Edit tour

Windows Analysis Report
XTN1VzRJZm.exe

Overview

General Information

Sample name:	XTN1VzRJZm.exe renamed because original name is a hash value
Original sample name:	122a1ed5d5eacadd2c4049dd3f687e17d18ab5ec947f304057deed9d885be866.exe
Analysis ID:	1631796
MD5:	f82cd0ba1b196fe665ff36de7d0a0cbd
SHA1:	a251975395405e88c4a28e389bc9bfd9a7e4c747
SHA256:	122a1ed5d5eacadd2c4049dd3f687e17d18ab5ec947f304057deed9d885be866
Tags:	exeuser-adrian__luca
Infos:

Detection

Score:	56
Range:	0 - 100
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

.NET source code contains potential unpacker

Joe Sandbox ML detected suspicious sample

Allocates memory with a write watch (potentially for evading sandboxes)

Contains long sleeps (>= 3 min)

Detected potential crypto function

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

HTTP GET or POST without a user agent

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Classification

Process Tree

System is w10x64

XTN1VzRJZm.exe (PID: 7860 cmdline: "C:\Users\user\Desktop\XTN1VzRJZm.exe" MD5: F82CD0BA1B196FE665FF36DE7D0A0CBD)

cleanup

Suricata Signatures

ETPRO MALWARE Common Downloader Header Pattern H

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-03-07T15:59:02.846531+0100	2803305	3	Unknown Traffic	192.168.2.6	49688	204.44.192.90	443	TCP
2025-03-07T15:59:05.839022+0100	2803305	3	Unknown Traffic	192.168.2.6	49689	204.44.192.90	443	TCP
2025-03-07T15:59:08.782593+0100	2803305	3	Unknown Traffic	192.168.2.6	49690	204.44.192.90	443	TCP
2025-03-07T15:59:11.983139+0100	2803305	3	Unknown Traffic	192.168.2.6	49691	204.44.192.90	443	TCP
2025-03-07T15:59:14.774426+0100	2803305	3	Unknown Traffic	192.168.2.6	49692	204.44.192.90	443	TCP
2025-03-07T15:59:17.618008+0100	2803305	3	Unknown Traffic	192.168.2.6	49693	204.44.192.90	443	TCP
2025-03-07T15:59:20.538810+0100	2803305	3	Unknown Traffic	192.168.2.6	49694	204.44.192.90	443	TCP
2025-03-07T15:59:23.289976+0100	2803305	3	Unknown Traffic	192.168.2.6	49695	204.44.192.90	443	TCP
2025-03-07T15:59:26.067924+0100	2803305	3	Unknown Traffic	192.168.2.6	49696	204.44.192.90	443	TCP
2025-03-07T15:59:29.667042+0100	2803305	3	Unknown Traffic	192.168.2.6	49697	204.44.192.90	443	TCP
2025-03-07T15:59:32.540573+0100	2803305	3	Unknown Traffic	192.168.2.6	49698	204.44.192.90	443	TCP
2025-03-07T15:59:35.337315+0100	2803305	3	Unknown Traffic	192.168.2.6	49701	204.44.192.90	443	TCP
2025-03-07T15:59:38.166785+0100	2803305	3	Unknown Traffic	192.168.2.6	49702	204.44.192.90	443	TCP
2025-03-07T15:59:40.926177+0100	2803305	3	Unknown Traffic	192.168.2.6	49703	204.44.192.90	443	TCP
2025-03-07T15:59:43.694586+0100	2803305	3	Unknown Traffic	192.168.2.6	49704	204.44.192.90	443	TCP
2025-03-07T15:59:46.605880+0100	2803305	3	Unknown Traffic	192.168.2.6	49705	204.44.192.90	443	TCP
2025-03-07T15:59:49.587593+0100	2803305	3	Unknown Traffic	192.168.2.6	49706	204.44.192.90	443	TCP
2025-03-07T15:59:52.402953+0100	2803305	3	Unknown Traffic	192.168.2.6	49707	204.44.192.90	443	TCP
2025-03-07T15:59:55.204235+0100	2803305	3	Unknown Traffic	192.168.2.6	49708	204.44.192.90	443	TCP
2025-03-07T15:59:58.256292+0100	2803305	3	Unknown Traffic	192.168.2.6	49709	204.44.192.90	443	TCP
2025-03-07T16:00:01.420291+0100	2803305	3	Unknown Traffic	192.168.2.6	49710	204.44.192.90	443	TCP
2025-03-07T16:00:04.333264+0100	2803305	3	Unknown Traffic	192.168.2.6	49711	204.44.192.90	443	TCP
2025-03-07T16:00:07.425978+0100	2803305	3	Unknown Traffic	192.168.2.6	49712	204.44.192.90	443	TCP
2025-03-07T16:00:10.395948+0100	2803305	3	Unknown Traffic	192.168.2.6	49713	204.44.192.90	443	TCP
2025-03-07T16:00:13.483532+0100	2803305	3	Unknown Traffic	192.168.2.6	49714	204.44.192.90	443	TCP
2025-03-07T16:00:16.558929+0100	2803305	3	Unknown Traffic	192.168.2.6	49715	204.44.192.90	443	TCP
2025-03-07T16:00:19.399007+0100	2803305	3	Unknown Traffic	192.168.2.6	49716	204.44.192.90	443	TCP
2025-03-07T16:00:22.419342+0100	2803305	3	Unknown Traffic	192.168.2.6	49717	204.44.192.90	443	TCP
2025-03-07T16:00:25.145320+0100	2803305	3	Unknown Traffic	192.168.2.6	49718	204.44.192.90	443	TCP
2025-03-07T16:00:28.031656+0100	2803305	3	Unknown Traffic	192.168.2.6	49719	204.44.192.90	443	TCP
2025-03-07T16:00:31.124736+0100	2803305	3	Unknown Traffic	192.168.2.6	49720	204.44.192.90	443	TCP
2025-03-07T16:00:33.664295+0100	2803305	3	Unknown Traffic	192.168.2.6	49721	204.44.192.90	443	TCP
2025-03-07T16:00:36.529831+0100	2803305	3	Unknown Traffic	192.168.2.6	49722	204.44.192.90	443	TCP
2025-03-07T16:00:39.310704+0100	2803305	3	Unknown Traffic	192.168.2.6	49723	204.44.192.90	443	TCP
2025-03-07T16:00:42.404918+0100	2803305	3	Unknown Traffic	192.168.2.6	49724	204.44.192.90	443	TCP
2025-03-07T16:00:45.619576+0100	2803305	3	Unknown Traffic	192.168.2.6	49726	204.44.192.90	443	TCP
