup file: %s
API String ID: 1651570513-1608252468
Opcode ID: 49db4637060065ecf1a273644969a2f0a03f3c4a163c2308d3e2b7a5e138279a
Instruction ID: 44a429f96cebdf482b8e189b13b2b2970005ea24b9d3eb02ce394d0d71b9d38c
Opcode Fuzzy Hash: 49db4637060065ecf1a273644969a2f0a03f3c4a163c2308d3e2b7a5e138279a
Instruction Fuzzy Hash: 52E04F71644710BBD270DBB8AC49FC77699AB09721F604A08F299EB1C0CA6178008B58

Function 100414A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 20COMMON

Download Yara Rule

APIs

memcpy.MSVCR80(?,?,?), ref: 100414B0
ReleaseSemaphore.KERNEL32(?,00000001,00000000), ref: 100414C4

Part of subcall function 1002B330: GetLastError.KERNEL32(1002ECEF,00000001,?,10233AE0,10045CBE,14000004,94BA138F,?,?,?,00000100,10254A18), ref: 1002B333
Part of subcall function 1002B330: _CxxThrowException.MSVCR80(00000000,102B4004), ref: 1002B351

Strings

ReleaseSemaphore, xrefs: 100414CE

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: ErrorExceptionLastReleaseSemaphoreThrowmemcpy
String ID: ReleaseSemaphore
API String ID: 3413143928-452062969
Opcode ID: b8ddfc6c6c43995b7bd5b49904896aad7d26c60d28c12f117af6c1aa99701aa2
Instruction ID: 1cd7bd711521862d4856f0b50aef564a99a5c0417ac6b50508427707271dc478
Opcode Fuzzy Hash: b8ddfc6c6c43995b7bd5b49904896aad7d26c60d28c12f117af6c1aa99701aa2
Instruction Fuzzy Hash: ABE08C782002007BD204CB61CC81F77B3A8EBC5700F10880DF94987680DA30E8809A51

Function 10021A8C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14COMMON

Download Yara Rule

APIs

__iob_func.MSVCR80 ref: 10021A98
fprintf.MSVCR80 ref: 10021AA8

Strings

%s, xrefs: 10021AA2

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: __iob_funcfprintf
String ID: %s
API String ID: 620453056-620797490
Opcode ID: 117aa0f17f9f29d710ff43d51b143f86bf76f09ecd0fff1d57a48424e857426a
Instruction ID: 37c0a59de796f2c0e3bdc221f6167d6bee0cebdd5f821a35e639d0051b070928
Opcode Fuzzy Hash: 117aa0f17f9f29d710ff43d51b143f86bf76f09ecd0fff1d57a48424e857426a
Instruction Fuzzy Hash: 67D0C939A00160ABD740DBA8DC8C9CABB64BFA92093944694E909D7361DE34DE518B88

Function 1003F0D3 Relevance: 5.2, APIs: 4, Instructions: 208stringCOMMON

Download Yara Rule

APIs

strncpy.MSVCR80 ref: 1003F1D7
strncpy.MSVCR80 ref: 1003F247
strncpy.MSVCR80 ref: 1003F2B7
strncpy.MSVCR80 ref: 1003F327

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: strncpy
String ID:
API String ID: 3301158039-0
Opcode ID: 33f800534f1e8a8d75e187c21bbe996bd06d61cfd09740c35679aa49e42f2525
Instruction ID: 1e231568cf861896b2a5b685ab67020a786247e1a58c30af95e7b4eeaffaea80
Opcode Fuzzy Hash: 33f800534f1e8a8d75e187c21bbe996bd06d61cfd09740c35679aa49e42f2525
Instruction Fuzzy Hash: 4A81A03660C3C5CEC332CA6898547EBBBD2AFD2345F5C486EC4C98F252C67699889353

Function 10029700 Relevance: 5.1, APIs: 4, Instructions: 121COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,05BC0014,00000002,?,05BC0014,100273D1,?,?,-000000F4,05BC0014,1002913C,-000000F4,00000001,05BC0014,00000000,10029570), ref: 10029726

Part of subcall function 10026410: InterlockedExchangeAdd.KERNEL32(?,00000001), ref: 10026435
Part of subcall function 10026410: InterlockedExchangeAdd.KERNEL32(-0000006C,00000000), ref: 10026449

EnterCriticalSection.KERNEL32(00000054,05BC0014,00000002,?,05BC0014,100273D1,?,?,-000000F4,05BC0014,1002913C,-000000F4,00000001,05BC0014,00000000,10029570), ref: 100297AD
LeaveCriticalSection.KERNEL32(00000054,000000FF), ref: 1002981D
LeaveCriticalSection.KERNEL32(00000054,?,?,?,10231500,000000FF,10026F9D,?,00000000,10254A18,1002EA70,00000064,10254A18,1002ECEF,00000001,?), ref: 1002984C

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: CriticalSection$EnterExchangeInterlockedLeave
String ID:
API String ID: 1944067808-0
Opcode ID: e7ed06a1326a6a23da49bee7e044428960ae77fc4ed6cab7e2b3a25cff6b0b7f
Instruction ID: 6ae6b20c32ee4a7543ec257f8b5b4e73fa13b10f928d5100277c4adc935b33dc
Opcode Fuzzy Hash: e7ed06a1326a6a23da49bee7e044428960ae77fc4ed6cab7e2b3a25cff6b0b7f
Instruction Fuzzy Hash: 3441E274704A019FC314CF15E584A6AFBE8FF89748B44C16EE95A8B352CB31F841CB90

Function 05D1EE40 Relevance: 5.1, APIs: 4, Instructions: 121COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,05C10014,00000002,?,05C10014,05D1CB11,?,-00000014,?,05C10014,05D1E87C,?,00000001,05C10014,?,05D1ECB0), ref: 05D1EE66

Part of subcall function 05D1BC40: InterlockedExchangeAdd.KERNEL32(00000000,?), ref: 05D1BC65
Part of subcall function 05D1BC40: InterlockedExchangeAdd.KERNEL32(-0000006C,?), ref: 05D1BC79

EnterCriticalSection.KERNEL32(00000054,05C10014,00000002,?,05C10014,05D1CB11,?,-00000014,?,05C10014,05D1E87C,?,00000001,05C10014,?,05D1ECB0), ref: 05D1EEED
LeaveCriticalSection.KERNEL32(00000054,?), ref: 05D1EF5D
LeaveCriticalSection.KERNEL32(00000054,?,?,05D1ECB0,00000000,00000000,05C10014,?,05D1C6A5,?,?,?,?,?,?,?), ref: 05D1EF8C

Memory Dump Source

Source File: 00000012.00000002.2432177447.0000000005D01000.00000020.00000001.01000000.0000001D.sdmp, Offset: 05D00000, based on PE: true

Associated: 00000012.00000002.2432135585.0000000005D00000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2432748975.0000000005D2D000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2434993691.0000000005DDB000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2435043213.0000000005DDD000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5d00000_SISTEMA.jbxd

Similarity

API ID: CriticalSection$EnterExchangeInterlockedLeave
String ID:
API String ID: 1944067808-0
Opcode ID: a9372384d466a6bb5602b3b69f54608fce14233038e39251fed03ea505096afe
Instruction ID: 1069c13df61e803fc6ba483fc8d4de0d036498127985df5a2b7000863b1a07b5
Opcode Fuzzy Hash: a9372384d466a6bb5602b3b69f54608fce14233038e39251fed03ea505096afe
Instruction Fuzzy Hash: 7C417271304605AFD324DF19E584A2AFBE9FF88705B08855FED4A87352CB35E841CBA8