2025-03-07T16:00:48.522696+0100	2803305	3	Unknown Traffic	192.168.2.6	49727	204.44.192.90	443	TCP
2025-03-07T16:00:51.288939+0100	2803305	3	Unknown Traffic	192.168.2.6	49728	204.44.192.90	443	TCP
2025-03-07T16:00:54.142023+0100	2803305	3	Unknown Traffic	192.168.2.6	49729	204.44.192.90	443	TCP
2025-03-07T16:00:56.842726+0100	2803305	3	Unknown Traffic	192.168.2.6	49730	204.44.192.90	443	TCP
2025-03-07T16:00:59.634137+0100	2803305	3	Unknown Traffic	192.168.2.6	49731	204.44.192.90	443	TCP
2025-03-07T16:01:02.372824+0100	2803305	3	Unknown Traffic	192.168.2.6	49732	204.44.192.90	443	TCP
2025-03-07T16:01:05.118690+0100	2803305	3	Unknown Traffic	192.168.2.6	49733	204.44.192.90	443	TCP
2025-03-07T16:01:07.488197+0100	2803305	3	Unknown Traffic	192.168.2.6	49735	204.44.192.90	443	TCP
2025-03-07T16:01:10.214565+0100	2803305	3	Unknown Traffic	192.168.2.6	49736	204.44.192.90	443	TCP
2025-03-07T16:01:13.006642+0100	2803305	3	Unknown Traffic	192.168.2.6	49737	204.44.192.90	443	TCP
2025-03-07T16:01:16.029031+0100	2803305	3	Unknown Traffic	192.168.2.6	49738	204.44.192.90	443	TCP
2025-03-07T16:01:18.781576+0100	2803305	3	Unknown Traffic	192.168.2.6	49739	204.44.192.90	443	TCP
2025-03-07T16:01:21.559756+0100	2803305	3	Unknown Traffic	192.168.2.6	49740	204.44.192.90	443	TCP
2025-03-07T16:01:24.342887+0100	2803305	3	Unknown Traffic	192.168.2.6	49741	204.44.192.90	443	TCP
2025-03-07T16:01:27.099598+0100	2803305	3	Unknown Traffic	192.168.2.6	49742	204.44.192.90	443	TCP
2025-03-07T16:01:29.942492+0100	2803305	3	Unknown Traffic	192.168.2.6	49743	204.44.192.90	443	TCP
2025-03-07T16:01:32.783938+0100	2803305	3	Unknown Traffic	192.168.2.6	49744	204.44.192.90	443	TCP
2025-03-07T16:01:35.963303+0100	2803305	3	Unknown Traffic	192.168.2.6	49745	204.44.192.90	443	TCP
2025-03-07T16:01:38.581971+0100	2803305	3	Unknown Traffic	192.168.2.6	49746	204.44.192.90	443	TCP
2025-03-07T16:01:41.305641+0100	2803305	3	Unknown Traffic	192.168.2.6	49747	204.44.192.90	443	TCP
2025-03-07T16:01:44.091288+0100	2803305	3	Unknown Traffic	192.168.2.6	49748	204.44.192.90	443	TCP
2025-03-07T16:01:46.917912+0100	2803305	3	Unknown Traffic	192.168.2.6	49749	204.44.192.90	443	TCP
2025-03-07T16:01:49.960947+0100	2803305	3	Unknown Traffic	192.168.2.6	49750	204.44.192.90	443	TCP
2025-03-07T16:01:52.936038+0100	2803305	3	Unknown Traffic	192.168.2.6	49751	204.44.192.90	443	TCP
2025-03-07T16:01:55.784528+0100	2803305	3	Unknown Traffic	192.168.2.6	49752	204.44.192.90	443	TCP
2025-03-07T16:01:58.622516+0100	2803305	3	Unknown Traffic	192.168.2.6	49753	204.44.192.90	443	TCP
2025-03-07T16:02:01.338638+0100	2803305	3	Unknown Traffic	192.168.2.6	49754	204.44.192.90	443	TCP
2025-03-07T16:02:04.220588+0100	2803305	3	Unknown Traffic	192.168.2.6	49755	204.44.192.90	443	TCP
2025-03-07T16:02:06.978841+0100	2803305	3	Unknown Traffic	192.168.2.6	49756	204.44.192.90	443	TCP
2025-03-07T16:02:11.266512+0100	2803305	3	Unknown Traffic	192.168.2.6	49760	204.44.192.90	443	TCP
2025-03-07T16:02:13.961748+0100	2803305	3	Unknown Traffic	192.168.2.6	49761	204.44.192.90	443	TCP
2025-03-07T16:02:16.922213+0100	2803305	3	Unknown Traffic	192.168.2.6	49762	204.44.192.90	443	TCP
2025-03-07T16:02:19.750994+0100	2803305	3	Unknown Traffic	192.168.2.6	49763	204.44.192.90	443	TCP
2025-03-07T16:02:22.549873+0100	2803305	3	Unknown Traffic	192.168.2.6	49764	204.44.192.90	443	TCP
2025-03-07T16:02:25.380848+0100	2803305	3	Unknown Traffic	192.168.2.6	49765	204.44.192.90	443	TCP
2025-03-07T16:02:28.087189+0100	2803305	3	Unknown Traffic	192.168.2.6	49766	204.44.192.90	443	TCP
2025-03-07T16:02:30.844717+0100	2803305	3	Unknown Traffic	192.168.2.6	49767	204.44.192.90	443	TCP
2025-03-07T16:02:34.682690+0100	2803305	3	Unknown Traffic	192.168.2.6	49771	204.44.192.90	443	TCP
2025-03-07T16:02:37.433288+0100	2803305	3	Unknown Traffic	192.168.2.6	49772	204.44.192.90	443	TCP
2025-03-07T16:02:40.036534+0100	2803305	3	Unknown Traffic	192.168.2.6	49773	204.44.192.90	443	TCP
2025-03-07T16:02:42.854135+0100	2803305	3	Unknown Traffic	192.168.2.6	49774	204.44.192.90	443	TCP
2025-03-07T16:02:45.641927+0100	2803305	3	Unknown Traffic	192.168.2.6	49775	204.44.192.90	443	TCP
2025-03-07T16:02:48.352208+0100	2803305	3	Unknown Traffic	192.168.2.6	49776	204.44.192.90	443	TCP
2025-03-07T16:02:51.114066+0100	2803305	3	Unknown Traffic	192.168.2.6	49777	204.44.192.90	443	TCP
2025-03-07T16:02:53.839527+0100	2803305	3	Unknown Traffic	192.168.2.6	49778	204.44.192.90	443	TCP
2025-03-07T16:02:57.129105+0100	2803305	3	Unknown Traffic	192.168.2.6	49780	204.44.192.90	443	TCP
2025-03-07T16:03:00.535961+0100	2803305	3	Unknown Traffic	192.168.2.6	49782	204.44.192.90	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: XTN1VzRJZm.exe	Virustotal: Detection: 65%			Perma Link
Source: XTN1VzRJZm.exe	ReversingLabs: Detection: 63%