Function 1002BDA0 Relevance: 5.1, APIs: 4, Instructions: 106COMMON

Download Yara Rule

APIs

memcpy.MSVCR80(00000000,00000000,102559A8,00000000,0000002F,FFFFFFFF,0000005C,FFFFFFFF,00000020,?,?,?,?,?,?,?), ref: 1002BDEB
memcpy.MSVCR80(00000000,00000000,?,00000000,FFFFFFFF,00000020,?,?,?,?,?,?,?,?,?,00000001), ref: 1002BE07
memcpy.MSVCR80(00000000,00000000,00000000,00000000,FFFFFFFF,00000020,?,?,?,?,?,?,?,?,?,00000001), ref: 1002BE5D
memcpy.MSVCR80(00000000,?,?,?,?,00000000,FFFFFFFF,?,?,00000000,FFFFFFFF,00000020,?,?,?,?), ref: 1002BEB8

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: memcpy
String ID:
API String ID: 3510742995-0
Opcode ID: 6ff229c36b8e1958db6a7de1325b32d919a75692f32503c2e161b6f15250b6c3
Instruction ID: 2c587681eca8f66874a7b2fb1d28a3c6bdb431a7cde6a39830c821b9a74c7709
Opcode Fuzzy Hash: 6ff229c36b8e1958db6a7de1325b32d919a75692f32503c2e161b6f15250b6c3
Instruction Fuzzy Hash: 4A31B0B56003116FCA00DF28EC82EBB77E9EFC4654F44491CF94997282DA74BD09CBA6

Function 05D25830 Relevance: 5.1, APIs: 4, Instructions: 106COMMON

Download Yara Rule

APIs

memcpy.MSVCR80(00000000,00000000,05DC3A28,00000000,0000002F,FFFFFFFF,0000005C,FFFFFFFF), ref: 05D2587B
memcpy.MSVCR80(00000000,05DC3A28,00000000,05DC3A28,FFFFFFFF), ref: 05D25897
memcpy.MSVCR80(00000000,00000000,00000000,00000000,FFFFFFFF), ref: 05D258ED
memcpy.MSVCR80(00000000,?,?,?,?,00000000,FFFFFFFF,?,?,00000000,FFFFFFFF), ref: 05D25948

Memory Dump Source

Source File: 00000012.00000002.2432177447.0000000005D01000.00000020.00000001.01000000.0000001D.sdmp, Offset: 05D00000, based on PE: true

Associated: 00000012.00000002.2432135585.0000000005D00000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2432748975.0000000005D2D000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2434993691.0000000005DDB000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2435043213.0000000005DDD000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5d00000_SISTEMA.jbxd

Similarity

API ID: memcpy
String ID:
API String ID: 3510742995-0
Opcode ID: 8da906537e88ecf0ca0fdffdc9091fc4e76009c6f3415d648a6ac271b85758b8
Instruction ID: a6d820bb0ec1f3b14c9fb374f52ddf367f4afb6a84092b95b5a2e23f1599e587
Opcode Fuzzy Hash: 8da906537e88ecf0ca0fdffdc9091fc4e76009c6f3415d648a6ac271b85758b8
Instruction Fuzzy Hash: EE31BEB1704320AFC600EF28DC49E2FB7E9EBD4618F04491EF94997340DA31A9488BB2

Function 1002A510 Relevance: 5.1, APIs: 4, Instructions: 82COMMON

Download Yara Rule

APIs

_vsnprintf.MSVCR80 ref: 1002A544
_vsnprintf.MSVCR80 ref: 1002A57E

Part of subcall function 1002A450: memset.MSVCR80 ref: 1002A47D

memcpy.MSVCR80(00000000,00000000,?,00000000), ref: 1002A5CA

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: _vsnprintf$memcpymemset
String ID:
API String ID: 4268914916-0
Opcode ID: 16692c13755538f9e9204d4e696d2268ac2057c112afe13d9b2ebae3da2d1dba
Instruction ID: 29c2134b6e752e3daa2ea025ce73e43078b51e65af096c01fc18aa3ec9012d0d
Opcode Fuzzy Hash: 16692c13755538f9e9204d4e696d2268ac2057c112afe13d9b2ebae3da2d1dba
Instruction Fuzzy Hash: 86212872E006256BD321D314DC85BFFB29DEF8A704F840439F94953142EE74A98883E6

Function 05D217F0 Relevance: 5.1, APIs: 4, Instructions: 82COMMON

Download Yara Rule

APIs

_vsnprintf.MSVCR80 ref: 05D21824
_vsnprintf.MSVCR80 ref: 05D2185E

Part of subcall function 05D21730: memset.MSVCR80 ref: 05D2175D

memcpy.MSVCR80(00000000,00000000,?,00000000), ref: 05D218AA

Memory Dump Source

Source File: 00000012.00000002.2432177447.0000000005D01000.00000020.00000001.01000000.0000001D.sdmp, Offset: 05D00000, based on PE: true

Associated: 00000012.00000002.2432135585.0000000005D00000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2432748975.0000000005D2D000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2434993691.0000000005DDB000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2435043213.0000000005DDD000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5d00000_SISTEMA.jbxd

Similarity

API ID: _vsnprintf$memcpymemset
String ID:
API String ID: 4268914916-0
Opcode ID: bc69d9f13ba4070f777a69081cf5705c787a359186bb6a5dec65d125460045b8
Instruction ID: 254dca29ae7f37b88df5f172e82d578b51eb6f8f9945541afaa431ecd32c2de2
Opcode Fuzzy Hash: bc69d9f13ba4070f777a69081cf5705c787a359186bb6a5dec65d125460045b8
Instruction Fuzzy Hash: 9721C472E002316BE325A6948C85FFBB79EEFA9308F04443BE94953640D965A845C2F2

Function 10026510 Relevance: 5.0, APIs: 4, Instructions: 45COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?), ref: 10026527
EnterCriticalSection.KERNEL32(?), ref: 1002652D
LeaveCriticalSection.KERNEL32(?,?,?,?,?), ref: 10026566
LeaveCriticalSection.KERNEL32(?), ref: 10026573

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID:
API String ID: 3168844106-0
Opcode ID: b5a142da413f8c512e78a43277066e6854587f17eb69b19429bd58b934975b1c
Instruction ID: a1e677407fab2774ab66c7f99f8810308269e8dd7e128effea39fe2bb677c827
Opcode Fuzzy Hash: b5a142da413f8c512e78a43277066e6854587f17eb69b19429bd58b934975b1c
Instruction Fuzzy Hash: 08F03176700A2467C611E7699D8096BF3DCEF89D14741041EF685E3210DF65BD0546A9

Function 05D1BD40 Relevance: 5.0, APIs: 4, Instructions: 45COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?), ref: 05D1BD57
EnterCriticalSection.KERNEL32(?), ref: 05D1BD5D
LeaveCriticalSection.KERNEL32(?,?,?,?,?), ref: 05D1BD96
LeaveCriticalSection.KERNEL32(?), ref: 05D1BDA3

Memory Dump Source

Source File: 00000012.00000002.2432177447.0000000005D01000.00000020.00000001.01000000.0000001D.sdmp, Offset: 05D00000, based on PE: true

Associated: 00000012.00000002.2432135585.0000000005D00000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2432748975.0000000005D2D000.00000002.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2434993691.0000000005DDB000.00000004.00000001.01000000.0000001D.sdmpDownload File
Associated: 00000012.00000002.2435043213.0000000005DDD000.00000002.00000001.01000000.0000001D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_5d00000_SISTEMA.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID:
API String ID: 3168844106-0
Opcode ID: a81979fae4f0629d846d776b5be19991c796d1becf66d5015f825009d03adcb1
Instruction ID: 6ff2404f273b2b5011fd1ea544c999d353d7a0b0dcf217e22e57723714a713dd
Opcode Fuzzy Hash: a81979fae4f0629d846d776b5be19991c796d1becf66d5015f825009d03adcb1
Instruction Fuzzy Hash: 47F08132700B14679221AA79AD4092FF3DDBF99910741041BEA46E3310CF64B80146B9

Function 1001A9D0 Relevance: 5.0, APIs: 4, Instructions: 40COMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32(?), ref: 1001A9FD
CloseHandle.KERNEL32(?), ref: 1001AA0A
CloseHandle.KERNEL32(?), ref: 1001AA17
CloseHandle.KERNEL32(?), ref: 1001AA24

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: 91bc9f2ff379e329c2aad94ce3c491efc394b765c571ed8294411eb93e3f075d
Instruction ID: e07173d8a538369c8ef91aef51bb222d04d3956b956981c3df863b49714e5698
Opcode Fuzzy Hash: 91bc9f2ff379e329c2aad94ce3c491efc394b765c571ed8294411eb93e3f075d
Instruction Fuzzy Hash: E1F037B26007019FC760EFAA89C095AF3E9FF55240B92493EE186D7921C370ECC8CA50

Function 10056AD0 Relevance: 5.0, APIs: 4, Instructions: 40COMMON

Download Yara Rule

APIs

memcpy.MSVCR80(00000000,00000000,102559A8,00000000,94BA138F,10056E1A,?,00000000,?,?,00000000,100252F5,?), ref: 10056AEB
memcpy.MSVCR80(00000000,00000000,102559A8,00000000), ref: 10056B05
memcpy.MSVCR80(00000000,00000000,102559A8,00000000,?,?,00000000), ref: 10056B1F
memcpy.MSVCR80(00000000,00000000,102559A8,00000000,?,?,00000000,?,?,00000000), ref: 10056B5A

Memory Dump Source

Source File: 00000012.00000002.2495790336.0000000010001000.00000020.00000001.01000000.00000019.sdmp, Offset: 10000000, based on PE: true

Associated: 00000012.00000002.2495746269.0000000010000000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2504258702.0000000010254000.00000002.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506214235.00000000102D9000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.00000000102F5000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2506658310.0000000010302000.00000008.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2508963555.000000001038F000.00000004.00000001.01000000.00000019.sdmpDownload File
Associated: 00000012.00000002.2509085723.0000000010397000.00000002.00000001.01000000.00000019.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_10000000_SISTEMA.jbxd

Similarity

API ID: memcpy
String ID:
API String ID: 3510742995-0
Opcode ID: cfa30221019cbd147bc644cb31af3d5a07200fc97decb6a3e26124cd0426e0a9
Instruction ID: 27a12b769e08a5f8c76e5a80c9518156527eef908f1c0950de7149c04cb05132
Opcode Fuzzy Hash: cfa30221019cbd147bc644cb31af3d5a07200fc97decb6a3e26124cd0426e0a9
Instruction Fuzzy Hash: FF01F4785407107AE210D720EC17FD776A8EF21B15F40481CF549A61C1EFB9755CC6BA

Analysis Process: Configurator.exePID: 4720, Parent PID: 7132COMMON

Execution Graph

Execution Coverage:	1.3%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0.2%
Total number of Nodes:	847
Total number of Limit Nodes:	3

Executed Functions

Function 73A95F3C Relevance: 6.2, APIs: 4, Instructions: 159
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentThreadId.KERNEL32 ref: 73A95F73

Memory Dump Source

Source File: 00000013.00000002.1948904650.0000000073A91000.00000020.00000001.01000000.00000016.sdmp, Offset: 73A90000, based on PE: true

Associated: 00000013.00000002.1948867399.0000000073A90000.00000002.00000001.01000000.00000016.sdmpDownload File
Associated: 00000013.00000002.1949039638.0000000073A9B000.00000004.00000001.01000000.00000016.sdmpDownload File
Associated: 00000013.00000002.1949039638.0000000073AA0000.00000004.00000001.01000000.00000016.sdmpDownload File
Associated: 00000013.00000002.1949153206.0000000073AA2000.00000002.00000001.01000000.00000016.sdmpDownload File
Associated: 00000013.00000002.1949153206.0000000073AA4000.00000002.00000001.01000000.00000016.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_73a90000_Configurator.jbxd

Similarity

API ID: CurrentThread
String ID:
API String ID: 2882836952-0
Opcode ID: 9ae6290575f2cf90288c52679e3d0a67fbe8b87a55025368bb01f048dd3531df
Instruction ID: 0588695ad80d39cd09abececa35a7f020b93ce19e1c697afa11d411d3e54bdd3
Opcode Fuzzy Hash: 9ae6290575f2cf90288c52679e3d0a67fbe8b87a55025368bb01f048dd3531df
Instruction Fuzzy Hash: 9251BC709003048FFB119F69C58774A77F5AF08224F29805FD48ABB2AADB34C881CB69

Function 73A989E0 Relevance: 1.5, APIs: 1, Instructions: 10
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 73A989A8: TlsGetValue.KERNEL32(00000025), ref: 73A989C0
Part of subcall function 73A989A8: LocalFree.KERNEL32(00000000,00000025), ref: 73A989CA
Part of subcall function 73A989A8: TlsSetValue.KERNEL32(00000025,00000000,00000000,00000025), ref: 73A989D7

TlsFree.KERNEL32(00000025), ref: 73A989FD

Memory Dump Source

Source File: 00000013.00000002.1948904650.0000000073A91000.00000020.00000001.01000000.00000016.sdmp, Offset: 73A90000, based on PE: true

Associated: 00000013.00000002.1948867399.0000000073A90000.00000002.00000001.01000000.00000016.sdmpDownload File
Associated: 00000013.00000002.1949039638.0000000073A9B000.00000004.00000001.01000000.00000016.sdmpDownload File
Associated: 00000013.00000002.1949039638.0000000073AA0000.00000004.00000001.01000000.00000016.sdmpDownload File
Associated: 00000013.00000002.1949153206.0000000073AA2000.00000002.00000001.01000000.00000016.sdmpDownload File
Associated: 00000013.00000002.1949153206.0000000073AA4000.00000002.00000001.01000000.00000016.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_73a90000_Configurator.jbxd

Similarity

API ID: FreeValue$Local
String ID:
API String ID: 2930853931-0
Opcode ID: b705ab02ec7124ad44244ece676d062a26ccedbe8d2c337738e99dcd57db53a7
Instruction ID: 70795acea78e9e7d02dbb12c15695a1a6395b76ba8e2b79624d84b270b7e509d
Opcode Fuzzy Hash: b705ab02ec7124ad44244ece676d062a26ccedbe8d2c337738e99dcd57db53a7
Instruction Fuzzy Hash: 9CC08CE11013118BFB406B768E0330021ECEB06260B90C35F90AAB33E8EE34C002CF2E

Function 73A987DC Relevance: 1.5, APIs: 1, Instructions: 6
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSystemInfo.KERNEL32 ref: 73A987E0

Memory Dump Source

Source File: 00000013.00000002.1948904650.0000000073A91000.00000020.00000001.01000000.00000016.sdmp, Offset: 73A90000, based on PE: true