Joe Sandbox ML detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Source: XTN1VzRJZm.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown	HTTPS traffic detected: 204.44.192.90:443 -> 192.168.2.6:49687 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.44.192.90:443 -> 192.168.2.6:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.44.192.90:443 -> 192.168.2.6:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.44.192.90:443 -> 192.168.2.6:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.44.192.90:443 -> 192.168.2.6:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.44.192.90:443 -> 192.168.2.6:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.44.192.90:443 -> 192.168.2.6:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.44.192.90:443 -> 192.168.2.6:49759 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.44.192.90:443 -> 192.168.2.6:49758 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.44.192.90:443 -> 192.168.2.6:49760 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.44.192.90:443 -> 192.168.2.6:49769 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.44.192.90:443 -> 192.168.2.6:49770 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.44.192.90:443 -> 192.168.2.6:49771 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.44.192.90:443 -> 192.168.2.6:49774 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.44.192.90:443 -> 192.168.2.6:49780 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.44.192.90:443 -> 192.168.2.6:49782 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.44.192.90:443 -> 192.168.2.6:49784 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.44.192.90:443 -> 192.168.2.6:49785 version: TLS 1.2

Source: XTN1VzRJZm.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.coConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co

Source: Joe Sandbox View

JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e

Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49688 -> 204.44.192.90:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49690 -> 204.44.192.90:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49689 -> 204.44.192.90:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49694 -> 204.44.192.90:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49697 -> 204.44.192.90:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49696 -> 204.44.192.90:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49692 -> 204.44.192.90:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49701 -> 204.44.192.90:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49707 -> 204.44.192.90:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49693 -> 204.44.192.90:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49724 -> 204.44.192.90:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49727 -> 204.44.192.90:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49735 -> 204.44.192.90:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49740 -> 204.44.192.90:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49711 -> 204.44.192.90:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49708 -> 204.44.192.90:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49716 -> 204.44.192.90:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49733 -> 204.44.192.90:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49695 -> 204.44.192.90:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49730 -> 204.44.192.90:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49743 -> 204.44.192.90:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49709 -> 204.44.192.90:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49754 -> 204.44.192.90:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49755 -> 204.44.192.90:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49691 -> 204.44.192.90:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49702 -> 204.44.192.90:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49713 -> 204.44.192.90:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49771 -> 204.44.192.90:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49717 -> 204.44.192.90:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49780 -> 204.44.192.90:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49714 -> 204.44.192.90:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49736 -> 204.44.192.90:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49712 -> 204.44.192.90:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49698 -> 204.44.192.90:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49715 -> 204.44.192.90:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49705 -> 204.44.192.90:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49718 -> 204.44.192.90:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49760 -> 204.44.192.90:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49751 -> 204.44.192.90:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49747 -> 204.44.192.90:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49721 -> 204.44.192.90:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49710 -> 204.44.192.90:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49767 -> 204.44.192.90:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49744 -> 204.44.192.90:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49706 -> 204.44.192.90:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49776 -> 204.44.192.90:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49722 -> 204.44.192.90:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49729 -> 204.44.192.90:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49704 -> 204.44.192.90:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49756 -> 204.44.192.90:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49766 -> 204.44.192.90:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49765 -> 204.44.192.90:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49753 -> 204.44.192.90:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49763 -> 204.44.192.90:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49723 -> 204.44.192.90:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49741 -> 204.44.192.90:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49774 -> 204.44.192.90:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49703 -> 204.44.192.90:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49749 -> 204.44.192.90:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49773 -> 204.44.192.90:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49761 -> 204.44.192.90:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49777 -> 204.44.192.90:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49775 -> 204.44.192.90:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49720 -> 204.44.192.90:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49738 -> 204.44.192.90:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49726 -> 204.44.192.90:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49748 -> 204.44.192.90:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49778 -> 204.44.192.90:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49742 -> 204.44.192.90:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49764 -> 204.44.192.90:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49719 -> 204.44.192.90:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49762 -> 204.44.192.90:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49745 -> 204.44.192.90:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49739 -> 204.44.192.90:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49746 -> 204.44.192.90:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49728 -> 204.44.192.90:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49731 -> 204.44.192.90:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49737 -> 204.44.192.90:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49752 -> 204.44.192.90:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49750 -> 204.44.192.90:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49732 -> 204.44.192.90:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49772 -> 204.44.192.90:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49782 -> 204.44.192.90:443