Associated: 00000013.00000002.1948867399.0000000073A90000.00000002.00000001.01000000.00000016.sdmpDownload File
Associated: 00000013.00000002.1949039638.0000000073A9B000.00000004.00000001.01000000.00000016.sdmpDownload File
Associated: 00000013.00000002.1949039638.0000000073AA0000.00000004.00000001.01000000.00000016.sdmpDownload File
Associated: 00000013.00000002.1949153206.0000000073AA2000.00000002.00000001.01000000.00000016.sdmpDownload File
Associated: 00000013.00000002.1949153206.0000000073AA4000.00000002.00000001.01000000.00000016.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_73a90000_Configurator.jbxd

Similarity

API ID: InfoSystem
String ID:
API String ID: 31276548-0
Opcode ID: 11fbbd76bd9567d3491fd628dd6deb5a8d8abc3e83bd1b0abeb301d5c4234fd6
Instruction ID: 59a14de0bc1db22beba90bfe75eb1761bc33a7e4ac8162d66e59436ed92cbcd6
Opcode Fuzzy Hash: 11fbbd76bd9567d3491fd628dd6deb5a8d8abc3e83bd1b0abeb301d5c4234fd6
Instruction Fuzzy Hash: F5A012204095040BE40497184D4360B31C01980010FC40210645CA53A1E605C57402DB

Function 73A95ED0 Relevance: .0, Instructions: 43
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000013.00000002.1948904650.0000000073A91000.00000020.00000001.01000000.00000016.sdmp, Offset: 73A90000, based on PE: true

Associated: 00000013.00000002.1948867399.0000000073A90000.00000002.00000001.01000000.00000016.sdmpDownload File
Associated: 00000013.00000002.1949039638.0000000073A9B000.00000004.00000001.01000000.00000016.sdmpDownload File
Associated: 00000013.00000002.1949039638.0000000073AA0000.00000004.00000001.01000000.00000016.sdmpDownload File
Associated: 00000013.00000002.1949153206.0000000073AA2000.00000002.00000001.01000000.00000016.sdmpDownload File
Associated: 00000013.00000002.1949153206.0000000073AA4000.00000002.00000001.01000000.00000016.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_73a90000_Configurator.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 597b13b99c487bc849445d78cdeab00d1ef3dc59420574fc132f1239b1e1b66c
Instruction ID: 7cba6624eac4b0524b142af5e31267861a502890d143c899de83591ed6c744d8
Opcode Fuzzy Hash: 597b13b99c487bc849445d78cdeab00d1ef3dc59420574fc132f1239b1e1b66c
Instruction Fuzzy Hash: DFF0C8B26096059FFB158F5AD983A19BBE8F74D330766407FE405B7654DA319C00CB64

Non-executed Functions

Function 73A93FED Relevance: 2.5, APIs: 2, Instructions: 9memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,?,73A93FEF,73A93FE8,?,00000000,00000000,?,00000000,?,GetLogicalProcessorInformation), ref: 73A93FDA
HeapFree.KERNEL32(00000000,00000000,?,73A93FEF,73A93FE8,?,00000000,00000000,?,00000000,?,GetLogicalProcessorInformation), ref: 73A93FE0

Memory Dump Source

Source File: 00000013.00000002.1948904650.0000000073A91000.00000020.00000001.01000000.00000016.sdmp, Offset: 73A90000, based on PE: true

Associated: 00000013.00000002.1948867399.0000000073A90000.00000002.00000001.01000000.00000016.sdmpDownload File
Associated: 00000013.00000002.1949039638.0000000073A9B000.00000004.00000001.01000000.00000016.sdmpDownload File
Associated: 00000013.00000002.1949039638.0000000073AA0000.00000004.00000001.01000000.00000016.sdmpDownload File
Associated: 00000013.00000002.1949153206.0000000073AA2000.00000002.00000001.01000000.00000016.sdmpDownload File
Associated: 00000013.00000002.1949153206.0000000073AA4000.00000002.00000001.01000000.00000016.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_73a90000_Configurator.jbxd

Similarity

API ID: Heap$FreeProcess
String ID:
API String ID: 3859560861-0
Opcode ID: 2c553b3aeabe6628ad5d0e1090f3ad1bd9421a2fc51773ee512e5549d6abf3f9
Instruction ID: 9f33364fe525952739a32e20399a5790fab628b67fe264f9be76331052b1d2a2
Opcode Fuzzy Hash: 2c553b3aeabe6628ad5d0e1090f3ad1bd9421a2fc51773ee512e5549d6abf3f9
Instruction Fuzzy Hash: 67B09271A8820DBBF60052A45E06B9A66EC8B08181F220C03A221F91A8C92085504278

Function 73A970C0 Relevance: 21.0, APIs: 8, Strings: 4, Instructions: 28
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

InitializeCriticalSection.KERNEL32(73A9EBF4,73A9A041,00000400,00000000,73A9A0E3), ref: 73A970C5
GetVersion.KERNEL32(73A9EBF4,73A9A041,00000400,00000000,73A9A0E3), ref: 73A970D3
GetModuleHandleW.KERNEL32(kernel32.dll,GetThreadPreferredUILanguages,73A9EBF4,73A9A041,00000400,00000000,73A9A0E3), ref: 73A970FA
GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 73A97100
GetModuleHandleW.KERNEL32(kernel32.dll,SetThreadPreferredUILanguages,00000000,kernel32.dll,GetThreadPreferredUILanguages,73A9EBF4,73A9A041,00000400,00000000,73A9A0E3), ref: 73A97114
GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 73A9711A
GetModuleHandleW.KERNEL32(kernel32.dll,GetThreadUILanguage,00000000,kernel32.dll,SetThreadPreferredUILanguages,00000000,kernel32.dll,GetThreadPreferredUILanguages,73A9EBF4,73A9A041,00000400,00000000,73A9A0E3), ref: 73A9712E
GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 73A97134

Strings

GetThreadUILanguage, xrefs: 73A97124
SetThreadPreferredUILanguages, xrefs: 73A9710A
kernel32.dll, xrefs: 73A970F5, 73A9710F, 73A97129
GetThreadPreferredUILanguages, xrefs: 73A970F0

Memory Dump Source

Source File: 00000013.00000002.1948904650.0000000073A91000.00000020.00000001.01000000.00000016.sdmp, Offset: 73A90000, based on PE: true

Associated: 00000013.00000002.1948867399.0000000073A90000.00000002.00000001.01000000.00000016.sdmpDownload File
Associated: 00000013.00000002.1949039638.0000000073A9B000.00000004.00000001.01000000.00000016.sdmpDownload File
Associated: 00000013.00000002.1949039638.0000000073AA0000.00000004.00000001.01000000.00000016.sdmpDownload File
Associated: 00000013.00000002.1949153206.0000000073AA2000.00000002.00000001.01000000.00000016.sdmpDownload File
Associated: 00000013.00000002.1949153206.0000000073AA4000.00000002.00000001.01000000.00000016.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_73a90000_Configurator.jbxd

Similarity

API ID: AddressHandleModuleProc$CritiusernitializeSectionVersion
String ID: GetThreadPreferredUILanguages$GetThreadUILanguage$SetThreadPreferredUILanguages$kernel32.dll
API String ID: 74573329-1403180336
Opcode ID: 19e97ab8b3555957daeaded30ac5fde54242b5fe3fb5a9379cd7a8fb1a36301b
Instruction ID: 41d540583ec8407ef4105131ed8828fc15b93482c0e5b1d86f900ee12928bf56
Opcode Fuzzy Hash: 19e97ab8b3555957daeaded30ac5fde54242b5fe3fb5a9379cd7a8fb1a36301b
Instruction Fuzzy Hash: 3CF0827190A36D6BF71177B64D07F1D15C5AA21100F724517B6A5B933FCF2580128BAD