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.coConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co
Source: global traffic	HTTP traffic detected: GET /filas/Dswcuwygf.dat HTTP/1.1Host: alcomax.com.co

Source: XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002CAD000.00000004.00000800.00020000.00000000.sdmp

String found in binary or memory: <script type='application/ld+json' class='yoast-schema-graph yoast-schema-graph--main'>{"@context":"https://schema.org","@graph":[{"@type":"Organization","@id":"https://alcomax.com.co/#organization","name":"Alcomax SAS","url":"https://alcomax.com.co/","sameAs":["https://www.youtube.com/channel/UCirpURNxSnx6dI08iN9drjA/videos"],"logo":{"@type":"ImageObject","@id":"https://alcomax.com.co/#logo","url":"https://alcomax.com.co/wp-content/uploads/2018/07/Prueba-logo-alcomax.jpg","width":497,"height":166,"caption":"Alcomax SAS"},"image":{"@id":"https://alcomax.com.co/#logo"}},{"@type":"WebSite","@id":"https://alcomax.com.co/#website","url":"https://alcomax.com.co/","name":"Alcomax Equipos de Medicion","publisher":{"@id":"https://alcomax.com.co/#organization"},"potentialAction":{"@type":"SearchAction","target":"https://alcomax.com.co/?s={search_term_string}","query-input":"required name=search_term_string"}}]}</script> equals www.youtube.com (Youtube)

Source: global traffic

DNS traffic detected: DNS query: alcomax.com.co

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 07 Mar 2025 14:58:58 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://alcomax.com.co/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 07 Mar 2025 14:59:01 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://alcomax.com.co/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 07 Mar 2025 14:59:04 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://alcomax.com.co/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 07 Mar 2025 14:59:07 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://alcomax.com.co/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 07 Mar 2025 14:59:11 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://alcomax.com.co/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 07 Mar 2025 14:59:13 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://alcomax.com.co/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 07 Mar 2025 14:59:16 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://alcomax.com.co/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 07 Mar 2025 14:59:19 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://alcomax.com.co/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 07 Mar 2025 14:59:22 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://alcomax.com.co/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 07 Mar 2025 14:59:25 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://alcomax.com.co/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 07 Mar 2025 14:59:28 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://alcomax.com.co/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 07 Mar 2025 14:59:31 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://alcomax.com.co/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 07 Mar 2025 14:59:34 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://alcomax.com.co/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 07 Mar 2025 14:59:37 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://alcomax.com.co/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 07 Mar 2025 14:59:40 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://alcomax.com.co/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 07 Mar 2025 14:59:42 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://alcomax.com.co/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 07 Mar 2025 14:59:45 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://alcomax.com.co/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 07 Mar 2025 14:59:48 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://alcomax.com.co/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 07 Mar 2025 14:59:51 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://alcomax.com.co/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 07 Mar 2025 14:59:54 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://alcomax.com.co/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 07 Mar 2025 14:59:57 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://alcomax.com.co/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 07 Mar 2025 15:00:00 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://alcomax.com.co/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 07 Mar 2025 15:00:03 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://alcomax.com.co/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 07 Mar 2025 15:00:06 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://alcomax.com.co/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 07 Mar 2025 15:00:09 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://alcomax.com.co/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 07 Mar 2025 15:00:12 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://alcomax.com.co/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 07 Mar 2025 15:00:15 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://alcomax.com.co/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 07 Mar 2025 15:00:18 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://alcomax.com.co/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 07 Mar 2025 15:00:21 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://alcomax.com.co/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 07 Mar 2025 15:00:24 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://alcomax.com.co/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 07 Mar 2025 15:00:27 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://alcomax.com.co/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 07 Mar 2025 15:00:30 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://alcomax.com.co/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 07 Mar 2025 15:00:35 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://alcomax.com.co/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 07 Mar 2025 15:00:38 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://alcomax.com.co/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 07 Mar 2025 15:00:41 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://alcomax.com.co/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 07 Mar 2025 15:00:44 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://alcomax.com.co/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 07 Mar 2025 15:00:47 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://alcomax.com.co/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 07 Mar 2025 15:00:50 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://alcomax.com.co/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 07 Mar 2025 15:00:53 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://alcomax.com.co/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 07 Mar 2025 15:00:56 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://alcomax.com.co/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 07 Mar 2025 15:00:58 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://alcomax.com.co/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 07 Mar 2025 15:01:01 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://alcomax.com.co/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 07 Mar 2025 15:01:04 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://alcomax.com.co/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 07 Mar 2025 15:01:09 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://alcomax.com.co/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 07 Mar 2025 15:01:12 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://alcomax.com.co/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 07 Mar 2025 15:01:14 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://alcomax.com.co/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 07 Mar 2025 15:01:17 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://alcomax.com.co/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 07 Mar 2025 15:01:20 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://alcomax.com.co/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 07 Mar 2025 15:01:23 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://alcomax.com.co/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 07 Mar 2025 15:01:26 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://alcomax.com.co/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 07 Mar 2025 15:01:29 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://alcomax.com.co/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 07 Mar 2025 15:01:31 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://alcomax.com.co/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 07 Mar 2025 15:01:34 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://alcomax.com.co/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 07 Mar 2025 15:01:40 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://alcomax.com.co/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 07 Mar 2025 15:01:43 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://alcomax.com.co/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 07 Mar 2025 15:01:46 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://alcomax.com.co/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 07 Mar 2025 15:01:49 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://alcomax.com.co/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 07 Mar 2025 15:01:52 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://alcomax.com.co/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 07 Mar 2025 15:01:54 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://alcomax.com.co/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 07 Mar 2025 15:01:57 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://alcomax.com.co/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 07 Mar 2025 15:02:00 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://alcomax.com.co/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 07 Mar 2025 15:02:03 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://alcomax.com.co/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 07 Mar 2025 15:02:06 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://alcomax.com.co/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 07 Mar 2025 15:02:10 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://alcomax.com.co/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 07 Mar 2025 15:02:13 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://alcomax.com.co/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 07 Mar 2025 15:02:16 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://alcomax.com.co/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 07 Mar 2025 15:02:18 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://alcomax.com.co/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 07 Mar 2025 15:02:21 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://alcomax.com.co/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 07 Mar 2025 15:02:24 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://alcomax.com.co/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 07 Mar 2025 15:02:27 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://alcomax.com.co/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 07 Mar 2025 15:02:30 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://alcomax.com.co/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 07 Mar 2025 15:02:33 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://alcomax.com.co/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 07 Mar 2025 15:02:36 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://alcomax.com.co/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 07 Mar 2025 15:02:42 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://alcomax.com.co/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 07 Mar 2025 15:02:44 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://alcomax.com.co/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 07 Mar 2025 15:02:47 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://alcomax.com.co/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 07 Mar 2025 15:02:50 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://alcomax.com.co/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 07 Mar 2025 15:02:53 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://alcomax.com.co/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 07 Mar 2025 15:02:56 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://alcomax.com.co/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 07 Mar 2025 15:02:59 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://alcomax.com.co/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8

Source: XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002A27000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002991000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002DDE000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002D7A000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002DA2000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002DAC000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002CC5000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002BBF000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002DBC000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002E9F000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002951000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002AC7000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002EB4000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002B0D000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002CD8000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.00000000029DE000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://alcomax.com.co
Source: XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002A27000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002991000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002DDE000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002D7A000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002DA2000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002DAC000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002CC5000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002BBF000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002DBC000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002E9F000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002951000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002AC7000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002EB4000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002B0D000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002CD8000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.00000000029DE000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://alcomax.com.cod
Source: XTN1VzRJZm.exe, 00000000.00000002.3753549064.000000000293C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: XTN1VzRJZm.exe, 00000000.00000002.3753549064.00000000029D2000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002A9A000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.000000000293C000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.00000000029C6000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002A66000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002AC3000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002C5C000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002C58000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002C71000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002CC1000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002C7D000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.00000000029D6000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002AB3000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.00000000029C2000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002A86000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002AA2000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002ABF000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002C54000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002A76000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002C99000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://alcomax.com.co
Source: XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002C81000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://alcomax.com.co#H
Source: XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002A6E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://alcomax.com.co)H
Source: XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002A92000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://alcomax.com.co-Xe
Source: XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002C50000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://alcomax.com.co/
Source: XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002CAD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://alcomax.com.co/#logo
Source: XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002CAD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://alcomax.com.co/#organization
Source: XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002CAD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://alcomax.com.co/#website
Source: XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002CAD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://alcomax.com.co/?s=
Source: XTN1VzRJZm.exe, 00000000.00000002.3753549064.00000000029D2000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002A9A000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.00000000029C6000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.00000000029BE000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002C4C000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002A66000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002AC3000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002C5C000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002A6E000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002C85000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002C58000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002C71000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002CC1000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002C7D000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.00000000029D6000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002AB3000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.00000000029C2000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002A86000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002AA2000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002ABF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://alcomax.com.co/alcoholimetros/
Source: XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002AA2000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002C61000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.00000000029BA000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002A82000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002AB7000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002972000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.00000000029B6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://alcomax.com.co/auto-rescatadores/
Source: XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002CAD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://alcomax.com.co/comments/feed/
Source: XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002AA2000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002C61000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.00000000029BA000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002A82000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002AB7000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002972000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.00000000029B6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://alcomax.com.co/conocenos-alcomax/
Source: XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002AA2000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002C61000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.00000000029BA000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002A82000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002AB7000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002972000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.00000000029B6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://alcomax.com.co/contactenos/
Source: XTN1VzRJZm.exe, 00000000.00000002.3753549064.00000000029D2000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002A9A000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.00000000029C6000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.00000000029BE000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002C4C000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002A66000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002AC3000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002C5C000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002A6E000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002C85000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002C58000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002C71000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002CC1000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002C7D000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.00000000029D6000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002AB3000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.00000000029C2000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002A86000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002AA2000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002ABF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://alcomax.com.co/detectores-de-gases/
Source: XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002CAD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://alcomax.com.co/feed/
Source: XTN1VzRJZm.exe, 00000000.00000002.3753549064.00000000028CB000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.00000000028AF000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.00000000028C3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://alcomax.com.co/filas/Dswcuwygf.dat
Source: XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002B5C000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002DDE000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002D7A000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002DA2000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002CC5000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002DBC000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002E9F000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002DB0000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002AC7000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002EB4000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002B0D000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002CD8000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.00000000029DE000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.000000000297A000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://alcomax.com.co/filas/Dswcuwygf.dat$
Source: XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002DA2000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.00000000028CB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://alcomax.com.co/filas/Dswcuwyl
Source: XTN1VzRJZm.exe, 00000000.00000002.3753549064.00000000029D2000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002A9A000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.00000000029C6000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.00000000029BE000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002C4C000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002A66000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002AC3000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002C5C000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002A6E000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002C85000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002C58000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002C71000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002CC1000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002C7D000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.00000000029D6000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002AB3000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.00000000029C2000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002A86000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002AA2000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002ABF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://alcomax.com.co/geofonos-detectores-fugas-de-agua/
Source: XTN1VzRJZm.exe, 00000000.00000002.3753549064.00000000029D2000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002A9A000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.00000000029C6000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.00000000029BE000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002C4C000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002A66000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002AC3000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002C5C000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002A6E000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002C85000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002C58000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002C71000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002CC1000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002C7D000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.00000000029D6000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002AB3000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.00000000029C2000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002A86000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002AA2000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002ABF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://alcomax.com.co/luxometros/
Source: XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002AA2000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002C61000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.00000000029BA000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002A82000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002AB7000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002972000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.00000000029B6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://alcomax.com.co/pruebas-de-drogas/
Source: XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002AA2000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002C61000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.00000000029BA000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002A82000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002AB7000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002972000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.00000000029B6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://alcomax.com.co/servicios-para-equipos-de-medicion/
Source: XTN1VzRJZm.exe, 00000000.00000002.3753549064.00000000029D2000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002A9A000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.00000000029C6000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.00000000029BE000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002C4C000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002A66000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002AC3000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002C5C000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002A6E000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002C85000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002C58000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002C71000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002CC1000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002C7D000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.00000000029D6000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002AB3000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.00000000029C2000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002A86000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002AA2000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002ABF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://alcomax.com.co/sonometros/
Source: XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002CAD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://alcomax.com.co/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.1.7
Source: XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002AA2000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002C61000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.00000000029BA000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002A82000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002AB7000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002972000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.00000000029B6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://alcomax.com.co/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.1.7
Source: XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002CAD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://alcomax.com.co/wp-content/plugins/duracelltomi-google-tag-manager/js/gtm4wp-form-move-tracke
Source: XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002CAD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://alcomax.com.co/wp-content/plugins/wp-whatsapp/assets/css/style.css?ver=5.2.21
Source: XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002CAD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://alcomax.com.co/wp-content/plugins/wp-whatsapp/assets/js/main.js?ver=5.2.21
Source: XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002CAD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://alcomax.com.co/wp-content/themes/envo-multipurpose/css/bootstrap.css?ver=3.3.7
Source: XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002CAD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://alcomax.com.co/wp-content/themes/envo-multipurpose/css/font-awesome.min.css?ver=4.7.0
Source: XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002AA2000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002C61000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.00000000029BA000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002A82000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002AB7000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002972000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.00000000029B6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://alcomax.com.co/wp-content/themes/envo-multipurpose/js/bootstrap.min.js?ver=3.3.7