Function 73A93F10 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 80
memorylibraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNEL32(kernel32.dll,GetLogicalProcessorInformation), ref: 73A93F2D
GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 73A93F33
GetLastError.KERNEL32(00000000,?,GetLogicalProcessorInformation), ref: 73A93F53
GetProcessHeap.KERNEL32(00000000,?,00000000,?,GetLogicalProcessorInformation), ref: 73A93F67
HeapAlloc.KERNEL32(00000000,00000000,?,00000000,?,GetLogicalProcessorInformation), ref: 73A93F6D
GetProcessHeap.KERNEL32(00000000,?,73A93FEF,73A93FE8,?,00000000,00000000,?,00000000,?,GetLogicalProcessorInformation), ref: 73A93FDA
HeapFree.KERNEL32(00000000,00000000,?,73A93FEF,73A93FE8,?,00000000,00000000,?,00000000,?,GetLogicalProcessorInformation), ref: 73A93FE0

Strings

kernel32.dll, xrefs: 73A93F28
GetLogicalProcessorInformation, xrefs: 73A93F23

Memory Dump Source

Source File: 00000013.00000002.1948904650.0000000073A91000.00000020.00000001.01000000.00000016.sdmp, Offset: 73A90000, based on PE: true

Associated: 00000013.00000002.1948867399.0000000073A90000.00000002.00000001.01000000.00000016.sdmpDownload File
Associated: 00000013.00000002.1949039638.0000000073A9B000.00000004.00000001.01000000.00000016.sdmpDownload File
Associated: 00000013.00000002.1949039638.0000000073AA0000.00000004.00000001.01000000.00000016.sdmpDownload File
Associated: 00000013.00000002.1949153206.0000000073AA2000.00000002.00000001.01000000.00000016.sdmpDownload File
Associated: 00000013.00000002.1949153206.0000000073AA4000.00000002.00000001.01000000.00000016.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_73a90000_Configurator.jbxd

Similarity

API ID: Heap$Process$AddressAllocErrorFreeHandleLastModuleProc
String ID: GetLogicalProcessorInformation$kernel32.dll
API String ID: 2683142799-812649623
Opcode ID: 8d21289b3586ecb795d735c65f5d217633fb8b96646adf5420e7cf290ffa9a45
Instruction ID: 59536d082b02da3396fa12cd92833a25753de43d00db75e72880049927a0574c
Opcode Fuzzy Hash: 8d21289b3586ecb795d735c65f5d217633fb8b96646adf5420e7cf290ffa9a45
Instruction Fuzzy Hash: 1D217171D0020CAFFB00DBA8CD42B5DB7FAEB48210F268197E914FB299D736D6508B58

Function 73A98FC4 Relevance: 13.8, APIs: 9, Instructions: 258
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 73A9907C

Memory Dump Source

Source File: 00000013.00000002.1948904650.0000000073A91000.00000020.00000001.01000000.00000016.sdmp, Offset: 73A90000, based on PE: true

Associated: 00000013.00000002.1948867399.0000000073A90000.00000002.00000001.01000000.00000016.sdmpDownload File
Associated: 00000013.00000002.1949039638.0000000073A9B000.00000004.00000001.01000000.00000016.sdmpDownload File
Associated: 00000013.00000002.1949039638.0000000073AA0000.00000004.00000001.01000000.00000016.sdmpDownload File
Associated: 00000013.00000002.1949153206.0000000073AA2000.00000002.00000001.01000000.00000016.sdmpDownload File
Associated: 00000013.00000002.1949153206.0000000073AA4000.00000002.00000001.01000000.00000016.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_73a90000_Configurator.jbxd

Similarity

API ID: ExceptionRaise
String ID:
API String ID: 3997070919-0
Opcode ID: cc21e821d6fdfaadcb7b3b051db86a6d7b94c56eb6b4ce44d25c145370c66f46
Instruction ID: 1fdfde74e819a9084b0439346f7b2f84b8d239d47b836aca29b01e5b5a9cb3ba
Opcode Fuzzy Hash: cc21e821d6fdfaadcb7b3b051db86a6d7b94c56eb6b4ce44d25c145370c66f46
Instruction Fuzzy Hash: D8A16C76900309AFEB15CFA5C986B9DB7F9FB4C300F24811EE516BB288DB70A941CB54

Function 73A92C6C Relevance: 12.2, APIs: 8, Instructions: 221
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000000,?,?,00000000,73A979A0,73A97A04,?,?,?,-00000001,73A97C10,00000000,73A97C31), ref: 73A92D02
Sleep.KERNEL32(0000000A,00000000,?,?,00000000,73A979A0,73A97A04,?,?,?,-00000001,73A97C10,00000000,73A97C31), ref: 73A92D1C

Memory Dump Source

Source File: 00000013.00000002.1948904650.0000000073A91000.00000020.00000001.01000000.00000016.sdmp, Offset: 73A90000, based on PE: true

Associated: 00000013.00000002.1948867399.0000000073A90000.00000002.00000001.01000000.00000016.sdmpDownload File
Associated: 00000013.00000002.1949039638.0000000073A9B000.00000004.00000001.01000000.00000016.sdmpDownload File
Associated: 00000013.00000002.1949039638.0000000073AA0000.00000004.00000001.01000000.00000016.sdmpDownload File
Associated: 00000013.00000002.1949153206.0000000073AA2000.00000002.00000001.01000000.00000016.sdmpDownload File
Associated: 00000013.00000002.1949153206.0000000073AA4000.00000002.00000001.01000000.00000016.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_73a90000_Configurator.jbxd

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: 9500b30290251eb56c058b4f0443cb4107488e7572e4c838f98506b027d2b8da
Instruction ID: c9f9642e02b430c26a2ef51286bf6521d93b74ecc8080f736b0bba3e40623f00
Opcode Fuzzy Hash: 9500b30290251eb56c058b4f0443cb4107488e7572e4c838f98506b027d2b8da
Instruction Fuzzy Hash: E871E63160570C8FF306CB29C986B46BBE9EB49310F19826FD489BB3D9D7709845C795

Function 73A92E64 Relevance: 10.9, APIs: 7, Instructions: 406
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000013.00000002.1948904650.0000000073A91000.00000020.00000001.01000000.00000016.sdmp, Offset: 73A90000, based on PE: true

Associated: 00000013.00000002.1948867399.0000000073A90000.00000002.00000001.01000000.00000016.sdmpDownload File
Associated: 00000013.00000002.1949039638.0000000073A9B000.00000004.00000001.01000000.00000016.sdmpDownload File
Associated: 00000013.00000002.1949039638.0000000073AA0000.00000004.00000001.01000000.00000016.sdmpDownload File
Associated: 00000013.00000002.1949153206.0000000073AA2000.00000002.00000001.01000000.00000016.sdmpDownload File
Associated: 00000013.00000002.1949153206.0000000073AA4000.00000002.00000001.01000000.00000016.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_73a90000_Configurator.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e33ecf56f181607ba04cda89153695574c6c0884e1fb4ac4e3b5183b2e458efd
Instruction ID: 8cd356e60686b6d5071be148030fb546d7d4b976d5dd6f7470e7f445fbb4a13f
Opcode Fuzzy Hash: e33ecf56f181607ba04cda89153695574c6c0884e1fb4ac4e3b5183b2e458efd
Instruction Fuzzy Hash: 5BC13962B0070C0BF7059A7D9D86369B7D6DBC8221F1A827FE146EB3EDDB65C8458348