Source: XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002AA2000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002C61000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.00000000029BA000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002A82000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002AB7000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002972000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.00000000029B6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://alcomax.com.co/wp-content/themes/envo-multipurpose/js/customscript.js?ver=1.1.1
Source: XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002CAD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://alcomax.com.co/wp-content/themes/envo-multipurpose/style.css?ver=1.1.1
Source: XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002CAD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://alcomax.com.co/wp-content/uploads/2018/07/Prueba-logo-alcomax.jpg
Source: XTN1VzRJZm.exe, 00000000.00000002.3753549064.00000000029D2000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002A9A000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.00000000029C6000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.00000000029BE000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002C4C000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002A66000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002AC3000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002C5C000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002A6E000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002C85000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002C58000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002C71000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002CC1000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002C7D000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.00000000029D6000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002AB3000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.00000000029C2000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002A86000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002ABF000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002C54000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://alcomax.com.co/wp-content/uploads/2018/08/cropped-LOGO-FACTURACION-ALCOMAX-180x180.jpg
Source: XTN1VzRJZm.exe, 00000000.00000002.3753549064.00000000029D2000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002A9A000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.00000000029C6000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.00000000029BE000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002C4C000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002A66000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002AC3000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002C5C000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002A6E000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002C85000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002C58000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002C71000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002CC1000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002C7D000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.00000000029D6000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002AB3000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.00000000029C2000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002A86000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002ABF000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002C54000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://alcomax.com.co/wp-content/uploads/2018/08/cropped-LOGO-FACTURACION-ALCOMAX-192x192.jpg
Source: XTN1VzRJZm.exe, 00000000.00000002.3753549064.00000000029D2000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002A9A000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.00000000029C6000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.00000000029BE000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002C4C000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002A66000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002AC3000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002C5C000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002A6E000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002C85000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002C58000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002C71000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002CC1000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002C7D000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.00000000029D6000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002AB3000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.00000000029C2000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002A86000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002ABF000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002C54000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://alcomax.com.co/wp-content/uploads/2018/08/cropped-LOGO-FACTURACION-ALCOMAX-270x270.jpg
Source: XTN1VzRJZm.exe, 00000000.00000002.3753549064.00000000029D2000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002A9A000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.00000000029C6000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.00000000029BE000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002C4C000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002A66000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002AC3000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002C5C000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002A6E000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002C85000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002C58000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002C71000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002CC1000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002C7D000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.00000000029D6000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002AB3000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.00000000029C2000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002A86000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002ABF000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002C54000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://alcomax.com.co/wp-content/uploads/2018/08/cropped-LOGO-FACTURACION-ALCOMAX-32x32.jpg
Source: XTN1VzRJZm.exe, 00000000.00000002.3753549064.00000000029D2000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002A9A000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.00000000029C6000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.00000000029BE000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002C4C000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002A66000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002AC3000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002C5C000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002A6E000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002C85000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002C58000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002C71000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002CC1000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002C7D000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.00000000029D6000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002AB3000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.00000000029C2000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002A86000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002ABF000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002C54000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://alcomax.com.co/wp-content/uploads/2019/11/cropped-alcoholimetros-colombia-alcomax-alcosensor
Source: XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002CAD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://alcomax.com.co/wp-includes/css/dist/block-library/style.min.css?ver=5.2.21
Source: XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002CAD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://alcomax.com.co/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1
Source: XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002CAD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://alcomax.com.co/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp
Source: XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002AA2000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002C61000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.00000000029BA000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002A82000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002AB7000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002972000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.00000000029B6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://alcomax.com.co/wp-includes/js/wp-embed.min.js?ver=5.2.21
Source: XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002CAD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://alcomax.com.co/wp-includes/wlwmanifest.xml
Source: XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002E9F000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002DB0000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002951000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002CAD000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002AC7000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002BB6000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002EB4000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002A44000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002B93000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002B0D000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002CD8000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.00000000029DE000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.000000000297A000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://alcomax.com.co/wp-json/
Source: XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002CAD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://alcomax.com.co/xmlrpc.php
Source: XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002CAD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://alcomax.com.co/xmlrpc.php?rsd
Source: XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002C9D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://alcomax.com.co0
Source: XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002C85000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://alcomax.com.co=
Source: XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002DDE000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002D7A000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002DA2000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002DAC000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002BBF000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002DBC000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002E9F000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002EB4000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002CD8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://alcomax.com.coD
Source: XTN1VzRJZm.exe, 00000000.00000002.3753549064.00000000029BA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://alcomax.com.coMC
Source: XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002CB9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://alcomax.com.coN
Source: XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002C4C000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002C61000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://alcomax.com.co_
Source: XTN1VzRJZm.exe, 00000000.00000002.3753549064.00000000029BE000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002976000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://alcomax.com.coc
Source: XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002972000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://alcomax.com.coe
Source: XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002E9F000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002DB0000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002951000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002CAD000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002AC7000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002BB6000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002EB4000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002A44000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002B93000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002B0D000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002CD8000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.00000000029DE000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.000000000297A000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.w.org/
Source: XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002AA2000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002C61000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.00000000029BA000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002A82000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002AB7000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002972000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.00000000029B6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://envothemes.com/
Source: XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002CAD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://fonts.googleapis.com/css?family=Open
Source: XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002CAD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://schema.org
Source: XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002AA2000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002C61000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.00000000029BA000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002A82000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002AB7000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002972000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.00000000029B6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://wordpress.org/
Source: XTN1VzRJZm.exe, 00000000.00000002.3753549064.00000000029D2000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002A9A000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.00000000029C6000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.00000000029BE000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002C4C000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002A66000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002AC3000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002C5C000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002A6E000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002C85000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002C58000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002C71000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002CC1000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002C7D000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.00000000029D6000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002AB3000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.00000000029C2000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002A86000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002ABF000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002C54000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google-analytics.com/analytics.js
Source: XTN1VzRJZm.exe, 00000000.00000002.3753549064.00000000029D2000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002A9A000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.00000000029C6000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.00000000029BE000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002C4C000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002A66000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002AC3000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002C5C000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002A6E000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002C85000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002C58000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002C71000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002CC1000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002C7D000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.00000000029D6000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002AB3000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.00000000029C2000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002A86000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002AA2000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002ABF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=AW-999091094
Source: XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002AA2000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002C61000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.00000000029BA000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002A82000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002AB7000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002972000.00000004.00000800.00020000.00000000.sdmp, XTN1VzRJZm.exe, 00000000.00000002.3753549064.00000000029B6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googletagmanager.com/ns.html?id=GTM-5DSSGKT
Source: XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002C50000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.schema.org/SiteNavigationElement
Source: XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002CAD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/channel/UCirpURNxSnx6dI08iN9drjA/videos
Source: XTN1VzRJZm.exe, 00000000.00000002.3753549064.0000000002CAD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://yoast.com/wordpress/plugins/seo/