Function 73A95340 Relevance: 10.6, APIs: 7, Instructions: 130
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 73A957F0: GetCurrentThreadId.KERNEL32 ref: 73A957F3

GetTickCount.KERNEL32 ref: 73A95377
GetTickCount.KERNEL32 ref: 73A9538F
GetCurrentThreadId.KERNEL32 ref: 73A953BE
GetTickCount.KERNEL32 ref: 73A953E9
GetTickCount.KERNEL32 ref: 73A95420
GetTickCount.KERNEL32 ref: 73A9544A
GetCurrentThreadId.KERNEL32 ref: 73A954BA

Memory Dump Source

Source File: 00000013.00000002.1948904650.0000000073A91000.00000020.00000001.01000000.00000016.sdmp, Offset: 73A90000, based on PE: true

Associated: 00000013.00000002.1948867399.0000000073A90000.00000002.00000001.01000000.00000016.sdmpDownload File
Associated: 00000013.00000002.1949039638.0000000073A9B000.00000004.00000001.01000000.00000016.sdmpDownload File
Associated: 00000013.00000002.1949039638.0000000073AA0000.00000004.00000001.01000000.00000016.sdmpDownload File
Associated: 00000013.00000002.1949153206.0000000073AA2000.00000002.00000001.01000000.00000016.sdmpDownload File
Associated: 00000013.00000002.1949153206.0000000073AA4000.00000002.00000001.01000000.00000016.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_73a90000_Configurator.jbxd

Similarity

API ID: CountTick$CurrentThread
String ID:
API String ID: 3968769311-0
Opcode ID: 7f5b3f82b30bf58fef359823ff1f3734b979184e15f9784921927305cb5befe7
Instruction ID: 408b3aa6bef30a322f11cbb954f588aeb334280ac292a3338d66babb6d25d0dc
Opcode Fuzzy Hash: 7f5b3f82b30bf58fef359823ff1f3734b979184e15f9784921927305cb5befe7
Instruction Fuzzy Hash: 5741B4B0208345DEFB519F39C54330ABBE6AFD9211F19892FD4D9A7298E670D4848746

Function 73A950AC Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 64
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNEL32(kernel32.dll,GetLogicalProcessorInformation), ref: 73A950C1
GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 73A950C7
GetLastError.KERNEL32(00000000,?,00000000,kernel32.dll,GetLogicalProcessorInformation), ref: 73A950E7

Strings

kernel32.dll, xrefs: 73A950BC
GetLogicalProcessorInformation, xrefs: 73A950B7
@, xrefs: 73A95167

Memory Dump Source

Source File: 00000013.00000002.1948904650.0000000073A91000.00000020.00000001.01000000.00000016.sdmp, Offset: 73A90000, based on PE: true

Associated: 00000013.00000002.1948867399.0000000073A90000.00000002.00000001.01000000.00000016.sdmpDownload File
Associated: 00000013.00000002.1949039638.0000000073A9B000.00000004.00000001.01000000.00000016.sdmpDownload File
Associated: 00000013.00000002.1949039638.0000000073AA0000.00000004.00000001.01000000.00000016.sdmpDownload File
Associated: 00000013.00000002.1949153206.0000000073AA2000.00000002.00000001.01000000.00000016.sdmpDownload File
Associated: 00000013.00000002.1949153206.0000000073AA4000.00000002.00000001.01000000.00000016.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_73a90000_Configurator.jbxd

Similarity

API ID: AddressErrorHandleLastModuleProc
String ID: @$GetLogicalProcessorInformation$kernel32.dll
API String ID: 4275029093-79381301
Opcode ID: ccd187832d2e082d8ab3b709753ee1f5ada3af8a822cca3e853a1e2b781e4756
Instruction ID: aa9bbcb4313da7c4ccec0058c2a7deaed770c235b944efc94c99e6bbb1bbff04
Opcode Fuzzy Hash: ccd187832d2e082d8ab3b709753ee1f5ada3af8a822cca3e853a1e2b781e4756
Instruction Fuzzy Hash: 6B1163B0D01208AFFF01EBA4C957B5EB7F9EF04200F29859BE915F6299D73496808B58

Function 73A9608C Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 40
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetStdHandle.KERNEL32(000000F5,Runtime error at 00000000,0000001D,73A9A104,00000000,?,73A96144,?,73A9EB84,73A9EB84,?,?,73A9B7E4,73A98FC2,73A9A104), ref: 73A960C5
WriteFile.KERNEL32(00000000,000000F5,Runtime error at 00000000,0000001D,73A9A104,00000000,?,73A96144,?,73A9EB84,73A9EB84,?,?,73A9B7E4,73A98FC2,73A9A104), ref: 73A960CB
GetStdHandle.KERNEL32(000000F5,00000000,00000002,73A9A104,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,73A9A104,00000000,?,73A96144,?,73A9EB84,73A9EB84), ref: 73A960E6
WriteFile.KERNEL32(00000000,000000F5,00000000,00000002,73A9A104,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,73A9A104,00000000,?,73A96144,?,73A9EB84), ref: 73A960EC

Strings

Error, xrefs: 73A960FE
Runtime error at 00000000, xrefs: 73A960BE, 73A96103

Memory Dump Source

Source File: 00000013.00000002.1948904650.0000000073A91000.00000020.00000001.01000000.00000016.sdmp, Offset: 73A90000, based on PE: true

Associated: 00000013.00000002.1948867399.0000000073A90000.00000002.00000001.01000000.00000016.sdmpDownload File
Associated: 00000013.00000002.1949039638.0000000073A9B000.00000004.00000001.01000000.00000016.sdmpDownload File
Associated: 00000013.00000002.1949039638.0000000073AA0000.00000004.00000001.01000000.00000016.sdmpDownload File
Associated: 00000013.00000002.1949153206.0000000073AA2000.00000002.00000001.01000000.00000016.sdmpDownload File
Associated: 00000013.00000002.1949153206.0000000073AA4000.00000002.00000001.01000000.00000016.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_73a90000_Configurator.jbxd

Similarity

API ID: FileHandleWrite
String ID: Error$Runtime error at 00000000
API String ID: 3320372497-2970929446
Opcode ID: 9486125335a34808506f6c4c73a730cabffdeb9fa7943c05afbfdc7eeddd9828
Instruction ID: 6d6fbd206adcbf91f05c4ff981a15d27debd96e44d8e2d04ce5296658b39d7b3
Opcode Fuzzy Hash: 9486125335a34808506f6c4c73a730cabffdeb9fa7943c05afbfdc7eeddd9828
Instruction Fuzzy Hash: ECF028515423087AFA11A7784E87F0A36DC9B48721F22420BF1A8791EDCB6044808B7E

Function 73A931B0 Relevance: 9.1, APIs: 6, Instructions: 51
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetStdHandle.KERNEL32(000000F4,73A92324,00000000,?,00000000,?,?,00000000,73A93B5B), ref: 73A931D2
WriteFile.KERNEL32(00000000,000000F4,73A92324,00000000,?,00000000,?,?,00000000,73A93B5B), ref: 73A931D8
GetStdHandle.KERNEL32(000000F4,73A92320,00000000,?,00000000,00000000,000000F4,73A92324,00000000,?,00000000,?,?,00000000,73A93B5B), ref: 73A931F7
WriteFile.KERNEL32(00000000,000000F4,73A92320,00000000,?,00000000,00000000,000000F4,73A92324,00000000,?,00000000,?,?,00000000,73A93B5B), ref: 73A931FD
GetStdHandle.KERNEL32(000000F4,?,00000000,?,00000000,00000000,000000F4,73A92320,00000000,?,00000000,00000000,000000F4,73A92324,00000000,?), ref: 73A93214
WriteFile.KERNEL32(00000000,000000F4,?,00000000,?,00000000,00000000,000000F4,73A92320,00000000,?,00000000,00000000,000000F4,73A92324,00000000), ref: 73A9321A

Memory Dump Source

Source File: 00000013.00000002.1948904650.0000000073A91000.00000020.00000001.01000000.00000016.sdmp, Offset: 73A90000, based on PE: true

Associated: 00000013.00000002.1948867399.0000000073A90000.00000002.00000001.01000000.00000016.sdmpDownload File
Associated: 00000013.00000002.1949039638.0000000073A9B000.00000004.00000001.01000000.00000016.sdmpDownload File
Associated: 00000013.00000002.1949039638.0000000073AA0000.00000004.00000001.01000000.00000016.sdmpDownload File
Associated: 00000013.00000002.1949153206.0000000073AA2000.00000002.00000001.01000000.00000016.sdmpDownload File
Associated: 00000013.00000002.1949153206.0000000073AA4000.00000002.00000001.01000000.00000016.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_73a90000_Configurator.jbxd

Similarity

API ID: FileHandleWrite
String ID:
API String ID: 3320372497-0
Opcode ID: 5fef717b2ae6efe61eb20aa9a1357527db9c4dbe26ba22c5207b0a0246c7416f
Instruction ID: 307266143b02bcdafab27ac096be354b00222d6ec5e2ddf08c00972e54f1d32d
Opcode Fuzzy Hash: 5fef717b2ae6efe61eb20aa9a1357527db9c4dbe26ba22c5207b0a0246c7416f
Instruction Fuzzy Hash: 4B0186A524831C7FF614E7A98F87F9B27DCCF98524F114616B218F62E8C9548C09C2B9

Function 73A928E8 Relevance: 9.0, APIs: 7, Instructions: 298
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000000,-00000001,73A979E2,?,?,?,-00000001,73A97C10,00000000,73A97C31), ref: 73A9299F
Sleep.KERNEL32(0000000A,00000000,-00000001,73A979E2,?,?,?,-00000001,73A97C10,00000000,73A97C31), ref: 73A929B5
Sleep.KERNEL32(00000000,-00000001,-00000001,-00000001,73A979E2,?,?,?,-00000001,73A97C10,00000000,73A97C31), ref: 73A929E3
Sleep.KERNEL32(0000000A,00000000,-00000001,-00000001,-00000001,73A979E2,?,?,?,-00000001,73A97C10,00000000,73A97C31), ref: 73A929F9

Memory Dump Source

Source File: 00000013.00000002.1948904650.0000000073A91000.00000020.00000001.01000000.00000016.sdmp, Offset: 73A90000, based on PE: true

Associated: 00000013.00000002.1948867399.0000000073A90000.00000002.00000001.01000000.00000016.sdmpDownload File
Associated: 00000013.00000002.1949039638.0000000073A9B000.00000004.00000001.01000000.00000016.sdmpDownload File
Associated: 00000013.00000002.1949039638.0000000073AA0000.00000004.00000001.01000000.00000016.sdmpDownload File
Associated: 00000013.00000002.1949153206.0000000073AA2000.00000002.00000001.01000000.00000016.sdmpDownload File
Associated: 00000013.00000002.1949153206.0000000073AA4000.00000002.00000001.01000000.00000016.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_73a90000_Configurator.jbxd

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: 9beac13dee6c38c970eb6c19bac5c359a199be90025ed3c74714af574a64fad1
Instruction ID: b0df877ef9d58103b5b340c09daeadcec62e9cdaa3ace270e1207c99a1d87c30
Opcode Fuzzy Hash: 9beac13dee6c38c970eb6c19bac5c359a199be90025ed3c74714af574a64fad1
Instruction Fuzzy Hash: 5BC1167250575C8FE706DF29C482346BBE5EB85310F1A826FD48ABB7D9CB709441CB98

Function 73A950AA Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 50
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNEL32(kernel32.dll,GetLogicalProcessorInformation), ref: 73A950C1
GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 73A950C7
GetLastError.KERNEL32(00000000,?,00000000,kernel32.dll,GetLogicalProcessorInformation), ref: 73A950E7

Strings

kernel32.dll, xrefs: 73A950BC
GetLogicalProcessorInformation, xrefs: 73A950B7

Memory Dump Source

Source File: 00000013.00000002.1948904650.0000000073A91000.00000020.00000001.01000000.00000016.sdmp, Offset: 73A90000, based on PE: true

Associated: 00000013.00000002.1948867399.0000000073A90000.00000002.00000001.01000000.00000016.sdmpDownload File
Associated: 00000013.00000002.1949039638.0000000073A9B000.00000004.00000001.01000000.00000016.sdmpDownload File
Associated: 00000013.00000002.1949039638.0000000073AA0000.00000004.00000001.01000000.00000016.sdmpDownload File
Associated: 00000013.00000002.1949153206.0000000073AA2000.00000002.00000001.01000000.00000016.sdmpDownload File
Associated: 00000013.00000002.1949153206.0000000073AA4000.00000002.00000001.01000000.00000016.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_73a90000_Configurator.jbxd

Similarity

API ID: AddressErrorHandleLastModuleProc
String ID: GetLogicalProcessorInformation$kernel32.dll
API String ID: 4275029093-812649623
Opcode ID: d9ee772107befc2d991826e5df5cc89c197df53f65377e2d10193ddaa86bbf33
Instruction ID: 88fee81b50e5bae67b403727830305b99b45d8d86d73d497667d1d500633fa3b
Opcode Fuzzy Hash: d9ee772107befc2d991826e5df5cc89c197df53f65377e2d10193ddaa86bbf33
Instruction Fuzzy Hash: 220152B4D0120C6BFF11ABA4CD47B5EB7F9AF04200F258197E914F62A8E734DA908A59

Function 73A94034 Relevance: 6.0, APIs: 4, Instructions: 48COMMON

Download Yara Rule

APIs

VerSetConditionMask.KERNEL32(00000000,00000000,00000002,00000003,00000001,00000003,00000020,00000003,?,?,?,73A940D1,73A940D9,73A9A02D,00000000,73A9A0E3), ref: 73A9406B
VerSetConditionMask.KERNEL32(00000000,?,00000000,00000000,00000002,00000003,00000001,00000003,00000020,00000003,?,?,?,73A940D1,73A940D9,73A9A02D), ref: 73A94072
VerSetConditionMask.KERNEL32(00000000,?,00000000,?,00000000,00000000,00000002,00000003,00000001,00000003,00000020,00000003,?,?,?,73A940D1), ref: 73A94079
VerifyVersionInfoW.KERNEL32(?,00000023,?,?), ref: 73A940AA

Memory Dump Source

Source File: 00000013.00000002.1948904650.0000000073A91000.00000020.00000001.01000000.00000016.sdmp, Offset: 73A90000, based on PE: true

Associated: 00000013.00000002.1948867399.0000000073A90000.00000002.00000001.01000000.00000016.sdmpDownload File
Associated: 00000013.00000002.1949039638.0000000073A9B000.00000004.00000001.01000000.00000016.sdmpDownload File
Associated: 00000013.00000002.1949039638.0000000073AA0000.00000004.00000001.01000000.00000016.sdmpDownload File
Associated: 00000013.00000002.1949153206.0000000073AA2000.00000002.00000001.01000000.00000016.sdmpDownload File
Associated: 00000013.00000002.1949153206.0000000073AA4000.00000002.00000001.01000000.00000016.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_73a90000_Configurator.jbxd