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49692 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49697 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49701
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49693 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49687 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 49695 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49697
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49696
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49695
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49694
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49693
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49692
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49691
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49690
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49689 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49689
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49688
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49687
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49688 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49694 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49691 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49696 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49690 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443

Source: unknown	HTTPS traffic detected: 204.44.192.90:443 -> 192.168.2.6:49687 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.44.192.90:443 -> 192.168.2.6:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.44.192.90:443 -> 192.168.2.6:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.44.192.90:443 -> 192.168.2.6:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.44.192.90:443 -> 192.168.2.6:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.44.192.90:443 -> 192.168.2.6:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.44.192.90:443 -> 192.168.2.6:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.44.192.90:443 -> 192.168.2.6:49759 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.44.192.90:443 -> 192.168.2.6:49758 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.44.192.90:443 -> 192.168.2.6:49760 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.44.192.90:443 -> 192.168.2.6:49769 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.44.192.90:443 -> 192.168.2.6:49770 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.44.192.90:443 -> 192.168.2.6:49771 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.44.192.90:443 -> 192.168.2.6:49774 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.44.192.90:443 -> 192.168.2.6:49780 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.44.192.90:443 -> 192.168.2.6:49782 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.44.192.90:443 -> 192.168.2.6:49784 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.44.192.90:443 -> 192.168.2.6:49785 version: TLS 1.2

Source: C:\Users\user\Desktop\XTN1VzRJZm.exe

Code function: 0_2_00D62F73

0_2_00D62F73

Source: XTN1VzRJZm.exe, 00000000.00000002.3753068685.0000000000ADE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs XTN1VzRJZm.exe
Source: XTN1VzRJZm.exe	Binary or memory string: OriginalFilenameKseqyvqc.exe2 vs XTN1VzRJZm.exe

Source: XTN1VzRJZm.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: XTN1VzRJZm.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: XTN1VzRJZm.exe, -.cs	Cryptographic APIs: 'CreateDecryptor'
Source: XTN1VzRJZm.exe, Zuzoibpokm.cs	Cryptographic APIs: 'CreateDecryptor'

Source: classification engine

Classification label: mal56.evad.winEXE@1/0@1/1

Source: C:\Users\user\Desktop\XTN1VzRJZm.exe

Mutant created: NULL

Source: XTN1VzRJZm.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: XTN1VzRJZm.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%

Source: C:\Users\user\Desktop\XTN1VzRJZm.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: XTN1VzRJZm.exe	Virustotal: Detection: 65%
Source: XTN1VzRJZm.exe	ReversingLabs: Detection: 63%

Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Section loaded: ncryptsslp.dll	Jump to behavior

Source: C:\Users\user\Desktop\XTN1VzRJZm.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32

Jump to behavior

Source: XTN1VzRJZm.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: XTN1VzRJZm.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: XTN1VzRJZm.exe

Static file information: File size 1434624 > 1048576

Source: XTN1VzRJZm.exe

Static PE information: Raw size of .text is bigger than: 0x100000 < 0x15da00

Source: XTN1VzRJZm.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Data Obfuscation

.NET source code contains potential unpacker

Source: XTN1VzRJZm.exe, -.cs	.Net Code: _E009 System.Reflection.Assembly.Load(byte[])
Source: XTN1VzRJZm.exe, Zuzoibpokm.cs	.Net Code: _E001 System.AppDomain.Load(byte[])

Source: XTN1VzRJZm.exe

Static PE information: section name: .text entropy: 7.895077757669

Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Memory allocated: D20000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Memory allocated: 28A0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Memory allocated: EB0000 memory reserve \| memory write watch	Jump to behavior

Source: C:\Users\user\Desktop\XTN1VzRJZm.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Window / User API: threadDelayed 2591			Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Window / User API: threadDelayed 7233			Jump to behavior

Source: C:\Users\user\Desktop\XTN1VzRJZm.exe TID: 7908	Thread sleep count: 37 > 30	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe TID: 7908	Thread sleep time: -34126476536362649s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe TID: 7908	Thread sleep time: -100000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe TID: 7952	Thread sleep count: 2591 > 30	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe TID: 7952	Thread sleep count: 7233 > 30	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe TID: 7908	Thread sleep time: -99890s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe TID: 7908	Thread sleep time: -99781s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe TID: 7908	Thread sleep time: -99672s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe TID: 7908	Thread sleep time: -99562s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe TID: 7908	Thread sleep time: -99453s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe TID: 7908	Thread sleep time: -99344s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe TID: 7908	Thread sleep time: -99221s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe TID: 7908	Thread sleep time: -99094s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe TID: 7908	Thread sleep time: -98983s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe TID: 7908	Thread sleep time: -98875s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe TID: 7908	Thread sleep time: -98765s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe TID: 7908	Thread sleep time: -98656s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe TID: 7908	Thread sleep time: -98529s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe TID: 7908	Thread sleep time: -98389s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe TID: 7908	Thread sleep time: -98071s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe TID: 7908	Thread sleep time: -97937s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe TID: 7908	Thread sleep time: -97828s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe TID: 7908	Thread sleep time: -97646s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe TID: 7908	Thread sleep time: -97516s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe TID: 7908	Thread sleep time: -97405s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe TID: 7908	Thread sleep time: -97297s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe TID: 7908	Thread sleep time: -97187s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe TID: 7908	Thread sleep time: -97077s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe TID: 7908	Thread sleep time: -96969s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe TID: 7908	Thread sleep time: -96859s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe TID: 7908	Thread sleep time: -96750s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe TID: 7908	Thread sleep time: -99921s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe TID: 7908	Thread sleep time: -99812s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe TID: 7908	Thread sleep time: -99703s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe TID: 7908	Thread sleep time: -99593s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe TID: 7908	Thread sleep time: -99484s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe TID: 7908	Thread sleep time: -99375s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe TID: 7908	Thread sleep time: -99265s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe TID: 7908	Thread sleep time: -99156s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe TID: 7908	Thread sleep time: -99047s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe TID: 7908	Thread sleep time: -98937s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe TID: 7908	Thread sleep time: -98828s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe TID: 7908	Thread sleep time: -98718s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe TID: 7908	Thread sleep time: -98596s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe TID: 7908	Thread sleep time: -98469s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe TID: 7908	Thread sleep time: -98344s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe TID: 7908	Thread sleep time: -98017s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe TID: 7908	Thread sleep time: -97880s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe TID: 7908	Thread sleep time: -97750s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe TID: 7908	Thread sleep time: -97625s >= -30000s	Jump to behavior

Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Thread delayed: delay time: 100000	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Thread delayed: delay time: 99890	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Thread delayed: delay time: 99781	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Thread delayed: delay time: 99672	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Thread delayed: delay time: 99562	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Thread delayed: delay time: 99453	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Thread delayed: delay time: 99344	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Thread delayed: delay time: 99221	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Thread delayed: delay time: 99094	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Thread delayed: delay time: 98983	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Thread delayed: delay time: 98875	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Thread delayed: delay time: 98765	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Thread delayed: delay time: 98656	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Thread delayed: delay time: 98529	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Thread delayed: delay time: 98389	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Thread delayed: delay time: 98071	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Thread delayed: delay time: 97937	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Thread delayed: delay time: 97828	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Thread delayed: delay time: 97646	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Thread delayed: delay time: 97516	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Thread delayed: delay time: 97405	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Thread delayed: delay time: 97297	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Thread delayed: delay time: 97187	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Thread delayed: delay time: 97077	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Thread delayed: delay time: 96969	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Thread delayed: delay time: 96859	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Thread delayed: delay time: 96750	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Thread delayed: delay time: 99921	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Thread delayed: delay time: 99812	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Thread delayed: delay time: 99703	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Thread delayed: delay time: 99593	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Thread delayed: delay time: 99484	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Thread delayed: delay time: 99375	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Thread delayed: delay time: 99265	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Thread delayed: delay time: 99156	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Thread delayed: delay time: 99047	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Thread delayed: delay time: 98937	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Thread delayed: delay time: 98828	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Thread delayed: delay time: 98718	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Thread delayed: delay time: 98596	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Thread delayed: delay time: 98469	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Thread delayed: delay time: 98344	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Thread delayed: delay time: 98017	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Thread delayed: delay time: 97880	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Thread delayed: delay time: 97750	Jump to behavior
Source: C:\Users\user\Desktop\XTN1VzRJZm.exe	Thread delayed: delay time: 97625	Jump to behavior

Source: XTN1VzRJZm.exe, 00000000.00000002.3753068685.0000000000B9E000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\Desktop\XTN1VzRJZm.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\Desktop\XTN1VzRJZm.exe

Memory allocated: page read and write | page guard

Jump to behavior

Source: C:\Users\user\Desktop\XTN1VzRJZm.exe

Queries volume information: C:\Users\user\Desktop\XTN1VzRJZm.exe VolumeInformation

Jump to behavior

Source: C:\Users\user\Desktop\XTN1VzRJZm.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 DLL Side-Loading	1 DLL Side-Loading	1 Disable or Modify Tools	OS Credential Dumping	1 Security Software Discovery	Remote Services	11 Archive Collected Data	11 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	31 Virtualization/Sandbox Evasion	LSASS Memory	31 Virtualization/Sandbox Evasion	Remote Desktop Protocol	Data from Removable Media	3 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 Deobfuscate/Decode Files or Information	Security Account Manager	1 Application Window Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Obfuscated Files or Information	NTDS	12 System Information Discovery	Distributed Component Object Model	Input Capture	4 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	12 Software Packing	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report
XTN1VzRJZm.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report XTN1VzRJZm.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Windows Analysis Report
XTN1VzRJZm.exe