Similarity

API ID: ConditionMask$InfoVerifyVersion
String ID:
API String ID: 2793162063-0
Opcode ID: d23c3e70ed4285804468eb29bae9b801ce3d6eab803687101f9efb0da2f71e03
Instruction ID: 58f7f13b232d2ab4373ce21e7d88992a1a72eba5b020258121c824dade0047f5
Opcode Fuzzy Hash: d23c3e70ed4285804468eb29bae9b801ce3d6eab803687101f9efb0da2f71e03
Instruction Fuzzy Hash: 99018B716843087BF7249B65DD43FDF76D8DFC4B10F01892EB298EA2D0E6B48A004756

Function 73A9A000 Relevance: 6.0, APIs: 4, Instructions: 46threadCOMMON

Download Yara Rule

APIs

SetThreadLocale.KERNEL32(00000400,00000000,73A9A0E3), ref: 73A9A037

Part of subcall function 73A970C0: InitializeCriticalSection.KERNEL32(73A9EBF4,73A9A041,00000400,00000000,73A9A0E3), ref: 73A970C5
Part of subcall function 73A970C0: GetVersion.KERNEL32(73A9EBF4,73A9A041,00000400,00000000,73A9A0E3), ref: 73A970D3
Part of subcall function 73A970C0: GetModuleHandleW.KERNEL32(kernel32.dll,GetThreadPreferredUILanguages,73A9EBF4,73A9A041,00000400,00000000,73A9A0E3), ref: 73A970FA
Part of subcall function 73A970C0: GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 73A97100
Part of subcall function 73A970C0: GetModuleHandleW.KERNEL32(kernel32.dll,SetThreadPreferredUILanguages,00000000,kernel32.dll,GetThreadPreferredUILanguages,73A9EBF4,73A9A041,00000400,00000000,73A9A0E3), ref: 73A97114
Part of subcall function 73A970C0: GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 73A9711A
Part of subcall function 73A970C0: GetModuleHandleW.KERNEL32(kernel32.dll,GetThreadUILanguage,00000000,kernel32.dll,SetThreadPreferredUILanguages,00000000,kernel32.dll,GetThreadPreferredUILanguages,73A9EBF4,73A9A041,00000400,00000000,73A9A0E3), ref: 73A9712E
Part of subcall function 73A970C0: GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 73A97134

Part of subcall function 73A987DC: GetSystemInfo.KERNEL32 ref: 73A987E0

GetCommandLineW.KERNEL32(00000400,00000000,73A9A0E3), ref: 73A9A09C

Part of subcall function 73A92210: GetStartupInfoW.KERNEL32 ref: 73A92221

GetACP.KERNEL32(00000400,00000000,73A9A0E3), ref: 73A9A0B0
GetCurrentThreadId.KERNEL32 ref: 73A9A0C4

Part of subcall function 73A987F0: GetVersion.KERNEL32(73A9A0D3,00000400,00000000,73A9A0E3), ref: 73A987F0

Memory Dump Source

Source File: 00000013.00000002.1948904650.0000000073A91000.00000020.00000001.01000000.00000016.sdmp, Offset: 73A90000, based on PE: true

Associated: 00000013.00000002.1948867399.0000000073A90000.00000002.00000001.01000000.00000016.sdmpDownload File
Associated: 00000013.00000002.1949039638.0000000073A9B000.00000004.00000001.01000000.00000016.sdmpDownload File
Associated: 00000013.00000002.1949039638.0000000073AA0000.00000004.00000001.01000000.00000016.sdmpDownload File
Associated: 00000013.00000002.1949153206.0000000073AA2000.00000002.00000001.01000000.00000016.sdmpDownload File
Associated: 00000013.00000002.1949153206.0000000073AA4000.00000002.00000001.01000000.00000016.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_73a90000_Configurator.jbxd

Similarity

API ID: AddressHandleModuleProc$InfoThreadVersion$CommandCriticalCurrentInitializeLineLocaleSectionStartupSystem
String ID:
API String ID: 2740004594-0
Opcode ID: a1e375815173e0393af24b0b9bace312f4159c1b5e86507de0d1b14f9e17295d
Instruction ID: 2a2af2e0d72109fbe6d56e51c8278c7d6afed9faf2384cdc239f8d5ed9fcfe62
Opcode Fuzzy Hash: a1e375815173e0393af24b0b9bace312f4159c1b5e86507de0d1b14f9e17295d
Instruction Fuzzy Hash: 75111F72405B189FF711FB769A433093BE4EB05204B73441BC288B6369DE344056CF6E

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse rundll32.exe to proxy execution of malicious code. Using rundll32.exe, vice executing directly (i.e. Shared Modules ), may avoid triggering security tools that may not monitor execution of the rundll32.exe process because of allowlists or false positives from normal operations. Rundll32.exe is commonly associated with executing DLL payloads (ex: `rundll32.exe {DLLname, DLLfunction}` ).
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may hook into Windows application programming interface (API) functions to collect user credentials. Malicious hooking mechanisms may capture API calls that include parameters that reveal user authentication credentials.Unlike Keylogging , this technique focuses specifically on API functions that include parameters that reveal user credentials. Hooking involves redirecting calls to these functions and can be implemented via:
Tactics:	Collection, Credential Access
Data Sources:	Process: OS API Execution, Process: Process Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report sistema_2_1_1_build2.zip

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Program Files (x86)\SISTEMA 2.1.1\ConfigSrc.dll (copy)

C:\Program Files (x86)\SISTEMA 2.1.1\Configurator.exe (copy)

C:\Program Files (x86)\SISTEMA 2.1.1\Data\Projects.dat (copy)

C:\Program Files (x86)\SISTEMA 2.1.1\Data\Report.dat (copy)

C:\Program Files (x86)\SISTEMA 2.1.1\Data\is-RG9TP.tmp

C:\Program Files (x86)\SISTEMA 2.1.1\Data\is-RJJR3.tmp

C:\Program Files (x86)\SISTEMA 2.1.1\HelpFormat.css (copy)

C:\Program Files (x86)\SISTEMA 2.1.1\IFA_WebRequest.exe (copy)

C:\Program Files (x86)\SISTEMA 2.1.1\Language\Lang_DE.dll (copy)

C:\Program Files (x86)\SISTEMA 2.1.1\Language\Lang_DE.lng (copy)

C:\Program Files (x86)\SISTEMA 2.1.1\Language\Lang_EN.dll (copy)

C:\Program Files (x86)\SISTEMA 2.1.1\Language\Lang_EN.lng (copy)

C:\Program Files (x86)\SISTEMA 2.1.1\Language\Lang_ES.dll (copy)

C:\Program Files (x86)\SISTEMA 2.1.1\Language\Lang_ES.lng (copy)

C:\Program Files (x86)\SISTEMA 2.1.1\Language\Lang_FI.dll (copy)

C:\Program Files (x86)\SISTEMA 2.1.1\Language\Lang_FI.lng (copy)

C:\Program Files (x86)\SISTEMA 2.1.1\Language\Lang_FR.dll (copy)

C:\Program Files (x86)\SISTEMA 2.1.1\Language\Lang_FR.lng (copy)

C:\Program Files (x86)\SISTEMA 2.1.1\Language\Lang_IT.dll (copy)

C:\Program Files (x86)\SISTEMA 2.1.1\Language\Lang_IT.lng (copy)

C:\Program Files (x86)\SISTEMA 2.1.1\Language\Lang_JP.dll (copy)

Windows Analysis Report
sistema_2_1_1_build2.zip

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre